Google Hasn't Stopped Reading Your Emails (theoutline.com) 186
An anonymous reader shares a report: If you're a Gmail user, your messages and emails likely aren't as private as you'd think. Google reads each and every one, scanning your painfully long email chains and vacation responders in order to collect more data on you. Google uses the data gleaned from your messages in order to inform a whole host of other products and services, NBC News reported Thursday.
Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users' Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also "may analyze [email] content to customize search results, better detect spam and malware," a practice the company first announced back in 2012.
Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users' Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also "may analyze [email] content to customize search results, better detect spam and malware," a practice the company first announced back in 2012.
One thing for sure. (Score:5, Informative)
Re:One thing for sure. (Score:4, Insightful)
Re: (Score:1)
"Do no evil" was a transcription error of "do know evil".
Re: (Score:2)
They didn't forget it. In true Orwellian fashion they must have been misinterpreted because they always were addressing the user, not themselves. And the user knows he should not even think about doing evil because Google will know.
Re: (Score:2)
"Google's completely forgotten about "Do no evil.""
Bull, just switch personalized ads off in the Google settings or encrypt your mail.
Since most of us block any ads anyway, who cares?
Re:One thing for sure. (Score:5, Informative)
Google's completely forgotten about "Do no evil."
You've completely forgotten it was don't be evil [wikipedia.org].
Re: (Score:1)
Re: (Score:2)
Google's completely forgotten about "Do no evil."
The only organizations that intentionally try to be evil exist in movies and novels. Every organization believes in the inherent goodness of their mission and that they are not evil. How is this possible? Simply because uniform definitions of good and evil don't exist. And what Google thinks is evil doesn't necessarily mesh with what its non-customer users believe is evil.
Re: (Score:2)
They didn't forget, but merely noticed evil is often more profitable, at least in the shorter term.
Capitalists learned long ago that building manipulative mousetrap packaging is often an easier route to profits than building a better mousetrap. Marketing R&D and consumer manipulation is cheaper and easier than engineering R&D on average.
Perscription drugs is a perfect example: they often spend more on marketing and "doctor fluffing" than on direct R
Re: (Score:2)
Not to make excuses, but Google has been consistently more responsible with their data than their rivals (Facebook, most notably). So... if you'd like, you could turn it into a new motto: "Be the lessor evil."
Calendaring (Score:5, Interesting)
If I don't want Google to read my email I'll encrypt it, meanwhile I mostly want them to read it so they can do my calendaring for me... If they can get some deep AI insight from the rest of the spam and shipping receipts in there, good luck to them.
Re: (Score:1)
Around 2000, Larry Ellison declared âoePrivacy is dead, get over itâ. Back then, I had no idea what he was on about and I laughed. Now I know - we all know - and I quit laughing.
Larry Ellison is a true visionary.
Re:Calendaring (Score:5, Informative)
Around 2000, Larry Ellison declared "Privacy is dead, get over it."
That wasn't Larry Ellison. It was Scott McNealy.
Re: (Score:2)
Precisely. Larry Ellison declared that Job Security and the ability to work with your co-workers in trust as a team was dead. Gotta lay people off every 6 months to keep everyone on their toes!
Re: (Score:2)
You forgot the "Coo! Coo!"
Re:Calendaring (Score:4, Interesting)
This. Exactly this. I almost missed a flight because I'd forgotten I was booked on the earlier one, but their reminder saved me.
For the rest, they know what I spend money on, and their ads are still irrelevant. So either their AI isn't very good yet, or they don't actually link them to the ads I see.
Re: Calendaring (Score:2)
Almost the only stuff I get on my gmail account is youtube notifications. I can imagine they think I'm a weirdo.
Re: Calendaring (Score:3)
Yeah, this. Nobody that hangs around Slashdot should be in any way shocked or outraged, this is part of the contract for the conveniences you get with a free service. Good god, if it bothers you then stop using a mainstream supplier of an antiquated communication technology.
There are so many more grievous privacy transgressions that deserve attention.
Too right, Zealath. SMTP is never private, anyway. (Score:2)
For those of us who sent email back in the day the mantra was to never say anything in an email that you wouldn't post on the bulletin board at a supermarket (or say to your sainted grandma). Most understood that email in plain text was routed through many a server (and could thus be parsed by its admin or his tools). The expectation of privacy was a sum divided by zero. As the popularity of email exploded when the net was opened people somehow got the idea that email was private. It wasn't, of course, and
Re: (Score:3)
If you have a kink your wife doesn't know about, you're doing it wrong. Also, she's an admin on my calendar...
Re:Is there any news here? (Score:4, Insightful)
Like almost all email services they scan for stuff like viruses and auto-reply loops. Google also does spam filtering and phishing detection, like almost everyone.
Most users would probably be upset if they didn't.
Then you have their promise not to mine emails for advertising purposes. The language is still in the privacy policy... But no evidence they are still doing it. If they were, they would be in serious legal difficulty so I'd hope some evidence would be found.
Basically it's bullshit, nothing to see here.
Re: This has been regurgitated for over 10 years n (Score:1)
Some of us provide paid for email services that we 100% do not read, yet find it hard to compete when people don't realise what the true cost of spyware like gmail has. It's useful to remind people that "free" also means "creepy leaning over your shoulder reading your personal correspondence", because people are too trusting and assume a big friendly corporation like Google would never do anything evil like that, right?
Re: (Score:2)
Yeah, right.
By using GMail to communicate with them, I demonstrate contempt for EA Games, Sony Entertainment, Google itself, etc. And rightfully so.
Now seriously, when I send an e-mail to somebody@somedomain.com, how do I know for sure their administrator isn't looking at all e-mails stored there? At least Google is transparent about it. Use their service or don't. But if you want to exchange e-mails with a private company out there, you're kept in the dark about it.
Re: (Score:2)
Now seriously, when I send an e-mail to somebody@somedomain.com, how do I know for sure their administrator isn't looking at all e-mails stored there?
This isn't a falsifiable statement.
Google can do literally anything with your email and that concern could be just as easily swatted away by stating "how do I know for sure".
Re: (Score:2)
Your comment has no point. Google tells you what they do. Other companies tell you nothing. Both could be doing more than what they tell you. So any complaint against Google could either be swatted away or answered with "of course they do, it's right there in their policy."
Re: (Score:2)
Your comment has no point.
Statements which cannot be falsified are indeed pointless.
Other companies tell you nothing. Both could be doing more than what they tell you. So any complaint against Google could either be swatted away or answered with "of course they do, it's right there in their policy."
The phrase "Now seriously, when I send an e-mail to somebody@somedomain.com, how do I know for sure their administrator isn't looking at all e-mails stored there?"
Is an appeal to FUD. It begs the reader to prove a negative about something they cannot possibly know anything about in advance because somedomain can be any domain. It's impossible to falsify.
Re: (Score:2)
Google can do literally anything with your email
...and they made me aware of the fact.
So now I can avoid them if I fancy doing so.
That leaves all other e-mail domains open to inquiry.
I'd say the correct method would be for each e-mail service provider to have ToS linked from their main domain webpage mentioning they don't read the e-mails unless otherwise specified, and be accountable for that statement. This way, before sending e-mails to someone@somedomain.com I would be able to read their ToS and not do business with them if I don't like it.
Re: (Score:2)
Now seriously, when I send an e-mail to somebody@somedomain.com, how do I know for sure their administrator isn't looking at all e-mails stored there? At least Google is transparent about it. Use their service or don't. But if you want to exchange e-mails with a private company out there, you're kept in the dark about it.
When you send an e-mail to somebody@somedomain.com, how do you know that somedomain.com isn't a GSuite-hosted domain, and you're senting it to a GMail account, anyway?
Re: (Score:2)
Exactly. It's complicated.
Re: (Score:2)
Are you sure?
Not so fast... (Score:5, Informative)
a practice the company first announced back in 2012.
That's an awfully charitable way to describe it... My recollection is that they denied reading people's email for years and in 2012 someone was finally able to prove this so conclusively that Google had to fess up, but naturally felt the need to to point out that this invasion of peoples' privacy was done by "algorithms" and not by people in it's admission of guilt.
Re: (Score:2, Insightful)
I think that was for the education accounts, not the standard accounts. The whole point of Gmail was to scan your email. Other providers injected ads into your outgoing emails. Google didn't do that. They were up front about this when they created the service. You get 1GB of free email storage in exchange for us scanning your email. The standard inbox size at the time was 10-100MB. People jumped onto Gmail invites as fast as they could find them.
The educational accounts weren't supposed to be scanned
Re: (Score:2)
" My recollection is that they denied reading people's email for years and in 2012 "
Well, I've used Gmail since it was invite only service. It's always been disclosed that your mail would be parsed by algorithms for experimentation, targeted ads from their network and to improve user experience and services. I also remember disclosure of the fact that the content used was never processed with an identifier (that could be seen by human eyes) with attributes identifying the account. That was the deal
Re: (Score:2)
Re: (Score:2)
Back then I resisted "webmail" as Yahoo and Hotmail's TOS were ridiculous, worse than their bloated interface. I thoroughly read Google's and understood that my mail would be used for their spam filter (useful then), malware (useless for me) and to target ads and I could still use POP3/IMAP if I chose.
10 years later the TOS was updated to clarify the fact that the same data would be used for other of their services that I opted to use. At that point, they may have made it more clear that they would
Every email provider "reads" your email. (Score:1)
Every email provider "reads" your email. If they don't "read" your email, you wouldn't have spam filtering, search functionality, or any sort of automatic sorting. What they use it for can be questioned, but this line is always used and it's quite misleading.
Re: (Score:2)
How dare you bring the truth out! We don't want your kind here!
Re: Every email provider "reads" your email. (Score:1)
That's a false equivalency. Your keyboard "reads" your keystrokes, yet isn't normally spying on you. Behaviours like spam, virus and search are read-only - no information regarding the email is passed on elsewhere, and is not used by anyone but the mailbox owner. By contrast, actually taking the contents of other peoples emails and using that data yourself is creepy and evil.
Re: (Score:1)
Not so fast. Are you claiming that spam filters of today don't learn from what they scan?
Re:Every email provider "reads" your email. (Score:5, Insightful)
How is this news? (Score:5, Insightful)
If you aren't running the mail server, then someone, somewhere is reading your email. Maybe they aren't right now, but they are a rogue sysadmin, data breach or buyout from doing so retroactively.
It's like having a conversation in public. If you want private communication, email is not and has never been that.
My memory of signing up for Gmail was that Google was quite open about using the data anonymously for various purposes, a position more honest than many others who do the same without the courtesy of saying so.
This. (Score:3)
>> If you aren't running the mail server, then someone, somewhere is reading your email
This.
We need new e-mail protocols with mandatory end-to-end encryption and signature.
That would also reduce the spam problem to almost nothing.
Re: (Score:2)
This already exists.
SMTP is supposed to be end to end. TLS gives you encryption and most MTAs can be configured to require encryption if you so desire.
Personally I don't require it. In the past, too many ISPs didn't support it at all.
I also don't fail on self signed certs, and I'd be vulnerable to a MITM attack although I'd be able to detect it retrospectively by analysing logs.
But then I don't have anything in my emails that I care if a determined attacker reads. In fact, I'd be somewhat pleased if they wa
Re: (Score:1)
TLS only provides encryption "on the wire" and not within the MTA. You'll want to use some sort of envelope encryption like S/MIME if you want to keep intermediate MTAs out of your mail contents. It's the MUA that needs to handle envelope encryption and that's been a big miss for some time. Outlook gets it sort-of right if you're inside an organization that bought in to the full X.509 thing. G Suite Enterprise and Education offerings have S/MIME support as well but it seems kind of buried and you're still o
Re:How is this news? (Score:4, Insightful)
Re: (Score:2)
I have to agree. Google has actually always informed in their agree to terms that they WILL be collecting and analyzing data about you. And I'm not talking about it being hidden either, they straight up say it.
What about those who send you email? Are they expected to read and agree to a service they don't even use? Were they warned ahead of time? Do you have a legal or ethical duty to warn them?
Re: (Score:2)
There is nothing stopping you from taking every email you receive and displaying the contents on a billboard, or posting them on a public blog for anyone to read. If you send someone an email, you can't expect the contents to remain private unless you have a specific agreement with the party (e.g. NDA). And in that case, encrypt the secret stuff.
Re: (Score:2)
There is nothing stopping you from taking every email you receive and displaying the contents on a billboard, or posting them on a public blog for anyone to read. If you send someone an email, you can't expect the contents to remain private unless you have a specific agreement with the party (e.g. NDA). And in that case, encrypt the secret stuff.
Your ignorance of wiretapping law as it applies to email amuses me.
Re: (Score:2)
He is not wrong. How many times did your e-mail get forwarded and you go I didn't want that e-mail to be shared. There is nothing stopping from recipient post your e-mail on the internet. Same way company internal e-mail get release in the newspaper.
There are two issues.
The first is this thread got side tracked by Dog-Cow's mischaracterization of the issue. It isn't about a recipient doing something it was about a non-recipient (e.g. Google) using content intended for delivery to the intended recipient.
The original context of message I quoted was "I have to agree. Google has actually always informed in their agree to terms that they WILL be collecting and analyzing data about you. And I'm not talking about it being hidden either, they straight up say
Re: (Score:3)
How is you having Google as your provider *any* different there? Anyone sending email to you is always going to literally be throwing their message into a gaping dark hole, with no actual idea who is in there to catch it - they just assume someone will, but they have no say in who that someone is.
Re: (Score:2)
Don't put your penis in a prostitute with festering sores.
Re: (Score:2)
Re:How is this news? (Score:5, Informative)
My memory of signing up for Gmail was that Google was quite open about using the data anonymously for various purposes, a position more honest than many others who do the same without the courtesy of saying so.
When I signed up for Gmail they said they would be scanning my email so they could my adverts more relevant. The welcome email Google sent my in 2004 included this paragraph:
You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful.
So they certainly said they would be reading email for targeted advertizing purposes back in 2004.
Re: (Score:2)
My memory of signing up for Gmail was that Google was quite open about using the data anonymously for various purposes, a position more honest than many others who do the same without the courtesy of saying so.
When I signed up for Gmail they said they would be scanning my email so they could my adverts more relevant. The welcome email Google sent my in 2004 included this paragraph:
You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful.
So they certainly said they would be reading email for targeted advertizing purposes back in 2004.
Yep, they certainly did. They even had suppression algorithms so you wouldn't get funeral home ads when someone emailed you that a family member dies, and so forth.
Re: (Score:1)
Re: (Score:2)
If you aren't running the mail server, then someone, somewhere is reading your email. Maybe they aren't right now, but they are a rogue sysadmin, data breach or buyout from doing so retroactively.
It's like having a conversation in public. If you want private communication, email is not and has never been that.
My memory of signing up for Gmail was that Google was quite open about using the data anonymously for various purposes, a position more honest than many others who do the same without the courtesy of saying so.
This.
Anyone thinking that other services, even paid ones like Microsoft's offering aren't doing the same thing then they're deluded. Unless you control the data end to end, someone else is reading it.
And Google have never really been shy about admitting that they're trading their free services for advertising. Its far less of a Faustian bargain than it sounds, Google's ads are unobtrusive and usually pretty far off the mark as far as targeting goes, at least for me. Gmail is fine for personal use when
Re: (Score:2)
And when the majority of people use encryption and/or it's integrated relatively seamlessly into most email clients then you'll have a point. Setting it up so it's seamless and easy for you isn't the point. Making sure every one of your recipients has low-friction for reading your email is.
Unless the overwhelming majority of your email is encrypted, then my original statement is within a margin of error of being correct.
What's stopped can be restarted any time (Score:5, Insightful)
Note the weasel words, Google just said they stopped scanning the mail for a very narrow specific purpose. They did NOT say they stopped scanning email, they still scan mails for other unspecified purpose.
And, of course, what they collected during that scan, they can apply to ad personalizaton again, any time in the future. That's the key problem, once they got your data, you have no way of getting it back.
That's why laws like GDPR is important, it prevent your data from being used for different purpose after companies like Google got their hands on them.
People are slowly starting to understand (Score:2)
That may not be a bargain they are willing to make.
A second change is that alternatives are popping up. There are lots of companies now offer encrypted
Umm.. you do know there's encryption, yes? (Score:2)
Encrypt your mails to stop Google from reading them, sign them to keep Google from altering them, use exclusively GMail (or throwaway) addresses to avoid handing Google metadata that links back to the parties involved and if you feel paranoid enough use a VPN provider (or some onion routing) to connect to GMail.
Did I miss something here?
Re: (Score:2)
Re: (Score:2)
Yes. It also makes identifying spam trivial: Everything not encrypted is.
Re: (Score:2)
I consider everything under 10 rounds heavily insecure. Personally, I recently went and upgraded to 64, I had 32 before but curiously somehow Google still managed to break the encryption.
I think I'll upgrade to ROT26 soon. Allegedly you only need half the rounds for a similarly secure result.
Re: (Score:2)
That's the beauty of it, your browser can automagically decrypt ROT26. Honestly I have no idea how they do it, but it works flawlessly.
Ftfy (Score:2)
If you're a (any free email service) user, your messages and emails likely aren't as private as you'd think. (Your email provider) reads each and every one, .....
I don't want them to stop (Score:2)
Of course Google read your mail, they have to do it in order to provide the service they offer.
There are services that don't read your mail, like ProtonMail, by all means use them if you really want privacy. However, as a trade off, you don't get full text search, advanced spam filtering, and all the little things GMail offers. It is just technically impossible.
Now, if you judge that GMail features are worth letting Google access your email (the usual convinience/security tradeoff) then you are trusting Goo
Re: (Score:2)
There are services that don't read your mail, like ProtonMail, by all means use them if you really want privacy. However, as a trade off, you don't get full text search, advanced spam filtering, and all the little things GMail offers. It is just technically impossible.
When normal people talk about "reading your email" this isn't what comes to mind. It's not what they are talking about. It's not about physical read operations users are oblivious to anyway.
If user controlled grep counts as reading an email then surely loading portions of email from a persistent data store into main memory or an RA receiving email from network also constitutes "reading your email". It would seem by this same definition every provider "reads your email". Therefore Google deserves a pas
Re: (Score:2)
When normal people talk about "reading your email" this isn't what comes to mind.
So what comes to mind? For most people "reading your email" means that some human being is looking at your conversation. Google doesn't do that, they never did, only computers read your email. But if we include computers in the mix, than "reading your email" is inevitable.
And about "deserving a free pass", that's for you to decide. Do you want to give Google the free pass and use their convenient service or do you prefer not to and go to the competition. ProtonMail is just an example of a good privacy-orien
probably why they block passworded ZIPs (Score:2)
I tried to send some bank routing info to a business associate. Well withing their posted guidelines (it was a simple text file, stored in a passworded zip), but they did not deliver it to the intended recipient.
https://support.google.com/mail/answer/6590?p=BlockedMessage&visit_id=0-636614072256826572-791915176&rd=1 [google.com]
At the time (and, still, I think), it was more like an attempt to push me into using a Google Drive, which is never going to happen. Why give them time to brute-force (or try using Big
Re: (Score:2)
At the time (and, still, I think), it was more like an attempt to push me into using a Google Drive, which is never going to happen. Why give them time to brute-force (or try using Big Data to guess) the password?
What makes you imagine that anything sent through gmail isn't stored by google forever, or at least as long as they like?
Protonmail (Score:1)
You still haven't moved to protonmail?
Use GnuPG (Score:4, Informative)
Okay, this isn't very practical in many cases. However, I have recently converted one person on Gmail to use GnuPG with Thunderbird, and it works!
It helps if the person is already using thunderbird, and YOU set it up for them. With the Enigmail extension, the encryption will be done automatically by recipient.
The hardest part is the passphrase - lots of people don't want to remember long passphrases. However, you can get their computer to remember it forever. Not the safest, but it WILL prevent Gmail from reading the mails sent to and from the person you convert.
Not my email. I am Google-free. (Score:2)
So the reason why Google invests so much into AI.. (Score:2)
they do not sell our info (Score:2)
Likewise, you can buy access to clean data. I can describe somebody and then target an ad at them. If they click it and fill in information, that was free choice. BUT, again, google does not sell names/addresses and never has.
Unlike Facebook, Microsoft, Apple, etc. (and yes, this assumes that those are still
Re: (Score:2)
If the service is free the user is the product.
Re: (Score:2)
BUT, imagine Google did a group by, along with using min/max,count, sum, on the data. IOW, you have data that is 1 level removed from what is needed to do that with.
We need an alternative to the Google/Apple duopole (Score:2)
I think more and more the market is demanding an alternative to the Google/Apple duopole on the mobile: something more open and more respectful of user's data privacy. Like we had Linux in the 90s on PC, I'd like to see a project like eelo.io to succeed on mobile!
sand in the gears (Score:1)
I'm glad that Google reads them (Score:2)
Maybe they could tell me if there is anything important or interesting that I have been sent recently? (and I don't count their SPAM as either of those things).
Nosy Google Employees (Score:1)
Consumer reality (Score:1)
Unfortunately, most consumers won't give a fudge until data is leaked to somebody who does something sinister or embarrassing with it in a way that makes national news, similar to the Facebook & Boston Analytics fiasco. (And it's too early to know if this will make Facebook fully shape-up.)
Some consumers may indeed accept such snooping to get free services (assuming the implications are made clear up front). However, it may exacerbate the inequality problem where the wealthy can afford low-snoop options
Guess what? (Score:2)
I haven't stopped reading your emails either. Have you stopped beating your wife?
Google is now (Score:1)
a Data mining company, not an Advertising company
Re: (Score:2)
Google not as bad as Microsoft.
Puke isn't as bad as shit, but I don't want to eat either
Re: (Score:2)
Censor everything! It's DUH LAW!!!!11!!!1!!!
Re: (Score:2)
Location services use GPS, CellTower signal, and WiFi.
I could see a case if location services are turned off maybe, but for no sim? that's dumb, one isn't needed.