Dead End: Google Buzz
Zusammenfassung
Google launched Buzz on February 9, 2010, embedded directly into Gmail with 176 million users. Within 48 hours, it had become a privacy scandal. Buzz’s default behavior automatically made public — to all of a user’s Gmail contacts — the people that user communicated with most frequently. For users whose ex-partners, estranged family members, abusive former spouses, and confidential professional sources were in their Gmail contacts, this was not a minor inconvenience. It was a disclosure of associations they had actively chosen not to make. Google settled a Federal Trade Commission investigation in 2011, paid $8.5 million in a class action settlement, and shut down Buzz on October 14, 2011 — twenty months after launch. The failure of Buzz was the direct catalyst for Google+, Google’s next attempt at social networking — and for the stricter privacy review processes that Google+ was supposed to embody. Google+ also eventually failed, but more slowly and without the immediate crisis that ended Buzz in days.
The Social Pressure
Google’s concern about social networking was institutional by 2009. Facebook had 300 million users and was growing at a rate that threatened Google’s assumption that search was the primary internet navigation layer. If users discovered content through their social graph rather than through search queries, Google’s core advertising business faced structural risk.
Google had tried social before: Orkut (2004) had become dominant in Brazil and India but never penetrated the United States. Google had observed Facebook’s growth and had not found a response.
The Buzz project was led by engineers from the Gmail team — notably Todd Jackson, the product manager in charge of Gmail and Buzz. The core idea was straightforward: Gmail users already had rich communication graphs — they knew who their contacts were, they already had a messaging interface, they were already spending time in Gmail. Adding social sharing to Gmail was a minimal change in surface area while reaching Google’s entire logged-in user base.
The technical insight was about distribution rather than features. Building a new social network from scratch required convincing users to visit a new URL, create a new account, and convince their friends to do the same. Every social network faced this bootstrapping problem. Gmail already had the users. Buzz would live inside Gmail.
The Launch and Immediate Crisis
Buzz launched February 9, 2010, as an automatic addition to all Gmail accounts. Upon signing in to Gmail after the launch, users saw a new “Buzz” section in the Gmail sidebar and a notification that they had automatically been connected to followers — a list of people Buzz had selected based on Gmail communication patterns.
The automatic follower selection was the crisis point. Buzz identified the contacts a user communicated with most frequently via Gmail and Google Talk, and automatically created a two-way following relationship. More critically, these follower connections were public by default — viewable by anyone, not just the user and their contacts.
The implications spread immediately through the early-adopter and journalism communities on Twitter. A user whose Gmail contained frequent communication with a therapist, a divorce attorney, a former domestic partner, or a confidential source discovered that Buzz had made that communication pattern public. Users with anonymous Gmail accounts found their anonymity broken because Buzz connected their Gmail identity to their real-name contacts.
Harriet Jacobs, a blogger who wrote publicly as “fugitivus,” wrote a widely read account of how Buzz had exposed her contact patterns to a person from whom she had been hiding, describing being reconnected to someone who had previously caused her harm. The post was picked up by tech publications and mainstream media. It was the clearest articulation of how Buzz’s defaults could cause direct harm to specific users.
Within days of launch, privacy advocates had filed complaints with the Electronic Privacy Information Center (EPIC) and had requested FTC investigation. The FTC had jurisdiction because Google’s privacy policy had not disclosed this type of social connection disclosure, and automatically connecting users’ private communication data to a public social profile appeared to violate the existing policy.
Default Exposure vs. Default Private
Buzz’s core design error was not technical but philosophical: it defaulted to exposure rather than privacy. A well-designed social feature adds users to a private network and asks whether they want to make connections public. Buzz added users to a public network and asked whether they wanted to make connections private — a one-click opt-out that required users to recognize they had been exposed and then take action to undo it. For users who did not understand what had happened, or who did not check their Buzz settings immediately, the exposure persisted. The gap between recognizing a problem and acting on it is where privacy harms concentrate.
Google’s Response
Google’s response was faster than typical for a large company facing a product crisis. Within five days of launch, Google pushed three changes:
- The automatic follower connections were changed from a following relationship to “suggested follows” — users had to confirm connections rather than being connected automatically.
- Follower lists were made non-public by default for new users.
- A clearer opt-out mechanism was added to the Gmail interface.
These changes addressed the most acute problem but did not undo the exposure that had already occurred for the approximately 9 million Gmail users who had interacted with Buzz in its first week.
Google CEO Eric Schmidt made a public statement acknowledging that the launch had “been a real awkward experience” and that Google had “launched it in a way that was kind of a mistake.” This was followed by more specific engineering communication from the Buzz team about the changes being made.
The FTC opened a formal investigation in March 2010, examining whether Buzz’s default behavior had violated Google’s privacy policy and the FTC Act’s prohibition on deceptive practices. Google cooperated with the investigation.
The FTC Settlement
In March 2011 — thirteen months after Buzz launched — Google settled the FTC investigation. It was the first time the FTC had taken formal action against Google for a privacy violation. The settlement’s terms:
- Google agreed to implement a comprehensive privacy program with regular third-party privacy audits for twenty years.
- Google could not misrepresent its privacy practices.
- Google agreed to not use data from a product that users had not explicitly joined to populate a new social product.
- A class action settlement of $8.5 million was reached separately, with funds distributed to privacy organizations rather than to individual users (the pool of affected users was too large and individual damages too difficult to calculate for direct distribution).
The twenty-year audit requirement was significant: it gave the FTC ongoing oversight of Google’s privacy practices through 2031. Subsequent Google privacy incidents — including the Google+ data breach in 2018 — occurred under this consent decree framework.
Buzz’s Shutdown and the Transition to Google+
Google shut down Buzz on October 14, 2011, folding its remaining features into Google+, which had launched in June 2011. The official announcement framed the shutdown as a consolidation: Google wanted to focus social features on Google+ rather than maintaining multiple social products.
The more accurate narrative is that Buzz had never recovered from its launch week. User engagement statistics were not publicly disclosed, but internal Google data — later described by employees in accounts of the period — showed that Buzz had not achieved meaningful ongoing use after the initial curiosity period. The Buzz “community” that formed was small, consisting primarily of tech journalists and Google employees who used it as a test ground.
The privacy crisis had also created reputational damage that made Buzz a liability. Every negative story about Google privacy in the months after launch referenced Buzz. When Google was trying to establish Google+ as a trustworthy social network, having Buzz visible in Gmail was a reminder of the last attempt’s failure.
Google+ was explicitly designed with Buzz’s failure in mind. The privacy controls — Circles for audience selection, explicit consent for each connection — were a direct response to the auto-connect default that had caused Buzz’s crisis. Google’s internal review process for privacy implications of new features was strengthened specifically as a result of the Buzz experience. The FTC consent decree required privacy review to be institutionalized.
Google+ failed for different reasons — network effects rather than privacy — but it did not fail in the same way Buzz had. It launched without an immediate scandal. The privacy controls worked as designed. The failure was the slower, quieter failure of a social network that could not achieve engagement because its users’ social connections were already on Facebook.
The Buzz-to-Google+ Pipeline
The team that built Buzz largely moved to Google+. Vic Gundotra, who led Google+, brought in engineers from the Buzz project along with significant new hires. Some of the technical infrastructure of Buzz — the real-time update system, the comment threading model — was carried forward into Google+. The Google+ team treated Buzz as a lesson, not a prototype: they were rebuilding, not extending. The result shared some DNA with Buzz but avoided its most obvious failures.
Dead End: The Email Graph Is Not the Social Graph
Buzz’s failure illuminates the difference between two kinds of graphs: the communication graph (who you email) and the social graph (who you want to be publicly connected to).
Email contact patterns encode relationships people have chosen not to make public: professional contacts who don’t know each other, family members in different social circles, confidential relationships, people you email for administrative reasons without social connection. The communication graph is rich with private information precisely because email is assumed to be private.
Social graphs are explicitly public. Facebook’s graph — who you have friended — is built from active decisions to connect publicly. Users know their friend lists are visible and choose to make them so. The social graph encodes the public representation of relationships, not the complete record of communication.
Buzz treated the communication graph as equivalent to the social graph and defaulted to making private communication patterns public. This was the core error. It was not that social features in Gmail were impossible — Google+ has functional social features, and Gmail has social features today (Chat, Meet integration). It was that the existing private data in Gmail — the contact frequency patterns — could not be used as the basis for a public social feature without user consent.
Default privacy is the lesson Buzz encoded for the industry. After Buzz, no serious social product launches with public-by-default connections. The experience — and the FTC consent decree’s explicit prohibition on using data from one product without consent to populate another — established that users must affirmatively choose public disclosure. The lesson is now regulatory requirement as well as design principle.
📚 Sources
- Jacobs, Harriet: “Google Buzz: A Personal Story” — Fugitivus blog, February 13, 2010
- FTC: “Google Agrees to Change Its Business Practices to Resolve FTC Charges Over Buzz Social Network” — FTC Press Release, March 30, 2011
- Bilton, Nick: “Google Buzz Privacy Problems” — New York Times, February 14, 2010
- Google Buzz — Wikipedia
- Google Blog: “Introducing Google Buzz” — February 9, 2010
- Google Blog: “Saying Goodbye to Google Buzz” — October 14, 2011