![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
I'm writing this as I explore Buzz's privacy issues, so what I write at the start is amended by what I discover further on. I note ETAs briefly after I've finished exploring. This got bloody long; if you don't have all that time, scroll down to my conclusion or to the TL;DR.
If you have a GMail account, Buzz is enabled. [ETA: This turns out to be not as scary as it sounds. But still.]
The splash screen where it asks if you want to check it out or not? That doesn't mean "Do you want the function or not?" It means "You have the function. Do you want to know more about it or not?" Even if you click no, you'll see the Buzz logo in your side nav-bar under the Inbox.
Click on the logo and it'll show you you're automatically following some people and some people are automatically following you. It also tells you that "Your Google Reader shared items, Picasa Web public albums, and Google Chat status messages will automatically appear as posts in Buzz." [ETA: It turns out that this sentence is a lie. It means "If you connect them, they'll automatically appear".]
[Sidebar: This is an example of why automatically sharing things is a bad thing to do [ETA: or even to threaten to do]. It's also a great example of privilege at work, in that Google engineers apparently have the privilege of not fearing for their lives.
So. There's a line that says "Zeborah (Edit) - 0 connected sites - 5 followers". I click on that "5 followers". The top follower is someone I don't even know. I don't know his name, and though he has a public profile it only consists of his name and avatar - I can't tell anything about him from it. I click on "Block". [ETA: I just thought to check my gmail contacts. It turns out to be someone I emailed once to give something away on Freecycle. Once. I don't know why he's following me; maybe he really likes Buzz; maybe he's got very few contacts so Gmail randomly decided he should follow me.]
The next 4 followers are all people I know. They don't have public profiles, so no-one else will see that they're following me. (This is what Google was talking about as one of its privacy improvements.) But they're still following me even though I've never said that I even want to be followable. Of course they probably don't realise that they're following me, just like I didn't realise I was following 12 people.
I go back to the main Buzz screen and click on the list of the 12 people I'm following. One of those people is actually a pseudonym for myself. It's like "Superman" to Clark Kent: it's the name I use to fight crime. (Specifically, 419 scammers.) When I'm fighting crime, I'd really rather that the criminals I'm emailing not know who I am in real life. I'm really open in sharing about myself on the internet; I'd forgotten that even I have reasons to be careful of privacy. Mental note: go onto the 419 crime-fighters forum and write a tutorial about Buzz.
So at this point I open my librarian-persona gmail in another browser. Librarian follows Zeborah and unfollows everyone else. Zeborah shares an item in Google Reader and... Huh, actually it doesn't turn up in Librarian's Buzz. Why is that?
Zeborah doesn't have a Google profile; so let's create one. I go back to the "Zeborah (Edit) - 1 connected site - 5 followers" line and click on "Edit". I leave everything blank and untick things so that I'm not automatically sharing anything, then at the bottom click "Create Profile".
Now Librarian is able to see Zeborah's profile, but still can't see who Zeborah is following or what Zeborah has shared in Google Reader.
Zeborah follows Librarian. Zeborah can now see all Librarian's items. Librarian still can't see who Zeborah is following or what Zeborah has shared.
Going back to the "Zeborah (Edit) - 0 connected sites - 5 followers" line I click on "0 connected sites". I leave the first page alone and click "Next"; now it asks me to create a profile. This is apparently different from a regular Google profile which I've already created? [ETA: Not different exactly, but it adds fields into the regular Google profile which weren't there before.] Anyway, it lets me opt out of showing off who I'm following and who's following me, so I untick that box and create the profile. (Even if I tick that box, Librarian can only see that I'm following "1 other person without a public profile", so it does protect that person's privacy as long as they don't create a profile.)
Librarian still can't see Zeborah's previously created shared post.
Zeborah creates a second shared post - now Librarian can see that.
If Zeborah unfollows Librarian, Librarian can still see Zeborah's shared posts (including new ones).
If Zeborah blocks Librarian (when Librarian was previously able to see Zeborah's shared posts) Librarian can still see Zeborah's old shared posts, but not new ones.
Tentative conclusion (because this much exploring fades my brain)
I think that people can't see who you're following or who's following you unless you've opted to create a Buzz profile and left the option ticked, and even then they can't see the names of anyone who hasn't created their own profile. I think that people can't in fact see your shared items unless you opt in by adding connected sites, and I think that even then they can't see items you've shared in the past, only what you share from now on. However if someone can see your stuff and then you block them, they can still see your old stuff.
I think that "Librarian is following you" actually means "Librarian would like to follow you if/when you create a Buzz profile and add connected sites".
I think that all of this could have been a lot clearer. This just took me an hour and a half to figure out, which is unacceptable.
And I think that when you block someone, it should remove all your past items from their view.
TL;DR
If you've done nothing with Buzz, you're probably fine.
If you have done stuff with Buzz and are concerned about privacy, you probably want to:
If you have a GMail account, Buzz is enabled. [ETA: This turns out to be not as scary as it sounds. But still.]
The splash screen where it asks if you want to check it out or not? That doesn't mean "Do you want the function or not?" It means "You have the function. Do you want to know more about it or not?" Even if you click no, you'll see the Buzz logo in your side nav-bar under the Inbox.
Click on the logo and it'll show you you're automatically following some people and some people are automatically following you. It also tells you that "Your Google Reader shared items, Picasa Web public albums, and Google Chat status messages will automatically appear as posts in Buzz." [ETA: It turns out that this sentence is a lie. It means "If you connect them, they'll automatically appear".]
[Sidebar: This is an example of why automatically sharing things is a bad thing to do [ETA: or even to threaten to do]. It's also a great example of privilege at work, in that Google engineers apparently have the privilege of not fearing for their lives.
So. There's a line that says "Zeborah (Edit) - 0 connected sites - 5 followers". I click on that "5 followers". The top follower is someone I don't even know. I don't know his name, and though he has a public profile it only consists of his name and avatar - I can't tell anything about him from it. I click on "Block". [ETA: I just thought to check my gmail contacts. It turns out to be someone I emailed once to give something away on Freecycle. Once. I don't know why he's following me; maybe he really likes Buzz; maybe he's got very few contacts so Gmail randomly decided he should follow me.]
The next 4 followers are all people I know. They don't have public profiles, so no-one else will see that they're following me. (This is what Google was talking about as one of its privacy improvements.) But they're still following me even though I've never said that I even want to be followable. Of course they probably don't realise that they're following me, just like I didn't realise I was following 12 people.
I go back to the main Buzz screen and click on the list of the 12 people I'm following. One of those people is actually a pseudonym for myself. It's like "Superman" to Clark Kent: it's the name I use to fight crime. (Specifically, 419 scammers.) When I'm fighting crime, I'd really rather that the criminals I'm emailing not know who I am in real life. I'm really open in sharing about myself on the internet; I'd forgotten that even I have reasons to be careful of privacy. Mental note: go onto the 419 crime-fighters forum and write a tutorial about Buzz.
So at this point I open my librarian-persona gmail in another browser. Librarian follows Zeborah and unfollows everyone else. Zeborah shares an item in Google Reader and... Huh, actually it doesn't turn up in Librarian's Buzz. Why is that?
Zeborah doesn't have a Google profile; so let's create one. I go back to the "Zeborah (Edit) - 1 connected site - 5 followers" line and click on "Edit". I leave everything blank and untick things so that I'm not automatically sharing anything, then at the bottom click "Create Profile".
Now Librarian is able to see Zeborah's profile, but still can't see who Zeborah is following or what Zeborah has shared in Google Reader.
Zeborah follows Librarian. Zeborah can now see all Librarian's items. Librarian still can't see who Zeborah is following or what Zeborah has shared.
Going back to the "Zeborah (Edit) - 0 connected sites - 5 followers" line I click on "0 connected sites". I leave the first page alone and click "Next"; now it asks me to create a profile. This is apparently different from a regular Google profile which I've already created? [ETA: Not different exactly, but it adds fields into the regular Google profile which weren't there before.] Anyway, it lets me opt out of showing off who I'm following and who's following me, so I untick that box and create the profile. (Even if I tick that box, Librarian can only see that I'm following "1 other person without a public profile", so it does protect that person's privacy as long as they don't create a profile.)
Librarian still can't see Zeborah's previously created shared post.
Zeborah creates a second shared post - now Librarian can see that.
If Zeborah unfollows Librarian, Librarian can still see Zeborah's shared posts (including new ones).
If Zeborah blocks Librarian (when Librarian was previously able to see Zeborah's shared posts) Librarian can still see Zeborah's old shared posts, but not new ones.
Tentative conclusion (because this much exploring fades my brain)
I think that people can't see who you're following or who's following you unless you've opted to create a Buzz profile and left the option ticked, and even then they can't see the names of anyone who hasn't created their own profile. I think that people can't in fact see your shared items unless you opt in by adding connected sites, and I think that even then they can't see items you've shared in the past, only what you share from now on. However if someone can see your stuff and then you block them, they can still see your old stuff.
I think that "Librarian is following you" actually means "Librarian would like to follow you if/when you create a Buzz profile and add connected sites".
I think that all of this could have been a lot clearer. This just took me an hour and a half to figure out, which is unacceptable.
And I think that when you block someone, it should remove all your past items from their view.
TL;DR
If you've done nothing with Buzz, you're probably fine.
If you have done stuff with Buzz and are concerned about privacy, you probably want to:
- Check your connected sites - you want that to be 0. If it's not 0, click on it then for each site listed, click "Edit" -> "Remove site". Save your changes.
- Check your profile - click "Edit" next to your name. Delete all the information you want deleted and untick all the boxes. Save your changes.
