Google Defends Gmail Data Sharing, Gives Few Details on Violations

Google defended how it polices third-party add-ons for Gmail in a letter to U.S. senators made public on Thursday, saying that upfront review catches the "majority" of bad actors. A report adds: Google said it uses automated scans and reports from security researchers to monitor third parties with access to Gmail data, but gave no details on how many add-ons have been caught violating its policies. Google's privacy practices have been under growing scrutiny. The Senate Commerce Committee has a hearing scheduled for Sept. 26 to question Google, Apple, AT&T, Twitter about their consumer data privacy practices. Gmail, the Google email service used by 1.4 billion people, enables add-on developers access to users' emails and the ability to share that data with other parties as "long as they are transparent" with users about how they are using data and get consent, Google said in the letter. For instance, a program that logs receipts could be allowed to scan Gmail as it searches for receipts.

Idea

[Ol+Olsoc]

I'll fully support Google sharing my purchasing history if they give me all of the credit card numbers of all their employees from the top down.

haHA

[DarkRookie]

Its stuff like this that made me finally delete the account.

My only concern with that is mature YouTube video. Last I was aware they required an account.

Re:haHA

[jtgd]

So do like everyone else. Create a dummy account for just this. There won't be any of your personal information for them to get.

It is my right to share with add-ins I choose

[RhettLivingston]

A vital part of freedom is having the freedom to choose to trust whom or what you want to trust or to choose not to even care about privacy over service. If the government wants to get into the business of policing the add-ins, fine, though I personally feel that policing to catch crimes before they happen is an overreach of the Constitutional duties given to government. But policing has to be to detect a real crime. Do not limit what I can do for the purpose of protecting me from myself. That is a massive overreach.

Google, as the private business offering the API, does have a right to police how their product is used given that misuse could damage their business. They especially have the right to at least verify that the add-ins are correctly disclosing and are not violating their rules. But, I am the only one with the right to decide what level of privacy I'm willing to sacrifice to get services.

Re:It is my right to share with add-ins I choose

[Wrath0fb0b]

No one is disagreeing with that or saying there shouldn't be an API that allows you to knowingly chose to share all your email data with whoever you want. But just like the grocery store can't sell a bag chips without disclosing how many grams of fat are in it, so too should the person offering the API disclose clearly what data are shared, whether they are shared-onwards to third parties, whether they are persisted and how to remove yourself.

Maybe another way to put it is that you can't decide on what level of privacy you are sacrificing if the service doesn't clearly explain what you are singing up for, or worse, claims one thing but then does another. Uninformed consent is not valid consent.

If Google is enforcing those disclosure, opt-out and accuracy requirements, great. No problem. But they don't necessarily have an interest to do so too thoroughly, not least because it requires lots of human intervention, which isn't their strong suit.

Re:It is my right to share with add-ins I choose

[RhettLivingston]

In a free environment, a certain amount of risk must be allowed to exist. Otherwise, a back door to limiting freedoms opens up. If the requirements for enforcement become too costly, then the result will be the same as banning add-ins in the first place. If those costs are pushed to the add-in developers in some way, it furthermore results in unevenly banning add-ins because only larger-scale businesses could afford to attempt to enter the market. Regulations almost always favor large businesses by increasing cost-of-entry.

All that said, there are some ways that I can see things being made more secure. Google could force all add-ins to publish their code for review by any consumer. Or they could force the add-ins to run in sandboxes that can see and process the data but not send any data or derivative of the data outside of the client sandbox or a sandbox running on a Google-controlled and monitored server. But even if they did something like that, I'd want the ability as a consumer to give the business the right to collect my data if I so choose. There are applications I can imagine that might use my email data in combination with data collected elsewhere to provide or improve services not directly related to my email.

Re:share my data with everyone

[TomGreenhaw]

Is it shaped like a mushroom?

Remenber Facebook...

[Sooner+Boomer]

...and Cambridge Analytica? And here, Google freely *admits* to selling data! Which political party is going to squeal about this one?

An ad company

[AHuxley]

always has to go full ads.

Well, shit

[Snotnose]

I have 2 gmail accounts, one 20 years old I use for junk (supermarket gives me 10% off for an email? This is what you get), another 10 year old I use. I get 20-30 msgs a day in the first, 2-3/week on the latter.

If Google is letting everyone with $$$$ access to my email account I'm tempted to switch to Protonmail. Problem is, Protonmail is a bit of a PITA compared to gmail, but if Alphabet is selling everything to whomever then fuck them, I can spend the extra couple minutes a day. Been using duckduckgo for a search engine for a couple years now with no complaints.