Google+ is out and the Internet populace has hit it like a bag of hammers (so hard in fact that Google had to shut down invites for a while due to overwhelming demand.) In the wake of this sudden surge of attention, possibly generated by all the hype, a potential privacy flaw as surfaced: it’s possible for your friends to re-share your content outside of the circle of influence you originally set.

This particular flaw isn’t anything on the order of magnitude of Google Buzz’s notorious issue. With Buzz, Google assumed relationships between every Google user and their contacts (which lacked priority metadata) and as a result connected people to others they really didn’t want to be connected with—and in one case an abusive ex-partner. In order to address these concerns, Google+ does away with assuming anything about contacts and simply puts them into a pool of potential information sharers.

In Google+ contacts can be sorted into groups called circles and shares can be directed at a given circle. This allows people to automatically provide boundaries for their initial shares so that they only go to their intended targets. The flaw? It’s not immediately obvious how to make sure that a shared item cannot be re-shared by people in a circle outside of the circle set by the originator. As a result, a share sent to my best friend (in my friends circle)—say an embarrassing image—could be shared outside of people in my friend’s circle.

Tim Bradshaw at The Financial Times blog picked up on this and published an article outlining the flaw and what people think of it.

This is hardly the privacy flaw that it seems, since in real life people already have this capability, and Google certainly cannot stop people from just running with what you share anyway. After all, when you put something on the Internet, and especially social networking, as Ross Lorocco says, “Your pants are vulnerable.”

However, Google does permit a sort of limited sharing capability after publishing an item to a circle—it’s just harder to find than expected. While any social media site cannot prevent people from actually re-sharing stuff wildly should they choose, it can adopt policies that code towards making them think about it before hand. In fact, on Twitter, when a feed is set to private and you can view it, you cannot use the retweet button on the feed’s tweets. This doesn’t prevent me from copy/pasting the tweet and putting “RT” in front of it (but it does remind me instantly that the feed is private.)

As Google+ allows media like personal photos and location checkins—all of which are sharable with different circles—there’s a lot of range for privacy leakage. The addition of default circles and filtering rules that allow users to automatically assign certain activities to certain circles (and to limit their exposure outside those circles) might go a long way to making Google+ more private, and behave in a manner which the circles seem to suggest it must.