Slashdot Mirror
On The Privacy Subtleties Of GMail, Other Webmail
Brad Templeton writes "After talking with Google folks and learning about E-mail privacy law from EFF (join!) lawyers, I have written a new essay on the privacy subtleties of GMail and other advanced webmail applications. Some of the fear has been overdone, but there are surprising issues due to the fact that the ECPA, written almost 20 years ago, wasn't prepared for fancy e-mail offerings like GMail. I issue a call for Google to encrypt your mail to avoid these issues."
Homophobia, non?
"I issue a call for Google to encrypt your mail to avoid these issues"
No... I have a better idea, instead of getting the government involved if you don't like it then you can choose to use a email service more to your liking.
Me? I can't wait to use Gmail, and if I don't like it then I will stop using it. See how simple it is?
Doesn't excuse the phrasing in the article, though.
Ph-nglui mglw'nafh Gates M'dna wgah'nagl fhtagn.
This is pretty rediculous if you ask me. People in America give away their privacy rights all the time, without any worry. Most of the YRO stories on slashdot are just about that. But when a half respectable company like google decides to provide a free service, which you aren't obligated to use people go crazy.
I don't understand it. If you can't handle an automated script putting some ads in your emails from a simple world relation algorithm, maybe you should just, not use it?
Nobody raised this size of a ruckus over Orkut's similar cookie features, especially considering they hold a far larger quantity of personal information than GMail ever will.
--
The last digit of pi is four.
I think as in most situation, it's the vocal minority that garners the most attention. Furthermore, the press in general prefer sensationalistic headlines/stories, as they sell better.
I think it's important to keep in mind that "geeks" as a population are composed of people of different motivations and agendas. So some would like to stymie technical growth or turn "evil", while others are happy to find out how things work. Furthermore, I think some people realized that by focusing on negative aspects of new technology, they get more press coverage (see the first part of this post), so they try and exploit it.
-B
I think this is occuring because geeks are the ones who actually understand technology. As such, they feel that they are the only ones who see the danger.
To the masses, technology is divine. They don't realize that technology as often demonic as it is angelic.
Of course, this particular technology isn't very demonic and people are just having fits for fun these days, but the general shift towards conscientious geeks is a good and proper thing which often functions for the benefit of all.
Tackiness aside, though, if there are privacy problems, they need to be addressed. Yes, I know that Gmail is the ultimate in "opt-in." Don't like it, don't use it. This should make privacy concerns a moot point: interesting to debate, but nothing to fume about.
But google is a huge service. If Gmail is launched, people will flock to it in droves. Not just geeks, but ordinary people who have no idea how much of their private lives are lived "in plaintext." The privacy of many, many people, even those who do not use Gmail, is at stake.
Imagine, for example, a phone company that halves your rates in exchange for being allowed to sell transcripts of your phone conversations. Don't like it, don't use it -- but what about my rights to privacy when I call you? The simple answer ("don't call people with NoPrivacyPhone") is no solution at all.
Protect your liberties. Donate to the ACLU
I'd say there's no laws to protect you there, seeing that it's *their* home directory, you just rent it out. And certainly in their TOS somewhere, they'd mention that fact.
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
Such a mild invasion of privacy is the price you pay for free email with massive storage. To those who balk at the terms: how much would you shell out for a "secure" GMail?
I do not see any privicy issues if a program reads my email in a single pass and add ads as soon as it does not store the data, does not integrate and post-analyze the data, does not use the data for profiling, etc. Plus, you do not have to use gmail at all. However, if gmail raises privicy issues then what about anti-spam programs that read and analyze your email whether you want or not? Morever you do not even know if there is an anti-spam program when you send your email to foo@bar.net. Then what about censorship issues with anti-spam programs? If someone sends an offer for viagra to president@whitehouse.gov, and an anti-spam program stops it, is it an instance of anti-Consitutional censorship? I do not say that anti-Spam progams are evil but rather just making a point about to harsh fear of the beast that was not even born yet (officially).
If enithin kan gow rong it whil. (Murfey)
Is how everyone's reactions would be different if this was Microsoft doing this?
"1gb email! They're just trying to corner the market and force all the other webmail companies out of business!"
"They can read your mail?! They're probably selling it to some clandestine government agency!" (at which point michael would pop up and post a link to his favorite article on the government buying large ram disks)
My point is, I wonder how much leeway Google is being given simply because they use linux and are a good search engine.
slashdot, news for crazed liberal socialist zealots
I know others have said it, but really, if people don't like it they don't have to use it. Nobody is being forced in the least. There are plenty of other free email providers. The big comeback to that so far has been, "but what if I have to send an email to someone on GMail". You can't pick the phone service provider for a person you call, just like you can't pick a person's email provider for them. If you are that paranoid and whatever you are sending needs to be soooo private, then I doubt you'll want to be sending to a free email address of any kind anyway. I swear, some people just bitch to hear themsevles bitch.
Because we keep back-up copies of data for the purposes of recovery from errors or system failure, residual copies of email may remain on our systems for some time, even after you have deleted messages from your mailbox or after the termination of your account.
How is this any different from what all other email providers do? As they make backups, generally it gets stored to tape. Later on, you stroll through and delete it. It still exists on the tape.
When you are logged into your Gmail account, Google will display targeted ads and other relevant information based on the content of the email displayed.
How is this different from what Yahoo does? Targeted ads based on search entries.
Oh wait...Google is honest enough to tell us up front.
If your email in transit requires more than SSL... well maybe you should use a paid service. :)
The hope is that google cannot in fact decrypt your email without you logging in.
Because Google would end up needing that key in order to compose the HTML page that's going to be sent to you, even if that page is going to be sent over HTTPS.
In short, what's the difference between storing it on the server compressed or plaintext... Google still can decrypt it any time they feel like it, you just have to trust them not peek either way you go.
I am surprised that you don't see the critical difference between what Google is planning and the more usual form of behaviour-tracking that goes on all the time, with or without our consent, by DoubleClick and their ilk, which is common as mud -- in fact I myself once developed a system for a client that had a behaviour tracking component. (Not proud of it, but just pointing out how ubiquitous it has become.)
The crucial difference is that -- at least from the terms described above in the MSN agreement -- these other services are not reading your mail. They are just watching what you click on, examining your behaviour, etc. I don't really approve of this, but it's an order of magnitude less of an infringement than a system that actual parses my mail and searches for keywords ... and as someone mentioned before, I don't have to be a Gmail user for this to happen; I just have to write an email to one. And if gmail takes off, that could end up being a high proportion of the email I send.
The assurance that no human being is going to read my mail is an insult to the intelligence. What is a parser if it's not the tool of its human designer? ... And in any case, what do I care if a (human) marketing drone assesses my email for targetting possibilities, or if it's a bot doing the same job? The bot is worse because it is way more efficient. The point here is not that I am afraid my data will be used for some illegitimate purpose. It is the expressly stated purpose that I am concerned about: of the use of my email to allow targetted marketing to identify me a potential market for Product X.
It seems to me that there may well be innovation in Gmail: but as far as I can tell, it's all aimed at the real Gmail customers, the advertisers, and none of it to the email user. The offer of 1G is in itself pretty outrageous. They are in effect saying: We will generously allow you file up to 1073741824 bytes of data which we will then regularly comb through and see how much crap we can sell you. Thanks Google, but no thanks.
[ UNSIGNED NOT NULL ]
If you don't trust Google to keep your email private, why should you trust them to encrypt your email without using an escrow key or some equivalent?
I'll be using Gmail as soon as it launches, and my privacy will be Ok. How? Because whenever I have an important e-mail communication, it is encrypted.
./ has stated the obvious. We are technical people. We don't fear encryption. So why are we worrying? What am I missing?
So what is the problem? Do you think Google will try to break the encryption of random Gmail users?
Ah. Now I remember. People are lazy and fear technology, so they won't use encryption with Gmail. Then don't use email at all! Even if your email is handled by yor ISP, instead of a webmail service, any network admin at your ISP can read it.
What surprises me is that no-one on
Current use of encryption for email is terribly low: I remember when Whitfield Diffie was asked at a Computers, Freedom and Privacy Conference a few years back how many emails sent to him were encrypted. Because you'd expect him to be way up at the top of the list of people who get encrypted email... under 10% was his reply. Oh, and Zimmerman was also in the audience... same answer.
I currently use hotmail and have my school, isp, spamgourmet and all my others forwarded to it. While I delete the crap right away I have to delete important stuff as well like reports, code, and labs as they are too big. With GMail all those large attachments I will be able to keep online and have access to them whenever I want.
GMail will be just as secure as anything else. Probably more secure than hotmail and yahoo. It is not that hard to protect searches. All arthur email services provide searching they just suck.
Don't use it.
It's not like they will be reading your email. It should come as no surprise to privacy advocates that email servers store email, parsing through it every step of the way. It doesn't matter because it's a black box operation. What their web server does with it, like selecting ads more appropriate to my interests, doesn't offend me at all as long as my email doesn't appear before human eyes other than my own.
What should worry privacy advocates is that their email is never encrypted unless they do so manually. It goes across the internet as plain text, and can readily scanned and logged by anyone who wants along the way, like spammers, identity theifs, the government, etc. Most likely your password isn't even encrypted. If you use wireless, most likely that isn't encrypted either. The least of your privacy worries should be GMail deciding that you're interested in enlargement pills and home loans.
Someone should be wacked over the head with a clue bat. It seems to me, that the core issue here is, that someone (this "someone" being a script) is reading eveybodys mail.
Well... what the heck do they think Baysean filters does? A lot (most) of email providers offers spam filtering including Baysean filter. Guess what - they read your email! - in the same way that gmail does.
Sheesh.
Underholdning.info
Okay, this is just getting sickening. Google approaches it's IPO date and comes up with webmail. So, suddenly, it finds it's way into the 30 minute CNN/FOX treadmills, it's in all the papers, and there's not an IT news site without some big story on it.
Gee, someone at the AP sure has an interest in getting that IPO to skyrocket, huh?
Search engine + webmail =! news
Search engine + rumors + AP treadmill + IPO = lots of money for whoever is behind this big media push.
Please, don't be sheep. As soon as Google goes public, you guys are going to be crying about how cool Google was before all the banners and popups. Trust me, their business model will change for the worst. Right now, they are trying to get you to buy them and have got to be cool -- But soon, things will be different. There will be shareholder meetings and demands made to increase revenue. Then, Google will be just like AOL or Yahoo and you won't feel so excited about it anymore.
I'll be sure to link back to this thread in a few months when the first crappy news about Google breaks. Like when it becomes a whore to the share holders and advertisers.
OK, so I'm not the only one here running my own mail server. A low-powered linux box on my network with a webmail server, always on, that retrieves my POP3, hotmail, and Yahoo! mail and puts it in one place for me and only me to access. No ads, no Patriot act searches, full control. So, there's some cool features in Gmail from the sounds of it, but it doesn't sound like anything that couldn't be integrated into a personal webmail installation.
...if your initial connection to the webmail service is through a normal http (non-secure) connection! I have a couple webmail email accounts (for backup access) and every single one prevents initial connection via https! Or, if I can connect securely to put in my name and password, it shifts me to a regular connection to view and enter my email.
Don't get me wrong, I like the Gmail idea, but I think the initial connection to ANY email server is just as important to security.