

Stop the paranoia: it doesn't matter if Google reads our email - masnick
http://www.maxmasnick.com/2012/02/12/gmail_paranoia/

======
mechanical_fish
Email is indeed woefully insecure, but the problem with Google's "privacy"
policy has little to do with whether or not email is a secure medium or not.
It's about social norms, and Google's institutional ignorance of them.

Privacy is created by social norms. It's no technical challenge for me to
borrow your paper mail from your mailbox, steam it open, read it, copy the
bits I find interesting, seal it up again, and replace it in your mailbox.
But, in doing so, it's understood that I'm doing an awful thing. It's so awful
that it's _against the law_ :

[http://www.wbrz.com/news/postal-workers-accused-of-
tampering...](http://www.wbrz.com/news/postal-workers-accused-of-tampering-
with-mail)

... and, all else being equal, juries will not be inclined to sympathize with
me.

Similarly, it's somewhere between very rude and illegal, depending on
circumstances, to intercept or interfere with someone's email. If you happen
to glance at someone's email you're expected to keep politely silent about it,
as you would be if you happened to glimpse your neighbor through a window of
their house. You're _certainly_ expected, under pain of felony charges, not to
tamper with or forge someone's email, just as you're expected to avoid
entering your neighbor's house without knocking even if the front door is
standing open.

Google, on the other hand, seems to be constantly trying to establish the
precedent that it's perfectly normal and polite for any aspect of your life -
currently including, but presumably not forever limited to: the state of your
front yard, the contents of your photo album, the list of movies you've
watched on YouTube, and the contents of your mailbox - to be sampled, data-
mined, correlated, and archived forever _by entities completely outside your
knowledge or control_ so long as those entities are using secret algorithms to
do it.

If you'd tolerate this behavior in a friend, you may by all means continue to
have Google as a friend. I, however, am getting increasingly uncomfortable
with Google sitting in my living room, and am increasingly tempted to escort
them politely but firmly to the door and then deliberately misplace their
address.

~~~
cageface
The problem with dumping gmail for another email provider is that at least
half of the people with whom I correspond use gmail too so my messages wind up
on their servers anyway.

Edit: _REALLY_ tired of all the idiotic downvoting lately. What I've said is
factual. Don't be such a lazy fuck and post a rebuttal if you disagree.

~~~
mechanical_fish
Sure, but the difference is in the implied consent.

If I continue to use Gmail beyond another week or two (what's that deadline,
again?) I've implicitly consented to Google's policy on what they're permitted
to do with my email. (One nice thing about Google: I can't really claim they
haven't told me about this nonsense. They are taking the notification of their
customers _very_ seriously.)

If, however, I'm not actually a Google user, but the Googlers secretly
reassemble my mailboxes by sniffing the inboxes and outboxes of all of my
friends and relations... well, that's a bigger transgression. They didn't ask
my permission to do that, and when they asked my permission to do similar
things I said no. So they'd better be good at keeping their activities secret,
because if I ever learn that they did it I'll squawk a long, loud squawk.

Sure, social disapproval doesn't have the force of law. (At least, not right
away.) But it does have force.

~~~
mangodrunk
It's not just your email but the recipients as well, and they can do what they
want with it. Why would you care if they were able to figure out that you like
computers and target more relevant ads?

------
darklajid
Being one of the advocates of leaving: The article got it wrong for me, on
various points.

First: No, Google is not evil. Nor good, for what it's worth. It's a random
company that won a lot of sympathy in the past and became unavoidable (for
better or worse) on the internet.

If someone cries that Google is turning mad, evil and creepy, go ahead with
posts like this. If people start thinking about the implications of throwing
every piece of their online identity into one corporations data center: Stop
mocking that.

Yes, you can have less secure solutions. Yeah, email isn't a secure protocol
to begin with and pgp/gpg is mostly dead by now, used only by geeks that line
up to compare their fingerprints and passports, calling that a 'party' (Hey, I
did that. I'm allowed to make fun of my own subculture).

That's totally missing the point. For some people it is just too scary to give
email, calendar, news feed, instant messages, mobile operating system,
'office' aka text editor/spread sheet data, pictures, location data
(latitude), travel data (maps, google tracks) and probably a lot I missed to a
_single legal entity_.

We didn't even touch the 'use Google as openid provider' part here, which puts
your 3rd party accounts in Google's hands.

I wouldn't entrust those details to my wife or brother and recently, without
fearmongering or throwing my hands in the air and running in circles, decided
that Google is not the right place for that level of access either.

If you mock that, if you call that paranoia, then you're insulting intelligent
people making a conscious (and - private/intimate. Even if discussed in
public) decision. The headline of this article alone is out of line.

~~~
greyman
I agree with you, and you missed to mention the most private data Google owns,
and that is our search queries.

------
kylemaxwell
As with any security decision, you need a good threat model rather than FUD
and giving in to cognitive biases. Whether you consider the threat model in
the post to be complete and accurate, just saying "OMG Google could go evil!"
is not really a useful way of looking at things.

You need to consider the loss implications if your email is compromised, given
various scenarios (the whole account? one message? etc.) and the sorts of
information you have in it (journalists working with protected sources vs.
griping about your spousal unit malfunctioning). And consider who the likely
threat actors would be.

In some cases, hosting on Google would be a spectacularly bad idea. If I were
Jacob Applebaum, I wouldn't even think about it, because of concerns about
"lawful intercept" and whatnot. But in my case, given the additional security
features (two-factor auth, HTTPS everywhere, etc.), and my particular threat
model, Gmail does the job just fine.

------
dustingetz
> what nefarious thing Google could do with my email that is in its interest
> and that would cause me harm

responding to government information requests without due process. google
isn't in the business of protecting civil liberties.

i wonder if they're filtering our email on a mass scale for suspicious
activities, as defined by Dept Homeland Security? if they were, it would be
classified, and none of us would know the difference.

heck, turns out one of my buddies used to be a drug dealer, i had no idea, and
at the time he was all over my social graph. i wonder if it will come up next
time I apply for a security clearance. I might never know - an old manager
once told me how clearance applications have a way of getting lost in the
system when things aren't perfect - once eyebrows are raised, you enter a
whole new set of processes and red tape that nobody wants to deal with.

~~~
shaka881
Actually, I would trust Google to challenge government subpoenas more than I
would trust my current small webhost, which has probably next to no legal
resources that would give it a chance in court.

~~~
bjornsing
Now if you and your small webhost is outside the jurisdiction of US courts
then that might be a different story... At least that's the only "privacy"
reason to not use gmail that I can't immediately dismiss. Anybody have any
thoughts on this case?

------
gst
The most important part of this: "With that said, I think it’s a bad idea to
use a @gmail.com address (or any other domain name you don’t own). If Google –
or your email service of choice – does turn evil or shuts down, at best you
have to change your email address, and at worst they own a critical part of
your online identity."

I understand that some people are too lazy (or whatever) and use Gmail. But do
you really assume that you won't switch your mail or chat provider for the
rest of your life? That's exactly like the people who used @hotmail.com a
decade ago.

Your own domain costs $10-20 per year and it's trivial to setup (either on
your own server or with Google Apps). And if you decide at some point that you
want to switch to another provider, all you need to do is to point a few
records (MX, XMPP, SPF) to your new provider - this only takes a few minutes
to do.

~~~
jrockway
But what if my registrar turns evil?

Google has an incentive to be nice: they only make money and continue to exist
if people use their products. If they suddenly take everyone's gmail address,
the backlash would be incomprehensible. There would be Senate hearings and an
infinite amount of Internet Hate.

But registrars are smaller and probably wouldn't face any financial
consequences for stealing your domain name and selling it to someone with more
money. You would be mad, but since it only affected you, there would be very
little you could do. No hearings. No Internet outrage.

Alternatively, someone could sue you for your domain name, and you'd never be
able to afford to mount a reasonable defense. Google, on the other hand, could
afford to do that.

I think once a company gets to be Fortune 500 in size, they probably aren't
going to do anything too drastic. It's the smaller ones that can be bought or
do something unethical because they don't have shareholders or a board of
directors. (Then again, that didn't stop Enron. But they fucked over their
employees, not their customers.)

~~~
jbjohns
>Google has an incentive to be nice: they only make money and continue to
exist if people use their products.

So, the same motivation as big Pharm, Oracle and Monsanto, then? That
incentive doesn't appear to work very well.

~~~
jrockway
I don't see what you're saying. Big Pharm sells drugs to insurance companies.
Oracle sells databases to CTOs. Monsanto sells weed killers to farmers.

Yes, these activities all have externalities; drugs would be better if people
could pay for them themselves, databases would be better if programmers picked
them out, and farming would be better if Monsanto didn't patent genes. But
ultimately, none of these companies try to harm their customers. We just don't
like them because we aren't their customers.

Google is in a weird position where they have two sets of customers; users and
advertisers. Both need to be pleased, even though their interests are in
conflict, or Google will die. So there's a financial incentive to be nice to
users, and as a user, that means they should be nice to you.

~~~
jbjohns
> Both need to be pleased,

I disagree with this. Users are not customers, we are the product. Google need
only be slightly better than the second best option. Now that they have such
momentum in search I don't see any reason why they need to care about users,
only advertisers.

------
dmbaggett
The argument that email is inherently insecure is specious. Most providers
offer IMAP over TLS. Hotmail offers POP (which is incredibly crappy), but at
least over TLS. Some big ISPs (e.g., Verizon) don't offer encrypted mail, and
should be ashamed of themselves for this -- but this is definitely the
exception these days. Mail between servers is also generally encrypted via
TLS. And SPF and DomainKeys generally provide a nice audit trail if someone's
hacking. So it's just wrong to suggest that email is usually sent in cleartext
form or is otherwise insecure -- even if the users involved haven't set up
PGP.

I think it's totally legitimate for consumers to be concerned about the
companies that host their email. Unlike social networking, email is for
"important stuff", and while webmail providers like Google generally have
protections in place to prevent random employees from reading your mail, the
fact is that the possibility still exists, and incidents have occurred at
companies like Google of rogue employees illicitly reading end-users' email.
Someone with access to your Facebook account is unlikely to get access to your
bank statements, mortgage emails, or travel plans. But if someone can read all
your email, they'll likely get all these and much more.

The only genuinely safe long-term solution is for mail hosts to store their
users' email encrypted in such a way that only the end users (and not the
company) can read the email. This would preclude server-side ad targeting, but
users should -- and I believe, will -- ultimately demand it.

~~~
ams6110
_mail between servers is also generally encrypted via TLS_

Source for this? It historically has not been, but this may have changed.

Regardless, end-to-end encryption with PGP or S/MIME is the only way to really
send "secure" email, and even then you're vulnerable to
snooping/mishandling/exposure at the end points when the emails are actually
read.

~~~
dmbaggett
The Mozilla ISP database (<https://live.mozillamessaging.com/autoconfig/v1.1>)
has a zillion entries, most of which clearly indicate SSL or STARTTLS.

~~~
steve19
There are just over 700 entries in that database, not a zillion.

~~~
dmbaggett
How fortunate for us that you found the time to offer this insightful
rebuttal.

I stand corrected. There are not a zillion entires in that database. There are
many hundreds, covering only approximately 2B email accounts. Clearly the
question of wether these data are representative of email security at large
must be resolved in an properly peer-reviewed academic journal.

I am sorry to have wasted your valuable time with such an ill-considered
comment. Please accept my heartfelt apologies.

------
voidr
Humans who work at Google do not read your emails, humans who work for the FBI
on the other hand do, Google and Microsoft too along with other are required
to implement back doors for the law agencies, you should be a lot more
paranoid about that.

If you want absolute security, you are not gonna get it from nobody, and that
includes Microsoft. Any information stored on a server you don't own is not
secure, any information passed trough the internet unencrypted is also not
secure. If you want absolute security you need to make sure that the
information that you want to send is encrypted when transferring and only gets
decoded and stored on servers you own and know to be safe from anyone, in
other words, don't use email at all, because it's not secure by design, most
of the time, it's vulnerable to man in the middle attacks.

Shame on Microsoft for not competing with features instead of FUD.

~~~
jrockway
I'd like to read more about these "required" back doors.

If you mean that they have to comply with court orders, then yes, that's a
"back door". But companies that comply with valid court orders to release
emails are actually protecting your privacy. If they refused to comply with
the court order, the government wouldn't say, "oh well, we tried, too bad",
they'd come physically take all the servers and disks that they thought could
possibly be relevant. That means that the government would now have access to
_your_ email, even though you weren't the target of any investigation.

Ultimately, if you want privacy from government intrusion into your email,
stop electing judges that will sign warrants for your email. You can't expect
major corporations to violate the law to protect your email. It's just not
going to happen.

~~~
ootachi
Sure, Google is doing the least-bad thing if you take as axiomatic that you're
going to have to store your mail in plaintext on the servers of some enormous
American corporation. There are, of course, alternatives that don't involve
storing your emails in this way, which is the entire point.

For example, libraries regularly delete library records after a short time as
a matter of policy. Mozilla encrypts Sync data with a key known only to the
user. These represent alternative approaches that don't have the risks of the
corresponding Google services (search and Chrome respectively).

~~~
magicalist
if you actually want others to be able to read your email, it can't be
encrypted at some point. PGP et al lost the battle a long time ago, which is
pretty much exactly the point here. This isn't just in the US that this is
problematic, by the way. Most governments reserve this kind of right for "law
enforcement" purposes. For instance:

[https://www.google.com/transparencyreport/governmentrequests...](https://www.google.com/transparencyreport/governmentrequests/userdata/)

Also, you've been able to locally encrypt your Chrome sync data for quite a
while now.

------
spacemanaki
Whoa, was that Microsoft ad the most surprising this about this post to anyone
else? Maybe it's because negative advertising in the Republican primary is
being discussed so much here in the US, but to me that seems like a massively
bad idea on the part of Microsoft. Do they do absolutely _no_ targeted
advertising with Bing, Hotmail, or their other web services? I find that a
little hard to believe.

I guess I shouldn't be that surprised that they've resorted to attack ads
though; Office 365 is one of the worst web apps I've ever used. I don't even
necessarily disagree with their general goal of educating people about how
Gmail works, but that's like a textbook definition of FUD if I've ever seen
one.

------
webwanderings
Email is certainly not secure. IT guys can not only read text email, they can
also read passwords. A long while ago in the earlier days of IDS, I was shown
an example of how IDS scanner could read the Yahoo password a user types in
the browser. But, that doesn't mean anyone would potentially read your email
and they don't.

However, in the longer run, the question then is: like a snail mailbox which
is fundamentally a right of each person/household - does our individual email
in this increasingly connected world fall into the category of individual's
right? Should the government or semi-government be responsible for securing
the privacy of individuals? Should email be technically free in a real sense?
I know this train of thought has several other inter-related points as well
but ... we can't just ignore Gmail's reading of our emails - even
algorithmically - without paying some attention.

~~~
scrod
> _But, that doesn't mean anyone would potentially read your email and they
> don't._

Oh yes it does — they can, and they do.

<http://gawker.com/5637234/>

<http://www.net-security.org/secworld.php?id=12048>

~~~
webwanderings
Unless you're an important person, celebrity etc, your email is not worth
reading, hence under the context, there aren't people out there reading
everyone's email. Proportionally, there wouldn't be enough time in this world
for people to read every email of every person. Again, you have to look at it
under the context of email having a common denominator property of each and
every individual on this planet earth, just as, the post office mail box
belongs to each and every household. Assume you can read my email and I can
read yours, both of our email content would be intelligible and useless for
each of us to waste time on.

Ultimately, the point is not if a machine or human is or can read email....the
point is, whether present day civilization should give up this privacy aspect
to machines/corporations/government etc. The answer is already obvious,
somebody has to manage the technology and that somebody is most likely not
you....so by default, you have given up your privacy to someone else, so it
can be managed for you.

The more bigger and unresolved problem is whether government or corporation
should use machines to profile each and every one of us to preempt potential
criminals.

~~~
webwanderings
I think I'm making contribution here, so I'd appreciate people downvoting with
a click, would make their counter point instead.

------
gst
One important point not raised in the article is that this is not only a
security decision.

Yes, from a security standpoint each single one of us might be better off with
using Gmail, instead of using their own mailserver or a service provided by a
local company.

But when looking at the society as a whole the worst that could happen is
giving a few companies a monopoly on our communication. Especially when we
don't need to do this, because we already use a distributed and decentralized
network.

For me the second argument is at least as important as the first one. But I
fully understand when people don't look at the wider implications of their
decisions and just use the easiest route.

------
pnathan
Simply put, the civil liberties aspect of using Google (or Facebook -
complaint applies to all equally) for the vast majority of your information
services is a big concern. The consequence of someone unscrupulous having a
single point of access could be profound.

I have read _far_ too much history and current events to believe that we are
in a new and trustworthy era of humanity.

------
Kylekramer
One funny thing about "how to switch from Gmail" post is the top suggestion
(Fastmail) is funded by Google. Indirectly, yes, but it is owned by Opera,
which is nearly entirely funded by Google. It may be slightly better, but
Fastmail still has a natural inclination to have you see Google ads. The
reality is it is a trade off. Gmail is more secure than nearly any other
solution, better than any other solution, and dead simple. And then you get
served ads, cause there is no such thing as free lunch. If I had the skills
and time, I would run my own server, but in all likelihood it would give me a
minuscule amount of more privacy with a lot worse experience and a lot less
security.

~~~
hendrix
They who can give up essential liberty to obtain a little temporary safety,
deserve neither liberty nor safety.

\--Ben Franklin

Only problem is that the USA has become an even more monstrous empire than the
Brits were at the time. Google can be as principled as it wants to be but at
the end of the day it is still located in the USA. Btw google and facebook are
more than the Nazis/Stasi/KGB could ever imagined.

------
jmount
[http://gawker.com/5637234/gcreep-google-engineer-stalked-
tee...](http://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-
on-chats)

~~~
spooneybarger
From the post itself:

"Email is simply not secure. Messages are not secure in transit: the protocol
used for sending email (SMTP) does not require encrypted connections, so it
could easily be intercepted by a third party as travels over the internet. You
also have no guarantees about the security of a recipient’s email client or
server. A hacker could have surreptitious access to a recipient’s inbox, or
curious IT guy could be reading through email on the server."

------
robbrown451
I agree with the title of the article, but the content is ridiculous.

The guy seems to have no concept of realistically balancing risks. Yes your
email is somewhat insecure, but for most people, the risks are things like
your boss or family members finding out that your talk badly about them, etc.
Email is sufficiently secure for most people when it comes to stuff like this,
and that really has nothing to do with other risks, such as those caused by
google "reading your email".

He also talks about the risk of google discontinuing gmail, which is pretty
far fetched.

Here is the sort of real bad thing that can happen from google's practice,
though: you talk about something "secret" in email, and then later, it shows
you an incriminating advertisement while someone is looking over your
shoulder. For instance, you might email someone asking for advice on a
surprise trip to Paris for your wife, and then later (after carefully stashing
those emails in folders), your wife sees on your screen all these ads for
Paris hotels and airfare, and knows what you are up to.

------
copenhagencoder
The argument that there's nothing to worry about because other aspects of
email communication is insecure is like saying that I shouldn't lock the door
to my house since a house is fundamentally insecure, having windows that are
easy to break.

My point is that, just because certain aspects of email communication is
insecure doesn't mean we need to accept even more insecurity from our email
provider.

The author also forgets to mention that the authorities have relatively easy
access to people's email communications. Read
<http://projects.washingtonpost.com/top-secret-america/> to understand how
troubling the American government's peaking into personal stuff is.

------
arikrak
People like being paranoid when there's little reason. Even the end of this
article was a slightly paranoid. I don't thing Gmail is shutting down anytime
soon, it will probably last longer than any random domain a person buys.

~~~
gst
The point is that you're locked into a single provider and it's hard to
switch. Using your own domain isn't much harder, looks more professional, and
allows you to switch provider at any point in time.

~~~
shaka881
I love the shit out of Gmail, but I switched to Apps with my own domain for
this reason. I've had my email address for much longer than Gmail's been
around.

------
shaka881
Do any of Google's competitors do this?
<http://www.google.com/transparencyreport/governmentrequests/>

~~~
blakdawg
I'd be a lot more impressed with that if they actually disclosed the identity
of the requestors and the content they wanted searched/suppressed, at least as
much as would be legally possible.

~~~
shaka881
I don't think it is legally possible. I believe these requests are usually
accompanied by gag orders.

------
tzs
I'm not saying the following _does_ happen. It is rather an example of the
kind of thing that _could_ happen when an email provider uses the content of
your email to show you targeted ads:

1\. You are engaged in an email exchange concerning a sensitive topic.

2\. Your email provider targets you with an ad based on information associated
with that sensitive topic.

3\. You click that ad.

4\. The advertiser records your IP address. They know what ad campaign the ad
you clicked was part of, and what demographic they targeted it to. So, now
they know your IP address is associated with that demographic.

5\. The advertiser sells their IP demographic data.

6\. Others sell IP demographic data that ties your identity to the IP address.

Now someone who buys the right databases can end up knowing that there is a
good chance you (by name/address or email address) is likely in a demographic
associated with that sensitive topic.

The bottom line is that the data miners are very very clever. They can extract
amazing data out of seemingly innocuous data leaks. Clicking a targeted ad is
one such data leak.

~~~
devicenull
How is that different then if you click an ad while on a site about that
sensitive topic?

------
sofifonfek
it doesn't really help the point the author is trying to make that this post
is flawed, biased and laced with logical fallacies and FUD.

Let me point out a few things:

\- google says it analyzes gmail contents algorithmically, but do we really
know what they actually do ? \- email being made out of secure or insecure
protocols is irrelevant to gmail respecting privacy \- it is not about email
security, it's about privacy. \- secure email is not a myth, see gpg \- one
individual who could gain access to a mailbox is not the same order of
magnitude than a transnational corporation systematically going through
inboxes of milions of people. \- "Google becomes evil and steals all your
email to do X "is not on your list of plausible threats because it's worded
wrong, try "Google goes through all your email and adds it to the info they
have on you to build a very detailed profile of you and your life" which goes
on the confirmed list along with "people have been locked out of the gmail
accounts without a valid reason" \- Google is obviously about selling ads [1]
and has to maintain trust from their users for this to work, it does not mean
they have to respect people privacy, actually it even means the opposite, they
have to breach on people's privacy and make it look so it won't hurt their
users' trust. \- gmail has default https, sure, but only after a high profile
case of hacked gmail accounts made it to the medias. [2]

Lastly, about the advice to never use @gmail.com addresses, I wonder if using
our own domain would protect us from google having the abilty to lock us out
of our inbox.

[1] [http://www.zdnet.com/blog/bott/microsoft-apple-and-google-
wh...](http://www.zdnet.com/blog/bott/microsoft-apple-and-google-where-does-
the-money-come-from/4469) [2] <http://www.physorg.com/news182629293.html>

------
derrida
Google gives details of email accounts at the request of the US Government,
without much of a fight. Ask Jacob Appelbaum who had his entire email account
seized. Paranoia: justified. If that can happen to him, it can happen to all
of us.

Even if they get your email encrypted they still have a map of all of your
contacts.

You could run your own mail server, use PGP, disk encryption and suitably back
it up using something like rsync or git. The above probably takes about the
same time that the author took to write this article.

If you are concerned about contacts being traced there is Mixminion, an
anonymous remailer.

~~~
magicalist
you run that risk with any email account stored in a country where the
government has established that they can demand access for law enforcement or
national security reasons. that's...basically all of them.

that's great that you and that other guy can exchange encrypted email, but
every other one of your contacts that have no clue what you're talking about
can have their accounts accessed. see, again, Jacob Appelbaum, Birgitta
Jonsdottir, and Rop Gonggrijp.

------
greyman
I stopped using Gmail recently, but the primary reason wasn't that Google
algorithm reads my email.

I just finally realized, that by storing all my emails to some company server
is potentially dangerous to my privacy. I just don't know, who can potentially
access my data, now or in the future.

I switched to another solution, which is to periodically download my emails
through pop3s to my local truecrypt-ed drive. It is a slightly more work, but
not that much work. I just feel better not to have my private data with
Google.

~~~
ams6110
If your email is delivered to Google and you download it from there, they
still have a copy.

~~~
greyman
Yes, I know. I don't use Gmail anymore.

------
calbear81
This is so bad yet so typical of Microsoft (remember the funeral for the
iPhone?) where they come out with some stunt because they aren't winning in
the product category.

What bothers me most is that MS is trying to take this principled position on
the side of the consumer when I know they would be doing the EXACT SAME THING
if their ad platform and marketplace wasn't so far behind AdWords.

To my old colleagues at MS, please help stop these embarrassments from
happening.

------
klippper
I think this is more of a worry
[http://articles.cnn.com/2010-01-23/opinion/schneier.google.h...](http://articles.cnn.com/2010-01-23/opinion/schneier.google.hacking_1_chinese-
hackers-access-system-google?_s=PM:OPINION) patriot act backdoors. Of course
this affects all US companies, Microsoft included

------
Freestyler_3
I suggest that google places cameras in my house because it is possible to get
in my house anyway, But I suggest to build your own house in google country
and not rent it from google in case they turn evil.

------
nikcub
so you can trust Google with all of your email, all the time, forever, because
email is insecure in transit? nonsense.

------
pewfly
An honest question. From what I know Hotmail et. al. is free, so without ads
how do they (Microsoft) make money?

~~~
spacemanaki
Hotmail isn't ad-free, but I suppose they might not be targeted ads. I
genuinely have no idea if that's the case. Hotmail definitely isn't
Microsoft's bread and butter though.

------
yanw
A machine parsing text is not the equivalent of a human "reading" it, all
webmail services parse emails either to check for spelling errors or combat
spam, Gmail uses adsense as well which is a much less annoying ad system than
most.

The "reading" analogy is FUD employed by competitors to scare the uninformed,
HN community should know better.

~~~
icaci
No, sir, the "reading" analogy is not FUD at all. Reading e-mail or whatever
other text algorithmically has only one aim - to extract VALUABLE information.
It's the nature of the information extracted that defines its value. And the
more context this information defines, the more valuable it is. Spam filters
also "read" emails but they don't care if it is you or me that the e-mail is
directed to - the information they gather is not valuable. SMTP servers "read"
mail headers in order to route the message and pass blindly its content -
still no valuable information. But Google is building a highly specific
profile of you. It doesn't matter if they do that algorithmically or there is
a real person involved reading your mail. Google gains higly contextual
information (and the context is YOU) with every message you receive or send.
Their algorithms know more about you than you do yourself.

I don't mind if AdSense shows me ads for computers when I browse a computer
related site. I mind when AdSense shows me ads for computers on every site I
visit just because it have learned that it's me - the computers loving guy
that happens to have a Gmail account... That's intrusive and Microsoft nabbed
it right in their video. Btw, I don't like Microsoft too.

~~~
yanw
_Their algorithms know more about you than you do yourself._ There is your
FUD.

Also sender and recipient "identity" have central role in identifying spam.
Microsoft is building a profile about you as well and owns an ad network,
which makes their propaganda video hypocritical as well as deceitful.

~~~
icaci
Identifying spam does not require building a profile of your browsing and
communication habits, nor does it require information of what videos you watch
on YouTube. If I put a task on my schedule to buy v __ __a from the nearby
pharmacy, would that mean that I'd like to receive spam about it?

Habits is what we are. Habits make us predictable. There are habits that you
don't know you have or just refuse to accept that you have them. That's why
Google's algorithms know more about you than you do.

