Hacker News new | comments | show | ask | jobs | submit login
Google Will Stop Reading Your Emails for Gmail Ads (bloomberg.com)
903 points by ahiknsr 89 days ago | hide | past | web | 437 comments | favorite



I know I shouldn't be surprised, but it seems weird that the reporter nor any of the 140+ comments so far seemingly don't mention the recently published proposal for a new ePrivacy directive in the EU that will make it a lot harder for Google to scan e-mails in the first place.

https://www.reuters.com/article/us-eu-privacy-idUSKBN14U1FL https://www.theguardian.com/technology/2017/jan/10/whatsapp-... http://www.kemplittle.com/site/articles/kl_bytes/the-draft-e...


That directive might be related to what's happening.

But let's not be naive: if Google will stop reading our emails in order to send us personalized ads, that's because it doesn't really need to. People share just enough outside their email environment for Google to do its thing. Another sign of which those worrying about privacy should be aware.


Exactly. Google already knows a shit ton about you, and given how data driven they are, I guarantee they came to the conclusion that they would still be able to show highly targeted ads with little or no loss in revenue or click-through-rates rates. Heck, dollars to donuts they've already A/B tested the shit out of it to reach this conclusion.


Or they're willing to take a loss on the ads -- which frankly don't make much money -- to go after the far more lucrative corporate emailing/calendaring market. The pricing is $5/$10/$higher per user-month, so walking away from an ads business that may possibly (but I doubt it) be earning hundreds of millions to avoid a cloud over your sales process for the aforementioned multi-billion dollar business seems like a solid trade.


When you say ads don't make much money, are you talking about from business users? 2Q 2016 $19 billion of Alphabet's $21 billion in revenue came from ads, so that seems like a strange statement.


The total advertising figure is irrelevant, most of their revenue comes from Search advertising where users are proactively in the context of seeking specific information at the point where relevant ads are most lucrative.

The only revenue being sacrificed is being able to deliver less contextual ads in gmail, they still know a lot about you so they'll still be targeted ads so their sacrificing marginal contextual targeting vs peace of mind in a large corporate market which are hesitant to use Google's G-Suite products because of their concerns that their emails are being scanned.

Google is smart, if they're doing this it's because they've calculated the increase potential in G-Suite revenue is more than the marginal loss in less contextually specific ads in gmail. Other factors that play a role in the decision is better branding in that Google is no longer spying in your private conversations to sell you targeted ads and the mitigation of potential lawsuits.


The title of this page:

   	Google Will Stop Reading Your Emails for Gmail Ads


If they want me to use gmail for corporate email they better invest some effort in some UI & usability redesign.


Or maybe they could improve IMAP availability until it is only a few orders of magnitude worse than my local ISP (or the previous one, or all the IT departments I've dealt with this millennium...)


Huh? I use GMail via IMAP and I can't think of any time I've had problems. Am I just not noticing them?


They did.

Your mileage might vary but for me inbox is by far the most productive way to handle my e-mail.


and memory consumption. I'm always amazed that gmail.com uses so much memory if you leave it open for a few days.


Google has never shown any Sponsored Gmail ads to Google Apps users (the corporate users you're talking about). There is no Promotions tab, which is where these advertisements are inserted for personal GMail users.


> so walking away from an ads business that may possibly (but I doubt it) be earning hundreds of millions

They are making billions from ads, just look their annual report.


Sorry if this is obvious but I went to focus on revenue per user per year.

In other words, how much is it worth to fight the perception that gmail is somehow less secure than office 365 because ads (others have pointed out Google apps for business users don't see ads in their work gmail).

I somehow doubt that gmail ads are worth even remotely close to $120 (12 months * $10 per month) per user per year.

In other news: How much is a user worth per year to Google? Assuming not all users are the same, is there a way to predict his much revenue a user can bring for Google?


The competitor for Office 365 is GSuite, not Gmail. People that were previously shown ads based on email content are not going to start paying for Gmail.


> Ads will continue to appear inside the free version of Gmail, as promoted messages. But instead of scanning a user’s email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube.


Or, maybe: the extra information gleaned from reading your emails is just not that valuable. Not because they have this via other means, but its just not that valuable, period - whether it comes from reading emails or scrutinizing your browser history. We like to imagine that if advertisers knew enough about us, they'd be able to direct our spending, but I think that is far from true.


I'm pretty sure scrutinizing your browser history is still extremely valuable. But I find it quite plausible that email in particular has lost value as marketing information.

People still use email for all kinds of business, of course. But their day-to-day personal activities, the kind that marketers care about ("I've taken up kayaking!", "I'm pregnant!") don't usually show up in emails any more, they get posted on social media.


This makes sense. Possibly the value of increased corporate sales of G Suite is worth more than the loss of the information gained from reading diminishing numbers of personal emails, as people turn more and more to social media and phone apps for personal communication.


We like to imagine that if advertisers knew enough about us, they'd be able to direct our spending.

Speak for yourself, I don't like to imagine that at all.


The corporate profile they have on the company I work for must go into unthinkable detail. If they were announcing no tracking for work accounts across their entire suite of products, this would be a big deal.

As it is, they're presumably still reading our gdocs, address books, calendars, hangouts, search histories and broswing histories, and geolocations/third party app usage for all the android users. Email data is white noise compared to this.

I'd wonder how IT could be so stupid to put up with this if Microsoft hadn't also made pervasive surveillance mandatory.


> We like to imagine that if advertisers knew enough about us, they'd be able to direct our spending, but I think that is far from true.

So you haven't worked in an industry where you had that data and tried it then? In my experience you are completely, utterly wrong.


If people worry about passing email content to Google for privacy reasons, why use gmail? Seriously.


I believe the concern is everyone else using gmail compromising your privacy.


Yeah it's all inevitable and we are just powerless peons in the face of the purely efficient and all knowing machine.

That's certainly the bullshit narrative Google wants you to believe.


They explain everything in the TOS you agree to when starting a free account. It's not exactly shocking that they mine your data in exchange.


Google tracks you even if you do not have an acccount. There is not practical way to opt out.

I disagree with the TOS but we use their services at work. What am I supposed to do? Quit my job?

Even with ads blocked and cookies disabled, so much JavaScript is served by them, they can infer my browsing habits anyway, and I can't count the number of times I've had to rip 8.8.8.8 out of DNS settings in the last year.

How exactly does this constitute a choice to share my private information with them, and what thing that I want am I getting in exchange, exactly?


And the 11 people out of 200 million users that read the TOS are indeed not shocked.


The industry at large and Apple in particular is coming at them from the other direction preferring premium, furthering ad blockers and offering better privacy defaults (iOS 11). Elon Musk has gone so far as to allude that Google is the only AI company that worries him[1].

And so it goes. Coupled with AI and the amount of data they are able to feed into the AI engines, I am guessing this won't regress their ad targeting.

They have also managed to supplant it with other avenues. Google Travel, Google Calendar and other apps have explicit permission to read your email, Google serves email images off their own servers which gives them a tracking beacon and behavioural data across cohorts. All this adds a level of indirection but still gives them access to behavioural data and user intent.

[1] http://www.androidauthority.com/elon-musk-on-ai-696198/


Agreed. The Google Ad Machine will never stop running. But, I think they will diversify their revenue streams in the coming years. Forces outside of Google's control such as governments and competition will begin to push back on the "all you can eat buffet" of personal data that Google has enjoyed in the past years.

Based on the numbers in the article like doubling their "large business" user base in the past year, I think Diane Greene will lead them to generating huge revenue in the Enterprise sector. Also, I think freemium versions of Google software, directed at consumers, will be increasingly popular in the future.


Apple does seem to be paying more than lip service to privacy. Are there any other examples?

Microsoft's "premium" push is actually moving toward more invasive surveillance.

They've been ramping up the marketing doublespeak about their "telemetry" in the last 12 months. Maybe that is a sign they'll back off sometime soon, but so far, it's "Full steam ahead, users be damned."


Wouldn't Google be able to largely mitigate the effects of that if they wanted to by making it so accounts that do not consent to the scanning get smaller mailboxes or do not get spam filtering or something like that? I'd expect that would get most of its users to consent.


They could but is it worth it?

I suspect the scanning of emails hasn't yielded the personalization once hoped. And the bad publicity outweighs any future potential.


I just think the dollars aren't there: (1) email itself is fading vs text and various social media and (2) 98% of the population reads 98% of their email through the generic mail app on their phones that doesn't display Google's ads anyway.


Name one free, popular, profitable, large scale service that offers limited capacity on their offering. Very very few. You offer unlimited and you charge for increased value or you monetize with ads. Freemium is mostly dead.


Google doesn't offer unlimited data storage. 15GB to start and more can be purchased.


You're right. And my reponse is weak. But.... That's really meant to discourage those "power" users (like me) from abusing and leaving big stuff in there, I think. It's not meant to encourage most people to pay.


The storage offering was way way less than that when everyone here signed up, though it was still vastly greater than anything anyone else offered if memory serves.


Vastly indeed. There were even (one or two) pseudo-filesystems which used a Gmail account as a backend, because, hey, a free gigabyte!

I vaguely remember Google had to put their foot down to disallow such use, that's how popular those filesystems became.

https://en.wikipedia.org/wiki/GmailFS


Agreed. I sort of figure that increase is due to bandwidth inflation and decreasing unit costs.


I thought freemium _was_ charging for increased value.


I think the freemium model discussed here is severely limiting your product and it's value for non-paying customers in order to get them to pay up.

One of the most powerful advantages of Gmail vs the competition is it's superbly powerful spam filtering and search features - I doubt it's worth losing that powerful image in order to get a few more users to pay up.

Just like the biggest advantage and product feature ProtonMail has is privacy and encryption - it would be a bad product decision to remove encryption from all free customers in order to get them to pay up.

The alternative is to offer a fully functional free* model that focuses on your strength, and charge customers for extra - extremely useful and important, but non product essential - features.

* Some would argue that Google's model is not free, as you are paying for it with your data, but that is a different discussion and outside the scope here.


I never understood the argument that some automatic scanning for keywords is like "reading" your mail. By that same logic isn't Gmail's spam filter still "reading" your mail? It is classifying your mail based on content after all...


It's like my accountant reading my receipts to create my tax return versus a sleazy salesman sneaking a peek at them to find new ways to sell me stuff.


It's more like your accountant preparing your tax return for free in exchange for aggregating data about your receipts and offering you goods and services you may be interested in.


Let's split the difference. It's like your accountant preparing your tax return in exchange for using that tax return to develop a model of your spending habits. The value of this model is more than the cost of them doing your tax returns, and in fact is such that if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit, and the tax prep service would still exist.


> if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit, and the tax prep service would still exist.

Economies of scale; the market for that data would not exist if individuals collected it themselves to sell. Hence would break down.

Phrased another way; this data about 1 person is relatively valueless.

(I like the rest of your example BTW; just disagree with your conclusion)


> The value of this model is more than the cost of them doing your tax returns

It's likely the value Google got out of scanning your email wasn't worth that much in terms of modelling profiles for ads.

Probably because having both your search history and "anonymized" Google analytics, plus the sea of data that comes from owning Android is more than enough data that Google/Doubleclick needs.

From a purely capitalist perspective I'd bet the utility of them scraping this data no longer outweighs the privacy costs.

But at the same time Google is still scanning attachments for child porn and likely other data out of national security interests. And they still can access your data on a case-by-case basis which from a FISA perspective is a rubber-stamp away from accessing your data from 2 hops away from someone who may or may not have done something bad.

I personally will not weigh using Google vs any other email service in terms of privacy any different after this measure. But I still appreciate their efforts to reduce the "standard pratice" nature of scanning private email. If I do use anything Google-related I will not associate my personal identity in any way with the service, which is still requirement for Google play.

You can still use a fake gmail account and prepaid Google gift cards bought with cash to disassociate your identity from using the service. Although that's still well beyond the investment the majority of people are willing to make.

Regardless privacy comes at a cost these days. Good OPSEC > trusting cloud services privacy policy. You can either not use the services or invest in protecting your data when using them.

I will still cheer on Google's efforts to make those of us who care about privacy live's easier. I'm not naive enough to ignore how their business model works but that doesn't mean they always have to take the easy route and hand everything over without considering the costs - as many ISP/Telecom companies seem to do.


Eh? That assumption of "not associating my personal identity" doesn't actually work. Your profile IS your personal identity, and can be associated trivially. If not algorithmically, then via one connecting piece of information supplied by various databases and no such agencies. You're living in a dream.


> Your profile IS your personal identity, and can be associated trivially.

I'm hardly new to his stuff and to say it's trivial is nonsense. Most people make it trivial but it's not trivial to associate identities of people who put basic effort into obscuring them.

Merely disconnecting your primary profiles from your online activity is enough to throw most mass-surveillance/drag-net stuff off, aka 99.9% of advertising firms and most government programs.

If you're an activist or someone interested in keeping your internet activity private then the bar is far higher (and the targets of which are ever expanding as governments and private organizations get better at this stuff). FBI agents, or likewise in your country of residence, have plenty of forensic tools at their disposal to connect disparate identities. It takes some real time investment and requires being super careful to evade these measures. But I'm not talking about that here. I mean the average person in 2017.

I've personally done the total anonymity stuff as an experiment so I know what that takes.

Having studied many documents from the various global national security organizations and being fortunate to have dated a defense attorney in the past who engaged with police surveillance reports on a daily basis for their work I'm convinced that even basic privacy measures such as never using your real identity when using internet services, creating full legitimate sounding backstories (and subsequent online profiles) for your fake identity, and changing the ID you use often enough will throw off most basic surveillance measures.

I'm not doing anything to get people really invested in uncovering my online identities, as most people aren't, which is what I'm talking about.

The simple fact is the vast, vast majority of people reuse the same username (and passwords) across the internet and use their real name and emails everywhere. So it's really not hard to track people online from an LEO or 4chan doxxing perspective.

But I'm not convinced you have to be isolated from the utility of most online (cloud) services. You just have to invest in using them intelligently to not associate your actual identity with the services.

Ad companies aren't interested in deanonymizing people anyway. They are looking for low hanging fruit and there are more than enough people to fill databases who fit this profile. So I'm not that concerned about those who don't.


It's not trivial to match any arbitrary profile with an offline identity, but it is possible to cluster pseudonymous profiles into "almost certainly the same individual" by patterns and peculiarities in how they use their devices. If the same patterns later show up for an identified user, they can be linked with high probability.

With the sites Google runs plus running their own JavaScript on a sizable fraction of other people's web pages, they can pick up a lot of patterns, many of which would be inaccessible to police and intelligence surveillance.

Some people have nervous habits like moving the mouse around, clicking/tapping on whitespace, scrolling up and down, etc. Some always/never use the scrollbar. Some always/never open links in new tabs. Some tend to put the adjective before/after the noun in their searches. Some will rapidly open up the first 5 search results in new tabs. Some always disable instant search, and some of those change their settings to 20 or 50 or 100 results. Some use search features like the calculator, searching for "weather", stock symbols, etc, and others never do.


> Ad companies aren't interested in deanonymizing people anyway.

Seems to me that there is a huge monetary aspect to matching online activity with real identity.

"deanonymizing" is trivial but ad tech is poison to any level of "privacy", filter bubbles and fake news propagation.


I disagree with you, but from the perspective that my email contains the history of every transaction I have ever made, all of the newsletters I sign up to, and, for another 3 days, ~50% of my conversations, since I do a good chunk of my communicating over gChat.

Consumer preferences change over time, so google is far more interested in the thing I bought yesterday than the thing I bought 4 months ago, so being able to read my emails is still a current interest of theirs.


Amazon's receipt emails stopped including an itemized breakdown. Perhaps this is for customer privacy or perhaps so Google can no longer scrape Gmail users' purchase histories.


True, but seeing as I often order one thing or two at a time, the email subject line from Amazon still gives away the goods


> if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit

Hmm. Could you sell it on the open market? If so--if the margins for the ad-supported model like Google's are in fact as big as they appear--why isn't there a Google competitor who provides exactly the service you describe: some kind of opt-in system where they collect data (via, say, a browser extension), sell it to advertisers, and pay you a cut?

One generic answer to "why does the market not offer [some seemingly reasonable thing]" is inefficiency: maybe there's some cartel system at work where all major advertisers are hoarding the revenue for themselves. But I find that pretty unconvincing, since the whole market _seems_ to be otherwise quite competitive, and with low barriers to entry.

Perhaps a more likely theory is that if you were to offer a "we pay you for personal data" competitor, you'd face massive fraud--a la click fraud--in which attackers would pretend to be real users in order to get paid for searching (or whatever), and that the subsequent need for identity verification would become so burdensome as to eat away any profits.

Anyway, an interesting thought exercise, but I think one can broadly conclude that either:

1. There are real obstacles to paying people the "fair" price for their data, such that the current system is in fact fairer than it appears. 2. The entire market is unfair due to a cartel or similar (though like I said, I find this fairly unconvincing). 3. This is a great idea and you're the first to have it, so you should start a company that does exactly this. ;)

No?


> Could you sell it on the open market?

surely the profit would be too small to fool anyone


Take a look at Basic Attention Token and the Brave browser.


Interesting. How do they protect against clickfraud, though? Paying the user seems to me (somewhat naively, because I'm not super familiar with clickfraud) to increase the incentive for abuse, since you don't have to run a malicious website to do it.

One of the obvious advantages of the Gmail model seems to me to be that free email is less fungible than cash, though of course abusers resort to spamming and other practices to monetize the resource.


I think this EXACT thing is what Credit Karma is doing with free tax returns:

https://www.creditkarma.com/tax


...Are you aware it would be quite a worthy idea, offering an accountant in exchange of business data?


No way that's true. The data is not worth as much as the eyeball on the ad itself.


gmail can still advertise to me in the hypothetical scenario above, but if they want to do so in a targeted way, they would have to buy my data from me first.


I'm sorry, I'm from Slashdot. Can you write this in the form of a car analogy?


> and offering you goods and services you may be interested in.

Sounds like a sleazy salesman to me.


> offering you goods and services you may be interested in

The thing is: never, not even once, has Google offered me an ad with goods and services I was interested in.


ok, maybe Gmail ads have been irrelevant to you. but surely you've done a google search and been presented with interesting goods and services?!?!


Anecdata: in the past 5 years or so the number of relevant or interesting search ads Google has shown me can be counted with one hand.

- If I'm searching for technical documentation, I couldn't care less about all the random consultancies or shitty-SaaS-of-the-day trash that populate the ad slot(s).

- If I'm looking for technical details on a piece of malware or vulnerability research, the last thing I want to see on the page is a goddamn AV junkware full-frontal.

- If I'm searching for details on some car models ... why the fk is google shoving insurance ads on my screen real estate?

And so on. As far as I'm concerned, online advertising is a stripmined toxic dump. Only the shittiest swindlers and shadiest extortion artists remain.


>- If I'm searching for details on some car models ... why the fk is google shoving insurance ads on my screen real estate? //

Brand marketing. It may not work on you, but it works in general.

Personally I consider myself pretty imune to marketing but when you think "who else should I check to switch my car insurance to" then that brand is going to pop up if it's been fed to your brain enough. Indeed when you're looking at a list of similar offers the one that's associated with a name you already know will seem somehow more trustsworthy, it's an insidious finagling of a brand in to your brain drip by drip. Why do they do it? It works.


The only times I clicked on those was:

1. the site was actually what I typed in the address but forgot to add .com etc

2. by accident


Here's a real life example. It's like Credit Karma who prepares your tax return for free, but then uses the info to help target you for ads on credit cards, loans, etc.

[this is exactly happening]


If its about offering me goods and services that I may be interested in, then ad blocking is a useful feature for both me and the advertiser. If I am not interested in any goods or services then no offering or aggregation is needed.

On the other hand, if its about offering me good and services which other companies want me to become interested in, then we have a different deal going on.


It's more like your accountant preparing your tax return for free in exchange for aggregating data about your receipts and offering you goods and services you may be interested in.

Hmm. I could actually see that working, as a spinoff of concierge services offered by companies like American Express.


can your accountant prepare your taxes without looking at your receipts? no. can webmail provider provide you email service without asking your emails? sure he can


how about:

my accountant preparing my tax return for free in exchange for... inviting ...a sleazy salesman [to] sneak a peek at them and find new ways to sell me stuff.


That's not very accurate. It's more like:

Your accountant prepares your tax return for free. They also have a lot of boxes of flyers provided to them by people who want to sell things. After preparing your tax return, they use their knowledge of your return to choose which flyer to put into the envelope. They then send that envelope back to you, and when you open it to read your tax return, there's a flyer for something else paperclipped to the front with a note saying "Thought you might find this interesting."

(In particular, the accountant is only one who sees the information in your tax return.)


Unfortunately for you the accountant uses an insecure lock on the office door.


if you accountant was a computer.

We have to stop this madness of thinking that "John READS my diary" means the same thing as "The function fread() READS nitems objects". Those don't mean the same thing except in a metaphorical sense. It's insane.


It's not about who reads it, it's about who has access. If a system has access to read my email as plain text, it means anyone who owns or can get access to that system can read my email.

Some one wrote fread, it could've been john, and john absolutely could be reading your email. Look at the what happened with ubers god mode.

That said the value of gmail for me exceeds the risk of people I care about reading my email getting access or having access. However my(and probably your) subjective view on the value of your emails is absolutely subjective.


Of course access is the important thing.

But then again, in the context of the story, it doesn't change anything. Google still has access to your email. That it is not "reading" for the purpose of ads is just a minor thing that doesn't impact your privacy/security in any way (in the terms that you are describing).


Probably easier to hack any other mail provider than hack into Google and own it so badly as to being able to read emails in plaintext.


Madness? - remember not long ago when unroll.me was selling your email data to Uber?


yeah, that's a horrible thing. But again, not the same thing as me reading your journal. I'm just claiming that you shouldn't mix those two things.


why does it matter? Google has access to read my email, and if they want (or are pushed to), they can single me out and then go and read them. Sure, 9/10 times it's a bot reading my emails, but there's nothing stopping them from doing it.


it matters exactly because of what you are saying.

You do have protections against someone reading your email at Google. Both from a expectation of privacy, but also from a company perspective. You also do have some non-expectation of privacy (if, for example, the US government wants to read your google email, they can ask for it and they eventually will).

The day someone with a brain and an opinion on Kim Kardashian at Google reads your email, there is a HUGE difference from when Google is "reading" your email for ads/spam/spelling/whatever.

You don't want to blur that line being wishywashy with language. You want to know that difference. The fact that it could happen is why you need that clear separation between "machine reading" and "a person reading".


> You do have protections against someone reading your email at Google.

And those protections are bullshit.

I have no guarantee that they are not reading my email. If a bot has access, a person has access, and people abuse their access all the time.

In fact, there have been cases of googlers reading peoples email. And I'm not blurring any line, I'm stating: Gmail can, has been, and will be abused. To pretend that is not the case is, frankly, naive.


I know this is cold comfort, but every single production data access is audited at Google, and that's after one signs more NDAs than you can shake a stick at to even get logs access in the first place. Each incident, with David Barksdale being the worst, has made them lock down logs, PII, and production access at a level unprecedented of any I've seen (including HIPAA shops).

You're correct that the possibility exists, but any Googler inhales heavily and makes sure their paperwork is in order before accessing prod. The warnings that are displayed are not unlike those when you're removing a nuclear core on a starship. It's scary. They want it that way. You need a damned good reason to even look at subject lines in the inbox (like fixing a bug involving subject line rendering that only appears with a user's specific subject line, for instance), and clicking a message is almost certainly a walk. Like, within the day.

They do take this seriously. I wouldn't call it bullshit. The protections I observed were in place before Snowden, so I imagine it's even more rigorous now.


I'm sure they have a lot of checks, but that doesn't really matter if:

A) they can be bypassed, as they have been in the past

B) they can be compelled to hand that data elsewhere

So I'm calling bullshit. Until it's impossible for them to look at my data, then they aren't taking it seriously.


You're calling bullshit on what, exactly? I'm providing you perspective on the very thing you're hypothesizing about from firsthand experience.

What is your technical solution for operating Gmail without any Googler having the ability to access some aspect of your data? It's email on the Web. Handling that e2e is pretty much intractable, and cleartext or nearly-cleartext with online keys has to exist somewhere even without the Googley things they do to data. I might posit that building a functional service with that requirement would be impossible for the Gmail case and many others (but I'm ready to be proven wrong).


>> They do take this seriously. I wouldn't call it bullshit. > You're calling bullshit on what, exactly?

really? your firsthand experience is nice, but your ignoring that those methods don't work.

> What is your technical solution for operating Gmail without any Googler having the ability to access some aspect of your data?

They can use any of the current zero-knowledge encryption methods. This isn't anything new and has been around for a long time. There's no need for Google to have those keys.

Encryption isn't a new problem for email, it's already a thing.


what's the use case you are worried about? Tell me a story. Who is accessing your date, for which purpose, when, how much, etc... and explain how Gmail is a bad solution because Google "can read it".

Yes, Google does not offer you protection against the Government. That is a true statement. But that doesn't mean that it's all or none. There are so many privacy rights before "a warrant request". And news flash, unless you are extremely good at securing your own mail server, even then you are not protected against a warrant.

Those checks are not bullshit. Every single security system "can be bypassed".


The use case is pretty obvious by now: people trying to manipulate me (ads), overreaching government intrusion, and invasions of privacy.

I never said that Google just sends everything over to them, but they can come and access my data without me ever knowing, and that's a problem. Just because there are (imo broken) checks in place does nothing to negate that fact.

Those checks are provably bullshit by the previous breaches. If they weren't bullshit, there would never have been breaches.


as I said, government intrusion can't be defended as is. Name one web technology that is government intrusion proof. Fuck that. Name on technology that is so. Air gapping isn't. Granted, air gapping allows you to at least know about it. But that's that.

"invasions of privacy" is not a use case. Give me details. By whom? Your partner? Your coworker? 4chan? Your mayor? Russia? What information are they getting from you? Why? It's very likely that whatever use case you come up with, you are better defended with 2auth gmail than with whatever other solution.

That's a problem with the web. In 15 years, and not counting legal government requests, there were what? 3 cases of email data breaches that were caught? 5? That's your "provably bullshit"? What do you use on your life that has a lower failure rate than this?


> as I said, government intrusion can't be defended as is.

yes it can. zero-knowledge encryption is already a thing.

> Name one web technology that is government intrusion proof.

Apparently the iPhone is. pgp encryption is another one. I'd suggest brushing up on basic security before saying things like that.

> "invasions of privacy" is not a use case.

Why not?

> By whom?

By anyone that I don't authorize. Sure, that could be my partner, coworker, any government authority, etc.

> What information are they getting from you?

Are you serious? If you don't even understand that threat model, then again, I'd suggest looking in basic security models.

> you are better defended with 2auth gmail

2auth gmail is orthogonal to the issue. That's an security method. Currently Google does that but still can grant access to anyone they want. That's a problem that 2auth doesn't address.

> not counting legal government requests

Why not? Why remove a legitimate security issue from the discussion?

> 3 cases of email data breaches that were caught

I have no idea how many have been caught, once again, that's orthogonal to the issue. How many examples doesn't matter. It's that they do have access and can do it whenever they want.

> What do you use on your life that has a lower failure rate than this?

That's a completely illogical argument. "We shouldn't ensure privacy/security because other things in life fail more often" makes no sense.


> Apparently the iPhone is

If you are referring to the San Bernardino phone thingy, the FBI withdrew the request exactly because they did access the phone by themselves. It just cost more money.

> pgp encryption is another one

lol. Isn't there tons of reports claiming that PGP leaks too much metadata? And that the NSA is collecting those? And that there's no reasonable way to use PGP without leaking those (like hidden-sender whatever).

> > "invasions of privacy" is not a use case. > Why not?

Because I want specifics. Just saying someone "invaded your privacy" doesn't tell me anything. Tell me a full story: entity X did Y to know Z from W. And show me how using gmail made W more unsafe on that case. And what I'm trying to tell you, is that there are two cases:

- legal government related. In which case Google can't (and won't) protect you. It's a fair claim. If you are doing something that the US government wants to know about, don't use gmail. But most things won't protect you from that anyway. Ask Dread Pirate Roberts about it. :)

- non-government related. In which case you are better protected with gmail than most things you can reasonably do. Ask Hillary Clinton. :)

> That's a completely illogical argument. "We shouldn't ensure privacy/security because other things in life fail more often" makes no sense.

Where did I say we shouldn't ensure privacy/security? What I'm refuting is your claim that "it's bullshit because it failed once". Gmail does a better job than most other things. Most things in your life fail more often than that. And most things don't evolve security/privacy wise as well as gmail does.


> the FBI withdrew the request exactly because they did access the phone by themselves

As far as I saw, that was just speculation. Any source on that? I'm inclined to believe it, but if true: why do they want the encryption removed rather than just snooping that data on the sly? It's better if your victims think they are secure.

> lol. Isn't there tons of reports claiming that PGP leaks too much metadata? And that the NSA is collecting those? And that there's no reasonable way to use PGP without leaking those (like hidden-sender whatever).

Possibly. But if so, I haven't seen them. Sources please.

While meta-data is absolutely useful, contents are even more useful. Just because something has one security issue doens't mean that we should give up security altogether.

> Because I want specifics

What specifics? Do you want me to make up a story about how someone could use information to attack someone else? or to use existing examples: http://www.cnn.com/2013/10/04/world/americas/silk-road-ross-... https://cpj.org/blog/2017/06/how-surveillance-trolls-and-fea... These are just 2 examples I pulled from a 5 minute search.

This isn't anything new. Having access to communication is pretty much the basis for espionage. If you don't see how that applies.... I'm not sure I can help you.

> legal government related. In which case Google can't (and won't) protect you

That's my point. They can protect you, they choose not to. Zero-knowledge encryption is still a thing. Just because Google doesn't use it doesn't mean it's not possible.

> non-government related. In which case you are better protected with gmail than most things you can reasonably do. Ask Hillary Clinton. :)

Only if Google can't access that data. If they can, it's much easier to bypass encryption and just ask Google to hand it over. Google can solve this problem but chooses not to.

> Where did I say we shouldn't ensure privacy/security?

When you say that gmail should be trusted. There are clear privacy/security holes with their model that you are ignoring. That's what this whole discussion is about.

> What I'm refuting is your claim that "it's bullshit because it failed once"

A) It didn't just fail once.

B) Failing just once proves that the system is not secure, and needs to be fixed. Failing multiple times from the same attack vector proves that they aren't taking security/privacy seriously, because they won't fix the root problem.

> Most things in your life fail more often than that

... so? Whether thing A fails more often than thing B has no bearing on whether thing B can and will fail.


I don't understand why seeing an ad is so bad. So a sleazy salesman is more annoying because they are in your way. But if you're going to see ads anyway, I'd rather they be relevant!! Can soemone explain why given that there will be ads either way they actually prefer irrelevant ads?


Here's why I prefer irrelevant ads:

1. Targeted ads catch my attention better. Frequently I don't even notice or remember irrelevant adds.

2. Targeted ads are almost always, SEOed (if you will) to me; that is, they seem relevant, they offer the solution needed to fix the precise problem I'm discussing in the email chain, I click, I read, I would buy, but I realize that the product offered is nothing like what I've been reading about on the landing page.

3. Targeted adds are much more effective at convincing me to spend money on stuff or services that I could have lived without.

Sure, I should toughen up mentally against ads, but until I do, I protect myself from ads that will manipulate me and one way to do that is to prefer irrelevant ads when I need to see them.


I'm curious how you make a living and whether the business you're in relies on advertising to sustain itself. Perhaps I'm reading too much into your post, but I detect a value judgment that businesses trying to be businesses (i.e., selling you stuff) is a bad thing.


It's a bad thing if the business with the biggest advertisement budget wins, rather than the business with the best (or most fitting) product.


Relevant ad is euphemism for "ad that makes you buy stuff you would happily not own otherwise". Since ads in general work (they make people buy more or different stuff) and you can not objectively evaluate whether you was influenced by ads, it is rational to avoid them.

Practically, once add service knows I am women, it insist on showing me ads for menstruation cups everywhere I browse. I also find juxtaposition of baby accessories and relaxation bullshit on metal, programming or games site mood killing. When they know less about me, I actually get less weird more neutral less crappy ads.


>Relevant ad is euphemism for "ad that makes you buy stuff you would happily not own otherwise". Since ads in general work (they make people buy more or different stuff) and you can not objectively evaluate whether you was influenced by ads, it is rational to avoid them.

Umm - you should avoid getting information because it might influence you to buy things ? There's nothing wrong with what you said, in an ideal world ads would be just that - informing the customer about your product - and influencing their decisions with information. The psychological marketing tricks to make a thing more attractive is also a value add.

Problem is it's easy to be misleading, create disinformation and it can be very profitable - that's what leads to shitty borderline fraudulent ads we have.


Umm - you should avoid getting information because it might influence you to buy things?

UMMMMMMmmmmm - yes?

Obviously?

If you wouldn't let a salesperson barge into your house, interrupt your reading to try and convince you to get discount eye surgery, why would you let that happen in visual form?

in an ideal world ads would be just that - informing the customer about your product

This is not anything like an 'ideal' world. One human has such limited attention, that you could spend every second of your lifetime attending to a different product and do nothing else, and you still wouldn't cover them all. And companies still wouldn't be happy with this ridiculous limit case, they'd still want a greater share of your attention and wallet. You, us, individually, mean nothing except a source of coins.

If we want to mean anything to ourselves, defence against the dark arts is necessary.

The psychological marketing tricks to make a thing more attractive is also a value add.

The psychological marketing tricks to make a thing more attractive is abusive and parasitic. Ideal brains would search for what they need, and buy the most fitting thing. Human brains which can be manipulated are a weakness we all share - and we should all be kind enough not to abuse this fact of each other any more than we have to.


>Ideal brains would search for what they need, and buy the most fitting thing.

That's not really how things work - there are certain things you need to accomplish other things where your reasoning partially applies but even then it's debatable. But then there are things you do for pleasure - and how you value those things can be completely separate from their physical properties.

For example there was a study[1] where they gave people 5 vine samples, a cheap wine with 5$ price tag, same wine with a 45$ price tag, 90$ vine and the same 90$ vine with a 10$ label, and a correctly labeled 35$ vine. They found that reported enjoyment and measured fMRI activity went up with price even for same vine. Plenty of similar studies that show similar effects for branding, etc. So these things actually create value even if they don't physically change the product - you end up enjoying it more and it's purpose is your enjoyment.

I mean most of the high end stuff ends up being blowing smoke up your ass to make you feel good about paying 2-10x markup, even when the quality is superior they bundle the bullshit and inflate the price extra because they know you'll pay.

[1] http://news.stanford.edu/pr/2008/pr-wine-011608.html


They are not creating value. They just mislead.


Ads are not information. They are not factual. Psychological marketing does add at value to me, just like being manipulated in person does not add value to me.


Like I responded below, psychological marketing effects like branding, exclusivity, etc. have been shown to increase peoples enjoyment of products in multiple studies.

Being manipulated can also add measurable value to you. For example if a doctor gave you a sugar pill for some condition and the placebo effect helped you get better - would you say that it added no value just because the sugar pill physically did nothing ?


> I'd rather they be relevant

Corollary: if you can't show a relevant ad, HOW ABOUT NOT SHOWING AN IRRELEVANT AT ALL?


Actually, it is not a corollary.


Would you prefer the party trying to trick you into buying crap you don't need to have more or less information about you?


> I don't understand why seeing an ad is so bad.

Ads are an insidious and highly effective form of psychological warfare. They play on human fears, insecurities, neuroses and instinctual weaknesses in order to part people from their hard-earned time and resources.

You might say the ads just bring their attention to needs they didn't know they had. I would say the opposite, that they create needs where there none existed to begin with.


Why try to pretend Google is nice to you? If their spam filter gathers the most relevant words and keep them stored for admins to look for the sake of tuning or whatever and maybe the admin also works in the ad department, perhaps checking on your email isn't for ad targeting.

You need to give up on your content the day you started using gmail, no matter what the TOS says.


The spam filter is for my benefit, but scanning for ad keywords is designed to benefit someone else, not me.


To play Devil's advocate, the ads benefit you because they make Gmail free.


What about people not using gmail but sending email to a gmail users? Those don't gain anything here.

I actually host my own email but every time I send a message to somebody using one of these webmails it gets indexed and monetized.

But I would argue that it's a technical problem first and foremost, email security is mostly a joke. If I need to send sensitive things through emails I can always use PGP to actually protect it, instead of relying on the goodwill of the email provider not to peek into the message. If people really valued their privacy they'd be doing something similar.


I would rather pay and do not share anything with Google (or for that matter all of Google's partners who can purchase our data)


There are many options to pay for email, fastmail just for one. Do you use one of them?


And how exactly will I escape Google's data collection when Fastmail uses GA for analytics?

....script type="text/javascript" src="/static/scripts/ga.js....


Run a broad-spectrum blocker like uBlock Origin? Access your fastmail from an interface other than their web interface?


Ok so there is more involved than just use Fastmail, as it was suggested. Thanks for confirming.


> many options to pay for email, fastmail just for one


That’s the marketing site; the actual app where you read your email definitely doesn’t have Google Analytics.


Google isn't just an e-mail service, really.


But… you don’t really have to use Gmail to use most of Google’s other products, just as you don’t really have to use (actively) Google+ to use other Google products either.


Unfortunately no. You are going to be tracked whereever you go and it has GA. The reason why Google can stop reading your emails is because they have a global network now that can track you better.


But imagine you use an Android phone, for instance. There's a whole bunch of integrated stuff that works well together that wouldn't if you had a Google account and then kept your e-mail somewhere else. It's not really a 1:1 comparison.


You can, it's called Google Apps for Business.


Not to be pedantic, but it's called "G Suite" nowadays.


> all of Google's partners who can purchase our data

I'm pretty sure that's the empty set.


Ads benefit both you and the other group that they connect you. You finding out about, say, a product you are interested benefits you.


http://www.talkingnewmedia.com/wp-content/uploads/2016/05/ou...

http://moneyinc.com/wp-content/uploads/2016/06/nypostoutbrai...

Benefitting. You.

https://pbs.twimg.com/media/B2044DNCEAAHmu-.png

The next time you want to buy, say, 9 celebs in open relationships.

http://www.cpawealthacademy.com/wp-content/uploads/2015/08/R...

This is what ads are. This is what we adblock. This is clickbait, lies, manipulation, visually distracting, space wasting, untrustworthy, barrel scraping garbage.

"Ads inform you about products" in the same way slime mould informs you that your house is too damp. The best individual course of action is not to buy what the mould is selling.


In a perfect world, yes. In the real world ads are about manipulating through every psychological trick in the book to buy shit you don't need. To manipulate you into thinking brand A is better than brand B (both of which you were already aware of). Etc.


In theory, yes

In actuality: they are a waste of my time and mental space


That's true in the sense that having no ads at all would be better; but if you're going to be seeing ads either way, why wouldn't you want them to be ads for things relevant to your interests?


Why would I be seeing ads either way? I generally don't see them at all.


Whether you block ads or not is kinda beside the point. It's a little unreasonable to expect Google or anyone else to stop personalizing the ads they're trying to serve you just based on the fact that you're blocking them.


I'll agree that most ads are junk and not relevant to a users life, but that doesn't mean all ads are.

Having said that, I've never clicked on an ad in Gmail since 2004 or so.


That's just a rare side-effect, not the reason why the scanning happens, or why the ads are shown.


The ads are shown exactly for that reason. If the only ads shown were for products or services or information which the consumer was not interested in, then no one would pay for advertisements in the first place.


Apparently spreading malware is pretty high value, actually.


Out of curiosity do you work in advertising tech or marketing?

They are about the only people I've ever seen express this view seriously.


Nope - I am a developer working on a consumer oriented application with no advertisements.

I'm not trying to say that all ads give you that benefit - most are just a waste of screen space, compute and bandwidth.


Even if I agreed that some ads have benefit, the cost-benefit analysis (with costs including screen space, compute, bandwidth and the malware threat) still looks grim enough to justify adblocking IMO.


What if you're buddhist?


"Zen does not confuse spirituality with thinking about God while one is peeling potatoes. Zen spirituality is just to peel the potatoes while being informed about ten local places to purchase God with next-day delivery."


There are many flavors of Buddhism, which one matters here for the point you are making?

EDIT - I am not sure why I am being downvote, I legitimately don't get his point and figured I would for more info rather than just calling him out as a troll or something. Is there something obvious I should know?


Disclaimer: I know nothing of Buddhism, I haven't even read the Wikipedia page

I believe some Buddhism teaches something along the lines of: personal possessions are bad, and freedom is found in not owning anything.

I think OP is saying: advertising goes directly against that line of thinking. It is actually tempting a Buddhist to buy more stuff, thus going against their religion.


The distinction to me is: Are they building and saving some data structure that they've created based on my emails which is designed to target ads towards me, but could be used by some nefarious actor to learn a lot about my life?

The spam filter (hopefully) probably doesn't store that much about me, but an ad targeting bot could be a lot more problematic.


Does the automated nature of the permanent data collection change anything? How about an automated drone with a camera mounted on it that follows you everywhere and records every action, indefinitely, purely automated ofcource, so that an advertising company can helpfully remind you about the awesome great $6 lunch menu when you walk past McBurger at lunchtime, or about picking up some hemorrhoids cream from MediCo because a machine learning algorithm saw you scratch your butt and deduced something.


Depends. Is that drone providing me with some other useful service, or is it following me around entirely without my knowledge or consent?

Gmail provides me with a free email service. They already have the full text of all my emails. If they want to use that data to help decide what ads to serve me, I have no problem with that so long as that data isn't shared with anyone else without my consent.


But your profile is not just linked with Gmail. Its across Google, including any future products. Its a kind of cross-product tying using customer data (which gives them an easy leg-up on new ad-subsidized products) that I would assume attracts anti-trust scrutiny.

I think its fair for you to accept the terms, if you know what you're getting in return. The problem here is that you will never know exactly what information is stored about you, and how personal it is, and you have zero control over it. Also simply by sending YOU an email, I'm also entangled in the data collection scheme.


> The problem here is that you will never know exactly what information is stored about you, and how personal it is, and you have zero control over it.

On the contrary. I know what emails are stored in my inbox just as well as Google does. I can also search through that information and delete it if I so choose, so I do have control over it.


You can remove your access to that data. Theres no indication that said data is actually deleted.

They also have a lot more information about you than just your email, especially if you use their search.


> data isn't shared with anyone else without my consent

Do you have any way of verifying this? I am not accusing google of anything, I just find this to be an interesting level of trust to have with a free online service.


Google is a large, generally reputable company which has very little to gain and everything to lose by sharing my personal information with others in violation of their own privacy policy.

In the absence of any evidence that they _are_ sharing my private information with others, I see no reason not to trust them in this regard.


> everything to lose

Really? Good luck suing them if they decide to sell your data. They certainly won't lose much revenue from fleeing customers if they think up a creative new way to monetize your data with "select business partners"; Google (and Facebook et al) spent the last decade entrenching themselves infrastructure for far too many people. They have far too much power and inertia to lose much in the short or medium term.

> trust them

Privacy policies change. Even if Google has good intentions about protecting your data today, you're gambling that those intentions will not change in the future. You don't know who will be hired/fired at Google in the future, nor do you know how the current (or any) management will react should the company have a particularly unfortunate run of bad finances or other troubles. Never-mind that humans often act irrationally for stupid reasons so any prediction about future behavior has to have a huge error bar.

However, that isn't the big problem with trusting Google to not share your pattern-of-life[1] with a 3rd party: you're assuming it will be Google's choice, or that they will even have any de facto influence over the long-term fate of your personal information. Your trust doesn't make Google infallible; the best security teams can only make hacks less likely. Warrants, legislation, and quasi-legal-but-hard-to-ignore orders from governments happen. Prism (and other mass surveillance programs) still exist. Concentrating valuable data at one location makes it more valuable, so the scope of potential threats to your data increases as more data is collected.

The world is not as just[2]. Trusting that your data will magically stay safe at Google forever - or even just the near future - is only possible if you first pretend that Googles security is and always will be perfect, that the programs Snowden/Drake/Binney/etc warned us about never existed, that no current or future Google employee will ever become disgruntled (or crazy), and probably many more potential threats that haven't been invented yet.

[1] or mundane data like your email

[2] https://en.wikipedia.org/wiki/Just-world_hypothesis


> They certainly won't lose much revenue from fleeing customers

I don't think that's true. Sure, they wouldn't be out of business overnight, but depending on how serious this hypothetical breach of trust is, it'd certainly hurt them a lot.

> Warrants, legislation, and quasi-legal-but-hard-to-ignore orders from governments happen

My threat model does not currently include the NSA or the US government. I don't anticipate that changing in the near future, but if it does then you're right; I'll certainly need to stop using Google services. (And probably all cloud services in general.) Or at least "air gap" them from the portions of data I want to keep secret.

> pretend that Googles security is and always will be perfect [...] that no current or future Google employee will ever become disgruntled

While I consider myself to be more security conscious than the average citizen, I _still_ trust Google's security practices (against both internal and external threats) far more than I trust my own. If my data on Google's services gets compromised, I think it's far more likely that it'll be because someone stole my password and 2FA tokens than because somebody hacked Google.

As with anything, I realize there's certainly a security/usability tradeoff to be made. For the moment though I'm quite confident that the extra utility Google provides is worth the risk, at least for my purposes.


I use GMail for similar reasons, they are reputable, but I have no expectation they won't share my data once it makes financial sense.


Even though they've given some people's info away already to at least the US government?

That just seems silly


Google's entire business relies on maintaining this user trust. They have far more to lose than to gain by betraying user trust.


I am curious about the downvotes. Do we really downvote people here for questioning trusting Google?

I didn't even say not to trust google, I just questioned the level of trust.


You'd be surprised.

It's a common phenomenon across a variety of social media when a certain few companies are questioned on their practices.

It's all very tribal.


Meh, people do that here, not sure why. But to answer your question: no, there's not.

Google has already secretly given people's info away. They've admitted to getting and complying with NSL's already.


The problem is that it's not just your email. If you send an email to a Gmail user, Google is now building a profile on you (or was until this move) as well as your recipient. Did you give explicit consent to Google? Did you sign a EULA or SLA with them allowing this? No, they just did it anyway. Even someone who makes a point to keep themselves off of Google's radar will end up indexed and sold to the highest bidder if they send even one innocent email to a Gmail user.


Building profiles of senders can be necessary, e.g., for detecting spammer accounts.

Also, email is transmitted in plain text. Sending an email is more like shouting to your friends in the street, rather than putting a letter into an envelope mailed to the recipient. Thus, I don't think an explicit consent is needed.

That said, I understand that fair use of such information is a concern.


> Also, email is transmitted in plain text. Sending an email is more like shouting to your friends in the street, rather than putting a letter into an envelope mailed to the recipient. Thus, I don't think an explicit consent is needed.

These days Gmail will transfer your email protected by TLS if possible. Not shouting at all.


Exactly. Google seems to be of two minds about privacy. They want to show that they protect your information from the rest of the world, but they expect 100% knowledge of your information in return, so they can sell it to their advertisers. I get that that's their business model, which is why I dropped them completely in favor of paid services that don't sell my information.


One requires google to build a profile and have the knowledge in order to serve you their advertisements and the other can be done almost entirely client side. The spam filter doesn't need to phone home for anything other than updating the list.


By your logic, the NSA isn't recording your calls or emails, just filing them away for classification?


The spam filter is [assumed to be] transient/generalized. While a user may set special tuning parameters to classify what they consider "junk", this probably reveals more about the inadequacy of the spam filter than it does about the user.

On the other hand, a program which analyzes mail to ascertain the tastes, interests, and personal plans of the participants is mining much more sensitive data, and it's compiling/storing it off-site long-term, and it's very specific to the individuals involved.

All of us who've used Gmail know how creepy it can get. Send a couple of mails about marriage and suddenly you start seeing targeted ads about engagement rings or other marriage-related things. Google stores this forever and they'll say "Ah, we know this guy was talking about marriage 10 years ago; traditionally, marriages fail after 5 years, we've detected a tense tone in his mails to his wife, BEEP BOP BOOP, DIVORCE LAWYER AD IS RELEVANT".

This inference is not only dubious (ethically and technically), but anyone observing your browsing while you're logged in will see these ads and may assume that you're seeing those ads because you've been searching for information on divorce, not because Google's inference is overzealous, although it may very well be. Search and replace with anything else: new credit cards/bankruptcy lawyers, research on a medical condition/ads for related medicines, etc.; the potential for creepy inference is endless, not to mention the concrete surveillance value provided to literal spies (via PRISM), nor the risk of compromise/abuse outside of the ad space. They don't have to get and process your entire mail archive; they just have to draw their inferences from Google's own inferences in your compiled taste/interest profile.

That's much more serious than a throwaway analysis of whether a mail contains spammy properties or not.


> Google stores this forever and they'll say "Ah, we know this guy was talking about marriage 10 years ago; traditionally, marriages fail after 5 years, we've detected a tense tone in his mails to his wife, BEEP BOP BOOP, DIVORCE LAWYER AD IS RELEVANT".

Have you actually seen anything like this? In my experience the ad targeting seems like extremely shallow keyword analysis.


This gets to the heart of how divisions inside a company justify their budget and where human self-preservation kicks in. For e.g. A lawyer inside the company HAS to be on the lookout for supposed infringements of IP or situations where their "expertise" is required.

The idea is that once you have any apparatus in place, and funds allocated to the maintenance/operation there of, you will find that people come up with creative ways to use that apparatus to either cement their position in the company or to improve career prospects. This applies to lots of domains, the obvious one being the government. Once you have a drone program, you'll find that someone somewhere WILL find a way to justify its usefulness.

My main problem with data collection is the permanent nature of it, where someone somewhere at some point in time, possibly when the computational costs become feasible, will come up with a seemingly innocuous use of the data that will spiral out of control. Also, is Google hack-proof? Judging by the lawsuits around the self-driving division, apparently its trivial to steal data if you're on the inside.


Of course its trivial to steal data if you're on the inside. Snowden could copy classified docs onto a USB stick and smuggle them out of a fucking NSA office. If I were to plug in a USB drive at work, no one would bat an eye. They'd probably think it's for Time Machine.


It really depends on where you work. I know of a little company in the Cupertino area where such data theft would be nearly impossible and yet other companies, engineers have full access to production databases.


That's a hypothetical example, and it would of course be impossible to know what specific piece of data led Google to present a specific ad, and whether they're involving an analysis of how historical interests relate to current interests. Whether Google actively engages in such analysis now or not, they easily could.

I personally use AdBlock so I don't see Google ads very often, but I have been creeped out by ads in the past, and I have had Google infer interests in changes to relationship status based on mail content (e.g., offering engagement rings).

I believe they have manual filters to try to stop inferences that are too offensive from being made (e.g. suggesting a divorce), but those, of course, can never be perfect, and it doesn't mean they aren't making the inference or maintaining the data necessary to do so; it just means that they are blocking it from showing up.

I'm not really saying this is either good or bad. The question was why people care less about reading emails to filter for spam than they care about people reading emails to develop a consumer's ad profile. These are some reasons why.


I cannot recall where, but I remember reading about this. Based on associated products women buy occasionally they will sometimes get coupons for things like diapers and baby formula while they are pregnant before they know. My guess is that anytime a woman changes her shopping habits the marketers send some stuff her way because even a miss ratio of 90% could still be profitable.

It isn't always accurate, I know a girl that is very not pregnant but gets these things anyway. She babysits occasionally and I suspect that combined with her Baker's card and Walgreen's card give the mass marketing gurus all the information they need to know that she sometimes cares for kids.


https://www.google.com/amp/s/www.forbes.com/sites/kashmirhil...

They were doing this in early 2000s, can't imagine how sophisticated the same type of system is now.


A frightening theory: it doesn't need to read your email anymore. It has read 10 years worth of your mail, and trained such an accurate model, that any more training data don't make much of a difference.


And yet everyone's up in arms if GCHQ / NSA does it.


I think "consent" is important here. GMail does it with the consent of the user.


NSA doing it is a lot worse. There is no transparency on what they do. I get no benefits in return for sharing my data. They have license to do all kinds of nasty things to me, that Google would have to go through a court for. From blocking my flights to making me disappear at night.


No benefits? That’s bit like saying that security screenings at airports offer no benefit to anyone. While security screenings are inefficient and could be improved, that doesn’t mean they offer zero benefit.

Also what’s the likelihood of the NSA blocking your flight or making you disappear in the night? You probably should fear crossing the street more in terms of statistical likelihood of harm.

I get the privacy/freedom arguments however the hyperbole around this stuff is getting ridiculous as the fears are badly supported by actual data and statistical significance.

More people drowned in swimming pools last year than were “disappeared” by the NSA but there seems little hysteria around swimming pools. I pretty sure most of us don’t know a single person on a no-fly list.

Some high levels of paranoia around here it seems.


I'm curious as to where you are getting your statistics on people disappeared by the intelligence services that you can say this.


Corporations didn't murder a hundred million of their own customers in the last century alone. It takes a government to do that. Consequently, governments have to be held to higher standards, not lower ones.


> Corporations didn't murder a hundred million of their own customers in the last century alone.

Yes, they did. Probably just tobacco companies alone.

> It takes a government to do that.

Since corporations are creatures of government, that's true by definition of everything corporations do.


Yes, they did. Probably just tobacco companies alone.

A response as silly as it was predictable. Show me a Gulag Archipelago written about the tobacco industry and we'll have some grounds for further discussion.

Since corporations are creatures of government, that's true by definition of everything corporations do.

Ditto.


> Show me a Gulag Archipelago written about the tobacco industry and we'll have some grounds for further discussion.

So if no one writes world class literature about your crimes, they didn't happen?


At some point, you'll come to understand that not every debate can be reduced to an exercise in moral relativism and dismissed with a flourish of false equivalence.

That works well enough on HN, as seen in the moderation in this thread, but not in real life.


Users like spam filtering, don't like ads.


In the US a service provider is allowed to violate all manners of privacy for the express limitation of ensuring maintenance and system health. Spam blocking would qualify as maintenance, but advertising would not. I suspect Google violates all manners of privacy in an automated way for all manners of reasons and qualifies such in their terms and conditions.


I very recently switched to fastmail and couldn't be happier. For $90 a year, I don't have to deal with people snooping and tracking me around for ads. I know google is trying to give me value with all their facial recognition and recommendations, but I don't think it is going to end well. When it does end badly, it will be too late for the user because we would've given up all the data. I don't want Google to build models to track my toddler's face when he isn't even capable of consenting to such tracking.


We are using fastmail as well, and it is great. They have a solution for every weird mail-problem we tried to solve, i.e. shared inbox folders, shared calendars and integration with "dump" client applications.

For example your username might differ in order to access a shared calendar.

Also you can generate application passwords for an account. So you can create an SMTP-only application password for your fastmail account.


Oh. And personally I am using mailbox.org which is also nice but a little bit cheaper. And the feature-set is still great, but limited compared to FastMail. Also the webui in mailbox.org is slower than for fastmail.


I'd recommend Posteo [1] and Mailbox [2] to people mainly for the costs. They're cheap and are a lot more flexible in pricing as your needs grow.

Fastmail becomes terribly expensive once you realize you need multiple accounts (not just aliases) for different people in the family. At least for me, paying a few hundred dollars on Fastmail (or anywhere else) for email is really way too expensive. I've also written to Fastmail asking for flexible pricing options, but they responded that they're not even considering any changes on pricing/flexibility for the near future.

Edit: If one doesn't need custom domains and office suites, I'd recommend only Posteo! That company is way ahead of others in being better for all humans (read on their website about all the things they do).

[1]: https://www.posteo.de

[2]: https://www.mailbox.org


one nice thing about mailbox.org is that you can have them encrypt incoming email with PGP. Allows you to use IMAP and get protonmail/tutanote-esque security... I really like it :)


I used Fastmail until I found that they have a hardcoded limit of 128 IMAP flags per mailbox. I switched to G Suite - they have no such limitation.


Is there any reason not to go with ProtonMail? They seem to be the big recommendation lately for encrypted email service.


ProtonMail does not yet have IMAP support (it's in beta after more than two years of requests). So if you ever get tired of ProtonMail and want to move to some other provider, your only option is to save each mail or print it out - one by one. There is no bulk mail export option. Unless one is super confident of staying happy with ProtonMail for at least a year or two (by when I expect IMAP to be publicly available on the platform), I'd stay away from it for any serious use.

Leaving this aside, other factors do favor ProtonMail. The people who run it seem to have their minds and hearts in the right place as far as privacy is concerned.


I'd really love to support ProtonMail but one thing I can't swallow is that there's no server-side search of email bodies (only to/from & subject) because it's encrypted. This kills the possibility of searching through years of newsletters & stuff :/


[I'm stupid they have 2FA, ignore this comment.]

Another huge problem is the lack of two-factor authentication. How can a security-oriented service not offer TOTP or even SMS 2FA.


2FA has been out for almost 6 months.


Oops, my Google-fu is worse than I thought.


You will be able to use the upcoming ProtonMail IMAP/SMTP bridge to do fulltext search locally.


No particular reason, I just knew fastmail from many years ago and liked them.


I emailed them (Proton) on few occasions with important questions and never got a single response. That alone turned me off. Will go with Fastmail very soon moving my yahoo since Verizon bought them.


Where did you email them? They're known to have one of the best support out there.


I have a problem with price. $90 for about 20 personal emails per year and a bunch of useful newsletters? Is there a $10 hosted mail that sends and receives reliably and doesn't sell my personal data on top of subscription (like AV companies)?


My recommendations for cheaper, more flexible and privacy respecting services are Posteo (no custom domains) and Mailbox (allows custom domains). See my comment above at https://news.ycombinator.com/item?id=14624624


The support is first rate. I've seen their developers on Github helping to track down a synchronisation problem that could have either been with the open source tool, or Fastmail.

Turns out it was a Fastmail bug, and they promptly fixed it.


I tried Fastmail for a while but I just couldn't deal with the spam. There was a lot of spam and Gmail's filters seem to be better at dealing with it.


Something to bear in mind: when you use one spam filter for a while, it learns the sort of spam you get and will do a better job. When you switch to a new provider with a new spam filter, you have to train the new spam filter before it can be as good as the provider you left. (FastMail enables personal spam filters for improved results when it gets to 200 spam and 200 non-spam messages.)

Some find FastMail’s spam filtering better than Gmail’s, some worse.


I had that problem, and fixed it by doing these four things:

* Train the built in Bayesian filter fully * Setup SPF * Setup DKIM * Point MX records at Fastmail directly (rather than forwarding via some other service)

More of a pain than GMail which often "just works", but still relatively simple to setup. I suspect ultimately more robust than using mail forwarding on consumer GMail (the rules of which constantly change and it gets less powerful, if you don't buy GSuite and point your whole domain at it).


This is also merely anecdotal, but I don't recall having ever received more than a few spam emails in either my Gmail or Fastmail inboxes.


> 90$ a year

Sounds excessive. Does this include any special features beyond privacy? I pay 1€ per month for a privacy-respecting mailbox at posteo.de


$90 is the most expensive plan. Their basic plan start from $30 or $3 a month. I'll downgrade to a cheaper plan in the future, but $90 a year for something I use on a daily basis does not seem excessive to me. That is about ¢25 a day.


>facial recognition

Is there some sort of Gmail camera thing I'm not aware of?


Google Photos. I'm talking about Google in general, not Gmail in particular.


$5/month and an afternoon to set up unlimited email accounts on unlimited domains on one server. There are a few scripts/services out there that limit the pain.


Anyone know about a Canadian service (operated & hosted) like FastMail? OVH has a hosted exchange service, but no 2FA is a deal breaker for me.


I still like gmail for its spam filter and notably "important mail" function. Outside of those, I'd switch to something self-hosted.


Does fastmail let you use your own domain?


Yup they do. That is what I use it for.


Yes indeed


how are you sure that fastmail is secure and they aren't using ur data to build models ? because there is an annual subscription or they advertise it so ?


They advertise it as such.

From their privacy policy:

"Incoming messages are scanned for the purpose of spam detection unless you disable spam protection for your account... To make message searching fast, we build an index of your messages (this is a table, just like you would find at the back of a reference book, in which you can look up a word to quickly find the emails in which it appears).

No information from any of these activities is used for any other purpose, or to compile any kind of profile on our users."

https://www.fastmail.com/about/privacy.html


Is it generally possible to reconstruct email(=text) with indicies if they are stolen/hacked ?

Although Im not questioning fastmail ability to provide secured email service. Yet I cannot help think why I would rely on a small player for email. I would ask what is the probability of fastmail service getting hacked say compared to gmail.

(Somebody has right pointed out that ) Ad relevance to your email is not same as reading - thinking in same vein should also lead us to believe even (spam) classification can be termed as reading.


> I cannot help think why would I rely on a small player for email.

If Fastmail were, say, 1% of Google size, it would still be #2, which is a pretty good ranking on any market. And if you don't lose features by switching to the #2, please do it, for the sake of competition – Give freedom a chance.

I'm using Fastmail for my 3-ppl business. We lack no feature, we get used to it, we pay them (cheap), we don't leak our source code to GitHub and other browsing habits or contacts to Google Analytics/G+, it's just good management of the company information. We are the annoying guys who can't click "Connect with Facebook" nor "Connect with G+" and that makes providers keep the login/pw auth. Plus it funds a company so you might still have a choice in 5 years. And we show VCs that writing "privacy" on commercial documents yields customers.

Cost to us? Zero.


I'm a security person, and I've found vulnerabilities in both fastmail and various core google services (although not gmail).

Fastmail and gmail both have mature bug bounty programs, which mean they will pay out cash to anyone who finds and reports a way to hack them: https://www.fastmail.com/about/bugbounty.html This shows that they are willing to put money behind their claims to security and probably puts them in the top few % of difficult to hack websites above eg windows live mail.

Also, it's a mistake to think a company will be more secure because it's larger. If anything, I'd say it's the opposite; large companies tend to have complex websites with vastly more attack surface.

Of course, every email provider is vulnerable to certain governments.


I can talk about myself and the reason I think Gmail is not working for me. I'm less worried about the security part of the email and more about the tracking aspect. I don't need encrypted emails, however I don't want someone gleaning information from my emails and using it for selling me stuff and generally profiling. All my Amazon order confirmation used to go to Gmail and they would most definitely read it. I know this because they use it to show me status of the deliveries. It is not unrealistic to think Google will also use this data to build patterns around my buying habits and things I use etc. That does not make me feel comfortable. Amazon already know that because I shop there, I don't want Google also knowing that.

My opinion is tracking, ads are all fine on the primary website, but if you follow me around the web, tracking my every move, I'll stop using such services and try my best to prevent the tracking.


If I were to use Gmail I would consider myself already hacked.


Reputations are important to build trust.

Fatmail has a reptuation for not doing this, Google doesn't.


So this never really bugged me. It is a damn good free service. I also love how it picks up on plane tickets, hotel reservations, etc and puts them in the calendar. Makes life simpler.

If ad companies fix something please fix the I searched for something and bought it but I get adds for it for the next 4 weeks. That bugs me.


Frustratingly, by reading my emails Google should know that I've bought something and so don't need ads about it.

But hey, they don't seem to have used that data.


At that point, it's on the advertiser. It's a weird dynamic where they want to enable the advertiser to factor that in and not advertise to you, but they want to maximize rev and imperfect advertisers increases rev.

( = edit for grammar)


I don't understand why there isn't an option for me to pay for Google to remove ads from gmail.

I've already paid for Youtube Red and couldn't be happier.


https://gsuite.google.com/products/gmail/

About $60 a year

I have about 8 accounts that I use.


I have one for myself, and one for my wife, and find the $120/year a hefty price to pay for...email. It doesn't even include the registration of my personal domain, and it doesn't include web hosting. Google Apps is pretty nice, and it feels good to be paying for the product instead of being the product - though I am skeptical that my $10/month would let me talk to a human if something went wrong.

I'm considering moving; Rackspace has pretty good hosted email for $2/user/month. We use it at work - webmail is acceptable though nothing to write home about, and their IMAP implementation is solid so you can just use a client.

But you pay $480/year for 8 email addresses? Ouch.


> I am skeptical that my $10/month would let me talk to a human if something went wrong.

I have received exceptional support over the years, including them calling me twice when I reported an issue. My account is worth $5/month and I live in Fiji.


Agreed.

I've had to contact support a few times in the last few months for coworkers email issues. We're a very small company paying $5 per month.

To contact: https://admin.google.com/AdminHome then help button --> Contact support


It says it's exempt from ads in this specific context, but is it actually free of their data mining? If they still use the data to track and push whatever they're selling you in other contexts, the presence of the ads themselves is an ancillary concern.


From the G Cloud FAQ [0]:

> Google Cloud does not scan your data or email in G Suite Services for advertising purposes. Our automated systems scan and index your data to provide you with your services and to protect your data, such as to perform spam and malware detection, to sort email for features like Priority Inbox and to return fast, powerful search results when users search for information in their accounts. The situation is different for our free offerings and the consumer space.

[0] https://support.google.com/googlecloud/answer/6056650?hl=en


According to the article it is.


Right, I read it. But it's still not actually clear to me whether they are ceasing ALL mining of email data for business accounts, or are just not funneling it to a specific set of ad programs. To me, at least, that seems an important point of clarification.


They're not ceasing it for business accounts, they've never done it for business accounts. The article is about free Gmail accounts.

If you look at the terms for G Suite (the paid business product), that is a top selling point. Businesses who pay for G Suite don't want Google using their data for anything, and Google complies.

Edit: in response to comment below, here are the main docs describing, including the Data Processing Amendment:

https://gsuite.google.com/learn-more/security/security-white...

https://support.google.com/googlecloud/answer/6056650?hl=en

https://gsuite.google.com/terms/dpa_terms.html


I'm really not trying to be pedantic, but that's not what the article says. It says that Google never data-mined business accounts to serve ads, not that they never data-mine business accounts under any circumstances. If that's true, and you can point to marketing or a service agreement that outlines these terms, I'd be happy to know and will gladly buy a paid account.

EDIT:

I think these are the terms and I don't seem to see this guarantee, but IANAL

https://gsuite.google.com/intl/en_in/terms/2013/1/premier_te...

https://gsuite.google.com/intl/en-GB/terms/emea_reseller_pre...


You'd probably have to be more specific about what you're defining as "mining".


Essentially, scanning the data for anything unrelated to providing the service itself. I know this is a little murky with their suite, but if the data is being used in a way elsewhere (e.g. to train models for other services or collecting data in expectation that it could be useful to a Google app I haven't signed on with), that should be made explicit


This hardly frees you from Google's data gathering. They will have records of your IP address used to collect the emails and your access history, so they know (roughly) where you live, what times of day you are active, and can probably infer stuff like when you are on holiday. If you are in the same house as someone else, they probably use Google too and the shared IP address lets Google tie the two identities together. So they get to discover your relationships too.


So will any host. When you are paying for it though, the terms of service clearly define what is collected and what it's used for, and you can choose to enable or disable that type of data matching


OP asked for no ads, not for an email host that knows nothing about its users... (Which can have its perks if someone tries to hack your account.)


Isn’t that assuming you are using the web mail and not en email client?


There is. It's called gsuite.


That isn't the same thing.

Outlook.com offers "Premium" which removes ads. If you stop paying you just get the ads back but your account is otherwise unaffected[0].

Gsuite on the other hand removes ads, but if you stop paying then you lose access to your email and additional messages may bounce.

Apples and oranges.

[0] https://w2.outlook.com/l/upsell


Were they really not scanning your emails on those accounts, or is it like the education market fiasco, where it kept reading students' emails?


uBlock is free, I have never seen an ad in any google service.

More

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: