Slashdot Mirror
Google Halts Gmail Scanning for Education Apps Users
itwbennett (1594911) writes "Google will no longer scan the email messages of students and other school staff who use its Google Apps for Education suite, exempting about 30 million users from the chronically controversial practice for Gmail advertising. In addition, Google is removing the option for Apps for Education administrators to allow ads to be shown to their users. Until now, ads were turned off by default, but admins could turn on this feature at their discretion. A Google spokesperson called the move part of a 'continued evolution of our efforts to provide the best experience for our users, including students' and not a response to a recent lawsuit alleging that by scanning Gmail messages Google violated wiretapping laws and breached users' privacy."
- http://techcrunch.com/2014/04/...
Well we're movin on up,
To the east side.
To a deluxe apartment in the sky.
Movin on up,
To the east side.
We finally got a piece of the pie.
Fish don't fry in the kitchen;
Beans don't burn on the grill.
Took a whole lotta tryin',
Just to get up that hill.
Now we're up in the big leagues,
Gettin' our turn at bat.
As long as we live, it's you and me baby,
There ain't nothin wrong with that.
Well we're movin on up,
To the east side.
To a deluxe apartment in the sky.
Movin on up,
To the east side.
We finally got a piece of the pie.
So if Google is violating wiretap laws, how can I sign up to get them to stop scanning my email?
Oh, wait, never.
New Google Mission Statement: "Don't continue to be evil after we've been called out on it in the tech press."
. The Google blog post does not mention other types of scanning (neither to confirm or deny their existence, nor to announce that they will cease).
My first program:
Hell Segmentation fault
>It feels like an invasion of privacy.
Then use someone else.^1 It's not difficult.
If you don't know that there are other email providers or that you can set up your own mail server, then the problem lies with /you/, not Google.
But that's only the beginning. If you don't want people looking at your stuff, encrypt it. Email is a postcard without any ability to put an "envelope" around it except full-on encryption. Otherwise /anyone/ in the RECEIVED: chain and Tinfoil Agencies can read it.^2
Sorry, but your argument is invalid.
--
BMO
Footnotes:
1. My oldest active email address is literally in someone's basement on their LAN. For 18 years, roughly.
2. Before the idiots chime in here and say "but nobody should be looking at all!!#$!$#!@#" - not every country has the same privacy laws, and not every provider in the RECEIVED: chain has the same policies. Depending on Google to defend your privacy with plaintext messages is dumb.
It's not wiretapping because you give consent to the scanning when you sign up for their FREE email account.
If you want privacy, get an email service that features it. Don't expect privacy when you willfully opt-in.
2. Before the idiots chime in here and say "but nobody should be looking at all!!#$!$#!@#" - not every country has the same privacy laws, and not every provider in the RECEIVED: chain has the same policies. Depending on Google to defend your privacy with plaintext messages is dumb.
It's neither idiotic, nor dumb. The way email works might be part of your specialist knowledge (and mine and most people who read slashdot). But that doesn't mean that perfectly intelligent people in other domains know how email is implemented. If you took a survey of doctors or architects or humanities professors, then probably a minority would know about the plaintext transport of email, They are not stupid people, they just know about different things. And many things that they know about you don't. But they are not calling you an idiot.
When we criticise the bad behaviour of tech companies, we do it for EVERYONE, not just for computer geeks. People without this specific field of interest don't deserve to have their lack of specialist knowledge taken advantage of any more than they deserve to be called idiots by the likes of you.
They've been talking about doing end-to-end encryption in the browser. That's incompatible with ad scanning, so this is one foot forward in that direction.
Googlers are still really ripped about PRISM. They were naive, but no longer.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Then use someone else.^1 It's not difficult.
Many schools now use Google apps for students. That includes Gmail, Drive, and productivity apps. My son is required to hand his assignments in via Google Drive and use Gmail to communicate with teachers and fellow students... So "use someone else" is a nice generalization but not always an option... That's why I'm happy to see this.
fwiw, personally, I have always run my own mailserver/webserver/dns.
I've been involved in negotiations with a couple of contracts relating to Google Apps for Enterprise/Education.
In each one, the "scanning" has been explicitly mentioned in the contract. In each one, scanning for the purposes of advertising has only happened if the domain administrator allows it to happen. If it is turned off, Google will not scan mail for the purposes of advertising content.
There are of course other reasons why google will scan your email. Spam/Antivirus filtering and indexing to enable search functionality are two that come to mind.
Basically, all Google have done is remove the domain administrators ability to allow ads, and I'm not aware of anyone I know who used Google Apps for Education/Enterprise with it turned on anyway.
If you leave it open, someone (email provider) will read it. Why was the email protocol designed as an open postcard service (no privacy) instead of a sealed envelope (some privacy) service?
My son is required to hand his assignments in via Google Drive
What happened to paper?
Ezekiel 23:20
Is it really incompatible with ad-scanning?
If I'm end-to-end encrypted in my connection between my browser and Google, in the back end, Google still has everything in the clear don't they?
If I send to another Gmail user, they may also have end-to-end encryption between themselves and Google, but again, Google has everything in the clear.
Unless you're talking about end-to-end encryption starting from the sender all the way to the receiver, the notion that Google can't scan your emails and do ad choices seems naive.
If Google can display you your email without all of the encryption happening local to you, Google can still scan your email -- for ads or any other purposes.
I just don't see end-to-end encryption in the browser changing the fact that Google still gets all of the data in its unencrypted form.
And I don't see them building a system which encrypts the data from themselves so they can never see it. Because, they want to be able to scan it to sell ads.
Lost at C:>. Found at C.
Of course use someone else is still an option. Unless the school is strangely requiring gmail be used for personal email too. Also, you can set up a Google Account to access Google Apps without signing up for gmail.
Otherwise it's no different than if your employer uses Google Apps. All Google learn in those circumstances is that someone with that name happens to work at that company/study at that school.
My son uses my mail server for personal mail.
The dog ate it.
I don't use Gmail. If I send email to another person and that person uses gmail routed through their own domain, I didn't consent to use Gmail and I wasn't informed that Gmail would see my mail. That sounds like wiretapping to me. If the email I sent was under a pre-agreed boilerplate NDA, I doubt I could go after the other person for using Gmail without telling me. They would not get stuck with the liability. So the unlawful interception was by Google and not by either of the endpoints.
Teachers don't want your essays on paper, that would make it impossible (ok, very difficult) for them to use automated grading or at the very least automated plagiarism detection. Everything must be submitted digitally nowadays.
Can't have turnitin.com scan papers for plagiarism with essays on hardcopy.
Then use someone else.^1 It's not difficult.
If you don't know that there are other email providers or that you can set up your own mail server, then the problem lies with /you/, not Google.
Ummm... they're talking about school email. As in the email that most schools REQUIRE you to use. You can provide individual teachers with another email address, but the school will typically only deal with the email address that they provide. Of course, you should probably be using multiple email addresses, but that doesn't change the fact that you can't just not use this email if you're going to a school that uses GMail.
How about allowing schools to use the old HTTP for searches instead of enforcing the HTTPS. All it does is bring an added expense into the district for me to filter the SSL searches to keep kids from accessing images that they shouldn't. By forcing all searches through SSL, filters can no longer be applied to the encrypted data without using some form of DPI-SSL. We don't host our own DNS, so adding nossl to the DNS CNAME won't work. Thanks Google for making it more expensive to be CIPA compliant.
Teachers can go fuck themselves, then. Or simply use a scanner. I'm not going to be treated like a criminal by some lazy fat-ass. This simply won't fly around here anyway. Hooray for conservative Europe.
Ezekiel 23:20
It is always an option. Those students only have to use those accounts for their schoolwork. They can use another for everything else.
Oh noes! A computer program is going to scan my email for keywords and show me relevant ads??
The horror.
Bullshit, it's called getting the legal screws applied to your nuts, not some change of heart concerning privacy by Google. They're facing multiple lawsuits and they're making concessions that they know they'll have to implement anyway. I'm hoping Judge Koh throws the book at these hypocrites.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
People without this specific field of interest don't deserve to have their lack of specialist knowledge taken advantage of any more than they deserve to be called idiots by the likes of you.
So, how would you prevent them from using email? That'd be an easier solution than getting every email provider and every server in the transportation chain (including local area networks) to never look at the messages.
Perhaps the fact that the internet was initially conceived of as a method for educational institutions to quickly exchange communications and research data? A situation in which privacy had very limited application, and the demands of delivering it were prohibitively costly - remember, at the time individuals didn't own computers, the entire processing capacity of the MIT, Harvard, etc. computer department was considerably smaller than your smart phone possess today, and encryption is computationally expensive.
Or perhaps because some of the designers of those early systems were also under DOD contract to develop a secure version of the internet for military use, and had to be very careful not to allow any of their classified research to leak into their public projects?
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Moved three domains already over to Outlook.com.
It feels like an invasion of privacy.
Gosh, I wouldn't want your feelings to be hurt. Is this a hippie commune or Slashdot? Why don't you tell us what your logic tells you? Is it that targeted advertising has no significant impact on your privacy? Because that's what my logic tells me.
A Google spokesperson called the move part of a 'continued evolution of our efforts to provide the best experience for our users, including students' and not a response to a giant pink-zebra-stripped giraffe astronomers have sighted orbiting the moon.
It seems like you were trying to use "and not" to introduce a non-sequiteur. FTFY
seriously the pick-on-Google stuff is pretty bad. I don't think it's hypocritical at all to use GMail and still complain about GMail, but complaints ought to at least be framed as a complaint. This one sounds more like "I've been sleeping with Sally but I'm pretty sure she has cooties." / "EEEEWWWWW cooties are the WORST and I've always thought Sally had them because well just look at her."
Suppose we held each other to this bar: finish your fucking thought. Actually make complex arguments and don't personify corporations and then have ad-hominem rantfests about them. If we did that maybe people would actually know how information flows through the ad system because they would not be sitting around navel-gazing, "well MY opinion on the Creepyness Issue is that I feel that, ah, my credit card number is private." seriously, step up your damned game guys.
If we did that, perhaps it'd become clear that GMail is getting way, way too much attention and Android way too little.
of course, it doesn't matter to you that the magnitude of the two issues are completely different in size, so much that the first one almost vanishes next to the second. That's not important. What's important? With Android, you can't blame Google for everything any more because there's more than one company involved, so the "Sally has Cooties" game is over. And you also have to click through something every time your data is shared which tries to put the blame back on you. As soon as someone asks you to take responsibility you move your rage elsewhere. It's pathetic.
Read TFA. What's been removed is not Google's scanning which was already off by default, but the school's ability to turn the scanning on. It's schools that are being restricted in what they can do, not Google..
Do you also object to MTAs "seeing" your email? Email processing is not unlawful interception.
So, how would you prevent them from using email?
You don't.
That'd be an easier solution than getting every email provider and every server in the transportation chain (including local area networks) to never look at the messages.
Let them. http://www.gnupg.org/
-----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQEMAyC/fm5RhHydAQgAiDnkR3bTq3oU+7y/7WMcvH1/5yfgRdYWC+xu23RXTZvu gbDcg5TA7JNhM8ePB78mmayn0TxWNKJX0vao5qMmi7sZuRI2ILIbFIsvUOLx5ORo gIcLxlLiEKeyjAXwBEc2FASiOGsI83h7HBFWep0MjJSjumXXHWPipQj4WcAhZRlS Y6cPPn8z5Hc+eQVlfMpkpTWbtyOGc41UzBe8U5xt7MzNFjGK/ISAhaqSkwZ+UxOV HmjIUo+Ud1/5PPmLHipaOz2AC4CCecz8/HL6ZHBMKM4ejrKqquL6ZWv5rrGJTKc/ 5plI36As/BQ3qjDG4J462QLJGIp4DLkMlGzB+NnwMdKSAceQglrywpqXm/IL/k28 WTWjGyYiEeGhbhNdWsF0GdXplbA5vkgqFdlt7lgseVrgAODNkkd7r1bUSzsPlmfI TdOAv/ykallaG5CILRp/zAXaz8nNXnRiKwfu/D3dUfVqSivbzC/UNnMVPYVMWFjv EQQ0ggU7c8RJAOyvagg3F32HY67RYMNGKxME2peCY+7iNSk= =KfJ3 -----END PGP MESSAGE-----
My son is required to hand his assignments in via Google Drive and use Gmail to communicate with teachers and fellow students...
I can certainly understand a university requiring gmail to communicate with teachers, but I've never heard of a university requiring students to use gmail to communicate with fellow students. Does that mean that if I become friends with someone in one of my classes I cannot use any e-mail system other than gmail if I want to make plans with them? That sounds like a huge invasion of privacy, and frankly, I'm not even sure how this rule would be enforced.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
"I'm Brian, and so is my wife!"
The way email works might be part of your specialist knowledge
Every internet guide for "Dummies" since the dawn of time/the Internet says that email is no more than a postcard.
It's not "specialist knowledge.
Encryption for email is the rough equivalent of using https to access a web page, or WPA encryption at the router, which many "neophytes" know about already. If your mind flies away from your skull and disappears when encryption is mentioned in conjunction with email, the problem lies with your inability apply one concept in one use with another use. It's like knowing how to cook a rack of ribs on the barbecue and then getting completely befuddled when someone asks you to cook a steak and then refusing to crack open a cookbook. It's /your/ fault.
I've been talking about this stuff for the last 20(mumble) years, since the US government threatened Phil Zimmerman with jail. After two decades of people simply refusing to listen, my conclusion is that the problem lies with them, and not me. And it's not like I'm a bad teacher. I can teach someone the entirety of trigonometry concepts in the space of 20 minutes (and they understand it), though I'm not quite as good as Vi Hart.
--
BMO
I think you just continued to demonstrate that you don't understand the world of ordinary people. (i.e. non-geeks).
After two decades of people simply refusing to listen, my conclusion is that the problem lies with them, and not me.
Actually of course the problem lies with the geeks of the internet failing to implement a more secure email standard, when they recognised that was needed.
When you enable spam filtering in Google, the spam filter "reads all your email" in exactly the same way the "invasive" practice from this lawsuit does. It just does it to serve Google and not the user. You have no privacy on the Internet unless you encrypt your traffic, and not even then if the NSA has their way. Until people get that, they should assume that people are "reading" their messages.
Currently hooked on AMP
K. S. Kyosuke: You've been called out (for tossing names) & you ran "forrest" from a fair challenge http://slashdot.org/comments.p...
K. S. Kyosuke: You've been called out (for tossing names) & you ran "forrest" from a fair challenge http://slashdot.org/comments.p...