Privacy Complaint Against Google's GMail Service 447
CRCates writes "Privacy groups in the UK have filed a complaint against Google over its new Gmail service. Privacy groups said they were concerned about Google's ability to link a user's personal details, supplied in the Gmail registration process, to Web-surfing behaviour through the use of a single cookie for its search and mail services. "
How can they do this? (Score:3, Insightful)
Erase the cookie (Score:5, Insightful)
Welcome to paranoia.
Tit for Tat (Score:2, Insightful)
Re:How can they do this? (Score:5, Insightful)
Er... (Score:5, Insightful)
Can I file a complaint against MS now? (Score:3, Insightful)
Innocent until proven guilty. When they start using this for an invasion of privacy, then you can complain, at this point they haven't even offered the service, how can you complain that they've invaded your privacy.
Besides, if you don't like it, don't create an account and go back to wearing your tinfoil hat. They aren't using strongarm tactics to force you to use their product.
Jamon.
Why shouldn't google be able to link data? (Score:5, Insightful)
If you don't want google using your data, don't give it to them. Personally, I'm happy for google to have all my data if it will improve my browsing and emailing experience, and that is my personal choice to make.
What people should be complaining about is insurance and credit card companies which buy incomplete and incorrect sets of data and judge your credit rating based on it (it's happened to me). Now thats dodgy.
One rule for some... (Score:3, Insightful)
It would be interesting to see the reaction on
Re:Two Cookies Would Fix it (Score:0, Insightful)
Not that simple (Score:5, Insightful)
It seems that European privacy law is much more strict than US law, and by retaining a subscriber's email even after they have deleted it or cancelled their account Google is breaking those laws.
Huge difference.
Re:Erase the cookie (Score:5, Insightful)
Fighting initial reactions... (Score:2, Insightful)
Re:One rule for some... (Score:4, Insightful)
Privacy Groups (Score:5, Insightful)
I would much rather that privacy groups spend their finite resources fighting the stuff we don't have the option of avoiding, Big Government and such.
Seems like any other organization, privacy groups have to justify their existence by creating problems where none exist.
Knee Jerk reaction (Score:5, Insightful)
I like Google Adwords. Given that advertising is an endemic part of life, and is not going to go away, Adwords is the way I want it. Let Google take all the advertising revenue with Adwords, and may the popup merchants go broke. If Google want to offer a paid-for non-Adwords service, I shall think about it - and probably not buy it.
As to keeping some of your email when you delete it - I don't think this is intentional. AFAICS Google has a "weak delete" policy - they try to recover deleted space, but if they don't recover it all, too bad - disks are cheap. So there may well be old copies of your emails hanging round. What the hell - they are not indexed, so it will take a deep search to find it. Do Yahoo, Hotmail & Co guarantee a destructive overwrite when they delete your mail? I doubt it - in which case they might have an old copy lying round on their disks.
So, privacy people, don't spoil what looks like it might (subject to confirmation, of course) be a useful, opt-in service because of arcane potential privacy problems.
Re:Hello?! (Score:3, Insightful)
I have several credit cards attached to my frequent flier program. I get a couple more e-mails and a couple more snail mails a month, but for no additional effort on my part (except for skimming through a couple of offers each month), I get a few thousand extra frequent flier miles each year. It's not enough for a free flight on its own, but it can push me over the edge if I'm close enough.
They have all kinds of information on me -- spending habits, information on where I live and where I travel -- but I entered into the contract willingly. I gave up a small part of my privacy in exchange for a benefit to me.
Every service "reads" your mail (Score:4, Insightful)
Oh, wait - they already do that? (Note: at least, this was common the last time I bothered with webmail which was some time ago). Guess what - that's "reading" your mail as well. In fact, they're just changing your display - without changing the verbal contact of your message - to make it more convenient for you.
Isn't that also a (reaching, but legitimate) description of providing targetted advertising? I mean, how many times have people here on
As for the article's complaint, it seems to focus around the fact that when you "delete" an email, Google doesn't guarantee that it goes away immediately. Their message seems to be talking about cache updates though - if they were willing to amend it with a service guarantee that within xx hours your email would be deleted, that would probably do the trick. Of course, then people would be arguing that they needed to provide complete file-trashing (triple overwrite, etc) as well, even though your regular email client and ISPs email account probably don't do that.
I think its just a case of being too cautious in their terms of use. In this case, being too honest where the other major providers are being "honest enough," and not worrying about caches, et cetera. Of course, they may be planning to use your old email for nefarious purposes, but somehow I doubt it. Either way, they should clarify their statement.
Email is not private (Score:5, Insightful)
Re:Microsoft Exchange? (Score:3, Insightful)
That's an interesting point. They might not be happy, but so? Does anyone have a legal (vs. moral) obligation to retain every piece of data Just In Case There's A Terrorist Hiding Under The Bed? Same with corporations. There's no law saying you need to have an email retention period of x, right? Companies do it for business reasons, not because it's mandatory (and in many cases [hello, Microsoft] it's come back to bite them in the ass).
excuse me? (Score:1, Insightful)
Thats basically what Google wants to do with your email, if you havn't figured it out already.
And I'm not going to join the horde in Google adulation- Google seem to be quite happy to mine your data six ways from anywhere. I definatly don't want all of my email and searching centralized like that to a company that whilst is a techical genius, seems to have some moral issues regarding personal data and the use thereof.
I'm not going to have a gmail account until that policy gets changed. Go privacy group in UK !!!
Government wiretaps (Score:1, Insightful)
Google need to get some sense in this tyrannical age.
Re:How can they do this? (Score:5, Insightful)
The problem is those pesky "inalienable" (or "unalienable" as one source writes it) rights: inalienable simply means that something can't be given away or sold -- alienated -- even if you want to give it away or sell it.
Just as you can't, regardless of contract, sell yourself into slavery in most countries, Google's GMail quite possibly violates European law (but not U.S. law, which protects privacy very little if at all).
So a contract is no defense, as contracts for illegal activities are unenforceable.
Re:Not that simple (Score:3, Insightful)
Do you think AOL, Hotmail, Yahoo! mail and every other ISP in the world dig through their backups when you quit and make sure they delete all copies of your mail? I'd be very, very, very surprised if they do.
April Fools (Score:3, Insightful)
Read the Google news release again:
The inspiration for Gmail came from a Google user complaining about the poor quality of existing email services, recalled Larry Page, Google co-founder and president, Products. "She kvetched about spending all her time filing messages or trying to find them," Page said. "And when she's not doing that, she has to delete email like crazy to stay under the obligatory four megabyte limit. So she asked, 'Can't you people fix this?'"
The idea that there could be a better way to handle email caught the attention of a Google engineer who thought it might be a good "20 percent time" project. (Google requires engineers to spend a day a week on projects that interest them, unrelated to their day jobs). Millions of M&Ms later, Gmail was born.
Kinda fishy.
Privacy in the UK? (Score:1, Insightful)
for every 14 people, yes? At least people get
to _choose_ whether they want to use GMail or
not...
The conflict is with EU law (Score:2, Insightful)
Furthermore, in many EU countries there are certain rights that you cannot sign away in a contract, so Google cannot just point to the terms and conditions.
The solution might be to prevent EU residents from signing up to Gmail.
Re:Er... (Score:3, Insightful)
Example: Tivo. Tivo isn't required, but people got all up in arms because they captured info about what people watched (which is kind of a bullshit thing to do). They aren't exactly identifying YOU, just your data, so it's not REALLY an issue. Either way, it's still not cool to know that something you bought that is yours is sending data about the shit you watch to someone else.
Just because a company violates privacy issues doesn't make it "okay" simply because it's "a service, not a requirement," because you know as well as I that there are a ton of braindead computer users who sign up for things not knowing what they are.
At least SOMEONE is concerned about this (Score:2, Insightful)
We don't give Microsoft a free pass, and it's time we stopped giving Google the benefit of the doubt. This whole GMail thing REEKS of privacy abuse potential.
Re:Er... (Score:3, Insightful)
The point is not that something bad is definitely going to happen as a result of Google's policy. The point is that this moves the _presumption_ from automatic assumption of privacy to an automatic assumption of non-privacy, which is a dangerous precedent, especially if this is even a small fraction as popular as the search engine itself.
This reasoning, which I have seen a number of times already in GMail discussions, also smacks of 'if you don't like it, move to Russia,' or in this case, Hotmail.
Lots of ways to get yourself in the GMail database (Score:5, Insightful)
Your boss: "I'm on the road - send me your status report IMMEDIATELY to yourboss@gmail.com"
Recruiter: "I have a job for you - send me your resume at somerecruiter@gmail.com..."
Hosted at Yahoo? (Score:3, Insightful)
I don't want to jump on the SlashThink wagon, but does anyone storing e-mails on a free remote server have an expectation of privacy about automated searches and indexing? After all, your e-mail has to be read by machine at some point or another, or it isn't an e-mail. And is should be backed up. The only thing I can see about this is Google stuck their foot firmly in their mouth about basically accepted industry practices.
Unable to delete the past... (Score:3, Insightful)
Re:So? (Score:2, Insightful)
> How long will this service last at SpyMac? A month?
You don't get it. Spymac don't offer imap or advance search, hence 1Gb is useless there.
Comment removed (Score:3, Insightful)
Re:Tit for Tat (Score:4, Insightful)
"Seems to me, Mr. Jefferson, if England gives you the security of their navy, a little taxation without representation isn't too much to pay."
"Seems to me, Mr, Franklin, if we can give up a little liberty for security, that isn't too much to pay."
"Seems to me, Mr. Churchill, giving up 'a distant country of which we know nothing' in order to get 'peace in our time' isn't too much to pay"
Do you write no email that is personal enough that you'd object to Google looking through it in order to serve up ads?
If you're willing to give up your privacy for mere convenience, what else are you prepared to give up?
How much for your right to vote? A gigabyte of space? Two?
How much for that freedom of speech -- I mean, when did you last need that? And freedom of assembly, will you throw that in too, for say, three gigabytes?
You're not hiding anything in your email, so you're probably not hilding anything your house either -- let's install some free anti-crime cameras in your bedroom -- for your protection of course.
Did I miss the memo telling me that Americans had become so lazy we can't even get up off the couch to protect our privacy anymore?
Alles in Ordnung, Herr Reichsminister!
Re:Erase the cookie (Score:5, Insightful)
To much tin foil in the air (Score:5, Insightful)
Nothing, google is just upfront and honest about whats happening to your emails.
They have to "scan" through them to provide virus and spam protection.
They will use there distributed approach to searching to provide fast web based email services. This means your email could be on 100's of there servers at the same time. When you hit delete it might take a while for it to be removed from all systems.
Here a company steps forward and is 100% honest about what they are doing and we flame them.
No wonder we have to deal with lame support and excuses from companys every day.
Re:Knee Jerk reaction (Score:3, Insightful)
The term in question is,
On most filesystems, deleted files are not deleted completely, they remain physically on disk and, provided the now-free space has not been subsequently overwritten, could potentially be retrieved with appropriate tools. This is what Google means by "residual copies", and I wouldn't be at all surprised if that is the case with Yahoo!, Hotmail or any other free email provider, Google is just being honest about it! Good on you Google!
Re:Tit for Tat (Score:3, Insightful)
I can CHOOSE to give up my right to privacy in this matter to a company I trust without giving up my Right to Privacy in general, let alone my free speech, voting and assembly.
You seem to be strong on rights. What about Googol's right to offer a service for no money in exchange for policies they lay out in their eula? They are by no means being coercive, they have no monopoly on email and are merely trying to float a new internet service. They are not even being deceitful about it, as we all know about their advertising policy before the service is released to the public.
This is not some mandatory big government service here, merely a private company trying something different.
Re:How can they do this? (Score:3, Insightful)
Beta tests technical issue not privacy issue.
That's a narrow view of things. Beta tests are for ANY issues that arrise, whether they be usability or functionality. The likeliness for usability changes to occure as a result of beta testing are much lower than in alpha testing, but they are by no means excluded (they just piss of the developers more).
And the issue of privacy is certainly a usability issue.
Re:Tit for Tat (Score:1, Insightful)
Those examples aren't even remotely the same. Analogy is the weakest form of argument for a reason, perhaps you should figure out what that is.
Re:Tit for Tat (Score:3, Insightful)
Do you Yahoo? Do you notice their auto-quoting feature that adds the > brackets in different colors? Do you write no email that is personal enough that you'd object to Yahoo looking through it in order to serve up that feature?
The point, and the answer, is the same. There is no person reading your email at the company, merely an automated script, and it's looking for keywords. Additionally, the results are blindly served back up to you through the same automated process. If you talk about 'golf balls' in your email, you'll see 'golf ball' ads. However, the golf ball manufacturers don't get a note in the mail saying that orthogonal@gmail.com is interested in their services. No one gets that note, not even anyone at Google. The manufacturers do get charged for the ad, and know merely that 1 person looked at their ad (or more likely several hundred looked at their ad each week/month, the same way that the ads work now).
So what privacy have you given up?
Finally, unlike your other examples, there is no requirement to use Gmail, and no clear benefit to using it over other services except for the specific features it provides - Google's searching through your archived emails. As many have pointed out, there are hundreds of other email providers, and several, including Spymac.com, are offering or will be offering 1 gig storage. If Jefferson could choose the benefits of England's navy, France's navy, Spain's navy, etc., then that would make more sense in your example... But wait, he did, and he chose France, who had terms more acceptable to him.
-T
Re:Lots of ways to get yourself in the GMail datab (Score:2, Insightful)
Again I would imagine that it is your concern whom you send mail to, if you don't trust a mail domain then you should not send mail to it. This is valid not matter what domain you are sending to.
If you are going to argue about the sender not being aware of what is going to happen to their mail remeber that's the same when you send to Hotmail or whatever, it's up to you to read the fine print when you send mail to someone.
Re:At least SOMEONE is concerned about this (Score:5, Insightful)
Slashdot is not a collective mind. You are not the only free thinker.
Crybabies (Score:4, Insightful)
Somebody call the whaaaaambulance!
First: If you read the EULA before you checked the box, you'd know about how they're going to use the info. So, it's not an invasion of your privacy. You told them they could do it! You 'signed the contract'.
Second: They're not trying to hide what they're doing AT ALL. They should be commended for that. It's stated right there on the main page.
Third: You should know by now that privacy doesn't exist. If you need to hide something, don't hide it on a cheapass server owned by someone else. Get your own co-located box and encrypt your mofo-email! PGP, baby. Or get a Hushmail account.
Fourth: It really is a genius revenue model. Minimally invasive. Text-ads are acceptable. Unlike Hotmail & Yahoo, Gmail won't have any annoying banner ads or pop-ups. That is awesome.
Re:At least SOMEONE is concerned about this (Score:5, Insightful)
Microsoft actively tries to destroy companies that it thinks might interfere with their monopoly. Further, it uses its monopoly position to force deals upon other companies (for example, if you sold *any* PCs with Microsoft OSes, you had to pay a licensing fee even for those machines that did *not* have the Microsoft OS installed). Google has never done anything like this, AFAIK. Microsoft leverages its monopoly by requiring people who accept one piece to accept others (e.g. their EU case). Google offers people the *option* of using this service (and it is possible that they may not be able to offer the *option* in Europe if this is a real limitation; more likely, they will just tweak their service to bring it in line).
It's not making money/not making money. It's living honorably when you're at the top. Google traditionally has; Microsoft traditionally has not.
Re:How can they do this? (Score:2, Insightful)
it's really simple.
If Intel implants a tracking number in the CPU's, buy AMD.
If A bios manufacturer hard-codes DRM into it's motherboards, don't buy those motherboards.
If (free) Gmail violates your privacy, don't use (free) Gmail.
what exactly is the problem?
has some government come foreward and announced that all citizens MUST use gmail as their only e-mail or something?
Re:Nobody's forcing you... (Score:5, Insightful)
Damn you, Slashdot! (Score:3, Insightful)
Dumb slashdot gets me all worked up over nothing. Now granted, I suppose I could do things like, read beyond the headline, but, well, it's slashdot.
Anyway, yeah, privacy complaints, sure. For a service that nobody can use yet. You know, I'd like to register a privacy complaint for Duke Nukem Forver, there's some nasty DRM in that. And I think my sky car is bugged with a hidden camera.
You know, I honestly don't know why I'm even typing this crap. I mean, I'm trying to be funny I guess, but ever since they took the funny karma bonus away, you know, what's the point? The Slashdot FAQ tells me that I have to be smart, not just a smart ass. Well, sorry Taco, I don't know how to do that. So I, like the smartass I am, will now click the "Submit" button, and watch my karma cook!
Re:Not that simple (Score:1, Insightful)
Google's system works on redundancy. That's the only way they can do their thing.
I guess if this is a real snafu the answer is that the Google technology is unsuited for things like email. A blow to google, but personally I'm not interested in gmail anyway.
I would like to see some proof that the datamining algorithm Google uses to parse emails for adwords guarantees anonyminity. I'm pretty sure completely safe datamining is not a reality right now, but it is proven to be theoretically possible. Do people datamine without giving a care about privacy? Oh yeah they do. Should Google do the same just because everyone else does it? I would like to think they shouldn't. They have the ability to make an anonymous algorithm, if they haven't done it the time is just not right to start mining emails.
Re:How can they do this? (Score:4, Insightful)
it's really simple.
If Intel implants a tracking number in the CPU's, buy AMD.
If A bios manufacturer hard-codes DRM into it's motherboards, don't buy those motherboards.
If (free) Gmail violates your privacy, don't use (free) Gmail.
what exactly is the problem?
The problem is when-
Re:At least SOMEONE is concerned about this (Score:4, Insightful)
why are the two mutually exclusive? Why can't google make a good service, and be paid for providing that service?
Re:NSA (Score:3, Insightful)
"More than 27 million Americans have been victims of identity theft in the last five years, a survey released today by the Government estimated, including nearly 10 million in the last year alone. " (Source: NYTimes, September 3, 2003)
"According to the [2003 FTC] survey, 67 percent of the respondents said their credit card accounts had been misused in the past year. Another 19 percent said thieves had tapped into their checking or savings accounts." (Source: NYTimes, September 3, 2003)
"Around 80% of computer crime is committed by 'insiders'. The 20% that is not done by insiders, manage to steal $100 million by some estimates; $1 billion by others." (Source: Web Crime Statistics. www.intergov.org)
Europe has much stricter privacy laws and as a result, they have much less identity fraud. I'd welcome more restrictions in the US about privacy. The bottom line is, Google does business in Europe, and their privacy statement may conflict with their laws...complaint filed.
-
Re:Tit for Tat (Score:1, Insightful)
So under your premise then, when you go to MacDonalds, and they have marketing material up on the wall, it's indentured servitude?
You're using Google's servers FOR FREE. You are in their place of business. Seems perfectly normal to me that they would show you an ad by using keywords in your email. Better that than seeing an X10 or Casino ad popup every time you browse a page.
You must have learned this term in school and have been dying to use it for a month now. Your point is not very pragmatic.
Re:At least SOMEONE is concerned about this (Score:3, Insightful)
So, if... we do question Google's future use of private information... we are... groupthinkers? And if we don't, we are... free thinkers! Got it. Thanks. Free is good, groupthink bad.
Slavery is freedom, ignorance is strength, up is down, we are saving Iraq for noble purposes...
It's because they know your search history (Score:2, Insightful)
I felt pretty dumb, having given them my prime email address (myfirstname@mylastname.net), then realising afterwards that through the magic everlasting cookie I had just enabled Google to link every search I had ever done back to ME personally. Like, DUH!
Heck, I don't even know what "interesting" data might be in there, but seeing as it's about ME, I damn well ought to be able to get access to it (under UK law).
More here [google-watch.org].
That is what people are getting annoyed about - not the email service itself, just the registration process.
Re:At least SOMEONE is concerned about this (Score:1, Insightful)
Thank you for helping me illustrate Slashdot duplicity. Around here, some companies with dubious policies that make money are good, but certain other companies with dubious policies that make money are bad.
You're seeing the world in black and white, which is a fool's view.
Obviously if one company is "just trying to make money" and there are free alternatives, that doesn't mean the company is evil.
However, if the company is trying to make money by selling baby-skin purses, and the alternative is to use a synthetic leather purse, then I think it's safe to say the company is evil.
Repeat after me: it is quite possible to try to make money without being evil, and it is also possible to be evil without trying to make money. The two are unconnected.
See? It is not contradictory to think Microsoft are evil and Google not evil.
Re:How can they do this? (Score:4, Insightful)
Confident? That's a very dangerous assumption if you're that concerned about your privacy. I maintain quite a few corporate e-mail systems, and one of the biggest problems is convincing people to delete anything - even crap. It's not uncommon for the executives to have mailboxes which exceed 1GB.
I have every business email I have sent or received in the last six years. My assumption is that every email I send is more than likely still out there.
Don't want your messages to be readable by the 'wrong' people? Encrypt 'em real good, or don't use email.
"Don't send anything over email that you wouldn't want published on the front page of USA Today." [albion.com]
Re:PGP anyone? (Score:3, Insightful)
Re:Lots of ways to get yourself in the GMail datab (Score:3, Insightful)
Additionally, it won't actually be that easy to tell if you are sending to a gmail.com domain. For example I own my own domain and simply redirect email to my ISP email account rather than pay for email hosting. So if you send email to any of my email addresses (something @ mydomain.com) you have no idea where it is actually going. Not currently to any webmail service, but in the future, who knows?
Re:Tit for Tat (Score:3, Insightful)
Yes, they parse your email. That's part of SMTP (HELO, mcfly). They store it; that's part of webmail. They go through it; that's part of syntax highlighting. They index it; that's part of search capability. They may not wipe it out when you delete it; that's part of the cost of a distributed system.
Google isn't the only one that does ANY of this; all of the others do as well, including your ISP and _certainly_ including the big webmail providers (because they ALSO throw in advertising). The difference is that Google tells you EXACTLY what they're doing.
This is honesty, plain and simple. They should be rewarded for it.
-Billy
Re:How can they do this? (Score:4, Insightful)
You pay money for your CPU and this service is free.
I take great exception to someone tracking me and having me pay for the technology. (I know, but let's ignore my ISP for the moment).
But if someone wants to provide a free service, then you get what you pay for. Be sure you read the terms of service. If you don't like it, use something else.
Intel put their tracking into something you paid $$ for. That's different.