Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Privacy The Internet Your Rights Online

On The Privacy Subtleties Of GMail, Other Webmail 298

Brad Templeton writes "After talking with Google folks and learning about E-mail privacy law from EFF (join!) lawyers, I have written a new essay on the privacy subtleties of GMail and other advanced webmail applications. Some of the fear has been overdone, but there are surprising issues due to the fact that the ECPA, written almost 20 years ago, wasn't prepared for fancy e-mail offerings like GMail. I issue a call for Google to encrypt your mail to avoid these issues."
This discussion has been archived. No new comments can be posted.

On The Privacy Subtleties Of GMail, Other Webmail

Comments Filter:
  • by Anonymous Coward
    How will I read it?!
  • by Anonymous Coward on Thursday April 22, 2004 @12:42AM (#8936168)
    It's easy to imagine an unpleasant situation where you get invited to a gay wedding in Vancouver, and find with it in your mailbox brochures for gifts, Vancouver hotels and a free copy of Out magazine. People have extended that fear into the e-mail realm.

    Homophobia, non?

    • by Denyer ( 717613 )
      ...Joe Sixpack may well hold this irrational consideration, and it may therefore affect Google's bottom line if they lose him (and the similarly prejudiced) as a consequence. Google will have to tread very carefully with the the ad categories it spins off from personal mail content.

      Doesn't excuse the phrasing in the article, though.

    • Doesn't matter. (Score:5, Interesting)

      by Xenographic ( 557057 ) on Thursday April 22, 2004 @12:54AM (#8936219) Journal
      All they have to do is a simple redirect and the advertisers might never know anything more than the keywords which triggered the email (nor even that it was *from* an email and not a web search).

      In other words, no more than they know if you click on a Google sponsored link right now.

      So, umm, in that case, don't sign up for a free trial of Out if you don't want one? *shrug* :]

      Honestly, MSN, Yahoo & co. can do all of this right now, should they desire, and they have very little incentive to tell us about it. Well, maybe in the UK it might be illegal, but if they exclude all people who are from it from the policy and never tell anyone... (as if that were meaningful considering how many fill in utterly false info there...)

      Hell, look at this current snip from the MSN Privacy Policy [], which governs Hotmail:

      MSN keeps track of the pages our customers visit within MSN, in order to determine what MSN sites and services are the most popular.

      MSN also collects certain information about your computer hardware and software. This information may include: your IP address, browser type, domain names, access times and referring Web site addresses.

      Certain MSN services may be co-branded and offered in conjunction with another company. If you register for or use such services, both MSN and the other company may receive information collected in conjunction with the co-branded services.


      MSN Web pages may contain electronic images known as Web beacons - sometimes called single-pixel gifs - that allow MSN to count users who have visited those pages and to deliver co-branded services. MSN may include web beacons in promotional e-mail messages or MSN Newsletters in order to count how many messages have been opened and acted upon.

      Web beacons collect only a limited set of information including a cookie number, time and date of a page view, and a description of the page on which the Web beacon resides. MSN Web pages may also contain Web beacons placed there by third parties in order to compile aggregated statistics and to help determine the effectiveness of our joint promotional or advertising campaigns. MSN prohibits web beacons from being used to access your personal information.


      In addition, MSN allows other companies, called third-party ad servers or ad networks, to display advertisements on MSN Web pages. Some of these ad networks may place a persistent cookie on your computer. Doing this allows the ad network to recognize your computer each time they send you an online advertisement. In this way, ad networks may compile information about where you, or others who are using your computer, saw their advertisements and determine which ads are clicked on. This information allows an ad network to deliver targeted advertisements that they believe will be of most interest to you. Microsoft does not have access to or control of the cookies that may be placed by the third-party ad servers or ad networks.

      MSN maintains relationships with a number of the third-party ad networks currently operating such as: Ad4Ever; AdCentric Online; Ad Dynamix; AdSolution; Avenue A; BlueStreak; BridgeTrack; DoubleClick; efluxa; Enliven; Flycast; i33; Mediaplex; PlanetActive; Pointroll; Profero; Qksrv; RealMedia; RedAgency; TangoZebra; TargetGraph; TrackStar; Travelworm; Unicast. Those ad networks that use persistent cookies may offer you a way to opt out of ad targeting. You may find more information at the Web site of either the individual ad network or the Network Advertising Initiative.

      Where was this fuss over these terms? I at least trust Google more than MSN...
      • not comparable (Score:2, Insightful)

        by x3ro ( 628101 )

        I am surprised that you don't see the critical difference between what Google is planning and the more usual form of behaviour-tracking that goes on all the time, with or without our consent, by DoubleClick and their ilk, which is common as mud -- in fact I myself once developed a system for a client that had a behaviour tracking component. (Not proud of it, but just pointing out how ubiquitous it has become.)

        The crucial difference is that -- at least from the terms described above in the MSN agreement --

        • Re:not comparable (Score:5, Insightful)

          by Xenographic ( 557057 ) on Thursday April 22, 2004 @02:05AM (#8936474) Journal
          The anti-spam and anti-virus scripts already parse all of your mail. This is simply a different bit of parsing.

          Also Google can and most likely will, due to the outcry as well as their own code of ethics, limit how much an advertiser can infer from what ad you clicked.

          Ideally, it would be no more than anyone gives away by clicking ads in the search results (and I note that you need never click these ads if you don't want to...). This is something no one had a problem with before, after all, however much it told them about your searches (and we all should know by now that every single worthwhile log parsing scripts pulls out the keywords people visit your site via... right?).

          Honestly, I'm more worried about the warrantless search provisions and such this could fall prey to. Even so, I trust Google far more than the other services which are undoubtably now copying them for this.

          Honestly, I'd almost like them to patent a few provisions of this (provided the patent was narrow enough) and simply keep others from copying Google and doing the whole service badly, in a way that would be horrible from a privacy standpoint...
          • Re:not comparable (Score:2, Insightful)

            by next1 ( 742094 )
            Ideally, it would be no more than anyone gives away by clicking ads in the search results

            i don't know, there really is a difference: you volunteer that information to the search engine and that info is logged, used to target ads to you and passed onto third parties via their web analytics provider. essentially every major commercial website does one or all of these things.

            gmail would be parsing private emails that are sent to your email address and targeting ads to you based on the keywords it select
            • Re:not comparable (Score:4, Interesting)

              by fucksl4shd0t ( 630000 ) on Thursday April 22, 2004 @03:06AM (#8936670) Homepage Journal

              gmail would be parsing private emails that are sent to your email address and targeting ads to you based on the keywords it selects.

              Um, if you're so worried about it, why don't you just keep using a pop client? That's what I'm doing, and I've got *much* more than 1GB of storage for my email. I've also got plenty of tools to search my email with (grep comes immediately to mind) when I want to search it, and I don't think Google can search my email *that* much better than I can already. I've got context in my head that Google doesn't have, and all I need is tools to narrow down possibilities.

              The real question is, what value does GMail add that I don't already have on my system? The answer, so far, is not much, if any. And any advertisements they add greatly detracts from the overall value of the service to me.

              If they're already engaging in proper disclosure of what they're doing, I'd like them to add something that shows what a referer field in your http header will look like when you *do* click a context-based ad in your inbox, along with a regular referer that would be shown when you click on ad on their adsense pages and their adwords.

              People don't understand how much information is already being transmitted by http, and I'd like to see more of that being shown as part of 'proper disclosure'. But other than that, I don't see how Google's service is so great.

    • unpleasant? that sounds absolutely apropos. and a free magazine. hey!
  • No... (Score:3, Insightful)

    by Famatra ( 669740 ) on Thursday April 22, 2004 @12:44AM (#8936179) Journal
    "I issue a call for Google to encrypt your mail to avoid these issues"

    No... I have a better idea, instead of getting the government involved if you don't like it then you can choose to use a email service more to your liking.

    Me? I can't wait to use Gmail, and if I don't like it then I will stop using it. See how simple it is?
    • Re:No... (Score:3, Interesting)

      by liquidpele ( 663430 )
      Now if you could pay for an encryption option that would be nice. I could see the encryption being a huge overhead when searching the email though, so using it for free accounts might be overboard.
    • Re:No... (Score:5, Insightful)

      by Jameth ( 664111 ) on Thursday April 22, 2004 @12:51AM (#8936207)
      Why do people always call out, "Just don't use it!" If the minority who saw the truth just ignored the majority product throughout history, we'd be fucked. The minority fighting for change has vastly improved the world on a regular basis.

      Also, Google isn't the government. Read what you are replying to.
      • Also, Google isn't the government.

        Ah, but this is a great premise for a novel -- by, say, Neal Stephenson and/or Bruce Sterling. (Or for that matter, the ghost of Philip K. Dick.)

      • Re:No... (Score:4, Insightful)

        by fucksl4shd0t ( 630000 ) on Thursday April 22, 2004 @03:15AM (#8936700) Homepage Journal

        Alright then, what's your solution? Google (and by association, actually, Yahoo and MSN) can't even offer email services? Encrypting your email brings it under the domain of the DMCA, doesn't it? Besides that, your email already gets transmitted across the net in plaintext. At several points along the way your email could get stored in a log somewhere. In fact, if you don't check your email constantly, chances are pretty good even your pop provider has some of it stored somewhere on a backup tape or something, as well as the various people who sent email to you.

        Google is not the problem, here, folks. SMTP and POP3 are the problem. Fix those and Google will fall right in line behind the fix, right where mail clients generally fall.

        So, ah, which minority is right this time?

    • Re:No... (Score:5, Insightful)

      by metlin ( 258108 ) * on Thursday April 22, 2004 @12:55AM (#8936230) Journal
      Why call Google to encrypt your mail? If you are that concerned, you could go ahead and encrypt it yourself.

      And if you are not bothered to do it on your own, or are not concerned enough about security, then you have no business complaining about Google.

      Like the parent poster said, if you do not like Gmail, do not use it. What did you expect? Somebody off the street to come and give you an e-mail account with the coolest features for free with almost nothing from your side? Well guess what, in real life there is no such thing as free lunch.

      And as for the "masses" out there, there's probably way more information floating around in the form of spyware and the like that gather data, than through something like Gmail.

      This is the problem if you are the biggest guy around - everyone finds some reason or the other to pick on you.

      He is right about the freak-out factor, but then for all you know, its probably a ploy from competitors to put Google at a disadvantage (you never know!).

      And besides, if you are that concerned about secure information, plain e-mail is akin to sending confidential information on a postcard.

      If you want confidentiality, encrypt your stuff. Why should Google do it for you? If you are that concerned, go ahead and do it yourself.

      Encryption is a serious resource overhead - and encrypting for a very large number of people/subscribers (which Google will most certainly have) for very large amounts of data (which again, Google does and will have) is going to be a serious drain of resources.

      And it is true - now even for the simplest things, Google is getting picked on. Despite the fact that they are perhaps the most benign (yet) of all the corporates out there. I guess people need someone to rant about. And sugarcoat it all with, "I love Google, but..."
      • Re:No... (Score:2, Flamebait)

        by D'Sphitz ( 699604 )
        Excellent post, I couldnt agree more.

        The problem is the few privacy fanatics who are boarded up in cabins with rifles and paperback copies of 1984. Overreaction is an understatement, and this article, while more neutral than most i've read regarding this topic (which was still 99% ass-kissing the name-dropping) was still pretty fanatical.

        Really, nearly 100% of those "in the know" don't give a shit, and i'd guess the majority of those "in the know", like me, are sick of all the tinfoil hat fear mongering

      • by geekotourist ( 80163 ) on Thursday April 22, 2004 @02:58AM (#8936637) Journal
        If you're the sort of person who wants more encryption used in email [] i.e.:
        "The key to deploying encrypted mail is to make it happen with close to zero involvement by the user. This is hard, and requires some security compromises that have made cryptographers uneasy in the past.

        However, I have come down to the view that getting encryption widely deployed, even with some minor flaws, is better than getting perfectly designed encryption (if that's even possible) that hardly anybody uses.

        The reason is that I exchange mail with tons of people, not just my closest linux-using nerd friends. If I want my mail to be private, I have to get the general public encrypting. This is a particular concern with new laws just passed granting U.S. law enforcment the power to read the "header" of a message -- including the subject lines of E-mails without a warrant. In addition, other nations have always had such powers, and on top of it all, most ISP backbones and mail servers are poorly secured from snooping by almost any system cracker trying to invade your privacy...
        Then you'll ask the technology companies most likely to listen to a request to add easy-to-use encryption to their product. Whatever Google could come up with might be much better than the poor-UI, hard to install, barely any use email encryption systems currently around. Just a nice, clean button saying "I feel Private" or somesuch thing.

        Current use of encryption for email is terribly low: I remember when Whitfield Diffie [] was asked at a Computers, Freedom and Privacy Conference [] a few years back how many emails sent to him were encrypted. Because you'd expect him to be way up at the top of the list of people who get encrypted email... under 10% was his reply. Oh, and Zimmerman [] was also in the audience... same answer.

    • No... I have a better idea, instead of getting the government involved if you don't like it then you can choose to use a email service more to your liking.

      Isn't that exactly what the quote you gave was suggesting? Except instead of immediately jumping ship he thought he would actually ask his email service to change to better serve him as a customer. Is asking companies to serve you better somehow government involvement?

    • Re:No... (Score:4, Interesting)

      by saden1 ( 581102 ) on Thursday April 22, 2004 @01:02AM (#8936258)
      I have no secrets - I do, however, have sensitive information such as usernames and passwords sent to my email. So long as google isn't giving away my sensitive data to third party customers or the government without my knowledge and consent I'll be happy with their email service. I don't mind if they want to offer me cheap plane ticket every time the word flight is in one of my emails. If the ads are intrusive I'll be sure to leave them and find a service that is more acceptable to me.
    • Re:No... (Score:5, Insightful)

      by zhiwenchong ( 155773 ) on Thursday April 22, 2004 @01:04AM (#8936268)
      Personally I don't have issues with Gmail... in fact I'm looking forward to getting an account.

      However, if one is really concerned with privacy, I have to say that the "don't use it" argument dosn't really cut it. While one may not use Gmail directly, invariably one will need to send mails to people with Gmail accounts some time or the other, and the contents of the those mails will end up in Gmail servers.

      One might argue that email is inherently public anyway, so sending mail to Gmail address is no different from sending mail to any other email address. (anyone with a packet sniffer in the correct place can peek into the contents of your mail). Well, sure... okay.

      But don't keep repeating the cliched "don't use it" credo. It isn't really as simple as that.
      • Re:No... (Score:5, Insightful)

        by LostCluster ( 625375 ) * on Thursday April 22, 2004 @01:37AM (#8936377)
        But don't keep repeating the cliched "don't use it" credo. It isn't really as simple as that.

        Actually, it is. If you're not prepared to trust Google handling e-mail, just who exactly are you going to trust? You don't own an end-to-end wire leading to anybody else in the world. You're just going to have to trust that your ISP or your phone company isn't tapping your connections.

        Google's got a rather straight-forward privacy policy posted, and they've even clarified it with an FAQ to try to calm the extraordinary fears over GMail. If you don't still trust Google to do what they say they're going to do... you don't particularly belong on the Internet. How do you know that Carnivore isn't capturing every packet being sent to you right now under some PATRIOT Act secret warrant signed personaly by John Ashcroft?
        • Re:No... (Score:3, Interesting)

          by btempleton ( 149110 )
          I indicate in the article that indeed, you can just not use it. The issue in question is that millions of people will use it, if Google is as successful as their track record indicates, and what that means for the privacy of their email, and of mine when I send to them.

          Of course we have a right and a duty to explore these issues, and to make people aware of them, and to argue for improvements in the design of systems to make things better for everybody.

          As I write at the end, privacy is peculiar among the
      • Once you send someone any kind of letter, electronic or paper, it would seem to me that they can do as they please with it. Should they choose to let Google archive it until pigs fly, so be it. If you need to give a GMail user sensitive information, and they expect you to send it to their GMail account, politely let them know that they are what I and some of my friends refer to as "legally retarded"
    • This won't work (Score:4, Interesting)

      by Anonymous Coward on Thursday April 22, 2004 @01:09AM (#8936288)
      The problem with Google encrypting email is that Google, Inc is a global corporation, with translations into over 20 languages. While the US export regulations regarding cryptography have been relaxed somewhat, these laws are different in every region. I spent some time as a paralegal, and I'd estimate that the kind of research required to roll out large scale global encryption on this scale would take many, many months at a minimum and cost well into the millions of dollars.

      I doubt your privacy is worth that much to big old Google.
      • Re:This won't work (Score:2, Insightful)

        by emtechs ( 770821 ) *
        If they are encrypting the mail on their system they are not in fact exporting the encryption technology.

        If your email in transit requires more than SSL... well maybe you should use a paid service. :)
        The hope is that google cannot in fact decrypt your email without you logging in.

      • Not to mention, the fears are that Google is going to be the one doing the peeking, or at least handing over the goods to the government. What good is encryption when Google still needs to have the keys?
    • Re:No... (Score:5, Informative)

      by alphakappa ( 687189 ) on Thursday April 22, 2004 @01:12AM (#8936299) Homepage
      I've been using Gmail and I find it incredibly useful. My favs:
      1. The keyboard shortcuts: allows me to use web based email the way I use Pine.. do everything without touching the mouse even once.

      2. The tracking of emails to display them as "conversations".. so neat, it looks almost obvious.

      3. The much griped about text ads are totally unobtrusive, and (faint, faint) they do not even appear on all email pages. Google probably has some algorithm to decide which conversations can get targeted ads.

      4. The address autocomplete - no more clicking on email addresses in a popup window to insert them. It works exactly like a proper client application (as different from a browser app)

      5. To reply to an email, all I have to do is click in a textbox below the email and presto! the compose widgets are there.. great time saver.. and you can see the conversation on top.

      and the best part..

      6. The interface is so clean and clutter free - it has google written all over it!
    • Hushmail (Score:3, Informative)

      by alphaseven ( 540122 )
      No... I have a better idea, instead of getting the government involved if you don't like it then you can choose to use a email service more to your liking.

      Personally I like the encryption idea and wish it was integrated into more webmail sites. Hushmail [] has a pretty interesting implementation of this, having all the email stored encrypted on the server and the user views their email locally by decrypting it with a java applet. I'm dissapointed more people aren't interested in encryption (if more people we

    • >> I issue a call for Google to encrypt your mail to avoid these issues

      > No... I have a better idea, instead of getting the government involved if you don't like it then you can choose to use a email service more to your liking.

      You should have RTFA a bit more carefully, perhaps? Don't get me wrong, I intend to use gmail myself, when I can, so I'm not one of those who is completely spooked by gmail, but...

      That specific comment about encryption in the article was about avoiding a 180 day provisio
    • Re:No... (Score:5, Informative)

      by btempleton ( 149110 ) on Thursday April 22, 2004 @03:20AM (#8936716) Homepage
      To clarify what I talk about wrt Google encrypting the mail. That means several things, but the main thing is a call for them (and other webmail providers) to store the mail, indexes and associated data on their disks encrypted with a key derived from your password.

      This would not slow anything down. When you logged in, your password would be used to decrypt the needed keys, and then your mail, and the pre-computed indexes, would be available to the software to provide all services. My understanding is that google already does this, as they use an encrypted filesystem on their servers -- the prime difference is that they would now be using your key instead of theirs.

      When you log out, the key would be purged from memory. Nobody, not Google, not the government, could read the email records at that point. This is good for Google because if they show up with a court order to hand over your mail they can say "We don't have it." They can ask for a wiretap order to read your password should you log in again, but that is a much harder judicial process. Vastly harder.

      There are other encryptions I suggest they do, but the above is the main one. I suggest they use SMTP over TLS. I suggest they support PGP and S/MIME encryption. In doing so, they would not be giving you something as secure as end to end encryption, but they would be doing more than you get by not using any crypto at all.

      The government has no involvement here, except where it might try to ban the export of encryption. Fortunately we at the EFF fought very hard on this issue to make it much easier to do this, which is why you see encryption much more commonly in products. (Anybody remember all the hoops you used to have to go to to get a 128 bit SSL capable browser?)
  • What is a geek? (Score:5, Interesting)

    by ObviousGuy ( 578567 ) <> on Thursday April 22, 2004 @12:46AM (#8936185) Homepage Journal
    This article goes right to the heart of my query. Rather, the existence of this article does so. Is a geek one who revels in technology and the pursuit of coolness in new technology? Or is a geek someone who is wrapped up in figuring out how technology will be used inherently for evil purposes?

    I like to think of geeks as the happy lot who wander the streets of Akihabara mesmerized by all the glitz and blinkenlights of the latest and greatest devices.

    The article demonstrates a new strain of geeks which seems to revel in stymieng the technological process by handicapping it at every turn.

    I imagine that any geek can encompass both forms, but I have a feeling that lately it is the boys who cry wolf that are taking over geekdom.
    • I think as in most situation, it's the vocal minority that garners the most attention. Furthermore, the press in general prefer sensationalistic headlines/stories, as they sell better.

      I think it's important to keep in mind that "geeks" as a population are composed of people of different motivations and agendas. So some would like to stymie technical growth or turn "evil", while others are happy to find out how things work. Furthermore, I think some people realized that by focusing on negative aspects of ne
    • Re:What is a geek? (Score:5, Insightful)

      by Jameth ( 664111 ) on Thursday April 22, 2004 @12:56AM (#8936233)
      I think this is occuring because geeks are the ones who actually understand technology. As such, they feel that they are the only ones who see the danger.

      To the masses, technology is divine. They don't realize that technology as often demonic as it is angelic.

      Of course, this particular technology isn't very demonic and people are just having fits for fun these days, but the general shift towards conscientious geeks is a good and proper thing which often functions for the benefit of all.
      • Quoteth the poster -

        but the general shift towards conscientious geeks is a good and proper thing which often functions for the benefit of all.

        I would say that geeks have always been conscientious - just that they preferred to ignore the implications of technological progress over social consequences, which is probably a good thing.

        The thing is that, technology and good-will do not always necessarily overlap. I've quote a favourite quote of mine by HL Mencken here -

        The value the world sets upon motiv
    • In what way is asking a service to have more technology built in from the get-go the same as "handicapping the technological process"? Microsoft, I think, has done a lot more stymieing of technology by not having built in good security from the start... all those million-man-hours of time spent on installing the latest patch that updates the previous patch...

      Anyways, if you're a geek who likes new blinking things [and BTempleton [] is obviously a geek who likes Akihabara [] and new technologies []] you might wa

  • How would you know? (Score:2, Informative)

    by Anonymous Coward
    Google doesn't have to show you their databases.

    "Uh, yeah, sure.... we're encrypting your emails... we can't read them..."

    Might also note (as others will) it would be incredibly difficult to search emails if they are encrypted. Real-time decryption for 1GB of data then searching for a specific string? Fehgettaboutit!
  • grr. (Score:5, Insightful)

    by SinaSa ( 709393 ) on Thursday April 22, 2004 @12:48AM (#8936195) Homepage
    This is pretty rediculous if you ask me. People in America give away their privacy rights all the time, without any worry. Most of the YRO stories on slashdot are just about that. But when a half respectable company like google decides to provide a free service, which you aren't obligated to use people go crazy.

    I don't understand it. If you can't handle an automated script putting some ads in your emails from a simple world relation algorithm, maybe you should just, not use it?

    Nobody raised this size of a ruckus over Orkut's similar cookie features, especially considering they hold a far larger quantity of personal information than GMail ever will.
    • Re:grr. (Score:2, Interesting)

      by eblis ( 140713 )
      "People in America give away their privacy rights all the time"

      Just because the masses (morons) are constantly giving it away, does not mean we should continue to do it.
      I'm all for the use of gmail. Sounds great to me, but I'd like to be able to delete old emails permanently if I should choose to do so. What's wrong with that?
      • Re:grr. (Score:5, Insightful)

        by LostCluster ( 625375 ) * on Thursday April 22, 2004 @02:02AM (#8936467)
        Just because the masses (morons) are constantly giving it away, does not mean we should continue to do it.
        I'm all for the use of gmail. Sounds great to me, but I'd like to be able to delete old emails permanently if I should choose to do so. What's wrong with that?

        Because rarely in Information Technology does "Delete" really mean "purge this beyond recognition from the system right now!" We all know that in most modern OSes, "Delete" just sends the file to a holding bin from which it can be "Undeleted". When we mistakenly delete something at the office, it can often still be recovered from a backup tape or backup server.

        So, it's no surprise that Google's going to be using some caching, indexing, and mirroring that's going to be a little bit slow on the uptake when somebody hits delete... it'd be rather hard for them to run GMail without doing things that way. I highly doubt they want to keep every e-mail that "passes through" and then gets deleted. Still, they're not going to make you any promise as for how long your delete request will take to process, just so that they're on the safe side should something ever go wrong they won't be caught breaking their promise.

        Why does everybody take the most paranoid view when interpreting a pretty friendly privacy policy?
      • Re:grr. (Score:3, Informative)

        by lseltzer ( 311306 )
        >>I'd like to be able to delete old emails permanently if I should choose to do so. What's wrong with that?

        This issue has been greatly overblown. From one of the Gmail FAQs []:

        • Does Gmail intend to keep copies of my email even after I've deleted it, or closed my account?

          No. Google keeps multiple backup copies of messages so that we can recover them in case of errors or system failure. Even if a message has been deleted or an account is no longer active, messages may remain on our backup systems

    • Re:grr. (Score:2, Insightful)

      by neurosis101 ( 692250 )
      Absolutely. If you're so concerned about your privacy, why would you want private data stored on a public, always on, always accessible database.

      People's feeling of privacy is really subjective. If a person thinks their information is protected from ignorance, then it is. In this case, someone noticed GMail servers aren't guaranteeing your privacy, and now people are panicked because they think its something different from the norm when in reality it has just been something they weren't aware of.

      Web bas

    • For crying out loud! It's ridiculous NOT rediculous !!


      There - I feel better now.
  • by nukey56 ( 455639 ) on Thursday April 22, 2004 @12:48AM (#8936196)
    From what I can tell of the post-9/11 legislation, it seems that for congress to even mention the ECPA, they'd have to remove both 1984 and The Colonel's Recipe just to be able to see the layer of dust covering it.

    One word to all these gmail protesters: gohugatree!
  • But what laws keep my web host from searching my home directory? The insertion of ads based on such a search is secondary, and less important. That's where all my email is, for a while anyway. Or does some standard contract cover this?

    Jesus I have to go read that thing!
  • by LithiumX ( 717017 ) on Thursday April 22, 2004 @12:56AM (#8936237)
    What is all this fuss about?

    People have been using webmail for years, and from what I've seen, it's become a great percentage of the email going back and forth. People leave a fairly good bit of mail there, going back pretty far if it's all text. The amount of space allocated has increased over time, which means they're being used... commonly... more and more as standard mail archives rather than just quickie anonymous email services.

    All Google is doing is taking what people have already been doing, including many of the people on here, and expanding it beyond any reasonable sense of proportion.

    And it will work. Because geeks love proportional reasonability failures.
  • by sdedeo ( 683762 ) on Thursday April 22, 2004 @12:59AM (#8936245) Homepage Journal
    As far as I can tell, Gmail's biggest problem is this: "Dear son, your grandma died suddenly. Details on the funeral ASAP. Call me." On the right hand side, google text ads hawking caskets, flowers, funeral homes. It's tacky, to say the least, and I have little respect for people who are willing to let ads into their private lives to this degree.

    Tackiness aside, though, if there are privacy problems, they need to be addressed. Yes, I know that Gmail is the ultimate in "opt-in." Don't like it, don't use it. This should make privacy concerns a moot point: interesting to debate, but nothing to fume about.

    But google is a huge service. If Gmail is launched, people will flock to it in droves. Not just geeks, but ordinary people who have no idea how much of their private lives are lived "in plaintext." The privacy of many, many people, even those who do not use Gmail, is at stake.

    Imagine, for example, a phone company that halves your rates in exchange for being allowed to sell transcripts of your phone conversations. Don't like it, don't use it -- but what about my rights to privacy when I call you? The simple answer ("don't call people with NoPrivacyPhone") is no solution at all.

    • I would hope that my family members wouldn't inform me of a death in the family through e-mail.

      but maybe that's just me...
    • You would inform your son of his grandmother's death through e-mail?

      Realistically, how personal are your e-mails? I send/receive about 20 e-mails a day, and theyre mostly just stuff dealing with school/work, or just jokes... I mean, if you really have something personal to send someone, why e-mail them? Maybe I'm weird, but I'd rather talk to someone on the phone anyway, if I have something personal to discuss.
      • by edhall ( 10025 ) <> on Thursday April 22, 2004 @02:53AM (#8936611) Homepage

        I've learned of the deaths of people close to me via email, twice. I also first learned of the cancer that ultimately killed my father, and my mother's alzheimers, via email. People use email for the same sort of things they used to use snailmail and even phone calls for, and that includes delivering bad news.

        I spent an hour or so yesterday going through news about the Columbine 5th aniversary. (There's a family connection that ties me to the tragedy.) Twice I encountered Google-based ads for shooting schools -- not exactly what I wanted to see. I hope their ad selection for email is a bit more sensitive.

        Another thing: you and I know quite well that keyword-based ads are just the result of some algorithm and not some faceless person perusing the text. But I suspect that a significant fraction of the public is going to find it creepy even if Google manages to avoid the negatives. Five years from now when direct exposure to AI-based phenomena is more common this won't be as much of an issue. But it might be one now.

    • by alphakappa ( 687189 ) on Thursday April 22, 2004 @01:17AM (#8936312) Homepage
      Imagine, for example, a phone company that halves your rates in exchange for being allowed to sell transcripts of your phone conversations

      Where did you get the ridiculous idea that Google is selling your email transcripts? Google is inserting text ads (automatically) in your email - the advertisers do not get to see your email.

      Also, Google has mentioned that it won't be inserting ads indiscriminately - you can trust them to be intelligent enough not insert casket ads!

      I've been using Gmail and I can vouch for the fact that the text ads do not even appear in all the pages - just a few emails - and not obtrusively like Yahoo! or Hotmail which put their ads right at the bottom of emails which get sent out - here only you see the ads which you may not even notice since they are just tiny text.
      • Not to start a /. flame war, but you will note my use of the imperative mood in beginning "imagine." Of course google is not selling your e-mail transcripts. I was demonstrating why communications providers should not be allowed to indiscriminately violate privacy even in an opt-in situation. Meanwhile, can you try an experiment for us? Mail yourself from a different account a couple of short e-mails containing keywords-bad-to-advertise-on like (sorry for the gloom): "abortion", "miscarriage", "car accide
        • I just tried both. I sent two separate emails, one had abortion and miscarriage in both the subject line and the body (with some other text thrown in) and the other had car accident suicide and funeral. Neither of them turned up any ads in Gmail. Which leads me to believe that they probably have some categories for which they won't serve any ads in the email (Email after all is of a more personal nature than a web search where you are actually looking for information on that particular topic)

          Thanks for su
      • Google may not sell your email transcripts, but how do you know some unethical Google employee may not be reading your email on the sly? Of course, I'm not insinuating that it is or it will, but think of the potential for abuse here. Then think about what happens when other dotcoms start to offer such a service.

        Personally, I would NEVER use such a service.

        If I want good search functions for email, I'll do that by writing my own email reader. Thank Goodness of Open Source and Free Software!

        Here's an id

        • by eaolson ( 153849 ) on Thursday April 22, 2004 @09:53AM (#8938300)
          Google may not sell your email transcripts, but how do you know some unethical Google employee may not be reading your email on the sly?

          How do you know some unethical employee of your ISP isn't reading your email on the sly? How do you know some unethical employee of any free web email provider isn't reading everyone's email on the sly?

          The simple answer is that you don't. It all comes down to a matter of trust. To date, Google has shown themselves to understand their audience and provide them a useful service in a responsible fashion. I may or may not use Gmail when it becomes available, but I feel they have earned a modicum of trust at this point.

    • Google knows this would be tacky too and could just not sell ads for sensitive keywords. It's not that hard...
    • by LostCluster ( 625375 ) * on Thursday April 22, 2004 @01:51AM (#8936429)
      As far as I can tell, Gmail's biggest problem is this: "Dear son, your grandma died suddenly. Details on the funeral ASAP. Call me." On the right hand side, google text ads hawking caskets, flowers, funeral homes. It's tacky, to say the least, and I have little respect for people who are willing to let ads into their private lives to this degree.

      Google's proven smart about this kind of thing in the past. Ads that don't get at least a .5% clickthrough rate aren't welcome on Google's search engine... and a 1% CTR is demanded for ads that want to be displayed elsewhere on Google's network.

      I'm pretty sure that non-socially-acceptable ads will get thrown out of GMail. If people don't want to hear from any sponsor in a certain situation, GMail will react and not show ads when that situation comes up in the future.

      Google AdSense takes the policy that when it doesn't have any likely-to-be-clicked ads to show, it mails in PSAs or lets the webmaster do something else with the space. They don't randomly guess four ads from the database in a random effort, they just mail it in.

      So, the only way casket ads will show up in an e-mail thread about the death of grandma will be if people are actually clicking on such ads...
    • by Anonymous Coward on Thursday April 22, 2004 @01:58AM (#8936456)
      It's obvious that you've never used GMail. Check here [] for a beta tester's account on how he tried to foil Google's system to show tacky ads. He was unsuccessful.

      "As for inappropriate or insensitive targeting... I haven't noticed this to a be a problem yet. I sent a couple of test mails to my Gmail account, focusing linguistically on the theme of death and dying, and Gmail "outsmarted" me each time. That is to say, when I sent e-mails about "dying to see funny jokes... man, that last one had me out of breath, on the floor, and about ready to die!..." Gmail smartly showed ads for Joke stuff. When I wrote a note (thankfully untrue!) of equal length about a relative dying ("Isn't it funny how the doctors didn't notice anything strange about Aunt Martha before she died?... You have to laugh at the incompetence of medical staff nowadays..."), Gmail showed no ads whatsoever. I'm sure there will be instances in which Gmail's targeting results in ironic or even unpleasant juxtapositions, but it seems to me that this should be rare, and in the end probably no more likely than the scenario of a recently-widowed woman seeing an untargeted but equally jarring ad for "Single? Looking to date?" ad in her Yahoo mail."

    • Selling your phone scripts isn't a good analogy because Google aren't selling your email transcripts.

      But even then, the article's analogy of what you were trying to say was a bit off the mark IMO.

      ...consider a service that gave you free phone calls if it could have speech-recognizing computers listen in and barge in with product offers related to your conversation?

      The difference here is the ads appear in a location where your eyes don't even look. Do you seriously think that the Google sidebar ads attr

    • Or even worse, when your wife sends you a dirty email, all you get is a bunch of links to porn sites.
    • On the right hand side, google text ads hawking caskets, flowers, funeral homes. It's tacky, to say the least,

      How is a text ad worse than a banner ad?

      I still have a printout of a news story about a child being killed in a burning house, with an IOMega banner for CD-Recorders, saying "Burn, Baby, Burn".

      Unfortunate coincidences are going to happen, no matter what.
  • Come on (Score:4, Informative)

    by peelax ( 607139 ) on Thursday April 22, 2004 @01:02AM (#8936256)
    Its not like email is "secure" or private anyway (at least here in the UK) remember RIP? I know that the government getting hold of your email is different to some random (evil) company getting it, but if you need security you would be using PGP anyway. Considering the way we are monitored and tracked already I doubt this would make much difference. People should know that on the net you don't get something for nothing and 1gig is quite a lot even today IMO.
  • by syousef ( 465911 ) on Thursday April 22, 2004 @01:02AM (#8936257) Journal
    ...but I don't like the idea of any company having gigabytes of my email, which it has conveniently filled with advertising

    A person's email archive belongs on their own hard disk. I wouldn't trust all my personal mail to a 3rd party (even if it was a highly accessibly safe box).
  • by MacDork ( 560499 ) on Thursday April 22, 2004 @01:06AM (#8936275) Journal
    Mozilla has crypto built in. So does IE. You can generate a certificate and get it signed for free at Thawte. [] Why not provide a simple interface to use that signed certificate so end users can encrypt their own email, solving the problem for those people who care?

    Learn how to cryptographically sign your mail in Panther []

    • Because Google would end up needing that key in order to compose the HTML page that's going to be sent to you, even if that page is going to be sent over HTTPS.

      In short, what's the difference between storing it on the server compressed or plaintext... Google still can decrypt it any time they feel like it, you just have to trust them not peek either way you go.
  • by NCraig ( 773500 ) on Thursday April 22, 2004 @01:09AM (#8936289)
    Such a mild invasion of privacy is the price you pay for free email with massive storage. To those who balk at the terms: how much would you shell out for a "secure" GMail?
  • by $0.02 ( 618911 ) on Thursday April 22, 2004 @01:15AM (#8936308)
    I do not see any privicy issues if a program reads my email in a single pass and add ads as soon as it does not store the data, does not integrate and post-analyze the data, does not use the data for profiling, etc. Plus, you do not have to use gmail at all. However, if gmail raises privicy issues then what about anti-spam programs that read and analyze your email whether you want or not? Morever you do not even know if there is an anti-spam program when you send your email to Then what about censorship issues with anti-spam programs? If someone sends an offer for viagra to, and an anti-spam program stops it, is it an instance of anti-Consitutional censorship? I do not say that anti-Spam progams are evil but rather just making a point about to harsh fear of the beast that was not even born yet (officially).
  • From article
    I've also consulted for Google on other matters and make surprising revenue from their Adsense program on my web site.

    Im going to click everyone of those ads. I am asking other /. 's to do the same. But....

    I also ask that the author donate some of the revenue from his self promoting article to the Electronic Freedom Foundation!

  • What I wanna know (Score:5, Insightful)

    by andih8u ( 639841 ) on Thursday April 22, 2004 @01:21AM (#8936330)
    Is how everyone's reactions would be different if this was Microsoft doing this?

    "1gb email! They're just trying to corner the market and force all the other webmail companies out of business!"

    "They can read your mail?! They're probably selling it to some clandestine government agency!" (at which point michael would pop up and post a link to his favorite article on the government buying large ram disks)

    My point is, I wonder how much leeway Google is being given simply because they use linux and are a good search engine.
    • by L0stb0Y ( 108220 ) on Thursday April 22, 2004 @01:44AM (#8936405) Journal
      Good point, people would react differently if this were Microsoft, but then why shouldn't they? Its a paradigm put into place due to the past track record of Microsoft. I don't blame people of being less trusting based on countless previous problems from the past...
    • I'm sure MS would be treated somewhat differently but I'm pretty shocked by the bad press that Google is getting on this. It's remarkable. By nearly all accounts, this is a good, strong, well-liked, well-behaved company. They have an almost spotless record.

      To be honest, I can't really see a huge difference between inserting relevant ads in email and for search. For the most part, search is a private thing. I wouldn't want anyone to know the history of every term I've ever searched for. (insert joke here) I

  • by Seven001 ( 750590 ) on Thursday April 22, 2004 @01:21AM (#8936331)
    I know others have said it, but really, if people don't like it they don't have to use it. Nobody is being forced in the least. There are plenty of other free email providers. The big comeback to that so far has been, "but what if I have to send an email to someone on GMail". You can't pick the phone service provider for a person you call, just like you can't pick a person's email provider for them. If you are that paranoid and whatever you are sending needs to be soooo private, then I doubt you'll want to be sending to a free email address of any kind anyway. I swear, some people just bitch to hear themsevles bitch.
  • S'funny (Score:5, Interesting)

    by ColaMan ( 37550 ) on Thursday April 22, 2004 @01:31AM (#8936364) Journal
    But in the time I've been idly following this issue, it seems to me that the whole conflagration is over one small mention that your emails may last forever in their system even if you delete them.

    Now , when first reading that, I just assume that this is standard ass-covering legal boilerplate. Stuff that conveys to the user," hey, you might have deleted it, and we might have deleted it, but, you know, *somewhere* on a partition of one of our many cluster machines, there *might* be a copy of your email that possibly could be read with forensic tools, so don't sue us in the unlikely event of this happening."

    Is this the case? Is there more of an issue here?
    • Picture this situation...

      The GMail software marks a message as Spam, and you shortly thereafter clear out your Spam folder after looking at that message and not overriding the decloration that it was Spam.

      Now, the delete process totally dis-associates the mail with your account, however, to the Spam blocker this was a learning experience it rather not lose... so it keeps a copy of that message as a message the user certified as Spam just in case something similar to that message ever passes by again.

    • Re:S'funny (Score:3, Funny)

      by llin ( 54970 )
      When Gmail first premiered, the only option was to 'archive' your email. As a result of the uproar there is now an explicit 'Delete forever' option in the action pulldown in the Trash and Spam folders.
  • by YrWrstNtmr ( 564987 ) on Thursday April 22, 2004 @01:31AM (#8936365)
    Because we keep back-up copies of data for the purposes of recovery from errors or system failure, residual copies of email may remain on our systems for some time, even after you have deleted messages from your mailbox or after the termination of your account.

    How is this any different from what all other email providers do? As they make backups, generally it gets stored to tape. Later on, you stroll through and delete it. It still exists on the tape.

    When you are logged into your Gmail account, Google will display targeted ads and other relevant information based on the content of the email displayed.

    How is this different from what Yahoo does? Targeted ads based on search entries.

    Oh wait...Google is honest enough to tell us up front.
  • by Anonymous Coward on Thursday April 22, 2004 @01:33AM (#8936368) b_1822_bill_20040420_amended_sen.html []

    (a) (1) Except as provided in paragraph (2), a provider of e-mail or instant messaging services to California customers may not review, examine, or otherwise evaluate the content of a customer's outgoing or incoming e-mail or instant messages, unless that provider has a court order or is otherwise required by law to do so.

    She is trying to outlaw gmail, though I think it also makes other things illegal. I don't know how google or others can index email unless they "review, examine, or otherwise evaluate the content". What other features does this make illegal? (spam is specifically exempted)

  • by L0stb0Y ( 108220 ) on Thursday April 22, 2004 @01:38AM (#8936383) Journal
    From the article:
    "My e-mail contains the story of my life, and what's not in there is often recorded in my searches. "

    I've often wondered what someone could piece together from just reading my e-mail. Add the information on what I search on, and wow. My first reaction to this statement was that you couldn't really tell *that* much from email alone...but then I started to really condsider how much more a statement like that becomes truth as we become more and more dependent on things like email- Some guy who works on your pipes may not have needed a net presence/email system in the past, but even 'non-tech' type professions are going to REQUIRE e-mail access/web search access...which in turn means that the privacy issues being brought up are problems in infancy; they will grow with us.

    I don't see requiring Google to encrypt email as the answer...infact the gut reaction by most people will be that Gmail is not really that different than Yahoo, MSN, etc...the fact that Gmail is going to be free is great, and I'm looking forward to using it...anything that I'm overly worried about I'll encrypt myself.
  • I think they've clarified they privacy policy to a level that us geeks should easily be able to understand... When you hit "delete", more often than not in computer land, your data is not immediately rendered unrecoverable. In most operating systems, deleted files are ushered over to a "holding bin" for a final clear-out command to really get rid of them in case we want to change our mind. Once the OS finally lets go of the file, the file system often takes the short cut of just removing the index pointer
  • I'm surprised at how few seem to be concerned with yet another (possible) invasion of privacy. What Brad describes is just another facet of the continuing erosion of our basic freedoms that so many have fought and died for (I'm talking real wars, not our current well-funded terrorist activity in Iraq). If you haven't heard of the Boiling Frog Syndrome, Google it [].
  • Huh? (Score:5, Interesting)

    by rixstep ( 611236 ) on Thursday April 22, 2004 @01:57AM (#8936453) Homepage
    Maybe I'm missing something too, but as others have pointed out (or will soon point out):

    1. I don't own Google and none of you do either.

    2. What Google do is their business, not ours.

    3. What we do is our business, and we can opt to not use a Gmail account.

    4. I can't see what kind of retard would want or need a GB for email no one ever looks at anyway. I like the storage but I would never use it for email - forget it, just forget it.

    5. The same people who think this is not only cool but necessary are probably those that thought Expose was a new operating system - all because they're not capable of managing their own work.

    6. There are lots of big companies who market excellent mass storage technologies. You'd probably be better off and with a more secure solution with them.

    7. I'd be an idiot to entrust my email to a company like Google. They're going to let me search for my own email. Gee, but what exactly stands between my email and anyone else's search?

    8. I really don't see the marketing point in it - from Google's standpoint. I like them but I fail to see how this is going to help them.

    9. Most of what you'll read between now and Gmail is talking head tripe written by wannabes who want to get some e-zine real estate and have no better way to do it. All privacy concerns considered, it's the same old mish-mosh all over again, and frankly I think it's a shameful bore.
    • Re:Huh? (Score:3, Insightful)

      by asavage ( 548758 )
      I guess 99% of us are retards for wanting more than 2-10MB that most webmail provides. Not for messages, but for images and other attachments.

      I currently use hotmail and have my school, isp, spamgourmet and all my others forwarded to it. While I delete the crap right away I have to delete important stuff as well like reports, code, and labs as they are too big. With GMail all those large attachments I will be able to keep online and have access to them whenever I want.

      GMail will be just as secure as a

  • by IchBinEinPenguin ( 589252 ) on Thursday April 22, 2004 @02:07AM (#8936479)
    "I issue a call for Google to encrypt your mail to avoid these issues"

    I though GMail was supposed to index your mail to make it searchable.

    How will this work with encryption?

    You would reduce GMAIL from "1G of emailsindexed by the internet's most popular search engine" to "1G of offline storage"
  • by scrod ( 136965 ) on Thursday April 22, 2004 @02:21AM (#8936514) Homepage
    If you don't trust Google to keep your email private, why should you trust them to encrypt your email without using an escrow key or some equivalent?
  • by RamsÚs Morales ( 13327 ) on Thursday April 22, 2004 @02:52AM (#8936609)
    I'll be using Gmail as soon as it launches, and my privacy will be Ok. How? Because whenever I have an important e-mail communication, it is encrypted.

    So what is the problem? Do you think Google will try to break the encryption of random Gmail users?

    Ah. Now I remember. People are lazy and fear technology, so they won't use encryption with Gmail. Then don't use email at all! Even if your email is handled by yor ISP, instead of a webmail service, any network admin at your ISP can read it.

    What surprises me is that no-one on ./ has stated the obvious. We are technical people. We don't fear encryption. So why are we worrying? What am I missing?
  • by Anonymous Coward on Thursday April 22, 2004 @02:56AM (#8936627)
    Google is now giving Gmail accounts to active users of its service. As seen here [] (Ev, of Blogger)
  • by dtfinch ( 661405 ) * on Thursday April 22, 2004 @03:16AM (#8936702) Journal
    Don't use it.

    It's not like they will be reading your email. It should come as no surprise to privacy advocates that email servers store email, parsing through it every step of the way. It doesn't matter because it's a black box operation. What their web server does with it, like selecting ads more appropriate to my interests, doesn't offend me at all as long as my email doesn't appear before human eyes other than my own.

    What should worry privacy advocates is that their email is never encrypted unless they do so manually. It goes across the internet as plain text, and can readily scanned and logged by anyone who wants along the way, like spammers, identity theifs, the government, etc. Most likely your password isn't even encrypted. If you use wireless, most likely that isn't encrypted either. The least of your privacy worries should be GMail deciding that you're interested in enlargement pills and home loans.
  • Wake up (Score:5, Insightful)

    by Underholdning ( 758194 ) on Thursday April 22, 2004 @03:22AM (#8936723) Homepage Journal
    Someone should be wacked over the head with a clue bat. It seems to me, that the core issue here is, that someone (this "someone" being a script) is reading eveybodys mail.
    Well... what the heck do they think Baysean filters does? A lot (most) of email providers offers spam filtering including Baysean filter. Guess what - they read your email! - in the same way that gmail does.
  • by geekotourist ( 80163 ) on Thursday April 22, 2004 @05:44AM (#8937134) Journal
    Some posters seem resigned to the idea that email isn't private- its a postcard, its public. True, right now one has to treat it as such: all sorts of conversations you can have on the phone or written out in snailmail ought not to be held via email.

    This could be changed. Technologies have gone from public (non-private) to private and protected before. Consider the switch from party lines to private lines in the telephone system. Now that we live in the 21st century shouldn't we demand a similar switch for email?

    Because privacy is, at its core, a fundamental human right. Every communication system we use should have privacy built in: if its not, there should be a very good reason why not. "Oh dear, it will take extra computational cycles" is not a good reason, not with the small footprint crypto [] already here. "Oh, Ashcroft doesn't want it" is even a worse reason.

    Why is privacy a basic right? From the well-written essay by Canada's former privacy Czar []

    "If Parliament and the public at large have been slow to react, it is probably because for most people, most of the time, privacy is a pretty abstract concept. Like our health, it's something we tend not to think about until we lose it - and then discover that our lives have been very unpleasantly, and perhaps irretrievably, altered.

    But though we tend to take it for granted, privacy - the right to control access to ourselves and to personal information about us - is at the very core of our lives. It is a fundamental human right precisely because it is an innate human need, an essential condition of our freedom, our dignity and our sense of well-being."

    " ...A popular response is: "If you have nothing to hide, you have nothing to fear.

    "By that reasoning, of course, we shouldn't mind if the police were free to come into our homes at any time just to look around, if all our telephone conversations were monitored, if all our mail were read, if all the protections developed over centuries were swept away. It's only a difference of degree from the intrusions already being implemented or considered.

    "The truth is that we all do have something to hide, not because it's criminal or even shameful, but simply because it's private. We carefully calibrate what we reveal about ourselves to others. Most of us are only willing to have a few things known about us by a stranger, more by an acquaintance, and the most by a very close friend or a romantic partner. The right not to be known against our will -- indeed, the right to be anonymous except when we choose to identify ourselves -- is at the very core of human dignity, autonomy and freedom.

    "If we allow the state to sweep away the normal walls of privacy that protect the details of our lives, we will consign ourselves psychologically to living in a fishbowl. Even if we suffered no other specific harm as a result, that alone would profoundly change how we feel. Anyone who has lived in a totalitarian society can attest that what often felt most oppressive was precisely the lack of privacy...

    "...The bottom line is this: If we have to live our lives weighing every action, every communication, every human contact, wondering what agents of the state might find out about it, analyze it, judge it, possibly misconstrue it, and somehow use it to our detriment, we are not truly free. That sort of life is characteristic of totalitarian countries, not a free and open society..."

"It's my cookie file and if I come up with something that's lame and I like it, it goes in." -- karl (Karl Lehenbauer)