Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Privacy

Google Hasn't Stopped Reading Your Emails (theoutline.com) 186

An anonymous reader shares a report: If you're a Gmail user, your messages and emails likely aren't as private as you'd think. Google reads each and every one, scanning your painfully long email chains and vacation responders in order to collect more data on you. Google uses the data gleaned from your messages in order to inform a whole host of other products and services, NBC News reported Thursday.

Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users' Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also "may analyze [email] content to customize search results, better detect spam and malware," a practice the company first announced back in 2012.

This discussion has been archived. No new comments can be posted.

Google Hasn't Stopped Reading Your Emails

Comments Filter:
  • One thing for sure. (Score:5, Informative)

    by techno-vampire ( 666512 ) on Monday May 14, 2018 @01:35AM (#56606756) Homepage
    Google's completely forgotten about "Do no evil."
    • by Citizen of Earth ( 569446 ) on Monday May 14, 2018 @01:38AM (#56606760)
      They just optimized it to "be evil".
    • by Anonymous Coward

      "Do no evil" was a transcription error of "do know evil".

    • They didn't forget it. In true Orwellian fashion they must have been misinterpreted because they always were addressing the user, not themselves. And the user knows he should not even think about doing evil because Google will know.

    • "Google's completely forgotten about "Do no evil.""

      Bull, just switch personalized ads off in the Google settings or encrypt your mail.

      Since most of us block any ads anyway, who cares?

    • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Monday May 14, 2018 @08:30AM (#56607890) Homepage Journal

      Google's completely forgotten about "Do no evil."

      You've completely forgotten it was don't be evil [wikipedia.org].

    • by rojash ( 2567409 )
      I doubt it was ever their real motto. It was just to deceive us, compared to the bigger evils of those days, MS/AOL etc Only thing unevil is unsightly ads unlike the gaudy pages of yahoo/lycos/excite etc Everything else behind the scenes is evil at its worst. For now, they are smarter than stupid FB at embarrassing data breaches.
    • Google's completely forgotten about "Do no evil."

      The only organizations that intentionally try to be evil exist in movies and novels. Every organization believes in the inherent goodness of their mission and that they are not evil. How is this possible? Simply because uniform definitions of good and evil don't exist. And what Google thinks is evil doesn't necessarily mesh with what its non-customer users believe is evil.

    • by Tablizer ( 95088 )

      Google's completely forgotten about "Do no evil."

      They didn't forget, but merely noticed evil is often more profitable, at least in the shorter term.

      Capitalists learned long ago that building manipulative mousetrap packaging is often an easier route to profits than building a better mousetrap. Marketing R&D and consumer manipulation is cheaper and easier than engineering R&D on average.

      Perscription drugs is a perfect example: they often spend more on marketing and "doctor fluffing" than on direct R

    • by pots ( 5047349 )
      It was, "Don't be evil." and it was never an official position, just something one of the founders said once.

      Not to make excuses, but Google has been consistently more responsible with their data than their rivals (Facebook, most notably). So... if you'd like, you could turn it into a new motto: "Be the lessor evil."
  • Calendaring (Score:5, Interesting)

    by Zaelath ( 2588189 ) on Monday May 14, 2018 @01:40AM (#56606762)

    If I don't want Google to read my email I'll encrypt it, meanwhile I mostly want them to read it so they can do my calendaring for me... If they can get some deep AI insight from the rest of the spam and shipping receipts in there, good luck to them.

    • Re:Calendaring (Score:4, Interesting)

      by alex67500 ( 1609333 ) on Monday May 14, 2018 @04:08AM (#56607158)

      This. Exactly this. I almost missed a flight because I'd forgotten I was booked on the earlier one, but their reminder saved me.

      For the rest, they know what I spend money on, and their ads are still irrelevant. So either their AI isn't very good yet, or they don't actually link them to the ads I see.

    • Almost the only stuff I get on my gmail account is youtube notifications. I can imagine they think I'm a weirdo.

    • Yeah, this. Nobody that hangs around Slashdot should be in any way shocked or outraged, this is part of the contract for the conveniences you get with a free service. Good god, if it bothers you then stop using a mainstream supplier of an antiquated communication technology.

      There are so many more grievous privacy transgressions that deserve attention.

    • For those of us who sent email back in the day the mantra was to never say anything in an email that you wouldn't post on the bulletin board at a supermarket (or say to your sainted grandma). Most understood that email in plain text was routed through many a server (and could thus be parsed by its admin or his tools). The expectation of privacy was a sum divided by zero. As the popularity of email exploded when the net was opened people somehow got the idea that email was private. It wasn't, of course, and

  • Not so fast... (Score:5, Informative)

    by The Cynical Critic ( 1294574 ) on Monday May 14, 2018 @01:58AM (#56606808)

    a practice the company first announced back in 2012.

    That's an awfully charitable way to describe it... My recollection is that they denied reading people's email for years and in 2012 someone was finally able to prove this so conclusively that Google had to fess up, but naturally felt the need to to point out that this invasion of peoples' privacy was done by "algorithms" and not by people in it's admission of guilt.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I think that was for the education accounts, not the standard accounts. The whole point of Gmail was to scan your email. Other providers injected ads into your outgoing emails. Google didn't do that. They were up front about this when they created the service. You get 1GB of free email storage in exchange for us scanning your email. The standard inbox size at the time was 10-100MB. People jumped onto Gmail invites as fast as they could find them.

      The educational accounts weren't supposed to be scanned

    • by fred911 ( 83970 )

      " My recollection is that they denied reading people's email for years and in 2012 "

      Well, I've used Gmail since it was invite only service. It's always been disclosed that your mail would be parsed by algorithms for experimentation, targeted ads from their network and to improve user experience and services. I also remember disclosure of the fact that the content used was never processed with an identifier (that could be seen by human eyes) with attributes identifying the account. That was the deal

      • Then your recollection is in conflict with mine as I've also been using GMail since the invite-only beta (autumn of 2004 to be specific) and the final admission that they do actually read your email didn't happen until years after it came out of beta.
        • by fred911 ( 83970 )

          Back then I resisted "webmail" as Yahoo and Hotmail's TOS were ridiculous, worse than their bloated interface. I thoroughly read Google's and understood that my mail would be used for their spam filter (useful then), malware (useless for me) and to target ads and I could still use POP3/IMAP if I chose.
          10 years later the TOS was updated to clarify the fact that the same data would be used for other of their services that I opted to use. At that point, they may have made it more clear that they would

  • by Anonymous Coward

    Every email provider "reads" your email. If they don't "read" your email, you wouldn't have spam filtering, search functionality, or any sort of automatic sorting. What they use it for can be questioned, but this line is always used and it's quite misleading.

    • How dare you bring the truth out! We don't want your kind here!

    • That's a false equivalency. Your keyboard "reads" your keystrokes, yet isn't normally spying on you. Behaviours like spam, virus and search are read-only - no information regarding the email is passed on elsewhere, and is not used by anyone but the mailbox owner. By contrast, actually taking the contents of other peoples emails and using that data yourself is creepy and evil.

      • by Anonymous Coward

        Not so fast. Are you claiming that spam filters of today don't learn from what they scan?

    • by gravewax ( 4772409 ) on Monday May 14, 2018 @02:30AM (#56606908)
      yes they do, the difference here is google reads it to leverage the content for their own purposes not to necessarily directly assist you with your email management.
  • How is this news? (Score:5, Insightful)

    by another_twilight ( 585366 ) on Monday May 14, 2018 @02:03AM (#56606816)

    If you aren't running the mail server, then someone, somewhere is reading your email. Maybe they aren't right now, but they are a rogue sysadmin, data breach or buyout from doing so retroactively.

    It's like having a conversation in public. If you want private communication, email is not and has never been that.

    My memory of signing up for Gmail was that Google was quite open about using the data anonymously for various purposes, a position more honest than many others who do the same without the courtesy of saying so.

    • >> If you aren't running the mail server, then someone, somewhere is reading your email
      This.
      We need new e-mail protocols with mandatory end-to-end encryption and signature.
      That would also reduce the spam problem to almost nothing.

      • This already exists.

        SMTP is supposed to be end to end. TLS gives you encryption and most MTAs can be configured to require encryption if you so desire.

        Personally I don't require it. In the past, too many ISPs didn't support it at all.

        I also don't fail on self signed certs, and I'd be vulnerable to a MITM attack although I'd be able to detect it retrospectively by analysing logs.

        But then I don't have anything in my emails that I care if a determined attacker reads. In fact, I'd be somewhat pleased if they wa

        • by ksw_92 ( 5249207 )

          TLS only provides encryption "on the wire" and not within the MTA. You'll want to use some sort of envelope encryption like S/MIME if you want to keep intermediate MTAs out of your mail contents. It's the MUA that needs to handle envelope encryption and that's been a big miss for some time. Outlook gets it sort-of right if you're inside an organization that bought in to the full X.509 thing. G Suite Enterprise and Education offerings have S/MIME support as well but it seems kind of buried and you're still o

    • by mycroft16 ( 848585 ) on Monday May 14, 2018 @02:34AM (#56606920)
      I have to agree. Google has actually always informed in their agree to terms that they WILL be collecting and analyzing data about you. And I'm not talking about it being hidden either, they straight up say it. And you know what, of all the companies out there that do it, I get real value from it. They scan my emails and extract shipping numbers so that my Google Home can tell me about them. Or flight plans so that I get alerted when I need to leave wherever I am based on real time traffic data (also gathered by trackgin android phones) in order to make my flight. I know in the past Google has kept data in-house to inform their own services. Their own ad placement services, their on maps, their own email, and assistant software. If, and yes that is a big if because do we really know, but if it is staying within Google and just bouncing between services, I really don't care at that point. I would be curious to know what anonymized me looks like though, and it would be cool as a user to get a yearly report of how many times my anonymized data was used, etc. Where as Facebook gleans tons of data about me and my likes, I get very little actual benefit from that. Google however simplifies my tasks, coordinates all the many actions I take during the day and places them at my fingertips like no one else. I'm at least getting real, tangible benefit for them having access to me.
      • I have to agree. Google has actually always informed in their agree to terms that they WILL be collecting and analyzing data about you. And I'm not talking about it being hidden either, they straight up say it.

        What about those who send you email? Are they expected to read and agree to a service they don't even use? Were they warned ahead of time? Do you have a legal or ethical duty to warn them?

        • by Dog-Cow ( 21281 )

          There is nothing stopping you from taking every email you receive and displaying the contents on a billboard, or posting them on a public blog for anyone to read. If you send someone an email, you can't expect the contents to remain private unless you have a specific agreement with the party (e.g. NDA). And in that case, encrypt the secret stuff.

          • There is nothing stopping you from taking every email you receive and displaying the contents on a billboard, or posting them on a public blog for anyone to read. If you send someone an email, you can't expect the contents to remain private unless you have a specific agreement with the party (e.g. NDA). And in that case, encrypt the secret stuff.

            Your ignorance of wiretapping law as it applies to email amuses me.

        • How is you having Google as your provider *any* different there? Anyone sending email to you is always going to literally be throwing their message into a gaping dark hole, with no actual idea who is in there to catch it - they just assume someone will, but they have no say in who that someone is.

        • Don't put your penis in a prostitute with festering sores.

    • If that's your memory of signing up you either signed up post 2012 or then remember wrong because Google vehemently denied reading people's email at all until someone conclusively proved they were lying. Only then did they admit they do read your email to improve ad targeting, but still felt the need to still insist that actual people don't read your email as if people were going to believe their denials this time around.
    • Re:How is this news? (Score:5, Informative)

      by SandorZoo ( 2318398 ) on Monday May 14, 2018 @03:07AM (#56606996)

      My memory of signing up for Gmail was that Google was quite open about using the data anonymously for various purposes, a position more honest than many others who do the same without the courtesy of saying so.

      When I signed up for Gmail they said they would be scanning my email so they could my adverts more relevant. The welcome email Google sent my in 2004 included this paragraph:

      You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful.

      So they certainly said they would be reading email for targeted advertizing purposes back in 2004.

      • My memory of signing up for Gmail was that Google was quite open about using the data anonymously for various purposes, a position more honest than many others who do the same without the courtesy of saying so.

        When I signed up for Gmail they said they would be scanning my email so they could my adverts more relevant. The welcome email Google sent my in 2004 included this paragraph:

        You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful.

        So they certainly said they would be reading email for targeted advertizing purposes back in 2004.

        Yep, they certainly did. They even had suppression algorithms so you wouldn't get funeral home ads when someone emailed you that a family member dies, and so forth.

    • Comment removed based on user account deletion
    • by mjwx ( 966435 )

      If you aren't running the mail server, then someone, somewhere is reading your email. Maybe they aren't right now, but they are a rogue sysadmin, data breach or buyout from doing so retroactively.

      It's like having a conversation in public. If you want private communication, email is not and has never been that.

      My memory of signing up for Gmail was that Google was quite open about using the data anonymously for various purposes, a position more honest than many others who do the same without the courtesy of saying so.

      This.

      Anyone thinking that other services, even paid ones like Microsoft's offering aren't doing the same thing then they're deluded. Unless you control the data end to end, someone else is reading it.

      And Google have never really been shy about admitting that they're trading their free services for advertising. Its far less of a Faustian bargain than it sounds, Google's ads are unobtrusive and usually pretty far off the mark as far as targeting goes, at least for me. Gmail is fine for personal use when

  • by khchung ( 462899 ) on Monday May 14, 2018 @02:06AM (#56606824) Journal

    Note the weasel words, Google just said they stopped scanning the mail for a very narrow specific purpose. They did NOT say they stopped scanning email, they still scan mails for other unspecified purpose.

    And, of course, what they collected during that scan, they can apply to ad personalizaton again, any time in the future. That's the key problem, once they got your data, you have no way of getting it back.

    That's why laws like GDPR is important, it prevent your data from being used for different purpose after companies like Google got their hands on them.

  • Everyday didn't have all the info needed to properly weigh the pro's and cons of these 'free' services. They thought they get free services in return for watching advertisements. But what they are slowly waking up to is that they also also getting these free services in return for becoming transparant to future employers, banks, insurers, and governments.

    That may not be a bargain they are willing to make.

    A second change is that alternatives are popping up. There are lots of companies now offer encrypted
  • Encrypt your mails to stop Google from reading them, sign them to keep Google from altering them, use exclusively GMail (or throwaway) addresses to avoid handing Google metadata that links back to the parties involved and if you feel paranoid enough use a VPN provider (or some onion routing) to connect to GMail.

    Did I miss something here?

    • I'm asking this question and I'm not being snarky about it: do you follow this practice for your own email use? I'm curious.
  • If you're a (any free email service) user, your messages and emails likely aren't as private as you'd think. (Your email provider) reads each and every one, .....

  • Of course Google read your mail, they have to do it in order to provide the service they offer.

    There are services that don't read your mail, like ProtonMail, by all means use them if you really want privacy. However, as a trade off, you don't get full text search, advanced spam filtering, and all the little things GMail offers. It is just technically impossible.

    Now, if you judge that GMail features are worth letting Google access your email (the usual convinience/security tradeoff) then you are trusting Goo

    • There are services that don't read your mail, like ProtonMail, by all means use them if you really want privacy. However, as a trade off, you don't get full text search, advanced spam filtering, and all the little things GMail offers. It is just technically impossible.

      When normal people talk about "reading your email" this isn't what comes to mind. It's not what they are talking about. It's not about physical read operations users are oblivious to anyway.

      If user controlled grep counts as reading an email then surely loading portions of email from a persistent data store into main memory or an RA receiving email from network also constitutes "reading your email". It would seem by this same definition every provider "reads your email". Therefore Google deserves a pas

      • by GuB-42 ( 2483988 )

        When normal people talk about "reading your email" this isn't what comes to mind.

        So what comes to mind? For most people "reading your email" means that some human being is looking at your conversation. Google doesn't do that, they never did, only computers read your email. But if we include computers in the mix, than "reading your email" is inevitable.

        And about "deserving a free pass", that's for you to decide. Do you want to give Google the free pass and use their convenient service or do you prefer not to and go to the competition. ProtonMail is just an example of a good privacy-orien

  • I tried to send some bank routing info to a business associate. Well withing their posted guidelines (it was a simple text file, stored in a passworded zip), but they did not deliver it to the intended recipient.

    https://support.google.com/mail/answer/6590?p=BlockedMessage&visit_id=0-636614072256826572-791915176&rd=1 [google.com]

    At the time (and, still, I think), it was more like an attempt to push me into using a Google Drive, which is never going to happen. Why give them time to brute-force (or try using Big

    • At the time (and, still, I think), it was more like an attempt to push me into using a Google Drive, which is never going to happen. Why give them time to brute-force (or try using Big Data to guess) the password?

      What makes you imagine that anything sent through gmail isn't stored by google forever, or at least as long as they like?

  • by Anonymous Coward

    You still haven't moved to protonmail?

  • Use GnuPG (Score:4, Informative)

    by thePsychologist ( 1062886 ) on Monday May 14, 2018 @06:48AM (#56607486) Journal

    Okay, this isn't very practical in many cases. However, I have recently converted one person on Gmail to use GnuPG with Thunderbird, and it works!

    It helps if the person is already using thunderbird, and YOU set it up for them. With the Enigmail extension, the encryption will be done automatically by recipient.

    The hardest part is the passphrase - lots of people don't want to remember long passphrases. However, you can get their computer to remember it forever. Not the safest, but it WILL prevent Gmail from reading the mails sent to and from the person you convert.

  • I deleted my gmail account and setup my own email server a long time ago. Nothing on the internet is 100% secure, but at least I have some control. I can wipe the server anytime and keep everything encrypted as I like.
  • ...is because our emails are so boring to snoop around ?
  • You can buy CLEAN data from Google. That is, if your are in science and need information about population bases, you can buy that from Google. BUT no names/addresses. So, no way to tie it back to you.
    Likewise, you can buy access to clean data. I can describe somebody and then target an ad at them. If they click it and fill in information, that was free choice. BUT, again, google does not sell names/addresses and never has.
    Unlike Facebook, Microsoft, Apple, etc. (and yes, this assumes that those are still
    • by AHuxley ( 892839 )
      The smart way is to buy many sets of data. Then match them up. All that "CLEAN" data soon fails when other data sets get mixed added in.
      If the service is free the user is the product.
      • Yup. That can work when you have data that shares individual data pieces. In fact, you would just throw it into a Postgres or other SQL relational DB and simply join the various tables. And that approach WILL work with data from Facebook, Apple, Microsoft, etc.
        BUT, imagine Google did a group by, along with using min/max,count, sum, on the data. IOW, you have data that is 1 level removed from what is needed to do that with.
  • I think more and more the market is demanding an alternative to the Google/Apple duopole on the mobile: something more open and more respectful of user's data privacy. Like we had Linux in the 90s on PC, I'd like to see a project like eelo.io to succeed on mobile!

  • let's think of how to fuck up the so-called 'a.i' then: throw in a signature with nonsense keywords, death threats aimed at evil google execs and stupid google fanbois, in short, anything that screws over the machine learning and spying that forms the basis of their business. installing a mail server, securing it and then register your -personal- domain with a reputable outfit like gandi.net is quicker than jumping through hoops when setting up a gmail account.
  • ... because I hardly ever do, any more.

    Maybe they could tell me if there is anything important or interesting that I have been sent recently? (and I don't count their SPAM as either of those things).

  • For Google employees with time on their hands, I can certainly set up a flow of emails between 2 different google accounts. Such emails can contain images and descriptions of my latest COLONOSCOPY for their perverted reading enjoyment.
  • Unfortunately, most consumers won't give a fudge until data is leaked to somebody who does something sinister or embarrassing with it in a way that makes national news, similar to the Facebook & Boston Analytics fiasco. (And it's too early to know if this will make Facebook fully shape-up.)

    Some consumers may indeed accept such snooping to get free services (assuming the implications are made clear up front). However, it may exacerbate the inequality problem where the wealthy can afford low-snoop options

  • I haven't stopped reading your emails either. Have you stopped beating your wife?

  • a Data mining company, not an Advertising company

If all else fails, lower your standards.

Working...