Kurt Opsahl provides an update on Google Buzz:
Over the weekend, Google announced significant changes to its new social networking service, Buzz. Responding to criticism (including EFF’s), Google moved away from the system in which Buzz automatically sets you up to follow the people you email and chat with most. Instead, Google has adopted an auto-suggest model, in which you are shown the friend list with an option to de-select people before publishing the list. While a full opt-in model would be less likely to result in inadvertent disclosures of private information, this is a significant step forward.
In addition, Google said it would show current Buzz users the setup process again, giving a second chance to review and confirm the follower list “over the next couple weeks.” We recommend that all current Buzz users immediately turn off the public list, and review their friend list before making it public again. (Instructions)
Google will also stop automatically connecting Picasa Web Albums and Google Reader shared items, and allow users to hide Buzz from Gmail or disable it completely.
[…]
Reports are coming in of additional privacy issues.
The Register reports that “Google Buzz is susceptible to exploits that allow an attacker to commandeer accounts and even learn where victims are located.” While a security blog now reports this was fixed, Google should conduct a thorough security review to ensure that no other problems persist.
PC World notes that Google’s “vanity URL” functionality presents users with an unfortunate choice: Either expose your email address to the general public, or host your profile at a monstrously long numeric URL.
Read more on EFF.