I don't see how the author makes the connection here.
How does searching for an art gallery on Google Maps translate into spam emails? Is he accusing Google of selling your email address and search information to spammers?
The tech companies just need to connect one little "key" and they've got the query. The cost of being wrong is low, so there is almost no Type II error. Every consumer website out there has some sort of bloatware / spyware tracking pixel or ad network or analytics pack. They record the headers, the fonts, etc. They make a statistical fingerprint that is very tight.
For the Google Maps example I can think of 10 different ways that the user profile leaked ranging from a single installed key logger (virus), to a toolbar, to his clicking on the website.
"But how could they know it is him or his email?"
There are tons of tricks they use. Just log onto a single social network, bam. There was also a time that you could put down a LinkedIn iFrame to have:
"Zach Aysan" has looked at your profile.
Sure the occasional hacker is smart enough to only install a select number of pluggins, and to watch downloaded programs very carefully, and to install HTTPS Everywhere, and to install an ad blocker, and Privacy Badger, and to reinstall the OS every couple months, etc. But there are tons of people running Windows XP which gets hacked so frequently you need to assume people on those systems have viruses.
My point is this: A discussion on whether Google is the one leaking information begs the question. It doesn't matter if it is Google or another party. The question is this:
"Is there a reasonable chance that a non-technical user will have his searches online leaked to a global network of advertisers and INT personal?"
The answer is a resounding yes. My parents were both programmers 30 years ago, and neither of them can trust the devices that they have to not phone home about them.
The guy is obviously talking out of his ass. Which is a shame because he's trying to make a good point.
I even remember seeing back in the day questions with valid answers on stackoverflow about how to get the email associated with a device without requesting the accounts permission, but some other close ones.
I also made the mistake of using a personal account with my first Android phone. I had zero spam on that account. 2 months later I was getting about 10 emails a day. (not targeted though since I didn't live in an very active area)
The basic pattern is: Get user to trigger re-targeting campaign, use re-targeted ads to read a tracking cookie or browser fingerprint from the user, use that to look up user info in your customer profile database you bought (or bought API access to) from a data broker, send targeted email, package up your new piece of customer profile data (Walter Kirn went to an art gallery in Hollywood) for later resale/trade.
The specifics for each step change all the time.
The author wrote this piece in a style where he defaults to paranoia in the face of all coincidences to mirror the subject matter so it was not an accusation. But this one is actually feasible.
Does Google Maps even embed display ads? I don't think there's any way to get a cookie, pixel, etc etc in there for just a query.
Often it's not even the same group doing all these steps either, there are opportunities to buy your way in and/or cash out partway through.
What probably happened is that Gmail was showing targeted ads based on his searching and he was shocked to see this in his email client, when in fact the two are joined.
It's a very minor point in a big article. I'm not sure it's worth reading too much into.
I can think of a few very expensive ways, but those are also ways in which Google is allowing erosion of their competitive advantage by allowing that information to leak. That, by the way, is why I don't feel particularly paranoid about Google sharing my information everywhere. Google is strongly incentivized to keep it closely guarded so other people can't monetize it in ways that cause Google to lose out.
Alternate theory: someone at AA sold an email list to a shady marketer.
Art galleries are not typically considered sensitive topics.
Or, more legally, the advertisers could be part of a specific email retargeting campaign where they give us your email addresses, and then we can establish the mapping in a more direct way.
Obviously there must have been more shading goings on in this case, but the principle is the same.
This helps solve the issue for advertisers using retargeting where cookies don't have a long shelf life. So they leverage 2nd party data sources to basically set those cookies again for them so they can continue retargeting.
They can also work with vendors to upload their hashed email lists from their CRMs and gain access to the relevant cookies in the pool to market to them.
Onboarding vendors like this tend to pay a CPM rate based on the number of matches they can make with their cookie pool, so really all that matters is that you have a massive number of people authenticating with email addresses.
Once you have the email addresses(see unshift's comment above) you upload them to Google and then target the addresses with specific ads.
If you visit non-Google websites, it's technically possible for people to discover relationships and target e-mails (e.g. if you entered your email address on website A and then visited website B, cookies can correlate the visits and, among other things, trigger e-mail; also malware and other privacy leakages), but Google does not use its information in the way alleged.
Disclaimer: I work for Google in privacy engineering, but I'm only speaking for myself based on information Google releases: https://privacy.google.com/#google-information.