Slashdot Mirror
Privacy Complaint Against Google's GMail Service
CRCates writes "Privacy groups in the UK have filed a complaint against Google over its new Gmail service. Privacy groups said they were concerned about Google's ability to link a user's personal details, supplied in the Gmail registration process, to Web-surfing behaviour through the use of a single cookie for its search and mail services. "
"These providers can't just do as they please and hide behind a contract," Privacy International's Davies said.
YES they can! it's called an eula...
If someone has a problem with the way the advertising is done, then they shouldn't use it. It is not like Google is hiding all of this information from their users.
All of this complaining and bickering for a service that is not yet released...
Trying is the First Step to Failing --Homer Simpson
I will note, however, that at least in the United States we went ahead and outlawed indentured servitude, even though (a) it was usually entered into voluntarily (b) it often had a net benefit to the indentured party. Still, we felt that the moral and social cost of the "servitude" part was too high to allow individuals to enter into that sort of contract.
Perhaps the privacy advocates are arguing along the same lines here.
I will also note that while Google claims that one of their corporate policies is "don't be evil", they also absolutely refuse to discuss or explain almost any facet of their operations. Just a thought.
sPh
If you don't the terms and conditions go with another mail provider.
But I suppose when Google is the only mail provider providing a gig of space, it's no wonder why privacy advocates are jumping up and down.
You can't have your cake and eat it too. Google is a private company. They own the servers and the bandwidth. These privacy advocates can go jump as far as I'm concerned.
"Residual copies of email may remain on our systems, even after you have deleted them from your mailbox or after the termination of your account," Google's Gmail says in its privacy and terms of use sections.
/you/, but not to /us/.
:)
/that/ different in Europe?
snip
"If a person deletes an email, he should be confident that email is actually deleted," said Maurice Westerling, co-founder of Bits of Freedom, another privacy interest group, based in the Netherlands.
MS Exchange has settings for the email retention period. If you delete something from your mailbox in Outlook, then empty your Trash folder, it's effectively gone from your view and you've no way to retrieve it. It is however stored in Exchange for as long as the administrators wish to hang onto it (and that "deleted" email is, indeed, backed up and restorable).
If you shift-delete an object out of your Inbox, using that wonderful permanent-kill technique that the tech-savvy thinks protects and anonymizes their email... it's stored for the email retention period listed by the sysadmins, is backed up, and is restorable. It looks very dead to
(fyi, the only real way around this is to edit your Outlook client so that you can get the Recover Deleted Items option on every object in your inbox [as opposed to just the Recycle Bin], then habitually view -- and purge -- that information on a schedule that is more frequent than the one used for our backups. That'd work.)
Anyway, the shorter point is, this kind of thing happens. The reason is happens is liability. If a criminal organization is using Google's GMail system for planning a robbery, or if a terrorist group decides they want to attack rail systems in Europe and wants to do so by using random public terminals to sign into email accounts that someone else hosts, it's a problem. If law enforcement comes looking and Google has to say "Oh, sorry - we respect privacy so much that we absolutely and permanently delete all traces of all email the second you touch the delete object!", it will not be a pleasant thing. The investigators will not be happy.
Alternate question; do you really think that your email is permanently gone from Yahoo! and Hotmail?
Do you really think they can't restore to an arbitrary point in time?
Do you think they wouldn't turn that info over to law enforcement in a heartbeat if a court order came down?
Are the rules
in spam report. The same spam keeps coming
again and again.
Well, even if they wanted... They'd have to
hire at least the whole population of China.
Or invent a REAL artificial intelligence, which
itself has more value than all our Yahoo mails.
Am I the only one with ZERO sympathy when users of FREE services whine?
--- Ban humanity.
As has been stated elsewhere, this isn't about whether or not Google's policies state what they are doing, it is about whether such a policy breaks European privacy laws. Would you let a European company offer a service in the US that was illegal, as long as it wasn't compulsory to use it?
It would be interesting to see the reaction on /. if this had been a Microsoft service.
I don't think most people would have a problem, as long as it was not useable only from Windows, or only with MSIE, or other lock-in strategy.
Hotmail doesn't work with Opera: I wonder why. Accidental "We cannot possible test with every browser"? Or deliberate "We don't want to encourage browsers other than ours"? Or between "Opera compatability is bottom of the list"? It looks to me as if M$ is trying to use Hotmail as a lever against any competitor. If Google shows a sniff of such an attude, I will criticise it - but not till then.
Consciousness is an illusion caused by an excess of self consciousness.
Hell yeah, check out Yahoo's web beacon tech http://privacy.yahoo.com/privacy/us/pixels/details .html. It's not a data retention thing, but it seems far more evil than targetted ads. And is opnely admitted for use in profile building.
Ok, that's fine. But when I decide the deal is off, I want a guarantee that you will personally go through every marketing database on earth and delete my details, so I am totally free and clear.
No? Well maybe we could just REGULATE IT NOW BEFORE IT'S A FUCKING PROBLEM THEN.
Sorry, but I am sick to death of this 'well then don't use it then' argument. 'Complaining' has another name, and it's 'telling a company what the consumer wants.' In this case the geek user market wants better privacy, so why do you insist on defending Google?
Read Pynchon.
Is it not obvious that there would be something like this associated with their service? They are offering far more than the norm as far as space for the email is concerned (I believe 5mb is roughly the norm).
;)
How naive would someone have to be to believe that they are simply offering 1gb to anyone and everyone for absolutely nothing in return.
It started as google.com, not google.org
Erase the cookie.
Doesn't do anything if I voluntarily sign into an account.
Heck, if Slashdot partnered with DoubleClick (and I didn't block ads), it'd be pretty easy to track whatever I do on the Web as well.
Don't use the service.
Doesn't mean it's not a legitimate complaint, though, about the service.
How do you know Yahoo! doesn't read all it's mail?
We don't, though it seems like the whole Yahoo Mail thing is at least as intrusive as Google -- and Yahoo tries to handle all manner of services as well.
I use Google on a "session cookies only" basis, and block ads, which makes it at least somewhat difficult to tie different online personas together.
I do have one (IMHO) legitimate privacy grievance with Google's operation. Google does not let you save preference options in the content of an URL -- language, results size, image content filtering, etc. It is technically possible (and really, pretty easy) to do so, but they prefer to force me to retain a permanent cookie on my system if I wish to use these features (or set the content each time I visit their site). There's a constant nag to give the degree of privacy that I *do* have, which I'm less than thrilled about. I consider search engine cookies pretty much unacceptable based on the sheer amount of data they hand out. You don't have to be searching for how to defraud your employer or for child porn to be uncomfortable with someone having a complete record of everything you're looking for. I view search engines as a tremendous data leak out of companies. Do you Google for things that you're doing research on, or companies that you might be doing business in, or areas/markets that you might be entering? That's sensitive data. What about having a "terrorist keyword red flag list"? Search engines would be an incredibly rich resource for fishing expeditions to find suspicious folks, simply because of the sheer amount of data involved. You think you ever mind wind up in politics? Do you want your opponent to ever be able to dig up the fact that you searched for images of a gay porn actor fifteen years ago? There's an awful lot of very nasty things that can be done with search engine data. Google, on the whole, might be currently playing nice, but that's no guarantee that they will do so in the future, post-IPO, when shareholders are demanding more profits and a partnership with DoubleClick could net Google a loooot of money...
May we never see th
I got excited about this almost ten years ago. I installed PGP in my email client, made my keyring (or whatever it's called) and sent a few test messages to myself. After a couple of years in which time I never found anyone who even understood the idea, I gave up, never bothered to reinstall when I moved to a new PC.
I was intrigued by the following statement in the article:
I live in Sweden. I don't know about Germany, but I have never heard of any government-backed agency in Sweden actually blocking access to foreign services for any reason, and in particular not for such a silly reason as sign-up procedures not compliant with Swedish law! If anyone can guess what the article author is referring to here, please let me know.
I have been trying for years to have my employer (a state university) merely consider blocking certain foreign ISPs from pouring junk mail over ourselves, but every suggested policy in that direction has either been rejected with a vague reference to the law prohibiting that, or not seen any response at all. I find it hard to believe that anybody in Swedish public administration would officially approve of blocking third-party traffic, let alone actually do it.
Basically between the archived e-mail, the search engine cookies and the social networking engine, there is an excellent, detailed data set.
European privacy law is, for the time being, much stricter than in the U.S. and it would be a good thing to bring the U.S. up to standard. Likewise, some countries are years (238 years) ahead of the U.S., Britain, France and a few others in regards to keeping public records accessible. If the U.S. and the EU had the same public access as Sweden and Finland have written into their constitution, more than a few expensive scandals could have been prevented.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
The problem is not so much one of monitoring by governments and ISPs. Western governments by and large really do not care that much, and, in any case strong crypto and spoofing of all varieties is readily enough available that those who want privacy for high-value matters relating to, say, business, or national security, that it's not such a worry in those spheres.
For me it's more a case of - these days, once the Govt., or the intelligence and security services, have this monitoring infrastructure, it goes something like this:-
Year 1: The tax and benefits departments in the Govt will ask the spooks to start sharing. The police will ask for access also.
Year 2: The entire Government - health, pensions, local govt. etc., education - will all want it. Schools will use it to vet new employees.
Year 3: Security-conscious corporations like banks and airlines will demand access.
Year 4: The whole damn lot will be available on a couple of DVDs at your friendly local market... at least if you live in Moscow or Jakarta.
Year 5: "Check Other Peoples' Email" toolbar appears on Google. The dying embers of the snailmail service are suddenly brought back to life by the return to fashion of the traditional love letter.
and the government could sell our SSN's to the highest bidder to bring down the debt.
It's at least as likely. Look at the track record of Google versus the track record of the Govt. Which one would you rather play poker with?
Check out my sysadmin blog!
> by retaining a subscriber's email even after they have deleted it or cancelled their account Google is breaking those laws.
The irony is that this is probably just a caching issue, and no one would have noticed or cared if Google hadn't been so honest about it...
Think about it: things that get "deleted" on HDs don't actually get deleted until you overwrite that sector; why is this such a concern? If anything, I'm more inclined to trust them since they're so forthcoming...