Last month, Google Reader started sharing all “shared” items in your feeds with all of your Gmail contacts. If you’d shared, for example, a single item with just your spouse or lawyer or business partner, that item suddenly appeared for all your Gmail contacts. Since your Gmail contacts include everyone you’ve ever sent email to or recieved email from, this ended up sharing lots of items that people would rather not have shared with business colleagues, relatives, or casual acquaintances. One person even complained that Google Reader ruined their Christmas.
There are two privacy mistakes here. The first, as Scoble points out, is the absence of full-featured, granular privacy controls. It’s a mistake to assume, as Google did, that sharing an item in a collection and sharing the entire collection are the same proposition. It’s also a mistake to assume that sharing an item in a collection with a person is the same proposition as sharing the entire collection with them. Many web calendars made the same mistake early on, allowing their users to control the sharing of calendars but not of individual events.
The second privacy mistake is to ignore the discoverability of public data. Facebook made exactly this mistake in 2006, when they decided to aggregate all the changes that were made to your friends’ profiles, and show you those changes on your Facebook home screen. Everything they were aggregating was technically public information from your friends’ profiles, but people screamed bloody murder. The same thing happened with Google Reader; although the shared items were, technically, publicly accessible via obfuscated URLs, the only way to visit one was to receive the URL from a friend. The new sharing feature radically changed their discoverability.
When a piece of data is practically undiscoverable, users treat it as non-public. When that item’s discoverability is then increased, users react as if their privacy has been breached. (This is actually the flip side of security by obscurity, where a program assumes that undiscoverable means private. The reason software makes this mistake is because people do.)
Mosuki has had full-featured, granular privacy control from the beginning. And it lets you control both how easily your friends can discover your group-only events, and how easily anyone on the internet can discover your public events. And these are features that can, and should, be applied to any system that involves sharing potentially privileged data. Sounds like Google Reader users might like them.