Slashdot Mirror
Privacy Complaint Against Google's GMail Service
CRCates writes "Privacy groups in the UK have filed a complaint against Google over its new Gmail service. Privacy groups said they were concerned about Google's ability to link a user's personal details, supplied in the Gmail registration process, to Web-surfing behaviour through the use of a single cookie for its search and mail services. "
It hasn't even been launched yet, it's in beta. I'd imagine the people in this beta have signed some kind of agreement where they say they cannot do anything if they are adversly affected by Gmail, so what's the problem? Of course it's a different matter when it's launched to the public.
When anger rises, think of the consequences.
Confucius (551 BC - 479 BC)
Erase the cookie. Don't use the service. How do you know Yahoo! doesn't read all it's mail?
Welcome to paranoia.
Seems to me that if they give you a free gig of space, some targeted ads aren't too much to pay. Why not use some other mail and store it on your PC if you feel this is too invasive?
This would be the cookie that doesn't expire till 2038 yes?
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
After all not even a company like google could keep track of that much information. :P
"These providers can't just do as they please and hide behind a contract," Privacy International's Davies said.
YES they can! it's called an eula...
If you don't want them to have your personal info, then don't provide it! GMail is a service, not a requirement.
You want a gig of email but with privacy? Go sign up at Spymac. It's also free, and it's already here - and not in beta. And they don't read your email.
I've got more mod points and GMail invi
BBC Article
People say I'm crazy, I got diamonds on the soles of my shoes...
If someone has a problem with the way the advertising is done, then they shouldn't use it. It is not like Google is hiding all of this information from their users.
All of this complaining and bickering for a service that is not yet released...
Trying is the First Step to Failing --Homer Simpson
I wish to complain about the post I am going to make half an hour from now. It is inflammatory and totally uncalled for.
I can understand the concerns Europeans may have, but then again, this is an opt-in procedure.
If you don't want to use Gmail, you have other options through your ISP, other free services, etc.
It just seems to me this is an extension of social networking, but from a business perspective. - target based advertising based on what you surf for based on your cookie.
It seems similar in a way to what Gnome's Nat Friedman wants to do with Dashboard. Based on your email & IM, having the desktop provide you with links to what you're talking about.
To me, the pro's at this point from what we know may outweight the cons - yes they'll target me with ad's based on my surfing behavior, but the ability to index and search my email rather than using "To" "From" and "Subject" headers is definitely a step forward in email management.
Since by the same measure, Microsoft can track a user by the personal information given through the passport/hotmail registration procedure through every website you visit using THEIR browser, every program you run on THEIR operating system, every document you read/write with THEIR office application.
Innocent until proven guilty. When they start using this for an invasion of privacy, then you can complain, at this point they haven't even offered the service, how can you complain that they've invaded your privacy.
Besides, if you don't like it, don't create an account and go back to wearing your tinfoil hat. They aren't using strongarm tactics to force you to use their product.
Jamon.
I can count to 1023 on my hands. Ask me about #132.
If you don't the terms and conditions go with another mail provider.
But I suppose when Google is the only mail provider providing a gig of space, it's no wonder why privacy advocates are jumping up and down.
You can't have your cake and eat it too. Google is a private company. They own the servers and the bandwidth. These privacy advocates can go jump as far as I'm concerned.
I'm still not entirely sure what everyone's complaint is here. You don't have to join Gmail to use google. They openly admit that they may combine data (unlike everyone else who do combine data but refuse to tell anyone about it)
If you don't want google using your data, don't give it to them. Personally, I'm happy for google to have all my data if it will improve my browsing and emailing experience, and that is my personal choice to make.
What people should be complaining about is insurance and credit card companies which buy incomplete and incorrect sets of data and judge your credit rating based on it (it's happened to me). Now thats dodgy.
Combination - fun iPhone puzzling
"Residual copies of email may remain on our systems, even after you have deleted them from your mailbox or after the termination of your account," Google's Gmail says in its privacy and terms of use sections.
/you/, but not to /us/.
:)
/that/ different in Europe?
snip
"If a person deletes an email, he should be confident that email is actually deleted," said Maurice Westerling, co-founder of Bits of Freedom, another privacy interest group, based in the Netherlands.
MS Exchange has settings for the email retention period. If you delete something from your mailbox in Outlook, then empty your Trash folder, it's effectively gone from your view and you've no way to retrieve it. It is however stored in Exchange for as long as the administrators wish to hang onto it (and that "deleted" email is, indeed, backed up and restorable).
If you shift-delete an object out of your Inbox, using that wonderful permanent-kill technique that the tech-savvy thinks protects and anonymizes their email... it's stored for the email retention period listed by the sysadmins, is backed up, and is restorable. It looks very dead to
(fyi, the only real way around this is to edit your Outlook client so that you can get the Recover Deleted Items option on every object in your inbox [as opposed to just the Recycle Bin], then habitually view -- and purge -- that information on a schedule that is more frequent than the one used for our backups. That'd work.)
Anyway, the shorter point is, this kind of thing happens. The reason is happens is liability. If a criminal organization is using Google's GMail system for planning a robbery, or if a terrorist group decides they want to attack rail systems in Europe and wants to do so by using random public terminals to sign into email accounts that someone else hosts, it's a problem. If law enforcement comes looking and Google has to say "Oh, sorry - we respect privacy so much that we absolutely and permanently delete all traces of all email the second you touch the delete object!", it will not be a pleasant thing. The investigators will not be happy.
Alternate question; do you really think that your email is permanently gone from Yahoo! and Hotmail?
Do you really think they can't restore to an arbitrary point in time?
Do you think they wouldn't turn that info over to law enforcement in a heartbeat if a court order came down?
Are the rules
Here is the privacy policy.
I didn't see anything in there about this particular topic, although there is a bit about the fact that they will be using cookies (natch).
Personally, I find it hard to be too concerned about this. My web-surfing patterns are already recorded in a "soft" way via my browser history and a much "harder" way via my ISP's access logs. I can go out of my way to use proxies and make it difficult to trace, etc, but it isn't like you can't figure out what my machine is doing (unless I'm doing some fairly advanced stuff).
My sigs always suck.
Read the EFF's Fair Use FAQ
It seems like most of the comments so far are along the lines "it's voluntary, google should be allowed to do what they want."
/. if this had been a Microsoft service.
It would be interesting to see the reaction on
Look, they aren't charging for the service, nor are they forcing you to use it.
Whether its free or not is irrelevant. In the UK, there is legislation (the so-called Data Protection Act ) which places tight constraints on how personal data is archived and managed. If the Google mail service falls foul of this act, then it does not matter whether or not the service is free; it is still breaking the law.
Tubal-Cain smokes the white owl.
The article is very clear: privacy groups aren't just arguing that Google is violating privacy, they are arguing that Google is violating the law (by violating privacy).
It seems that European privacy law is much more strict than US law, and by retaining a subscriber's email even after they have deleted it or cancelled their account Google is breaking those laws.
Huge difference.
"The market alone cannot provide sufficient constraints on corporation's penchant to cause harm." -- Joel Bakan
When I first heard about the privacy concerns involved in the Gmail project, my initial reaction was to trust Google no matter what to "Do no evil." However, perhaps we should put aside our love for the company and ask critically whether this breeches acceptable advertising practices. For me, I'm uneasy with the idea of saving "deleted" mail.
Any one else think it's odd that a privacy group is complaing about a service that isn't available to the public yet? I'm all for privacy, but let's pick the reasonable battles. It will be repeated ad nauseum here, but you don't HAVE to sign up for Gmail.
I would much rather that privacy groups spend their finite resources fighting the stuff we don't have the option of avoiding, Big Government and such.
Seems like any other organization, privacy groups have to justify their existence by creating problems where none exist.
This seems to me to be very much a knee-jerk reaction. Provided that Google is up-fromt will all this, why shouldn't I be given the opportunity to opt-in to such a service? I entirely agree that this should not be done secretly - but Google is very upfront. Surely it is not an invasion of privacy if I explicitly accept that Google will scan my mail as part of paying for the service.
I like Google Adwords. Given that advertising is an endemic part of life, and is not going to go away, Adwords is the way I want it. Let Google take all the advertising revenue with Adwords, and may the popup merchants go broke. If Google want to offer a paid-for non-Adwords service, I shall think about it - and probably not buy it.
As to keeping some of your email when you delete it - I don't think this is intentional. AFAICS Google has a "weak delete" policy - they try to recover deleted space, but if they don't recover it all, too bad - disks are cheap. So there may well be old copies of your emails hanging round. What the hell - they are not indexed, so it will take a deep search to find it. Do Yahoo, Hotmail & Co guarantee a destructive overwrite when they delete your mail? I doubt it - in which case they might have an old copy lying round on their disks.
So, privacy people, don't spoil what looks like it might (subject to confirmation, of course) be a useful, opt-in service because of arcane potential privacy problems.
Consciousness is an illusion caused by an excess of self consciousness.
in spam report. The same spam keeps coming
again and again.
Well, even if they wanted... They'd have to
hire at least the whole population of China.
Or invent a REAL artificial intelligence, which
itself has more value than all our Yahoo mails.
Thank you.
I have several credit cards attached to my frequent flier program. I get a couple more e-mails and a couple more snail mails a month, but for no additional effort on my part (except for skimming through a couple of offers each month), I get a few thousand extra frequent flier miles each year. It's not enough for a free flight on its own, but it can push me over the edge if I'm close enough.
They have all kinds of information on me -- spending habits, information on where I live and where I travel -- but I entered into the contract willingly. I gave up a small part of my privacy in exchange for a benefit to me.
You can never go home again... but I guess you can shop there.
I mean, think about it. Let's say that you have webmail with one of the other major providers. Somebody sends you mail. You reply. They reply. Now your email has a couple of levels of ">" in it. Wouldn't it be nice if they highlighted those in different colors or something?
/. said about ads that if they made sense, they wouldn't mind 'em? Guess what - that's targetting. And how they're supposed to make sense and be timely without some kind of processing is beyond me.
Oh, wait - they already do that? (Note: at least, this was common the last time I bothered with webmail which was some time ago). Guess what - that's "reading" your mail as well. In fact, they're just changing your display - without changing the verbal contact of your message - to make it more convenient for you.
Isn't that also a (reaching, but legitimate) description of providing targetted advertising? I mean, how many times have people here on
As for the article's complaint, it seems to focus around the fact that when you "delete" an email, Google doesn't guarantee that it goes away immediately. Their message seems to be talking about cache updates though - if they were willing to amend it with a service guarantee that within xx hours your email would be deleted, that would probably do the trick. Of course, then people would be arguing that they needed to provide complete file-trashing (triple overwrite, etc) as well, even though your regular email client and ISPs email account probably don't do that.
I think its just a case of being too cautious in their terms of use. In this case, being too honest where the other major providers are being "honest enough," and not worrying about caches, et cetera. Of course, they may be planning to use your old email for nefarious purposes, but somehow I doubt it. Either way, they should clarify their statement.
You're special forces then? That's great! I just love your olympics!
Email in its basic form is not, nor has never been, private. There have never been any promises that email was private. I remember from the first time I used email that it was always likened to mailing stuff on a postcard, not in a sealed envelope. It's also not like Google is trying to hide the fact that they are scanning your emails. It is right out in the open in the terms of agreement. If you don't agree, don't sign up...
I've petitioned the town council to have her windows boarded up.
Seeing bad movies only encourages them. Watch responsibly
Am I the only one with ZERO sympathy when users of FREE services whine?
--- Ban humanity.
Is it just me or is this whole GMail thing an April Fools prank gone horribly wrong?
Read the Google news release again:
The inspiration for Gmail came from a Google user complaining about the poor quality of existing email services, recalled Larry Page, Google co-founder and president, Products. "She kvetched about spending all her time filing messages or trying to find them," Page said. "And when she's not doing that, she has to delete email like crazy to stay under the obligatory four megabyte limit. So she asked, 'Can't you people fix this?'"
The idea that there could be a better way to handle email caught the attention of a Google engineer who thought it might be a good "20 percent time" project. (Google requires engineers to spend a day a week on projects that interest them, unrelated to their day jobs). Millions of M&Ms later, Gmail was born.
Kinda fishy.
if you're so concerned about gmail, stick with M$ hatemail and the 1mb limit or whatever that piece of crap gives you.
As has been stated elsewhere, this isn't about whether or not Google's policies state what they are doing, it is about whether such a policy breaks European privacy laws. Would you let a European company offer a service in the US that was illegal, as long as it wasn't compulsory to use it?
As it is clearly stated in the article, the problem is with EU law, which among other things states that individuals are in charge of information about them; this means that they can request to see all information held about them and to get it deleted. Storing private emails after the user has deleted them seems to run counter to this law.
Furthermore, in many EU countries there are certain rights that you cannot sign away in a contract, so Google cannot just point to the terms and conditions.
The solution might be to prevent EU residents from signing up to Gmail.
We don't give Microsoft a free pass, and it's time we stopped giving Google the benefit of the doubt. This whole GMail thing REEKS of privacy abuse potential.
"Ask not what your country can do for you." --John F. Kennedy
You just won silliest analogy on Slashdot for the day.
A coupon for a free "dinner for one" at the Country Kitchen Buffet is headed you way, and will arrive in a year or two.
--- Ban humanity.
OK fine. So you don't have a GMail account, but what if you send mail to one?
Your boss: "I'm on the road - send me your status report IMMEDIATELY to yourboss@gmail.com"
Recruiter: "I have a job for you - send me your resume at somerecruiter@gmail.com..."
Does anybody else find it creepy that this article is posted at Yahoo?
I don't want to jump on the SlashThink wagon, but does anyone storing e-mails on a free remote server have an expectation of privacy about automated searches and indexing? After all, your e-mail has to be read by machine at some point or another, or it isn't an e-mail. And is should be backed up. The only thing I can see about this is Google stuck their foot firmly in their mouth about basically accepted industry practices.
The ______ Agenda
It's hardly a new problem on the Internet that one can't delete messages from the past...
Do you or your partner snore? - Visit www.snoring.com.au
Ok, that's fine. But when I decide the deal is off, I want a guarantee that you will personally go through every marketing database on earth and delete my details, so I am totally free and clear.
No? Well maybe we could just REGULATE IT NOW BEFORE IT'S A FUCKING PROBLEM THEN.
Sorry, but I am sick to death of this 'well then don't use it then' argument. 'Complaining' has another name, and it's 'telling a company what the consumer wants.' In this case the geek user market wants better privacy, so why do you insist on defending Google?
Read Pynchon.
Is it not obvious that there would be something like this associated with their service? They are offering far more than the norm as far as space for the email is concerned (I believe 5mb is roughly the norm).
;)
How naive would someone have to be to believe that they are simply offering 1gb to anyone and everyone for absolutely nothing in return.
It started as google.com, not google.org
I'm sure the first thing the hotmail staff do when they get into work on a morning is read all my mail to find out what a fascinating life I lead.
As soon as Bill Gates and his henchmen manage to reconcile the facts that I am a 104 year old man from Zimbabwe, lots of hot teens want to meet me and I have a massive interest in cable descramblers then I am sure they have some evil plan to oppress me.
Whats the diffrence between Hotmail, Yahoo, Every other free email provider out there And Google..
Nothing, google is just upfront and honest about whats happening to your emails.
They have to "scan" through them to provide virus and spam protection.
They will use there distributed approach to searching to provide fast web based email services. This means your email could be on 100's of there servers at the same time. When you hit delete it might take a while for it to be removed from all systems.
Here a company steps forward and is 100% honest about what they are doing and we flame them.
No wonder we have to deal with lame support and excuses from companys every day.
Personal Website
I got excited about this almost ten years ago. I installed PGP in my email client, made my keyring (or whatever it's called) and sent a few test messages to myself. After a couple of years in which time I never found anyone who even understood the idea, I gave up, never bothered to reinstall when I moved to a new PC.
I don't think that's the problem. The UK Data Protection Act requires that personal information be purged if the person in question requests it. Google seem to be saying that there is no assurance that this will happen. From Google's privacy policy "[Google does not] guarantee the deletion of emails that are archived even if you cancel your account."
It's good that Google are being up front about this but even so, it simply isn't compatable with UK law.
I use Netscape and Mozilla. I started each off with an empty cookie file and visited the sites I wanted to not log into later, like /. . I saved a copy of this file as cookies2. n=Now when I'm done I delete the cookie file and save cookies2 as cookies and avoid all the spyware crap everyone thinks they deserve.
Also if you block all third party cookies, you much less crap to delete anyway.
Professional Politicians are not the solution, they ARE the problem.
btw. I tried to sign up, but they send an email to you with a link to activate your account, but I still didnt get the mail (its been 6 hours)...
/var/www/www.spymac.com/classes/global_class.inc on line 617
This happened as soon as I had to submit my reg form:
Warning: mail(): Could not execute mail delivery program '/usr/sbin/sendmail -t -i ' in
So it would seem registrations aren't really working on their end. Sorry but I wouldn't say SpyMac isn't looking like a viable alternative to something Google can put out (yet)...
---- scrm
I was intrigued by the following statement in the article:
I live in Sweden. I don't know about Germany, but I have never heard of any government-backed agency in Sweden actually blocking access to foreign services for any reason, and in particular not for such a silly reason as sign-up procedures not compliant with Swedish law! If anyone can guess what the article author is referring to here, please let me know.
I have been trying for years to have my employer (a state university) merely consider blocking certain foreign ISPs from pouring junk mail over ourselves, but every suggested policy in that direction has either been rejected with a vague reference to the law prohibiting that, or not seen any response at all. I find it hard to believe that anybody in Swedish public administration would officially approve of blocking third-party traffic, let alone actually do it.
Again I would imagine that it is your concern whom you send mail to, if you don't trust a mail domain then you should not send mail to it. This is valid not matter what domain you are sending to.
If you are going to argue about the sender not being aware of what is going to happen to their mail remeber that's the same when you send to Hotmail or whatever, it's up to you to read the fine print when you send mail to someone.
The slashdot post and the second half of the article point out the complaint that Google has the capability to link all your past searches to the email you input to be kept informed of GMail developments. This would be something that is happening NOW, not later.
While I optimistically doubt Google will ever do anything heinous by linking my searches for "home construction photos" and "windows 2000 webdav locks up" to my email account, I recognize that some people don't want their searches for "cat snuff films" and "dog attacks cat" linked to their email, catlover@mail.com.
Basically between the archived e-mail, the search engine cookies and the social networking engine, there is an excellent, detailed data set.
European privacy law is, for the time being, much stricter than in the U.S. and it would be a good thing to bring the U.S. up to standard. Likewise, some countries are years (238 years) ahead of the U.S., Britain, France and a few others in regards to keeping public records accessible. If the U.S. and the EU had the same public access as Sweden and Finland have written into their constitution, more than a few expensive scandals could have been prevented.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Boo hoo!
Somebody call the whaaaaambulance!
First: If you read the EULA before you checked the box, you'd know about how they're going to use the info. So, it's not an invasion of your privacy. You told them they could do it! You 'signed the contract'.
Second: They're not trying to hide what they're doing AT ALL. They should be commended for that. It's stated right there on the main page.
Third: You should know by now that privacy doesn't exist. If you need to hide something, don't hide it on a cheapass server owned by someone else. Get your own co-located box and encrypt your mofo-email! PGP, baby. Or get a Hushmail account.
Fourth: It really is a genius revenue model. Minimally invasive. Text-ads are acceptable. Unlike Hotmail & Yahoo, Gmail won't have any annoying banner ads or pop-ups. That is awesome.
geeks are cats who dig a certain kind of cool
The problem is not so much one of monitoring by governments and ISPs. Western governments by and large really do not care that much, and, in any case strong crypto and spoofing of all varieties is readily enough available that those who want privacy for high-value matters relating to, say, business, or national security, that it's not such a worry in those spheres.
For me it's more a case of - these days, once the Govt., or the intelligence and security services, have this monitoring infrastructure, it goes something like this:-
Year 1: The tax and benefits departments in the Govt will ask the spooks to start sharing. The police will ask for access also.
Year 2: The entire Government - health, pensions, local govt. etc., education - will all want it. Schools will use it to vet new employees.
Year 3: Security-conscious corporations like banks and airlines will demand access.
Year 4: The whole damn lot will be available on a couple of DVDs at your friendly local market... at least if you live in Moscow or Jakarta.
Year 5: "Check Other Peoples' Email" toolbar appears on Google. The dying embers of the snailmail service are suddenly brought back to life by the return to fashion of the traditional love letter.
Dumb slashdot gets me all worked up over nothing. Now granted, I suppose I could do things like, read beyond the headline, but, well, it's slashdot.
Anyway, yeah, privacy complaints, sure. For a service that nobody can use yet. You know, I'd like to register a privacy complaint for Duke Nukem Forver, there's some nasty DRM in that. And I think my sky car is bugged with a hidden camera.
You know, I honestly don't know why I'm even typing this crap. I mean, I'm trying to be funny I guess, but ever since they took the funny karma bonus away, you know, what's the point? The Slashdot FAQ tells me that I have to be smart, not just a smart ass. Well, sorry Taco, I don't know how to do that. So I, like the smartass I am, will now click the "Submit" button, and watch my karma cook!
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
So you send email to their address at GMail, and... okay...
I suppose it could link the contents of the email to your email address/name
(which they could already anyway), but it can't place a cookie of any type on
your system by receiving an email from you. So, the person you're sending to
might be profiled from the email, but that was happening anyway. They made
the choice to subject themselves to it.
You're still personally as safe from that as you ever were.
(\(\
(^v^)
(")")
This is the cute vorpal bunny virus, copy to your sig or runaway, runaway in fear!
Privacy isn't just an issue of "Big Brother." Identity theft is a real concern here in the US.
"More than 27 million Americans have been victims of identity theft in the last five years, a survey released today by the Government estimated, including nearly 10 million in the last year alone. " (Source: NYTimes, September 3, 2003)
"According to the [2003 FTC] survey, 67 percent of the respondents said their credit card accounts had been misused in the past year. Another 19 percent said thieves had tapped into their checking or savings accounts." (Source: NYTimes, September 3, 2003)
"Around 80% of computer crime is committed by 'insiders'. The 20% that is not done by insiders, manage to steal $100 million by some estimates; $1 billion by others." (Source: Web Crime Statistics. www.intergov.org)
Europe has much stricter privacy laws and as a result, they have much less identity fraud. I'd welcome more restrictions in the US about privacy. The bottom line is, Google does business in Europe, and their privacy statement may conflict with their laws...complaint filed.
-
Tech News, Reviews and Tutorials
I felt pretty dumb, having given them my prime email address (myfirstname@mylastname.net), then realising afterwards that through the magic everlasting cookie I had just enabled Google to link every search I had ever done back to ME personally. Like, DUH!
Heck, I don't even know what "interesting" data might be in there, but seeing as it's about ME, I damn well ought to be able to get access to it (under UK law).
More here.
That is what people are getting annoyed about - not the email service itself, just the registration process.
As technology accumulates, the hatred between people tends to decrease. - Steven Pinker
"OK fine. So you don't have a GMail account, but what if you send mail to one?"
Additionally, it won't actually be that easy to tell if you are sending to a gmail.com domain. For example I own my own domain and simply redirect email to my ISP email account rather than pay for email hosting. So if you send email to any of my email addresses (something @ mydomain.com) you have no idea where it is actually going. Not currently to any webmail service, but in the future, who knows?