Slashdot Mirror
Google Halts Gmail Scanning for Education Apps Users
itwbennett (1594911) writes "Google will no longer scan the email messages of students and other school staff who use its Google Apps for Education suite, exempting about 30 million users from the chronically controversial practice for Gmail advertising. In addition, Google is removing the option for Apps for Education administrators to allow ads to be shown to their users. Until now, ads were turned off by default, but admins could turn on this feature at their discretion. A Google spokesperson called the move part of a 'continued evolution of our efforts to provide the best experience for our users, including students' and not a response to a recent lawsuit alleging that by scanning Gmail messages Google violated wiretapping laws and breached users' privacy."
- http://techcrunch.com/2014/04/...
New Google Mission Statement: "Don't continue to be evil after we've been called out on it in the tech press."
. The Google blog post does not mention other types of scanning (neither to confirm or deny their existence, nor to announce that they will cease).
My first program:
Hell Segmentation fault
>It feels like an invasion of privacy.
Then use someone else.^1 It's not difficult.
If you don't know that there are other email providers or that you can set up your own mail server, then the problem lies with /you/, not Google.
But that's only the beginning. If you don't want people looking at your stuff, encrypt it. Email is a postcard without any ability to put an "envelope" around it except full-on encryption. Otherwise /anyone/ in the RECEIVED: chain and Tinfoil Agencies can read it.^2
Sorry, but your argument is invalid.
--
BMO
Footnotes:
1. My oldest active email address is literally in someone's basement on their LAN. For 18 years, roughly.
2. Before the idiots chime in here and say "but nobody should be looking at all!!#$!$#!@#" - not every country has the same privacy laws, and not every provider in the RECEIVED: chain has the same policies. Depending on Google to defend your privacy with plaintext messages is dumb.
It's not wiretapping because you give consent to the scanning when you sign up for their FREE email account.
If you want privacy, get an email service that features it. Don't expect privacy when you willfully opt-in.
2. Before the idiots chime in here and say "but nobody should be looking at all!!#$!$#!@#" - not every country has the same privacy laws, and not every provider in the RECEIVED: chain has the same policies. Depending on Google to defend your privacy with plaintext messages is dumb.
It's neither idiotic, nor dumb. The way email works might be part of your specialist knowledge (and mine and most people who read slashdot). But that doesn't mean that perfectly intelligent people in other domains know how email is implemented. If you took a survey of doctors or architects or humanities professors, then probably a minority would know about the plaintext transport of email, They are not stupid people, they just know about different things. And many things that they know about you don't. But they are not calling you an idiot.
When we criticise the bad behaviour of tech companies, we do it for EVERYONE, not just for computer geeks. People without this specific field of interest don't deserve to have their lack of specialist knowledge taken advantage of any more than they deserve to be called idiots by the likes of you.
They've been talking about doing end-to-end encryption in the browser. That's incompatible with ad scanning, so this is one foot forward in that direction.
Googlers are still really ripped about PRISM. They were naive, but no longer.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Then use someone else.^1 It's not difficult.
Many schools now use Google apps for students. That includes Gmail, Drive, and productivity apps. My son is required to hand his assignments in via Google Drive and use Gmail to communicate with teachers and fellow students... So "use someone else" is a nice generalization but not always an option... That's why I'm happy to see this.
fwiw, personally, I have always run my own mailserver/webserver/dns.
I've been involved in negotiations with a couple of contracts relating to Google Apps for Enterprise/Education.
In each one, the "scanning" has been explicitly mentioned in the contract. In each one, scanning for the purposes of advertising has only happened if the domain administrator allows it to happen. If it is turned off, Google will not scan mail for the purposes of advertising content.
There are of course other reasons why google will scan your email. Spam/Antivirus filtering and indexing to enable search functionality are two that come to mind.
Basically, all Google have done is remove the domain administrators ability to allow ads, and I'm not aware of anyone I know who used Google Apps for Education/Enterprise with it turned on anyway.
If you leave it open, someone (email provider) will read it. Why was the email protocol designed as an open postcard service (no privacy) instead of a sealed envelope (some privacy) service?
My son is required to hand his assignments in via Google Drive
What happened to paper?
Ezekiel 23:20
Is it really incompatible with ad-scanning?
If I'm end-to-end encrypted in my connection between my browser and Google, in the back end, Google still has everything in the clear don't they?
If I send to another Gmail user, they may also have end-to-end encryption between themselves and Google, but again, Google has everything in the clear.
Unless you're talking about end-to-end encryption starting from the sender all the way to the receiver, the notion that Google can't scan your emails and do ad choices seems naive.
If Google can display you your email without all of the encryption happening local to you, Google can still scan your email -- for ads or any other purposes.
I just don't see end-to-end encryption in the browser changing the fact that Google still gets all of the data in its unencrypted form.
And I don't see them building a system which encrypts the data from themselves so they can never see it. Because, they want to be able to scan it to sell ads.
Lost at C:>. Found at C.
My son uses my mail server for personal mail.
The dog ate it.
Teachers don't want your essays on paper, that would make it impossible (ok, very difficult) for them to use automated grading or at the very least automated plagiarism detection. Everything must be submitted digitally nowadays.
How about allowing schools to use the old HTTP for searches instead of enforcing the HTTPS. All it does is bring an added expense into the district for me to filter the SSL searches to keep kids from accessing images that they shouldn't. By forcing all searches through SSL, filters can no longer be applied to the encrypted data without using some form of DPI-SSL. We don't host our own DNS, so adding nossl to the DNS CNAME won't work. Thanks Google for making it more expensive to be CIPA compliant.
Teachers can go fuck themselves, then. Or simply use a scanner. I'm not going to be treated like a criminal by some lazy fat-ass. This simply won't fly around here anyway. Hooray for conservative Europe.
Ezekiel 23:20
Oh noes! A computer program is going to scan my email for keywords and show me relevant ads??
The horror.
Bullshit, it's called getting the legal screws applied to your nuts, not some change of heart concerning privacy by Google. They're facing multiple lawsuits and they're making concessions that they know they'll have to implement anyway. I'm hoping Judge Koh throws the book at these hypocrites.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Perhaps the fact that the internet was initially conceived of as a method for educational institutions to quickly exchange communications and research data? A situation in which privacy had very limited application, and the demands of delivering it were prohibitively costly - remember, at the time individuals didn't own computers, the entire processing capacity of the MIT, Harvard, etc. computer department was considerably smaller than your smart phone possess today, and encryption is computationally expensive.
Or perhaps because some of the designers of those early systems were also under DOD contract to develop a secure version of the internet for military use, and had to be very careful not to allow any of their classified research to leak into their public projects?
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Moved three domains already over to Outlook.com.
So, how would you prevent them from using email?
You don't.
That'd be an easier solution than getting every email provider and every server in the transportation chain (including local area networks) to never look at the messages.
Let them. http://www.gnupg.org/
-----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQEMAyC/fm5RhHydAQgAiDnkR3bTq3oU+7y/7WMcvH1/5yfgRdYWC+xu23RXTZvu gbDcg5TA7JNhM8ePB78mmayn0TxWNKJX0vao5qMmi7sZuRI2ILIbFIsvUOLx5ORo gIcLxlLiEKeyjAXwBEc2FASiOGsI83h7HBFWep0MjJSjumXXHWPipQj4WcAhZRlS Y6cPPn8z5Hc+eQVlfMpkpTWbtyOGc41UzBe8U5xt7MzNFjGK/ISAhaqSkwZ+UxOV HmjIUo+Ud1/5PPmLHipaOz2AC4CCecz8/HL6ZHBMKM4ejrKqquL6ZWv5rrGJTKc/ 5plI36As/BQ3qjDG4J462QLJGIp4DLkMlGzB+NnwMdKSAceQglrywpqXm/IL/k28 WTWjGyYiEeGhbhNdWsF0GdXplbA5vkgqFdlt7lgseVrgAODNkkd7r1bUSzsPlmfI TdOAv/ykallaG5CILRp/zAXaz8nNXnRiKwfu/D3dUfVqSivbzC/UNnMVPYVMWFjv EQQ0ggU7c8RJAOyvagg3F32HY67RYMNGKxME2peCY+7iNSk= =KfJ3 -----END PGP MESSAGE-----
My son is required to hand his assignments in via Google Drive and use Gmail to communicate with teachers and fellow students...
I can certainly understand a university requiring gmail to communicate with teachers, but I've never heard of a university requiring students to use gmail to communicate with fellow students. Does that mean that if I become friends with someone in one of my classes I cannot use any e-mail system other than gmail if I want to make plans with them? That sounds like a huge invasion of privacy, and frankly, I'm not even sure how this rule would be enforced.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
The way email works might be part of your specialist knowledge
Every internet guide for "Dummies" since the dawn of time/the Internet says that email is no more than a postcard.
It's not "specialist knowledge.
Encryption for email is the rough equivalent of using https to access a web page, or WPA encryption at the router, which many "neophytes" know about already. If your mind flies away from your skull and disappears when encryption is mentioned in conjunction with email, the problem lies with your inability apply one concept in one use with another use. It's like knowing how to cook a rack of ribs on the barbecue and then getting completely befuddled when someone asks you to cook a steak and then refusing to crack open a cookbook. It's /your/ fault.
I've been talking about this stuff for the last 20(mumble) years, since the US government threatened Phil Zimmerman with jail. After two decades of people simply refusing to listen, my conclusion is that the problem lies with them, and not me. And it's not like I'm a bad teacher. I can teach someone the entirety of trigonometry concepts in the space of 20 minutes (and they understand it), though I'm not quite as good as Vi Hart.
--
BMO
I think you just continued to demonstrate that you don't understand the world of ordinary people. (i.e. non-geeks).
After two decades of people simply refusing to listen, my conclusion is that the problem lies with them, and not me.
Actually of course the problem lies with the geeks of the internet failing to implement a more secure email standard, when they recognised that was needed.
When you enable spam filtering in Google, the spam filter "reads all your email" in exactly the same way the "invasive" practice from this lawsuit does. It just does it to serve Google and not the user. You have no privacy on the Internet unless you encrypt your traffic, and not even then if the NSA has their way. Until people get that, they should assume that people are "reading" their messages.
Currently hooked on AMP