The fledgling Google+ (Google Plus) social network has run up against its first major privacy complaint, as reports circulate of a bug that lets users "reshare" any content with anyone else, no matter which supposedly-private Circle they happen to belong to.
The way it works is this: Take any content in your stream - for instance, photos someone else posted to their "Coworkers" circle - and click the "reshare" button, and you have the option to have those photos appear to anyone else. You can even make those photos public for all to see.
In theory, it's supposed to be the Google+ version of Twitter's "retweet" or Tumblr's "reblog" functions. In practice, two clicks can basically destroy the trust that the whole Google+ approach to Circles-based social networking is designed to build.
Early adopters of Google+ can apparently disable resharing on individual posts before they go live, but once it's published, it's out of your hands. Moreover, users can't yet turn off resharing entirely from within their settings.
The Financial Times, which was the first to notice and report on this loophole, contacted Google, which promises that fixes are imminent and that this kind of thing is part of field testing the product.
But in the wake of the Google Buzz privacy scandals, which resulted in the FTC having to step in, Google+ can't afford this kind of bad PR. And that goes double when "privacy" is the core concept of the Google+ project in the first place.
Update: As pointed out in the comments, it looks like a partial fix is now available, as a drop-down menu has been enabled for users to disable resharing after a post has already been made.