Slashdot Mirror
On The Privacy Subtleties Of GMail, Other Webmail
Brad Templeton writes "After talking with Google folks and learning about E-mail privacy law from EFF (join!) lawyers, I have written a new essay on the privacy subtleties of GMail and other advanced webmail applications. Some of the fear has been overdone, but there are surprising issues due to the fact that the ECPA, written almost 20 years ago, wasn't prepared for fancy e-mail offerings like GMail. I issue a call for Google to encrypt your mail to avoid these issues."
Its not like email is "secure" or private anyway (at least here in the UK) remember RIP? I know that the government getting hold of your email is different to some random (evil) company getting it, but if you need security you would be using PGP anyway. Considering the way we are monitored and tracked already I doubt this would make much difference. People should know that on the net you don't get something for nothing and 1gig is quite a lot even today IMO.
I've been using Gmail and I find it incredibly useful. My favs:
1. The keyboard shortcuts: allows me to use web based email the way I use Pine.. do everything without touching the mouse even once.
2. The tracking of emails to display them as "conversations".. so neat, it looks almost obvious.
3. The much griped about text ads are totally unobtrusive, and (faint, faint) they do not even appear on all email pages. Google probably has some algorithm to decide which conversations can get targeted ads.
4. The address autocomplete - no more clicking on email addresses in a popup window to insert them. It works exactly like a proper client application (as different from a browser app)
5. To reply to an email, all I have to do is click in a textbox below the email and presto! the compose widgets are there.. great time saver.. and you can see the conversation on top.
and the best part..
6. The interface is so clean and clutter free - it has google written all over it!
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
Imagine, for example, a phone company that halves your rates in exchange for being allowed to sell transcripts of your phone conversations
Where did you get the ridiculous idea that Google is selling your email transcripts? Google is inserting text ads (automatically) in your email - the advertisers do not get to see your email.
Also, Google has mentioned that it won't be inserting ads indiscriminately - you can trust them to be intelligent enough not insert casket ads!
I've been using Gmail and I can vouch for the fact that the text ads do not even appear in all the pages - just a few emails - and not obtrusively like Yahoo! or Hotmail which put their ads right at the bottom of emails which get sent out - here only you see the ads which you may not even notice since they are just tiny text.
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
(a) (1) Except as provided in paragraph (2), a provider of e-mail or instant messaging services to California customers may not review, examine, or otherwise evaluate the content of a customer's outgoing or incoming e-mail or instant messages, unless that provider has a court order or is otherwise required by law to do so.
She is trying to outlaw gmail, though I think it also makes other things illegal. I don't know how google or others can index email unless they "review, examine, or otherwise evaluate the content". What other features does this make illegal? (spam is specifically exempted)
As far as I can tell, Gmail's biggest problem is this: "Dear son, your grandma died suddenly. Details on the funeral ASAP. Call me." On the right hand side, google text ads hawking caskets, flowers, funeral homes. It's tacky, to say the least, and I have little respect for people who are willing to let ads into their private lives to this degree.
.5% clickthrough rate aren't welcome on Google's search engine... and a 1% CTR is demanded for ads that want to be displayed elsewhere on Google's network.
Google's proven smart about this kind of thing in the past. Ads that don't get at least a
I'm pretty sure that non-socially-acceptable ads will get thrown out of GMail. If people don't want to hear from any sponsor in a certain situation, GMail will react and not show ads when that situation comes up in the future.
Google AdSense takes the policy that when it doesn't have any likely-to-be-clicked ads to show, it mails in PSAs or lets the webmaster do something else with the space. They don't randomly guess four ads from the database in a random effort, they just mail it in.
So, the only way casket ads will show up in an e-mail thread about the death of grandma will be if people are actually clicking on such ads...
"As for inappropriate or insensitive targeting... I haven't noticed this to a be a problem yet. I sent a couple of test mails to my Gmail account, focusing linguistically on the theme of death and dying, and Gmail "outsmarted" me each time. That is to say, when I sent e-mails about "dying to see funny jokes... man, that last one had me out of breath, on the floor, and about ready to die!..." Gmail smartly showed ads for Joke stuff. When I wrote a note (thankfully untrue!) of equal length about a relative dying ("Isn't it funny how the doctors didn't notice anything strange about Aunt Martha before she died?... You have to laugh at the incompetence of medical staff nowadays..."), Gmail showed no ads whatsoever. I'm sure there will be instances in which Gmail's targeting results in ironic or even unpleasant juxtapositions, but it seems to me that this should be rare, and in the end probably no more likely than the scenario of a recently-widowed woman seeing an untargeted but equally jarring ad for "Single? Looking to date?" ad in her Yahoo mail."
Google is now giving Gmail accounts to active users of its blogger.com service. As seen here (Ev, of Blogger)
To clarify what I talk about wrt Google encrypting the mail. That means several things, but the main thing is a call for them (and other webmail providers) to store the mail, indexes and associated data on their disks encrypted with a key derived from your password.
This would not slow anything down. When you logged in, your password would be used to decrypt the needed keys, and then your mail, and the pre-computed indexes, would be available to the software to provide all services. My understanding is that google already does this, as they use an encrypted filesystem on their servers -- the prime difference is that they would now be using your key instead of theirs.
When you log out, the key would be purged from memory. Nobody, not Google, not the government, could read the email records at that point. This is good for Google because if they show up with a court order to hand over your mail they can say "We don't have it." They can ask for a wiretap order to read your password should you log in again, but that is a much harder judicial process. Vastly harder.
There are other encryptions I suggest they do, but the above is the main one. I suggest they use SMTP over TLS. I suggest they support PGP and S/MIME encryption. In doing so, they would not be giving you something as secure as end to end encryption, but they would be doing more than you get by not using any crypto at all.
The government has no involvement here, except where it might try to ban the export of encryption. Fortunately we at the EFF fought very hard on this issue to make it much easier to do this, which is why you see encryption much more commonly in products. (Anybody remember all the hoops you used to have to go to to get a 128 bit SSL capable browser?)
Has it been over a year since you last donated to the Electronic Frontier Foundation