Google less privacy aware than Facebook?

Summary:Google+ encourages users to give out information that could compromise their security and its privacy selling point — its circles — are actually a subset of Facebook's friends lists, according to researchers from the University College London in the UK.

Google+ encourages users to give out information that could compromise their security and its privacy selling point — its circles — are actually a subset of Facebook's friends lists, according to researchers from the University College London in the UK.

(Facebook privacy image by
Sean MacEntee, CC2.0)

In their paper, Preliminary Analysis of Google+'s Privacy (PDF), the two researchers, Shah Mahmood and Yvo Desmedt, compare some of the privacy features of Facebook and Google+, including the use of friends lists and circles to maintain privacy settings.

They claim that "Facebook lists are a superset of Google+ circles, both functionally and logically, even though Google+ provides a better user interface". The pair highlight that the main difference between the two social networks is the possibility of exclusion. Under Google's currently implementation, if a user had arranged users into a "Friends" circle with some of those people also included in a "CoWorkers" list, it is not possible to send content to "Friends" while excluding "CoWorkers" who may also exist in the "Friends" list.

The researchers said that the ability for Facebook to do this made it more robust than Google's circles.

"In Facebook, we can limit access of our content to a list which is subsets of a set of lists with whom the content is shared. This means, we can share a message with a list called "All" (containing all our contacts) and still make the content [invisible] to our "CoWorkers".

Another privacy concern raised by the researchers was how Google+ extracts metadata from photographs uploaded to the social media site. As an example, the pair showed they were able to identify what camera Google co-founder Larry Page uses. They said that knowing this level of detail could be a concern, given there have been past incidents where victims were killed for their cameras. In some cases, cameras are worth thousands of dollars.

Further, cyber-stalking behaviour is encouraged through the information that Google+ encourages users to provide. When filling out a Google+ profile, the "Other Names" field encourages users to fill out their maiden name or alternate spellings of their name.

"Messages, photos and comments on social networks and other online sources can be used to infer family relationships," the paper stated, adding that mothers' maiden names are a common secret question for verifying identity.

But the paper wasn't entirely negative towards Google's social media platform. It noted that Google+ employed full-session encryption while Facebook only did so for user authentication, making Facebook more prone than Google+ to a man-in-the-middle attack where hackers could intercept user traffic to view or modify the content.

It also noted that Google has granted users a greater number of options for handling content once it is uploaded to its social network. Comments on posts can be temporarily disabled, while Facebook's controls require blocking a user from their entire wall. Sharing, similarly, can be disabled to stop other users from easily re-sharing content.

Finally, the research noted that users can retroactively edit their comments on Google+, which is time-stamped — neither feature is possible on Facebook.

Topics: Google, Privacy, Security, Social Enterprise

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.