
Ask HN: Gmail and trust/privacy---is it too late? - plg
I am still way of putting my email on Gmail, however almost all of my colleagues use gmail, google calendar, etc. It would make things easier if I were on it too. What&#x27;s the answer? Are we so &quot;beyond privacy&quot; that essentially, I&#x27;m fooling myself if I think putting my email somewhere else (fastmail) is accomplishing anything at all? It is too late?<p>(PS I just watched the Snowden film by Oliver Stone ... maybe that&#x27;s why I&#x27;m thinking in such a defeatist way about this)<p>but seriously, do we think it&#x27;s essentially too late? Should I just capitulate and make my life easier with my colleagues? After all if my email life involves correspondence mostly with people on Gmail already, then guess what ... my email is already on Gmail whether or not I use another service (fastmail)<p>Really interested in people&#x27;s thoughts on this in 2017.<p>PS I didn&#x27;t mind the Oliver Stone movie ... was expecting worse ... but let&#x27;s set that aside for a different thread ;)
======
moxious
Don't think about privacy as a vague emotional ideal, or as an all-or-nothing
proposition. Instead, think of it pragmatically, and make some trade-offs.

What do you need to keep private? Who do you need to keep it private from? The
tech infrastructure is making this challenging, so if the answer is
"everything from everyone" you are looking at not a very good set of options.
Even if you use a secure email provider, chances are you're sending emails to
people on gmail and Google gets a copy whether you use their service or not.

Don't capitulate, because that puts you in a situation where you'll likely
give up everything to anyone. There are many fall-back positions that are less
than "tinfoil hat" but that are much better than "My social security number is
posted on my Facebook feed".

In good security work usually you have a "threat model", or a set of scenarios
that you're trying to protect against. The internet is made to copy bits, so
not letting anybody see any of your bits is not a terribly realistic goal (if
you want to use the Internet) so you need to retreat to a position where you
will give up some things, but not others.

A way to think about a threat model for your privacy is -- is it OK for a
nasty ex to discover your home address? What are you comfortable with a
prospective employer knowing about you? What should your elderly aunt be able
to discover with a google search? I strongly suggest you don't adopt Edward
Snowden's threat model, because the NSA has a level of resources and tenacity
that should leave you properly feeling hopeless about this, and they're just
not a realistic attacker for you unless you are a very bad person or very high
profile.

It's a personal decision how much you're willing to trade, and which pieces of
information are valuable enough to you that you will go to extra lengths
personally (and possibly also inconvenience people you communicate with) in
order to protect that information. But there are clearly some kinds of
information that are worth those hassles.

~~~
plg
thank you, that's a very thoughtful answer

I'm curious: do you believe that if I use GMail, that the US (or other)
government still today mass-collects it (incl content, not just metadata), and
stores it for future analysis? I know there's a public narrative about it but
I'm asking for your opinion since you seem well informed about the issues.

I know what I think (I think they absolutely 100% do whatever they can get
away with)

~~~
moxious
Yes, I believe they do. But it's not as bad as people think; while they will
have your emails or at least likely will, people underestimate their signal /
noise problem. I think as often as they're doing horrible super spy stuff,
they're drowning in garbage and can't find what they need.

Excessive paranoia and Bay Area magical thinking will tend to claim that the
NSA can solve this problem by sprinkling magic "big data" sauce on it but it's
a really hard problem if you are them.

------
cauterized
If everyone you one uses gmail, then google already knows who emails you and
whom you email. And the contents of those emails.

~~~
plg
yes absolutely true ... so maybe it's over

