Slashdot Log In
Privacy Complaint Against Google's GMail Service
Posted by
CmdrTaco
on Tue Apr 06, 2004 09:36 AM
from the that-didn't-take-long dept.
from the that-didn't-take-long dept.
CRCates writes "Privacy groups in the UK have filed a complaint against Google over its new Gmail service. Privacy groups said they were concerned about Google's ability to link a user's personal details, supplied in the Gmail registration process, to Web-surfing behaviour through the use of a single cookie for its search and mail services. "
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
How can they do this? (Score:3, Insightful)
Re:How can they do this? (Score:5, Insightful)
Parent
Re:How can they do this? (Score:4, Insightful)
You pay money for your CPU and this service is free.
I take great exception to someone tracking me and having me pay for the technology. (I know, but let's ignore my ISP for the moment).
But if someone wants to provide a free service, then you get what you pay for. Be sure you read the terms of service. If you don't like it, use something else.
Intel put their tracking into something you paid $$ for. That's different.
Parent
Re:How can they do this? (Score:4, Insightful)
it's really simple.
If Intel implants a tracking number in the CPU's, buy AMD.
If A bios manufacturer hard-codes DRM into it's motherboards, don't buy those motherboards.
If (free) Gmail violates your privacy, don't use (free) Gmail.
what exactly is the problem?
The problem is when-
- All CPU manufacturers include tracking numbers
- All BIOS manufacturers hard-code DRM into their motherboards
- All (free and non-free) web-based mail services violate your privacy
This "vote with your feet" argument works for pizzas, but not markets where there are high barriers to entry. A web-based email system isn't a very good example (who can't code up one of those over a weekend?) but the other two are.Parent
Re:How can they do this? (Score:4, Insightful)
Confident? That's a very dangerous assumption if you're that concerned about your privacy. I maintain quite a few corporate e-mail systems, and one of the biggest problems is convincing people to delete anything - even crap. It's not uncommon for the executives to have mailboxes which exceed 1GB.
I have every business email I have sent or received in the last six years. My assumption is that every email I send is more than likely still out there.
Don't want your messages to be readable by the 'wrong' people? Encrypt 'em real good, or don't use email.
"Don't send anything over email that you wouldn't want published on the front page of USA Today." [albion.com]
Parent
Re:How can they do this? (Score:3, Funny)
Or more like they signed an agreement that made sure they agreed to complete and total lack of anonymity and privacy.
Re:How can they do this? (Score:5, Insightful)
The problem is those pesky "inalienable" (or "unalienable" as one source writes it) rights: inalienable simply means that something can't be given away or sold -- alienated -- even if you want to give it away or sell it.
Just as you can't, regardless of contract, sell yourself into slavery in most countries, Google's GMail quite possibly violates European law (but not U.S. law, which protects privacy very little if at all).
So a contract is no defense, as contracts for illegal activities are unenforceable.
Parent
Erase the cookie (Score:5, Insightful)
Welcome to paranoia.
Not that simple (Score:5, Insightful)
It seems that European privacy law is much more strict than US law, and by retaining a subscriber's email even after they have deleted it or cancelled their account Google is breaking those laws.
Huge difference.
Parent
Re:Not that simple (Score:5, Funny)
Cool. Looks like the rest of us won't have to compete with all the Europeans for cool gmail addresses.
Another option is that gmail just won't be available in Europe.
Parent
Re:At least SOMEONE is concerned about this (Score:4, Insightful)
why are the two mutually exclusive? Why can't google make a good service, and be paid for providing that service?
Parent
Re:At least SOMEONE is concerned about this (Score:5, Insightful)
Slashdot is not a collective mind. You are not the only free thinker.
Parent
Re:At least SOMEONE is concerned about this (Score:5, Funny)
We are all free thinkers...
Parent
Re:At least SOMEONE is concerned about this (Score:5, Insightful)
Microsoft actively tries to destroy companies that it thinks might interfere with their monopoly. Further, it uses its monopoly position to force deals upon other companies (for example, if you sold *any* PCs with Microsoft OSes, you had to pay a licensing fee even for those machines that did *not* have the Microsoft OS installed). Google has never done anything like this, AFAIK. Microsoft leverages its monopoly by requiring people who accept one piece to accept others (e.g. their EU case). Google offers people the *option* of using this service (and it is possible that they may not be able to offer the *option* in Europe if this is a real limitation; more likely, they will just tweak their service to bring it in line).
It's not making money/not making money. It's living honorably when you're at the top. Google traditionally has; Microsoft traditionally has not.
Parent
Re:Erase the cookie (Score:5, Insightful)
Parent
Re:Erase the cookie (Score:5, Insightful)
Parent
Re:Erase the cookie (Score:4, Interesting)
Doesn't do anything if I voluntarily sign into an account.
Heck, if Slashdot partnered with DoubleClick (and I didn't block ads), it'd be pretty easy to track whatever I do on the Web as well.
Don't use the service.
Doesn't mean it's not a legitimate complaint, though, about the service.
How do you know Yahoo! doesn't read all it's mail?
We don't, though it seems like the whole Yahoo Mail thing is at least as intrusive as Google -- and Yahoo tries to handle all manner of services as well.
I use Google on a "session cookies only" basis, and block ads, which makes it at least somewhat difficult to tie different online personas together.
I do have one (IMHO) legitimate privacy grievance with Google's operation. Google does not let you save preference options in the content of an URL -- language, results size, image content filtering, etc. It is technically possible (and really, pretty easy) to do so, but they prefer to force me to retain a permanent cookie on my system if I wish to use these features (or set the content each time I visit their site). There's a constant nag to give the degree of privacy that I *do* have, which I'm less than thrilled about. I consider search engine cookies pretty much unacceptable based on the sheer amount of data they hand out. You don't have to be searching for how to defraud your employer or for child porn to be uncomfortable with someone having a complete record of everything you're looking for. I view search engines as a tremendous data leak out of companies. Do you Google for things that you're doing research on, or companies that you might be doing business in, or areas/markets that you might be entering? That's sensitive data. What about having a "terrorist keyword red flag list"? Search engines would be an incredibly rich resource for fishing expeditions to find suspicious folks, simply because of the sheer amount of data involved. You think you ever mind wind up in politics? Do you want your opponent to ever be able to dig up the fact that you searched for images of a gay porn actor fifteen years ago? There's an awful lot of very nasty things that can be done with search engine data. Google, on the whole, might be currently playing nice, but that's no guarantee that they will do so in the future, post-IPO, when shareholders are demanding more profits and a partnership with DoubleClick could net Google a loooot of money...
Parent
Eternal cookie (Score:5, Funny)
Two Cookies Would Fix it (Score:4, Funny)
Er... (Score:5, Insightful)
Lots of ways to get yourself in the GMail database (Score:5, Insightful)
Your boss: "I'm on the road - send me your status report IMMEDIATELY to yourboss@gmail.com"
Recruiter: "I have a job for you - send me your resume at somerecruiter@gmail.com..."
Parent
So? (Score:5, Informative)
also in the BBC (Score:5, Informative)
Nobody's forcing you... (Score:5, Interesting)
All of this complaining and bickering for a service that is not yet released...
Re:Nobody's forcing you... (Score:5, Insightful)
-
If Google terms of service violate European law, it is appropriate for Europe based people to complain.
-
Google listens. If they are taking a wrong turn, it is wise to let them know.
- So, if a company offers to do something illegal to its customers, do you think the company is untouchable, because you are not forced to be its customer ? This is just nonsense.
- Yes, they are honest, and you can probably trust their current management. But what will happen to your personal data in future under new management ?
It's funny. Your same argument has been used to death by microsofties before: what's wrong with microsoft ? Nobody forces to use their products. YeahParent
Re:Deal (Score:5, Interesting)
Why do you get to decide unilaterally when the deal is off?
"Defending Google" here is defending the right to enter into agreements. You, apparently, want to be protected from your decisions by being able to change the terms of service if you don't like them at a later date and you want the force of law, through regulation, to enforce your preference.
You don't need regulation, you need to be responsible for your decisions.
Your concerns might be valid, I don't know. But, and I know you are sick to death of this, if you feel this way, "DON'T USE IT THEN". That would be a way of 'telling a company what the consumer wants'. But, you don't really want to tell a company what the consumer wants, you want to force the company to provide a service that you want.
Parent
I wish to register a complaint (Score:5, Funny)
I wish to complain about the post I am going to make half an hour from now. It is inflammatory and totally uncalled for.
Gmail - Opt-In (Score:5, Informative)
If you don't want to use Gmail, you have other options through your ISP, other free services, etc.
It just seems to me this is an extension of social networking, but from a business perspective. - target based advertising based on what you surf for based on your cookie.
It seems similar in a way to what Gnome's Nat Friedman wants to do with Dashboard. Based on your email & IM, having the desktop provide you with links to what you're talking about.
To me, the pro's at this point from what we know may outweight the cons - yes they'll target me with ad's based on my surfing behavior, but the ability to index and search my email rather than using "To" "From" and "Subject" headers is definitely a step forward in email management.
Can I file a complaint against MS now? (Score:3, Insightful)
Innocent until proven guilty. When they start using this for an invasion of privacy, then you can complain, at this point they haven't even offered the service, how can you complain that they've invaded your privacy.
Besides, if you don't like it, don't create an account and go back to wearing your tinfoil hat. They aren't using strongarm tactics to force you to use their product.
Jamon.
Oh For The Love Of God (Score:3, Interesting)
But I suppose when Google is the only mail provider providing a gig of space, it's no wonder why privacy advocates are jumping up and down.
You can't have your cake and eat it too. Google is a private company. They own the servers and the bandwidth. These privacy advocates can go jump as far as I'm concerned.
Why shouldn't google be able to link data? (Score:5, Insightful)
If you don't want google using your data, don't give it to them. Personally, I'm happy for google to have all my data if it will improve my browsing and emailing experience, and that is my personal choice to make.
What people should be complaining about is insurance and credit card companies which buy incomplete and incorrect sets of data and judge your credit rating based on it (it's happened to me). Now thats dodgy.
Microsoft Exchange? (Score:5, Interesting)
snip
"If a person deletes an email, he should be confident that email is actually deleted," said Maurice Westerling, co-founder of Bits of Freedom, another privacy interest group, based in the Netherlands.
MS Exchange has settings for the email retention period. If you delete something from your mailbox in Outlook, then empty your Trash folder, it's effectively gone from your view and you've no way to retrieve it. It is however stored in Exchange for as long as the administrators wish to hang onto it (and that "deleted" email is, indeed, backed up and restorable).
If you shift-delete an object out of your Inbox, using that wonderful permanent-kill technique that the tech-savvy thinks protects and anonymizes their email... it's stored for the email retention period listed by the sysadmins, is backed up, and is restorable. It looks very dead to
(fyi, the only real way around this is to edit your Outlook client so that you can get the Recover Deleted Items option on every object in your inbox [as opposed to just the Recycle Bin], then habitually view -- and purge -- that information on a schedule that is more frequent than the one used for our backups. That'd work.)
Anyway, the shorter point is, this kind of thing happens. The reason is happens is liability. If a criminal organization is using Google's GMail system for planning a robbery, or if a terrorist group decides they want to attack rail systems in Europe and wants to do so by using random public terminals to sign into email accounts that someone else hosts, it's a problem. If law enforcement comes looking and Google has to say "Oh, sorry - we respect privacy so much that we absolutely and permanently delete all traces of all email the second you touch the delete object!", it will not be a pleasant thing. The investigators will not be happy.
Alternate question; do you really think that your email is permanently gone from Yahoo! and Hotmail?
Do you really think they can't restore to an arbitrary point in time?
Do you think they wouldn't turn that info over to law enforcement in a heartbeat if a court order came down?
Are the rules
Re:Microsoft Exchange? (Score:5, Informative)
It uses 64mb-chunks of disk space, and instead of erasing data from within the chunk, it just flags it as deleted, thereby not fragmenting the filesystem fantastically. That method means it's practically impossible to delete the email.
It has to be kept on their filesystem as the inbox is searchable, and 1gb large - raid arrays just wouldn't cope with that stress (and it'd take 3 days to search your mail). The filesystem is the real genius of google - their system is made of hundreds of terabytes of storage on a distributed system. Thousands of servers running redundantly. When one dies (with that many it's a regular occurance) it gets swapped out seamlessly. The processing on the data also requires huge bandwidth throughput.
To me, it looks like the google boys found a great use for their systems, but the very methods that make them great contradict local law in some areas they're selling in.
Oh, and the rules are that different in europe ;)
Parent
Read it. (Score:5, Informative)
I didn't see anything in there about this particular topic, although there is a bit about the fact that they will be using cookies (natch).
Personally, I find it hard to be too concerned about this. My web-surfing patterns are already recorded in a "soft" way via my browser history and a much "harder" way via my ISP's access logs. I can go out of my way to use proxies and make it difficult to trace, etc, but it isn't like you can't figure out what my machine is doing (unless I'm doing some fairly advanced stuff).
Americans, wake up! (Score:3, Informative)
Privacy Groups (Score:5, Insightful)
I would much rather that privacy groups spend their finite resources fighting the stuff we don't have the option of avoiding, Big Government and such.
Seems like any other organization, privacy groups have to justify their existence by creating problems where none exist.
Knee Jerk reaction (Score:5, Insightful)
I like Google Adwords. Given that advertising is an endemic part of life, and is not going to go away, Adwords is the way I want it. Let Google take all the advertising revenue with Adwords, and may the popup merchants go broke. If Google want to offer a paid-for non-Adwords service, I shall think about it - and probably not buy it.
As to keeping some of your email when you delete it - I don't think this is intentional. AFAICS Google has a "weak delete" policy - they try to recover deleted space, but if they don't recover it all, too bad - disks are cheap. So there may well be old copies of your emails hanging round. What the hell - they are not indexed, so it will take a deep search to find it. Do Yahoo, Hotmail & Co guarantee a destructive overwrite when they delete your mail? I doubt it - in which case they might have an old copy lying round on their disks.
So, privacy people, don't spoil what looks like it might (subject to confirmation, of course) be a useful, opt-in service because of arcane potential privacy problems.
Every service "reads" your mail (Score:4, Insightful)
Oh, wait - they already do that? (Note: at least, this was common the last time I bothered with webmail which was some time ago). Guess what - that's "reading" your mail as well. In fact, they're just changing your display - without changing the verbal contact of your message - to make it more convenient for you.
Isn't that also a (reaching, but legitimate) description of providing targetted advertising? I mean, how many times have people here on
As for the article's complaint, it seems to focus around the fact that when you "delete" an email, Google doesn't guarantee that it goes away immediately. Their message seems to be talking about cache updates though - if they were willing to amend it with a service guarantee that within xx hours your email would be deleted, that would probably do the trick. Of course, then people would be arguing that they needed to provide complete file-trashing (triple overwrite, etc) as well, even though your regular email client and ISPs email account probably don't do that.
I think its just a case of being too cautious in their terms of use. In this case, being too honest where the other major providers are being "honest enough," and not worrying about caches, et cetera. Of course, they may be planning to use your old email for nefarious purposes, but somehow I doubt it. Either way, they should clarify their statement.
Email is not private (Score:5, Insightful)
You get what you pay for (Score:4, Interesting)
They're all watching me (Score:4, Funny)
I'm sure the first thing the hotmail staff do when they get into work on a morning is read all my mail to find out what a fascinating life I lead.
As soon as Bill Gates and his henchmen manage to reconcile the facts that I am a 104 year old man from Zimbabwe, lots of hot teens want to meet me and I have a massive interest in cable descramblers then I am sure they have some evil plan to oppress me.
Re:They're all watching me (Score:4, Funny)
Parent
To much tin foil in the air (Score:5, Insightful)
Nothing, google is just upfront and honest about whats happening to your emails.
They have to "scan" through them to provide virus and spam protection.
They will use there distributed approach to searching to provide fast web based email services. This means your email could be on 100's of there servers at the same time. When you hit delete it might take a while for it to be removed from all systems.
Here a company steps forward and is 100% honest about what they are doing and we flame them.
No wonder we have to deal with lame support and excuses from companys every day.
Crybabies (Score:4, Insightful)
Somebody call the whaaaaambulance!
First: If you read the EULA before you checked the box, you'd know about how they're going to use the info. So, it's not an invasion of your privacy. You told them they could do it! You 'signed the contract'.
Second: They're not trying to hide what they're doing AT ALL. They should be commended for that. It's stated right there on the main page.
Third: You should know by now that privacy doesn't exist. If you need to hide something, don't hide it on a cheapass server owned by someone else. Get your own co-located box and encrypt your mofo-email! PGP, baby. Or get a Hushmail account.
Fourth: It really is a genius revenue model. Minimally invasive. Text-ads are acceptable. Unlike Hotmail & Yahoo, Gmail won't have any annoying banner ads or pop-ups. That is awesome.
Re:Tit for Tat (Score:3, Interesting)
That's the current line of thought, particularly on the libertarian side of the Internet.
I will note, however, that at least in the United States we went ahead and outlawed indentured servitude, even though (a) it was usually entered into voluntarily (b) it often had a net benefit to the indentured party. Still, we felt that the moral and social cost of the "servitude" part was too high to allow individuals t
Re:Tit for Tat (Score:4, Insightful)
"Seems to me, Mr. Jefferson, if England gives you the security of their navy, a little taxation without representation isn't too much to pay."
"Seems to me, Mr, Franklin, if we can give up a little liberty for security, that isn't too much to pay."
"Seems to me, Mr. Churchill, giving up 'a distant country of which we know nothing' in order to get 'peace in our time' isn't too much to pay"
Do you write no email that is personal enough that you'd object to Google looking through it in order to serve up ads?
If you're willing to give up your privacy for mere convenience, what else are you prepared to give up?
How much for your right to vote? A gigabyte of space? Two?
How much for that freedom of speech -- I mean, when did you last need that? And freedom of assembly, will you throw that in too, for say, three gigabytes?
You're not hiding anything in your email, so you're probably not hilding anything your house either -- let's install some free anti-crime cameras in your bedroom -- for your protection of course.
Did I miss the memo telling me that Americans had become so lazy we can't even get up off the couch to protect our privacy anymore?
Alles in Ordnung, Herr Reichsminister!
Parent
Data Protection Act (Score:5, Informative)
Look, they aren't charging for the service, nor are they forcing you to use it.
Whether its free or not is irrelevant. In the UK, there is legislation (the so-called Data Protection Act [hmso.gov.uk] ) which places tight constraints on how personal data is archived and managed. If the Google mail service falls foul of this act, then it does not matter whether or not the service is free; it is still breaking the law.
Parent
Re:Data Protection Act (Score:5, Informative)
Parent
Re:One rule for some... (Score:4, Insightful)
Parent
Re:PGP anyone? (Score:5, Interesting)
I got excited about this almost ten years ago. I installed PGP in my email client, made my keyring (or whatever it's called) and sent a few test messages to myself. After a couple of years in which time I never found anyone who even understood the idea, I gave up, never bothered to reinstall when I moved to a new PC.
Parent