Google, Security by Obscurity, etc.

Once again I’m hanging out with family and the blog-o-sphere goes mad about another inane issue. Earlier in the week it had something or another to do with the author of a fake blog about a real CEO writing as himself while making things up, and today it has to do with a newly launched Google Reader feature whereby when you “share” things you’re reading … they get shared with people on your contacts list. Whoa, quel surprise!

Now, lest you think that I come down on the side of the Google defenders on this one, I don’t. Yes, such people are right when they say that when you share things using a feature helpfully called “Share”, and when said feature doesn’t contain any method to control third-party access to the resulting shared content — other than an obscure (but public) web address — you shouldn’t be surprised that the shared content is Shared. Whoa betide you, in other words, if you work in a biology department at Yale, say, and reveal a heretofor unknown fondness for young earth theorists, intelligent design, and the Disco Institute.

The issue, however, has nothing to do with privacy, per se, but with our ongoing Google-abetted confusion of privacy with obscurity. Anyone who looked at the “Shared” feature in Google Reader probably noticed right away it had this bizarro-long URL, and immediately started sharing things, and then, unless you’re Robert Scoble, generally used “sharing” as a synonym for “starring”, both of which denote “stuff-I-want-to-think-I”ll-read-later-but-almost-certainly-won’t”. But we didn’t really care, because we “knew” that the line-noise-style URL Google Reader had given our list of shared items meant that not only could we not remember it long enough to tell anyone, but others couldn’t guess it. Mon dieu! It’s secure!

But it wasn’t secure, of course. It was just a dopey feature, poorly implemented, and badly documented. In other words, it was normal software. And when Google finally, you know, made the Sharing feature share things — it linked your sharing feed to your address book — people got all pissy because a feature created to drive blind sharing of content with relative strangers began making it easier to blindly share content with relative strangers.

Hell, to adapt a cliche, hath no fury like that of a software user whose software newly works the way the documentation says it will.


  1. Hey Paul,
    I agree that the ‘uproar’ was mostly shrill and overblown, with the core issue nearly lost – the feature change was simply poorly handled with regard to user expectations.