I know I shouldn't be surprised, but it seems weird that the reporter nor any of the 140+ comments so far seemingly don't mention the recently published proposal for a new ePrivacy directive in the EU that will make it a lot harder for Google to scan e-mails in the first place.
That directive might be related to what's happening.
But let's not be naive: if Google will stop reading our emails in order to send us personalized ads, that's because it doesn't really need to. People share just enough outside their email environment for Google to do its thing. Another sign of which those worrying about privacy should be aware.
Exactly. Google already knows a shit ton about you, and given how data driven they are, I guarantee they came to the conclusion that they would still be able to show highly targeted ads with little or no loss in revenue or click-through-rates rates. Heck, dollars to donuts they've already A/B tested the shit out of it to reach this conclusion.
Or they're willing to take a loss on the ads -- which frankly don't make much money -- to go after the far more lucrative corporate emailing/calendaring market. The pricing is $5/$10/$higher per user-month, so walking away from an ads business that may possibly (but I doubt it) be earning hundreds of millions to avoid a cloud over your sales process for the aforementioned multi-billion dollar business seems like a solid trade.
When you say ads don't make much money, are you talking about from business users? 2Q 2016 $19 billion of Alphabet's $21 billion in revenue came from ads, so that seems like a strange statement.
The total advertising figure is irrelevant, most of their revenue comes from Search advertising where users are proactively in the context of seeking specific information at the point where relevant ads are most lucrative.
The only revenue being sacrificed is being able to deliver less contextual ads in gmail, they still know a lot about you so they'll still be targeted ads so their sacrificing marginal contextual targeting vs peace of mind in a large corporate market which are hesitant to use Google's G-Suite products because of their concerns that their emails are being scanned.
Google is smart, if they're doing this it's because they've calculated the increase potential in G-Suite revenue is more than the marginal loss in less contextually specific ads in gmail. Other factors that play a role in the decision is better branding in that Google is no longer spying in your private conversations to sell you targeted ads and the mitigation of potential lawsuits.
Or maybe they could improve IMAP availability until it is only a few orders of magnitude worse than my local ISP (or the previous one, or all the IT departments I've dealt with this millennium...)
Google has never shown any Sponsored Gmail ads to Google Apps users (the corporate users you're talking about). There is no Promotions tab, which is where these advertisements are inserted for personal GMail users.
Sorry if this is obvious but I went to focus on revenue per user per year.
In other words, how much is it worth to fight the perception that gmail is somehow less secure than office 365 because ads (others have pointed out Google apps for business users don't see ads in their work gmail).
I somehow doubt that gmail ads are worth even remotely close to $120 (12 months * $10 per month) per user per year.
In other news: How much is a user worth per year to Google? Assuming not all users are the same, is there a way to predict his much revenue a user can bring for Google?
The competitor for Office 365 is GSuite, not Gmail. People that were previously shown ads based on email content are not going to start paying for Gmail.
> Ads will continue to appear inside the free version of Gmail, as promoted messages. But instead of scanning a user’s email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube.
Or, maybe: the extra information gleaned from reading your emails is just not that valuable. Not because they have this via other means, but its just not that valuable, period - whether it comes from reading emails or scrutinizing your browser history. We like to imagine that if advertisers knew enough about us, they'd be able to direct our spending, but I think that is far from true.
I'm pretty sure scrutinizing your browser history is still extremely valuable. But I find it quite plausible that email in particular has lost value as marketing information.
People still use email for all kinds of business, of course. But their day-to-day personal activities, the kind that marketers care about ("I've taken up kayaking!", "I'm pregnant!") don't usually show up in emails any more, they get posted on social media.
This makes sense. Possibly the value of increased corporate sales of G Suite is worth more than the loss of the information gained from reading diminishing numbers of personal emails, as people turn more and more to social media and phone apps for personal communication.
The corporate profile they have on the company I work for must go into unthinkable detail. If they were announcing no tracking for work accounts across their entire suite of products, this would be a big deal.
As it is, they're presumably still reading our gdocs, address books, calendars, hangouts, search histories and broswing histories, and geolocations/third party app usage for all the android users. Email data is white noise compared to this.
I'd wonder how IT could be so stupid to put up with this if Microsoft hadn't also made pervasive surveillance mandatory.
Google tracks you even if you do not have an acccount. There is not practical way to opt out.
I disagree with the TOS but we use their services at work. What am I supposed to do? Quit my job?
Even with ads blocked and cookies disabled, so much JavaScript is served by them, they can infer my browsing habits anyway, and I can't count the number of times I've had to rip 8.8.8.8 out of DNS settings in the last year.
How exactly does this constitute a choice to share my private information with them, and what thing that I want am I getting in exchange, exactly?
The industry at large and Apple in particular is coming at them from the other direction preferring premium, furthering ad blockers and offering better privacy defaults (iOS 11). Elon Musk has gone so far as to allude that Google is the only AI company that worries him[1].
And so it goes. Coupled with AI and the amount of data they are able to feed into the AI engines, I am guessing this won't regress their ad targeting.
They have also managed to supplant it with other avenues. Google Travel, Google Calendar and other apps have explicit permission to read your email, Google serves email images off their own servers which gives them a tracking beacon and behavioural data across cohorts. All this adds a level of indirection but still gives them access to behavioural data and user intent.
Agreed. The Google Ad Machine will never stop running. But, I think they will diversify their revenue streams in the coming years. Forces outside of Google's control such as governments and competition will begin to push back on the "all you can eat buffet" of personal data that Google has enjoyed in the past years.
Based on the numbers in the article like doubling their "large business" user base in the past year, I think Diane Greene will lead them to generating huge revenue in the Enterprise sector. Also, I think freemium versions of Google software, directed at consumers, will be increasingly popular in the future.
Apple does seem to be paying more than lip service to privacy. Are there any other examples?
Microsoft's "premium" push is actually moving toward more invasive surveillance.
They've been ramping up the marketing doublespeak about their "telemetry" in the last 12 months. Maybe that is a sign they'll back off sometime soon, but so far, it's "Full steam ahead, users be damned."
Wouldn't Google be able to largely mitigate the effects of that if they wanted to by making it so accounts that do not consent to the scanning get smaller mailboxes or do not get spam filtering or something like that? I'd expect that would get most of its users to consent.
I just think the dollars aren't there: (1) email itself is fading vs text and various social media and (2) 98% of the population reads 98% of their email through the generic mail app on their phones that doesn't display Google's ads anyway.
Name one free, popular, profitable, large scale service that offers limited capacity on their offering. Very very few. You offer unlimited and you charge for increased value or you monetize with ads. Freemium is mostly dead.
You're right. And my reponse is weak. But.... That's really meant to discourage those "power" users (like me) from abusing and leaving big stuff in there, I think. It's not meant to encourage most people to pay.
The storage offering was way way less than that when everyone here signed up, though it was still vastly greater than anything anyone else offered if memory serves.
I think the freemium model discussed here is severely limiting your product and it's value for non-paying customers in order to get them to pay up.
One of the most powerful advantages of Gmail vs the competition is it's superbly powerful spam filtering and search features - I doubt it's worth losing that powerful image in order to get a few more users to pay up.
Just like the biggest advantage and product feature ProtonMail has is privacy and encryption - it would be a bad product decision to remove encryption from all free customers in order to get them to pay up.
The alternative is to offer a fully functional free* model that focuses on your strength, and charge customers for extra - extremely useful and important, but non product essential - features.
* Some would argue that Google's model is not free, as you are paying for it with your data, but that is a different discussion and outside the scope here.
I never understood the argument that some automatic scanning for keywords is like "reading" your mail. By that same logic isn't Gmail's spam filter still "reading" your mail? It is classifying your mail based on content after all...
It's like my accountant reading my receipts to create my tax return versus a sleazy salesman sneaking a peek at them to find new ways to sell me stuff.
It's more like your accountant preparing your tax return for free in exchange for aggregating data about your receipts and offering you goods and services you may be interested in.
Let's split the difference. It's like your accountant preparing your tax return in exchange for using that tax return to develop a model of your spending habits. The value of this model is more than the cost of them doing your tax returns, and in fact is such that if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit, and the tax prep service would still exist.
> if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit, and the tax prep service would still exist.
Economies of scale; the market for that data would not exist if individuals collected it themselves to sell. Hence would break down.
Phrased another way; this data about 1 person is relatively valueless.
(I like the rest of your example BTW; just disagree with your conclusion)
> The value of this model is more than the cost of them doing your tax returns
It's likely the value Google got out of scanning your email wasn't worth that much in terms of modelling profiles for ads.
Probably because having both your search history and "anonymized" Google analytics, plus the sea of data that comes from owning Android is more than enough data that Google/Doubleclick needs.
From a purely capitalist perspective I'd bet the utility of them scraping this data no longer outweighs the privacy costs.
But at the same time Google is still scanning attachments for child porn and likely other data out of national security interests. And they still can access your data on a case-by-case basis which from a FISA perspective is a rubber-stamp away from accessing your data from 2 hops away from someone who may or may not have done something bad.
I personally will not weigh using Google vs any other email service in terms of privacy any different after this measure. But I still appreciate their efforts to reduce the "standard pratice" nature of scanning private email. If I do use anything Google-related I will not associate my personal identity in any way with the service, which is still requirement for Google play.
You can still use a fake gmail account and prepaid Google gift cards bought with cash to disassociate your identity from using the service. Although that's still well beyond the investment the majority of people are willing to make.
Regardless privacy comes at a cost these days. Good OPSEC > trusting cloud services privacy policy. You can either not use the services or invest in protecting your data when using them.
I will still cheer on Google's efforts to make those of us who care about privacy live's easier. I'm not naive enough to ignore how their business model works but that doesn't mean they always have to take the easy route and hand everything over without considering the costs - as many ISP/Telecom companies seem to do.
Eh? That assumption of "not associating my personal identity" doesn't actually work. Your profile IS your personal identity, and can be associated trivially. If not algorithmically, then via one connecting piece of information supplied by various databases and no such agencies. You're living in a dream.
> Your profile IS your personal identity, and can be associated trivially.
I'm hardly new to his stuff and to say it's trivial is nonsense. Most people make it trivial but it's not trivial to associate identities of people who put basic effort into obscuring them.
Merely disconnecting your primary profiles from your online activity is enough to throw most mass-surveillance/drag-net stuff off, aka 99.9% of advertising firms and most government programs.
If you're an activist or someone interested in keeping your internet activity private then the bar is far higher (and the targets of which are ever expanding as governments and private organizations get better at this stuff). FBI agents, or likewise in your country of residence, have plenty of forensic tools at their disposal to connect disparate identities. It takes some real time investment and requires being super careful to evade these measures. But I'm not talking about that here. I mean the average person in 2017.
I've personally done the total anonymity stuff as an experiment so I know what that takes.
Having studied many documents from the various global national security organizations and being fortunate to have dated a defense attorney in the past who engaged with police surveillance reports on a daily basis for their work I'm convinced that even basic privacy measures such as never using your real identity when using internet services, creating full legitimate sounding backstories (and subsequent online profiles) for your fake identity, and changing the ID you use often enough will throw off most basic surveillance measures.
I'm not doing anything to get people really invested in uncovering my online identities, as most people aren't, which is what I'm talking about.
The simple fact is the vast, vast majority of people reuse the same username (and passwords) across the internet and use their real name and emails everywhere. So it's really not hard to track people online from an LEO or 4chan doxxing perspective.
But I'm not convinced you have to be isolated from the utility of most online (cloud) services. You just have to invest in using them intelligently to not associate your actual identity with the services.
Ad companies aren't interested in deanonymizing people anyway. They are looking for low hanging fruit and there are more than enough people to fill databases who fit this profile. So I'm not that concerned about those who don't.
It's not trivial to match any arbitrary profile with an offline identity, but it is possible to cluster pseudonymous profiles into "almost certainly the same individual" by patterns and peculiarities in how they use their devices. If the same patterns later show up for an identified user, they can be linked with high probability.
With the sites Google runs plus running their own JavaScript on a sizable fraction of other people's web pages, they can pick up a lot of patterns, many of which would be inaccessible to police and intelligence surveillance.
Some people have nervous habits like moving the mouse around, clicking/tapping on whitespace, scrolling up and down, etc. Some always/never use the scrollbar. Some always/never open links in new tabs. Some tend to put the adjective before/after the noun in their searches. Some will rapidly open up the first 5 search results in new tabs. Some always disable instant search, and some of those change their settings to 20 or 50 or 100 results. Some use search features like the calculator, searching for "weather", stock symbols, etc, and others never do.
I disagree with you, but from the perspective that my email contains the history of every transaction I have ever made, all of the newsletters I sign up to, and, for another 3 days, ~50% of my conversations, since I do a good chunk of my communicating over gChat.
Consumer preferences change over time, so google is far more interested in the thing I bought yesterday than the thing I bought 4 months ago, so being able to read my emails is still a current interest of theirs.
Amazon's receipt emails stopped including an itemized breakdown. Perhaps this is for customer privacy or perhaps so Google can no longer scrape Gmail users' purchase histories.
> if you were simply to collect that data yourself, sell it on the open market, and spend a portion of the proceeds on the tax prep service, you would end up with profit
Hmm. Could you sell it on the open market? If so--if the margins for the ad-supported model like Google's are in fact as big as they appear--why isn't there a Google competitor who provides exactly the service you describe: some kind of opt-in system where they collect data (via, say, a browser extension), sell it to advertisers, and pay you a cut?
One generic answer to "why does the market not offer [some seemingly reasonable thing]" is inefficiency: maybe there's some cartel system at work where all major advertisers are hoarding the revenue for themselves. But I find that pretty unconvincing, since the whole market _seems_ to be otherwise quite competitive, and with low barriers to entry.
Perhaps a more likely theory is that if you were to offer a "we pay you for personal data" competitor, you'd face massive fraud--a la click fraud--in which attackers would pretend to be real users in order to get paid for searching (or whatever), and that the subsequent need for identity verification would become so burdensome as to eat away any profits.
Anyway, an interesting thought exercise, but I think one can broadly conclude that either:
1. There are real obstacles to paying people the "fair" price for their data, such that the current system is in fact fairer than it appears.
2. The entire market is unfair due to a cartel or similar (though like I said, I find this fairly unconvincing).
3. This is a great idea and you're the first to have it, so you should start a company that does exactly this. ;)
Interesting. How do they protect against clickfraud, though? Paying the user seems to me (somewhat naively, because I'm not super familiar with clickfraud) to increase the incentive for abuse, since you don't have to run a malicious website to do it.
One of the obvious advantages of the Gmail model seems to me to be that free email is less fungible than cash, though of course abusers resort to spamming and other practices to monetize the resource.
gmail can still advertise to me in the hypothetical scenario above, but if they want to do so in a targeted way, they would have to buy my data from me first.
Anecdata: in the past 5 years or so the number of relevant or interesting search ads Google has shown me can be counted with one hand.
- If I'm searching for technical documentation, I couldn't care less about all the random consultancies or shitty-SaaS-of-the-day trash that populate the ad slot(s).
- If I'm looking for technical details on a piece of malware or vulnerability research, the last thing I want to see on the page is a goddamn AV junkware full-frontal.
- If I'm searching for details on some car models ... why the fk is google shoving insurance ads on my screen real estate?
And so on. As far as I'm concerned, online advertising is a stripmined toxic dump. Only the shittiest swindlers and shadiest extortion artists remain.
>- If I'm searching for details on some car models ... why the fk is google shoving insurance ads on my screen real estate? //
Brand marketing. It may not work on you, but it works in general.
Personally I consider myself pretty imune to marketing but when you think "who else should I check to switch my car insurance to" then that brand is going to pop up if it's been fed to your brain enough. Indeed when you're looking at a list of similar offers the one that's associated with a name you already know will seem somehow more trustsworthy, it's an insidious finagling of a brand in to your brain drip by drip. Why do they do it? It works.
Here's a real life example. It's like Credit Karma who prepares your tax return for free, but then uses the info to help target you for ads on credit cards, loans, etc.
If its about offering me goods and services that I may be interested in, then ad blocking is a useful feature for both me and the advertiser. If I am not interested in any goods or services then no offering or aggregation is needed.
On the other hand, if its about offering me good and services which other companies want me to become interested in, then we have a different deal going on.
It's more like your accountant preparing your tax return for free in exchange for aggregating data about your receipts and offering you goods and services you may be interested in.
Hmm. I could actually see that working, as a spinoff of concierge services offered by companies like American Express.
can your accountant prepare your taxes without looking at your receipts? no. can webmail provider provide you email service without asking your emails? sure he can
my accountant preparing my tax return for free in exchange for...
inviting
...a sleazy salesman [to] sneak a peek at them and find new ways to sell me stuff.
Your accountant prepares your tax return for free. They also have a lot of boxes of flyers provided to them by people who want to sell things. After preparing your tax return, they use their knowledge of your return to choose which flyer to put into the envelope. They then send that envelope back to you, and when you open it to read your tax return, there's a flyer for something else paperclipped to the front with a note saying "Thought you might find this interesting."
(In particular, the accountant is only one who sees the information in your tax return.)
We have to stop this madness of thinking that "John READS my diary" means the same thing as "The function fread() READS nitems objects". Those don't mean the same thing except in a metaphorical sense. It's insane.
It's not about who reads it, it's about who has access. If a system has access to read my email as plain text, it means anyone who owns or can get access to that system can read my email.
Some one wrote fread, it could've been john, and john absolutely could be reading your email. Look at the what happened with ubers god mode.
That said the value of gmail for me exceeds the risk of people I care about reading my email getting access or having access. However my(and probably your) subjective view on the value of your emails is absolutely subjective.
But then again, in the context of the story, it doesn't change anything. Google still has access to your email. That it is not "reading" for the purpose of ads is just a minor thing that doesn't impact your privacy/security in any way (in the terms that you are describing).
why does it matter? Google has access to read my email, and if they want (or are pushed to), they can single me out and then go and read them. Sure, 9/10 times it's a bot reading my emails, but there's nothing stopping them from doing it.
it matters exactly because of what you are saying.
You do have protections against someone reading your email at Google. Both from a expectation of privacy, but also from a company perspective. You also do have some non-expectation of privacy (if, for example, the US government wants to read your google email, they can ask for it and they eventually will).
The day someone with a brain and an opinion on Kim Kardashian at Google reads your email, there is a HUGE difference from when Google is "reading" your email for ads/spam/spelling/whatever.
You don't want to blur that line being wishywashy with language. You want to know that difference. The fact that it could happen is why you need that clear separation between "machine reading" and "a person reading".
> You do have protections against someone reading your email at Google.
And those protections are bullshit.
I have no guarantee that they are not reading my email. If a bot has access, a person has access, and people abuse their access all the time.
In fact, there have been cases of googlers reading peoples email. And I'm not blurring any line, I'm stating: Gmail can, has been, and will be abused. To pretend that is not the case is, frankly, naive.
I know this is cold comfort, but every single production data access is audited at Google, and that's after one signs more NDAs than you can shake a stick at to even get logs access in the first place. Each incident, with David Barksdale being the worst, has made them lock down logs, PII, and production access at a level unprecedented of any I've seen (including HIPAA shops).
You're correct that the possibility exists, but any Googler inhales heavily and makes sure their paperwork is in order before accessing prod. The warnings that are displayed are not unlike those when you're removing a nuclear core on a starship. It's scary. They want it that way. You need a damned good reason to even look at subject lines in the inbox (like fixing a bug involving subject line rendering that only appears with a user's specific subject line, for instance), and clicking a message is almost certainly a walk. Like, within the day.
They do take this seriously. I wouldn't call it bullshit. The protections I observed were in place before Snowden, so I imagine it's even more rigorous now.
You're calling bullshit on what, exactly? I'm providing you perspective on the very thing you're hypothesizing about from firsthand experience.
What is your technical solution for operating Gmail without any Googler having the ability to access some aspect of your data? It's email on the Web. Handling that e2e is pretty much intractable, and cleartext or nearly-cleartext with online keys has to exist somewhere even without the Googley things they do to data. I might posit that building a functional service with that requirement would be impossible for the Gmail case and many others (but I'm ready to be proven wrong).
>> They do take this seriously. I wouldn't call it bullshit.
> You're calling bullshit on what, exactly?
really? your firsthand experience is nice, but your ignoring that those methods don't work.
> What is your technical solution for operating Gmail without any Googler having the ability to access some aspect of your data?
They can use any of the current zero-knowledge encryption methods. This isn't anything new and has been around for a long time. There's no need for Google to have those keys.
Encryption isn't a new problem for email, it's already a thing.
what's the use case you are worried about? Tell me a story. Who is accessing your date, for which purpose, when, how much, etc... and explain how Gmail is a bad solution because Google "can read it".
Yes, Google does not offer you protection against the Government. That is a true statement. But that doesn't mean that it's all or none. There are so many privacy rights before "a warrant request". And news flash, unless you are extremely good at securing your own mail server, even then you are not protected against a warrant.
Those checks are not bullshit. Every single security system "can be bypassed".
The use case is pretty obvious by now: people trying to manipulate me (ads), overreaching government intrusion, and invasions of privacy.
I never said that Google just sends everything over to them, but they can come and access my data without me ever knowing, and that's a problem. Just because there are (imo broken) checks in place does nothing to negate that fact.
Those checks are provably bullshit by the previous breaches. If they weren't bullshit, there would never have been breaches.
as I said, government intrusion can't be defended as is. Name one web technology that is government intrusion proof. Fuck that. Name on technology that is so. Air gapping isn't. Granted, air gapping allows you to at least know about it. But that's that.
"invasions of privacy" is not a use case. Give me details. By whom? Your partner? Your coworker? 4chan? Your mayor? Russia? What information are they getting from you? Why? It's very likely that whatever use case you come up with, you are better defended with 2auth gmail than with whatever other solution.
That's a problem with the web. In 15 years, and not counting legal government requests, there were what? 3 cases of email data breaches that were caught? 5? That's your "provably bullshit"? What do you use on your life that has a lower failure rate than this?
> as I said, government intrusion can't be defended as is.
yes it can. zero-knowledge encryption is already a thing.
> Name one web technology that is government intrusion proof.
Apparently the iPhone is. pgp encryption is another one. I'd suggest brushing up on basic security before saying things like that.
> "invasions of privacy" is not a use case.
Why not?
> By whom?
By anyone that I don't authorize. Sure, that could be my partner, coworker, any government authority, etc.
> What information are they getting from you?
Are you serious? If you don't even understand that threat model, then again, I'd suggest looking in basic security models.
> you are better defended with 2auth gmail
2auth gmail is orthogonal to the issue. That's an security method. Currently Google does that but still can grant access to anyone they want. That's a problem that 2auth doesn't address.
> not counting legal government requests
Why not? Why remove a legitimate security issue from the discussion?
> 3 cases of email data breaches that were caught
I have no idea how many have been caught, once again, that's orthogonal to the issue. How many examples doesn't matter. It's that they do have access and can do it whenever they want.
> What do you use on your life that has a lower failure rate than this?
That's a completely illogical argument. "We shouldn't ensure privacy/security because other things in life fail more often" makes no sense.
If you are referring to the San Bernardino phone thingy, the FBI withdrew the request exactly because they did access the phone by themselves. It just cost more money.
> pgp encryption is another one
lol. Isn't there tons of reports claiming that PGP leaks too much metadata? And that the NSA is collecting those? And that there's no reasonable way to use PGP without leaking those (like hidden-sender whatever).
> > "invasions of privacy" is not a use case.
> Why not?
Because I want specifics. Just saying someone "invaded your privacy" doesn't tell me anything. Tell me a full story: entity X did Y to know Z from W. And show me how using gmail made W more unsafe on that case. And what I'm trying to tell you, is that there are two cases:
- legal government related. In which case Google can't (and won't) protect you. It's a fair claim. If you are doing something that the US government wants to know about, don't use gmail. But most things won't protect you from that anyway. Ask Dread Pirate Roberts about it. :)
- non-government related. In which case you are better protected with gmail than most things you can reasonably do. Ask Hillary Clinton. :)
> That's a completely illogical argument. "We shouldn't ensure privacy/security because other things in life fail more often" makes no sense.
Where did I say we shouldn't ensure privacy/security? What I'm refuting is your claim that "it's bullshit because it failed once". Gmail does a better job than most other things. Most things in your life fail more often than that. And most things don't evolve security/privacy wise as well as gmail does.
> the FBI withdrew the request exactly because they did access the phone by themselves
As far as I saw, that was just speculation. Any source on that? I'm inclined to believe it, but if true: why do they want the encryption removed rather than just snooping that data on the sly? It's better if your victims think they are secure.
> lol. Isn't there tons of reports claiming that PGP leaks too much metadata? And that the NSA is collecting those? And that there's no reasonable way to use PGP without leaking those (like hidden-sender whatever).
Possibly. But if so, I haven't seen them. Sources please.
While meta-data is absolutely useful, contents are even more useful. Just because something has one security issue doens't mean that we should give up security altogether.
This isn't anything new. Having access to communication is pretty much the basis for espionage. If you don't see how that applies.... I'm not sure I can help you.
> legal government related. In which case Google can't (and won't) protect you
That's my point. They can protect you, they choose not to. Zero-knowledge encryption is still a thing. Just because Google doesn't use it doesn't mean it's not possible.
> non-government related. In which case you are better protected with gmail than most things you can reasonably do. Ask Hillary Clinton. :)
Only if Google can't access that data. If they can, it's much easier to bypass encryption and just ask Google to hand it over. Google can solve this problem but chooses not to.
> Where did I say we shouldn't ensure privacy/security?
When you say that gmail should be trusted. There are clear privacy/security holes with their model that you are ignoring. That's what this whole discussion is about.
> What I'm refuting is your claim that "it's bullshit because it failed once"
A) It didn't just fail once.
B) Failing just once proves that the system is not secure, and needs to be fixed. Failing multiple times from the same attack vector proves that they aren't taking security/privacy seriously, because they won't fix the root problem.
> Most things in your life fail more often than that
... so? Whether thing A fails more often than thing B has no bearing on whether thing B can and will fail.
I don't understand why seeing an ad is so bad. So a sleazy salesman is more annoying because they are in your way. But if you're going to see ads anyway, I'd rather they be relevant!! Can soemone explain why given that there will be ads either way they actually prefer irrelevant ads?
1. Targeted ads catch my attention better. Frequently I don't even notice or remember irrelevant adds.
2. Targeted ads are almost always, SEOed (if you will) to me; that is, they seem relevant, they offer the solution needed to fix the precise problem I'm discussing in the email chain, I click, I read, I would buy, but I realize that the product offered is nothing like what I've been reading about on the landing page.
3. Targeted adds are much more effective at convincing me to spend money on stuff or services that I could have lived without.
Sure, I should toughen up mentally against ads, but until I do, I protect myself from ads that will manipulate me and one way to do that is to prefer irrelevant ads when I need to see them.
I'm curious how you make a living and whether the business you're in relies on advertising to sustain itself. Perhaps I'm reading too much into your post, but I detect a value judgment that businesses trying to be businesses (i.e., selling you stuff) is a bad thing.
Relevant ad is euphemism for "ad that makes you buy stuff you would happily not own otherwise". Since ads in general work (they make people buy more or different stuff) and you can not objectively evaluate whether you was influenced by ads, it is rational to avoid them.
Practically, once add service knows I am women, it insist on showing me ads for menstruation cups everywhere I browse. I also find juxtaposition of baby accessories and relaxation bullshit on metal, programming or games site mood killing. When they know less about me, I actually get less weird more neutral less crappy ads.
>Relevant ad is euphemism for "ad that makes you buy stuff you would happily not own otherwise". Since ads in general work (they make people buy more or different stuff) and you can not objectively evaluate whether you was influenced by ads, it is rational to avoid them.
Umm - you should avoid getting information because it might influence you to buy things ? There's nothing wrong with what you said, in an ideal world ads would be just that - informing the customer about your product - and influencing their decisions with information. The psychological marketing tricks to make a thing more attractive is also a value add.
Problem is it's easy to be misleading, create disinformation and it can be very profitable - that's what leads to shitty borderline fraudulent ads we have.
Umm - you should avoid getting information because it might influence you to buy things?
UMMMMMMmmmmm - yes?
Obviously?
If you wouldn't let a salesperson barge into your house, interrupt your reading to try and convince you to get discount eye surgery, why would you let that happen in visual form?
in an ideal world ads would be just that - informing the customer about your product
This is not anything like an 'ideal' world. One human has such limited attention, that you could spend every second of your lifetime attending to a different product and do nothing else, and you still wouldn't cover them all. And companies still wouldn't be happy with this ridiculous limit case, they'd still want a greater share of your attention and wallet. You, us, individually, mean nothing except a source of coins.
If we want to mean anything to ourselves, defence against the dark arts is necessary.
The psychological marketing tricks to make a thing more attractive is also a value add.
The psychological marketing tricks to make a thing more attractive is abusive and parasitic. Ideal brains would search for what they need, and buy the most fitting thing. Human brains which can be manipulated are a weakness we all share - and we should all be kind enough not to abuse this fact of each other any more than we have to.
>Ideal brains would search for what they need, and buy the most fitting thing.
That's not really how things work - there are certain things you need to accomplish other things where your reasoning partially applies but even then it's debatable. But then there are things you do for pleasure - and how you value those things can be completely separate from their physical properties.
For example there was a study[1] where they gave people 5 vine samples, a cheap wine with 5$ price tag, same wine with a 45$ price tag, 90$ vine and the same 90$ vine with a 10$ label, and a correctly labeled 35$ vine. They found that reported enjoyment and measured fMRI activity went up with price even for same vine. Plenty of similar studies that show similar effects for branding, etc. So these things actually create value even if they don't physically change the product - you end up enjoying it more and it's purpose is your enjoyment.
I mean most of the high end stuff ends up being blowing smoke up your ass to make you feel good about paying 2-10x markup, even when the quality is superior they bundle the bullshit and inflate the price extra because they know you'll pay.
Ads are not information. They are not factual. Psychological marketing does add at value to me, just like being manipulated in person does not add value to me.
Like I responded below, psychological marketing effects like branding, exclusivity, etc. have been shown to increase peoples enjoyment of products in multiple studies.
Being manipulated can also add measurable value to you. For example if a doctor gave you a sugar pill for some condition and the placebo effect helped you get better - would you say that it added no value just because the sugar pill physically did nothing ?
Ads are an insidious and highly effective form of psychological warfare. They play on human fears, insecurities, neuroses and instinctual weaknesses in order to part people from their hard-earned time and resources.
You might say the ads just bring their attention to needs they didn't know they had. I would say the opposite, that they create needs where there none existed to begin with.
Why try to pretend Google is nice to you?
If their spam filter gathers the most relevant words and keep them stored for admins to look for the sake of tuning or whatever and maybe the admin also works in the ad department, perhaps checking on your email isn't for ad targeting.
You need to give up on your content the day you started using gmail, no matter what the TOS says.
What about people not using gmail but sending email to a gmail users? Those don't gain anything here.
I actually host my own email but every time I send a message to somebody using one of these webmails it gets indexed and monetized.
But I would argue that it's a technical problem first and foremost, email security is mostly a joke. If I need to send sensitive things through emails I can always use PGP to actually protect it, instead of relying on the goodwill of the email provider not to peek into the message. If people really valued their privacy they'd be doing something similar.
But… you don’t really have to use Gmail to use most of Google’s other products, just as you don’t really have to use (actively) Google+ to use other Google products either.
Unfortunately no. You are going to be tracked whereever you go and it has GA. The reason why Google can stop reading your emails is because they have a global network now that can track you better.
But imagine you use an Android phone, for instance. There's a whole bunch of integrated stuff that works well together that wouldn't if you had a Google account and then kept your e-mail somewhere else. It's not really a 1:1 comparison.
This is what ads are. This is what we adblock. This is clickbait, lies, manipulation, visually distracting, space wasting, untrustworthy, barrel scraping garbage.
"Ads inform you about products" in the same way slime mould informs you that your house is too damp. The best individual course of action is not to buy what the mould is selling.
In a perfect world, yes. In the real world ads are about manipulating through every psychological trick in the book to buy shit you don't need. To manipulate you into thinking brand A is better than brand B (both of which you were already aware of). Etc.
That's true in the sense that having no ads at all would be better; but if you're going to be seeing ads either way, why wouldn't you want them to be ads for things relevant to your interests?
Whether you block ads or not is kinda beside the point. It's a little unreasonable to expect Google or anyone else to stop personalizing the ads they're trying to serve you just based on the fact that you're blocking them.
The ads are shown exactly for that reason. If the only ads shown were for products or services or information which the consumer was not interested in, then no one would pay for advertisements in the first place.
Even if I agreed that some ads have benefit, the cost-benefit analysis (with costs including screen space, compute, bandwidth and the malware threat) still looks grim enough to justify adblocking IMO.
"Zen does not confuse spirituality with thinking about God while one is peeling potatoes. Zen spirituality is just to peel the potatoes while being informed about ten local places to purchase God with next-day delivery."
There are many flavors of Buddhism, which one matters here for the point you are making?
EDIT - I am not sure why I am being downvote, I legitimately don't get his point and figured I would for more info rather than just calling him out as a troll or something. Is there something obvious I should know?
Disclaimer: I know nothing of Buddhism, I haven't even read the Wikipedia page
I believe some Buddhism teaches something along the lines of: personal possessions are bad, and freedom is found in not owning anything.
I think OP is saying: advertising goes directly against that line of thinking. It is actually tempting a Buddhist to buy more stuff, thus going against their religion.
The distinction to me is: Are they building and saving some data structure that they've created based on my emails which is designed to target ads towards me, but could be used by some nefarious actor to learn a lot about my life?
The spam filter (hopefully) probably doesn't store that much about me, but an ad targeting bot could be a lot more problematic.
Does the automated nature of the permanent data collection change anything? How about an automated drone with a camera mounted on it that follows you everywhere and records every action, indefinitely, purely automated ofcource, so that an advertising company can helpfully remind you about the awesome great $6 lunch menu when you walk past McBurger at lunchtime, or about picking up some hemorrhoids cream from MediCo because a machine learning algorithm saw you scratch your butt and deduced something.
Depends. Is that drone providing me with some other useful service, or is it following me around entirely without my knowledge or consent?
Gmail provides me with a free email service. They already have the full text of all my emails. If they want to use that data to help decide what ads to serve me, I have no problem with that so long as that data isn't shared with anyone else without my consent.
But your profile is not just linked with Gmail. Its across Google, including any future products. Its a kind of cross-product tying using customer data (which gives them an easy leg-up on new ad-subsidized products) that I would assume attracts anti-trust scrutiny.
I think its fair for you to accept the terms, if you know what you're getting in return. The problem here is that you will never know exactly what information is stored about you, and how personal it is, and you have zero control over it. Also simply by sending YOU an email, I'm also entangled in the data collection scheme.
> The problem here is that you will never know exactly what information is stored about you, and how personal it is, and you have zero control over it.
On the contrary. I know what emails are stored in my inbox just as well as Google does. I can also search through that information and delete it if I so choose, so I do have control over it.
> data isn't shared with anyone else without my consent
Do you have any way of verifying this? I am not accusing google of anything, I just find this to be an interesting level of trust to have with a free online service.
Google is a large, generally reputable company which has very little to gain and everything to lose by sharing my personal information with others in violation of their own privacy policy.
In the absence of any evidence that they _are_ sharing my private information with others, I see no reason not to trust them in this regard.
Really? Good luck suing them if they decide to sell your data. They certainly won't lose much revenue from fleeing customers if they think up a creative new way to monetize your data with "select business partners"; Google (and Facebook et al) spent the last decade entrenching themselves infrastructure for far too many people. They have far too much power and inertia to lose much in the short or medium term.
> trust them
Privacy policies change. Even if Google has good intentions about protecting your data today, you're gambling that those intentions will not change in the future. You don't know who will be hired/fired at Google in the future, nor do you know how the current (or any) management will react should the company have a particularly unfortunate run of bad finances or other troubles. Never-mind that humans often act irrationally for stupid reasons so any prediction about future behavior has to have a huge error bar.
However, that isn't the big problem with trusting Google to not share your pattern-of-life[1] with a 3rd party: you're assuming it will be Google's choice, or that they will even have any de facto influence over the long-term fate of your personal information. Your trust doesn't make Google infallible; the best security teams can only make hacks less likely. Warrants, legislation, and quasi-legal-but-hard-to-ignore orders from governments happen. Prism (and other mass surveillance programs) still exist. Concentrating valuable data at one location makes it more valuable, so the scope of potential threats to your data increases as more data is collected.
The world is not as just[2]. Trusting that your data will magically stay safe at Google forever - or even just the near future - is only possible if you first pretend that Googles security is and always will be perfect, that the programs Snowden/Drake/Binney/etc warned us about never existed, that no current or future Google employee will ever become disgruntled (or crazy), and probably many more potential threats that haven't been invented yet.
> They certainly won't lose much revenue from fleeing customers
I don't think that's true. Sure, they wouldn't be out of business overnight, but depending on how serious this hypothetical breach of trust is, it'd certainly hurt them a lot.
> Warrants, legislation, and quasi-legal-but-hard-to-ignore orders from governments happen
My threat model does not currently include the NSA or the US government. I don't anticipate that changing in the near future, but if it does then you're right; I'll certainly need to stop using Google services. (And probably all cloud services in general.) Or at least "air gap" them from the portions of data I want to keep secret.
> pretend that Googles security is and always will be perfect [...] that no current or future Google employee will ever become disgruntled
While I consider myself to be more security conscious than the average citizen, I _still_ trust Google's security practices (against both internal and external threats) far more than I trust my own. If my data on Google's services gets compromised, I think it's far more likely that it'll be because someone stole my password and 2FA tokens than because somebody hacked Google.
As with anything, I realize there's certainly a security/usability tradeoff to be made. For the moment though I'm quite confident that the extra utility Google provides is worth the risk, at least for my purposes.
The problem is that it's not just your email. If you send an email to a Gmail user, Google is now building a profile on you (or was until this move) as well as your recipient. Did you give explicit consent to Google? Did you sign a EULA or SLA with them allowing this? No, they just did it anyway. Even someone who makes a point to keep themselves off of Google's radar will end up indexed and sold to the highest bidder if they send even one innocent email to a Gmail user.
Building profiles of senders can be necessary, e.g., for detecting spammer accounts.
Also, email is transmitted in plain text. Sending an email is more like shouting to your friends in the street, rather than putting a letter into an envelope mailed to the recipient. Thus, I don't think an explicit consent is needed.
That said, I understand that fair use of such information is a concern.
> Also, email is transmitted in plain text. Sending an email is more like shouting to your friends in the street, rather than putting a letter into an envelope mailed to the recipient. Thus, I don't think an explicit consent is needed.
These days Gmail will transfer your email protected by TLS if possible. Not shouting at all.
Exactly. Google seems to be of two minds about privacy. They want to show that they protect your information from the rest of the world, but they expect 100% knowledge of your information in return, so they can sell it to their advertisers. I get that that's their business model, which is why I dropped them completely in favor of paid services that don't sell my information.
One requires google to build a profile and have the knowledge in order to serve you their advertisements and the other can be done almost entirely client side. The spam filter doesn't need to phone home for anything other than updating the list.
The spam filter is [assumed to be] transient/generalized. While a user may set special tuning parameters to classify what they consider "junk", this probably reveals more about the inadequacy of the spam filter than it does about the user.
On the other hand, a program which analyzes mail to ascertain the tastes, interests, and personal plans of the participants is mining much more sensitive data, and it's compiling/storing it off-site long-term, and it's very specific to the individuals involved.
All of us who've used Gmail know how creepy it can get. Send a couple of mails about marriage and suddenly you start seeing targeted ads about engagement rings or other marriage-related things. Google stores this forever and they'll say "Ah, we know this guy was talking about marriage 10 years ago; traditionally, marriages fail after 5 years, we've detected a tense tone in his mails to his wife, BEEP BOP BOOP, DIVORCE LAWYER AD IS RELEVANT".
This inference is not only dubious (ethically and technically), but anyone observing your browsing while you're logged in will see these ads and may assume that you're seeing those ads because you've been searching for information on divorce, not because Google's inference is overzealous, although it may very well be. Search and replace with anything else: new credit cards/bankruptcy lawyers, research on a medical condition/ads for related medicines, etc.; the potential for creepy inference is endless, not to mention the concrete surveillance value provided to literal spies (via PRISM), nor the risk of compromise/abuse outside of the ad space. They don't have to get and process your entire mail archive; they just have to draw their inferences from Google's own inferences in your compiled taste/interest profile.
That's much more serious than a throwaway analysis of whether a mail contains spammy properties or not.
> Google stores this forever and they'll say "Ah, we know this guy was talking about marriage 10 years ago; traditionally, marriages fail after 5 years, we've detected a tense tone in his mails to his wife, BEEP BOP BOOP, DIVORCE LAWYER AD IS RELEVANT".
Have you actually seen anything like this? In my experience the ad targeting seems like extremely shallow keyword analysis.
This gets to the heart of how divisions inside a company justify their budget and where human self-preservation kicks in. For e.g. A lawyer inside the company HAS to be on the lookout for supposed infringements of IP or situations where their "expertise" is required.
The idea is that once you have any apparatus in place, and funds allocated to the maintenance/operation there of, you will find that people come up with creative ways to use that apparatus to either cement their position in the company or to improve career prospects. This applies to lots of domains, the obvious one being the government. Once you have a drone program, you'll find that someone somewhere WILL find a way to justify its usefulness.
My main problem with data collection is the permanent nature of it, where someone somewhere at some point in time, possibly when the computational costs become feasible, will come up with a seemingly innocuous use of the data that will spiral out of control. Also, is Google hack-proof? Judging by the lawsuits around the self-driving division, apparently its trivial to steal data if you're on the inside.
Of course its trivial to steal data if you're on the inside. Snowden could copy classified docs onto a USB stick and smuggle them out of a fucking NSA office. If I were to plug in a USB drive at work, no one would bat an eye. They'd probably think it's for Time Machine.
It really depends on where you work. I know of a little company in the Cupertino area where such data theft would be nearly impossible and yet other companies, engineers have full access to production databases.
That's a hypothetical example, and it would of course be impossible to know what specific piece of data led Google to present a specific ad, and whether they're involving an analysis of how historical interests relate to current interests. Whether Google actively engages in such analysis now or not, they easily could.
I personally use AdBlock so I don't see Google ads very often, but I have been creeped out by ads in the past, and I have had Google infer interests in changes to relationship status based on mail content (e.g., offering engagement rings).
I believe they have manual filters to try to stop inferences that are too offensive from being made (e.g. suggesting a divorce), but those, of course, can never be perfect, and it doesn't mean they aren't making the inference or maintaining the data necessary to do so; it just means that they are blocking it from showing up.
I'm not really saying this is either good or bad. The question was why people care less about reading emails to filter for spam than they care about people reading emails to develop a consumer's ad profile. These are some reasons why.
I cannot recall where, but I remember reading about this. Based on associated products women buy occasionally they will sometimes get coupons for things like diapers and baby formula while they are pregnant before they know. My guess is that anytime a woman changes her shopping habits the marketers send some stuff her way because even a miss ratio of 90% could still be profitable.
It isn't always accurate, I know a girl that is very not pregnant but gets these things anyway. She babysits occasionally and I suspect that combined with her Baker's card and Walgreen's card give the mass marketing gurus all the information they need to know that she sometimes cares for kids.
A frightening theory: it doesn't need to read your email anymore. It has read 10 years worth of your mail, and trained such an accurate model, that any more training data don't make much of a difference.
NSA doing it is a lot worse. There is no transparency on what they do. I get no benefits in return for sharing my data. They have license to do all kinds of nasty things to me, that Google would have to go through a court for. From blocking my flights to making me disappear at night.
No benefits? That’s bit like saying that security screenings at airports offer no benefit to anyone. While security screenings are inefficient and could be improved, that doesn’t mean they offer zero benefit.
Also what’s the likelihood of the NSA blocking your flight or making you disappear in the night? You probably should fear crossing the street more in terms of statistical likelihood of harm.
I get the privacy/freedom arguments however the hyperbole around this stuff is getting ridiculous as the fears are badly supported by actual data and statistical significance.
More people drowned in swimming pools last year than were “disappeared” by the NSA but there seems little hysteria around swimming pools. I pretty sure most of us don’t know a single person on a no-fly list.
Some high levels of paranoia around here it seems.
Corporations didn't murder a hundred million of their own customers in the last century alone. It takes a government to do that. Consequently, governments have to be held to higher standards, not lower ones.
Yes, they did. Probably just tobacco companies alone.
A response as silly as it was predictable. Show me a Gulag Archipelago written about the tobacco industry and we'll have some grounds for further discussion.
Since corporations are creatures of government, that's true by definition of everything corporations do.
At some point, you'll come to understand that not every debate can be reduced to an exercise in moral relativism and dismissed with a flourish of false equivalence.
That works well enough on HN, as seen in the moderation in this thread, but not in real life.
In the US a service provider is allowed to violate all manners of privacy for the express limitation of ensuring maintenance and system health. Spam blocking would qualify as maintenance, but advertising would not. I suspect Google violates all manners of privacy in an automated way for all manners of reasons and qualifies such in their terms and conditions.
I very recently switched to fastmail and couldn't be happier. For $90 a year, I don't have to deal with people snooping and tracking me around for ads. I know google is trying to give me value with all their facial recognition and recommendations, but I don't think it is going to end well. When it does end badly, it will be too late for the user because we would've given up all the data. I don't want Google to build models to track my toddler's face when he isn't even capable of consenting to such tracking.
We are using fastmail as well, and it is great. They have a solution for every weird mail-problem we tried to solve, i.e.
shared inbox folders, shared calendars and integration with "dump" client applications.
For example your username might differ in order to access a shared calendar.
Also you can generate application passwords for an account. So you can create an SMTP-only application password for your fastmail account.
Oh. And personally I am using mailbox.org which is also nice but a little bit cheaper. And the feature-set is still great, but limited compared to FastMail. Also the webui in mailbox.org is slower than for fastmail.
I'd recommend Posteo [1] and Mailbox [2] to people mainly for the costs. They're cheap and are a lot more flexible in pricing as your needs grow.
Fastmail becomes terribly expensive once you realize you need multiple accounts (not just aliases) for different people in the family. At least for me, paying a few hundred dollars on Fastmail (or anywhere else) for email is really way too expensive. I've also written to Fastmail asking for flexible pricing options, but they responded that they're not even considering any changes on pricing/flexibility for the near future.
Edit: If one doesn't need custom domains and office suites, I'd recommend only Posteo! That company is way ahead of others in being better for all humans (read on their website about all the things they do).
one nice thing about mailbox.org is that you can have them encrypt incoming email with PGP. Allows you to use IMAP and get protonmail/tutanote-esque security... I really like it :)
ProtonMail does not yet have IMAP support (it's in beta after more than two years of requests). So if you ever get tired of ProtonMail and want to move to some other provider, your only option is to save each mail or print it out - one by one. There is no bulk mail export option. Unless one is super confident of staying happy with ProtonMail for at least a year or two (by when I expect IMAP to be publicly available on the platform), I'd stay away from it for any serious use.
Leaving this aside, other factors do favor ProtonMail. The people who run it seem to have their minds and hearts in the right place as far as privacy is concerned.
I'd really love to support ProtonMail but one thing I can't swallow is that there's no server-side search of email bodies (only to/from & subject) because it's encrypted. This kills the possibility of searching through years of newsletters & stuff :/
I emailed them (Proton) on few occasions with important questions and never got a single response. That alone turned me off. Will go with Fastmail very soon moving my yahoo since Verizon bought them.
I have a problem with price. $90 for about 20 personal emails per year and a bunch of useful newsletters?
Is there a $10 hosted mail that sends and receives reliably and doesn't sell my personal data on top of subscription (like AV companies)?
The support is first rate. I've seen their developers on Github helping to track down a synchronisation problem that could have either been with the open source tool, or Fastmail.
Turns out it was a Fastmail bug, and they promptly fixed it.
My recommendations for cheaper, more flexible and privacy respecting services are Posteo (no custom domains) and Mailbox (allows custom domains). See my comment above at https://news.ycombinator.com/item?id=14624624
Something to bear in mind: when you use one spam filter for a while, it learns the sort of spam you get and will do a better job. When you switch to a new provider with a new spam filter, you have to train the new spam filter before it can be as good as the provider you left. (FastMail enables personal spam filters for improved results when it gets to 200 spam and 200 non-spam messages.)
Some find FastMail’s spam filtering better than Gmail’s, some worse.
I had that problem, and fixed it by doing these four things:
* Train the built in Bayesian filter fully
* Setup SPF
* Setup DKIM
* Point MX records at Fastmail directly (rather than forwarding via some other service)
More of a pain than GMail which often "just works", but still relatively simple to setup. I suspect ultimately more robust than using mail forwarding on consumer GMail (the rules of which constantly change and it gets less powerful, if you don't buy GSuite and point your whole domain at it).
$5/month and an afternoon to set up unlimited email accounts on unlimited domains on one server. There are a few scripts/services out there that limit the pain.
$90 is the most expensive plan. Their basic plan start from $30 or $3 a month. I'll downgrade to a cheaper plan in the future, but $90 a year for something I use on a daily basis does not seem excessive to me. That is about ¢25 a day.
how are you sure that fastmail is secure and they aren't using ur data to build models ? because there is an annual subscription or they advertise it so ?
"Incoming messages are scanned for the purpose of spam detection unless you disable spam protection for your account... To make message searching fast, we build an index of your messages (this is a table, just like you would find at the back of a reference book, in which you can look up a word to quickly find the emails in which it appears).
No information from any of these activities is used for any other purpose, or to compile any kind of profile on our users."
Is it generally possible to reconstruct email(=text) with indicies if they are stolen/hacked ?
Although Im not questioning fastmail ability to provide secured email service. Yet I cannot help think why I would rely on a small player for email. I would ask what is the probability of fastmail service getting hacked say compared to gmail.
(Somebody has right pointed out that ) Ad relevance to your email is not same as reading - thinking in same vein should also lead us to believe even (spam) classification can be termed as reading.
> I cannot help think why would I rely on a small player for email.
If Fastmail were, say, 1% of Google size, it would still be #2, which is a pretty good ranking on any market. And if you don't lose features by switching to the #2, please do it, for the sake of competition – Give freedom a chance.
I'm using Fastmail for my 3-ppl business. We lack no feature, we get used to it, we pay them (cheap), we don't leak our source code to GitHub and other browsing habits or contacts to Google Analytics/G+, it's just good management of the company information. We are the annoying guys who can't click "Connect with Facebook" nor "Connect with G+" and that makes providers keep the login/pw auth. Plus it funds a company so you might still have a choice in 5 years. And we show VCs that writing "privacy" on commercial documents yields customers.
I'm a security person, and I've found vulnerabilities in both fastmail and various core google services (although not gmail).
Fastmail and gmail both have mature bug bounty programs, which mean they will pay out cash to anyone who finds and reports a way to hack them: https://www.fastmail.com/about/bugbounty.html
This shows that they are willing to put money behind their claims to security and probably puts them in the top few % of difficult to hack websites above eg windows live mail.
Also, it's a mistake to think a company will be more secure because it's larger. If anything, I'd say it's the opposite; large companies tend to have complex websites with vastly more attack surface.
Of course, every email provider is vulnerable to certain governments.
I can talk about myself and the reason I think Gmail is not working for me.
I'm less worried about the security part of the email and more about the tracking aspect. I don't need encrypted emails, however I don't want someone gleaning information from my emails and using it for selling me stuff and generally profiling. All my Amazon order confirmation used to go to Gmail and they would most definitely read it. I know this because they use it to show me status of the deliveries. It is not unrealistic to think Google will also use this data to build patterns around my buying habits and things I use etc. That does not make me feel comfortable. Amazon already know that because I shop there, I don't want Google also knowing that.
My opinion is tracking, ads are all fine on the primary website, but if you follow me around the web, tracking my every move, I'll stop using such services and try my best to prevent the tracking.
So this never really bugged me. It is a damn good free service. I also love how it picks up on plane tickets, hotel reservations, etc and puts them in the calendar. Makes life simpler.
If ad companies fix something please fix the I searched for something and bought it but I get adds for it for the next 4 weeks. That bugs me.
At that point, it's on the advertiser. It's a weird dynamic where they want to enable the advertiser to factor that in and not advertise to you, but they want to maximize rev and imperfect advertisers increases rev.
I have one for myself, and one for my wife, and find the $120/year a hefty price to pay for...email. It doesn't even include the registration of my personal domain, and it doesn't include web hosting. Google Apps is pretty nice, and it feels good to be paying for the product instead of being the product - though I am skeptical that my $10/month would let me talk to a human if something went wrong.
I'm considering moving; Rackspace has pretty good hosted email for $2/user/month. We use it at work - webmail is acceptable though nothing to write home about, and their IMAP implementation is solid so you can just use a client.
But you pay $480/year for 8 email addresses? Ouch.
> I am skeptical that my $10/month would let me talk to a human if something went wrong.
I have received exceptional support over the years, including them calling me twice when I reported an issue. My account is worth $5/month and I live in Fiji.
It says it's exempt from ads in this specific context, but is it actually free of their data mining? If they still use the data to track and push whatever they're selling you in other contexts, the presence of the ads themselves is an ancillary concern.
> Google Cloud does not scan your data or email in G Suite Services for advertising purposes. Our automated systems scan and index your data to provide you with your services and to protect your data, such as to perform spam and malware detection, to sort email for features like Priority Inbox and to return fast, powerful search results when users search for information in their accounts. The situation is different for our free offerings and the consumer space.
Right, I read it. But it's still not actually clear to me whether they are ceasing ALL mining of email data for business accounts, or are just not funneling it to a specific set of ad programs. To me, at least, that seems an important point of clarification.
They're not ceasing it for business accounts, they've never done it for business accounts. The article is about free Gmail accounts.
If you look at the terms for G Suite (the paid business product), that is a top selling point. Businesses who pay for G Suite don't want Google using their data for anything, and Google complies.
Edit: in response to comment below, here are the main docs describing, including the Data Processing Amendment:
I'm really not trying to be pedantic, but that's not what the article says. It says that Google never data-mined business accounts to serve ads, not that they never data-mine business accounts under any circumstances. If that's true, and you can point to marketing or a service agreement that outlines these terms, I'd be happy to know and will gladly buy a paid account.
EDIT:
I think these are the terms and I don't seem to see this guarantee, but IANAL
Essentially, scanning the data for anything unrelated to providing the service itself. I know this is a little murky with their suite, but if the data is being used in a way elsewhere (e.g. to train models for other services or collecting data in expectation that it could be useful to a Google app I haven't signed on with), that should be made explicit
This hardly frees you from Google's data gathering. They will have records of your IP address used to collect the emails and your access history, so they know (roughly) where you live, what times of day you are active, and can probably infer stuff like when you are on holiday. If you are in the same house as someone else, they probably use Google too and the shared IP address lets Google tie the two identities together. So they get to discover your relationships too.
So will any host. When you are paying for it though, the terms of service clearly define what is collected and what it's used for, and you can choose to enable or disable that type of data matching
<rant>
Slightly off topic: I was very annoyed that this article didn't provide any links to Google's official statement/declaration about this change and when it's coming. Even if Bloomberg interviewed Diane Green for this article or asked questions and got official statements, it could've still provided an official link for the change.
</rant>
I should probably get fitted for a tinfoil hat because my immediate reaction was, "Oh shit! They must've developed something now that tracks you better and is less obvious."
My educated guess would be that given the proliferation of services offered by Google, it indeed has many more sources of information on each individual, and having email as one of them perhaps proves less beneficial today as it did when Gmail was first introduced. Now there is the Android OS which gives information about apps you use, locations, activities, and online searches, map queries, bookmarks, sentiments via G+, etc. So, it can disable auto-scanning of emails perhaps as a PR move (or, should I hope it is going to eventually evolve its email service to include encrypting emails, and this is one step in that direction??).
The article explains it plainly: they weren't getting the message to business people that Gmail on Google Apps isn't scanned despite free Gmail being, so they stopped scanning Gmail altogether.
Didn't they also get caught a couple of times scanning the email despite saying they weren't? I know there was a lawsuit alleging that they scanned the email of many university students after saying they wouldn't [0], which I think was settled for high 3 or low 4 figures per person, although I'm not sure (and wasn't a participant).
Note that this is not what the article says. It says that they stopped scanning Gmail for ads, but does not say they stopped scanning email for non-ad purposes.
To be more accurate the article says they stopped scanning for ads that appear inside gmail. Whether they still scan emails in the free gmail for use outside gmail is unknown, but I may be being pedantic...
(disclosure, I work on gmail, although nothing related to ads)
I can't find a citation, but I'm fairly confident that that's never been the case. Ad targeting from emails has always been siloed to within gmail. To quote the post:
>Consumer Gmail content will not be used or scanned for any ads personalization after this change.
I agree - I read the article. But having many sources to feed the ads probably made the decision to announce universally that emails are no longer going to be scanned easier to do in the first place.
Yep, I agree. Email is not really a good channel for analysis anyway since it has a very high signal-to-noise ratio. A lot of kids who've grown up in the texting era think that email is for old fogies and rely solely on shorter-form messages via Snapchat, Facebook, Instagram, and/or SMS, so their emails are almost pure noise and no conversational content.
Google's new problem is "How do we get access to the contents of these new communication channels so we can continue to read peoples' conversations?". Those new channels are walled gardens and you can't just create a new email client and say "Switch to GInsta for your Instagrams! We give you 2GB of storage!" Unlike the switch to Gmail, the switch to GInsta would represent a hard barrier to the "true" Instagram network.
Google is becoming the new MS; losing relevance with the younger crowd who are all about "social" platforms, and becoming more and more an enterprise sales model. What happens when Facebook goes after web search?
It's also prob not the best source of features (in a ML sense) for choosing ads.
When you read an email, your intent is either to understand what the sender is asking you (new email), or get the info you asked for (response to your email).
In the majority of cases a contextual ad is 1. pretty weird, 2. pretty against your primary intent.
Might as well showing you ads related to your recent browsing history, imo.
I see it as an opportunity to use ML to improve targeting. Ad clicks could be used as the training data since users are less likely to click on non-relevant or inappropriate ads. This would help with avoiding inappropriate keywords, e.g. death in the family.
" But instead of scanning a user’s email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube. "
Actually, you can buy some paint that blocks all RF signals. It's absurdly expensive but quite effective. There aren't many ways to get signals out of a room painted with the stuff.
If you're thinking "Why not just build a faraday cage?" then you're thinking the right thing.
Actually RF shielding paint is very poor. Manufacturers advertise them with "99.5 %" or so, which equates a measly 20 dB. Additionally, correctly applying these is quite difficult, and incorrect application greatly diminishes the shielding. (You also need to cover everything, including ceiling and floor, not just the walls). Even when correctly applied, the attenuation is so weak, a cell phone will still work. Shielded facilities are built differently and are far more expensive than shielding paint.
RF dead chambers are bloody expensive for a reason: you can't emulate them by pasting some paint on a wall.
One of my first jobs was building shielded boxes for a sensitive RF measurement setup. Containing the RF output from something like a laptop is hard. I lined the inside of the boxes with copper beryllium mesh (attached with glue, since nails become little antennas), soldered all the joints to ensure electrical continuity, and put a copper beryllium gasket all around the lid to make sure there was continuity when the box was closed.
If you need continuous use, two rooms. One that acts as an "airlock" with an outer door that is open only when the door to the other room is closed. Battery operated fans and lights used as necessary.
Note that the "inner room" might be as small as a ammo crate depending on your use case.
I've always thought that would be cool, then just have a fiber connection for communications and either air gap your main power or provide your own via solar and wind.
It's fun, isn't it? It's one of those things that costs way too much to be practical but you can't help but try to think of ways to get the cost down. Mini-SpaceX in a useless domain.
Ermmm we used the copper nanotube paint once on an office and, well, it sucked. Bad. Cell phones only worked in this small corner of the office, and wifi was chaotic. Something about signals can't get in, but they also can't get out, so they collide ...
I have one of those and it's kind of a PITA. I actually didn't realize it blocked RF until after I bought it. It's annoying because I can't just tap my wallet on the MUNI gates or the card reader at work, I have to open up the damn thing and press the edge of the card poking out of the card holder against it and hope it works (sometimes it does, sometimes I have to pull out the card).
I probably just have too much junk in my wallet, but I can't ever just tap the wallet against an NFC reader anyway. It either doesn't read anything or it reads one of the other low-power NFC cards contained (I think I have 3-4). For quick access to a single card maybe you can get a lanyard or one of those retracty thingies people wear around their belt loops?
Well, if I was doing security at your company, I'd probably want employee credentials to be visible at all times, which would also happen to take care of your problem.
Employee credentials should not be visible when the employee isn't inside a secured area. If you work at a site with a Security Officer, try inviting them out to lunch and not hiding your credentials. See if they care.
Then my very next thought is, "Who is going to notice my house-sized faraday cage, who are they going to tell, and what are those people going to do in turn?"
If Howard had known of this paint, then he wouldn't have had to put Mylar all over his house and look like a kook! Jimmy wouldn't have had to do so much to help him out... maybe he'd still be alive!
Definitely, they probably realize they get better targeting by using demographic metrics like Facebook does - age, wealth, gender, interests, likes, etc - than they do by scanning email contents for keywords.
Exactly. From the article: "But instead of scanning a user’s email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube."
Perhaps you should ;) Google is a corporation, my immediate reaction was "They must've developed something more profitable" - and they have, they're continuing to compete with MS/AWS for business customers.
The smartest reaction I've read so far. But if you learn to know the Director of Cloud, miss Greene, it gets less scary. She believes in a eat-or-be-eaten world as we live in today, an argument like energy friendly data centers would still be a thing. She might've just done it because it's the right thing to do.
We must keep an open eye though for the moment when she gets fired and replaced by a shark, like when she got fired from VMWare.
"They have such a strong baseline of the predilections of their users, and by association with those they regularly communicate - by their overlapping interests and behaviors, googles ad dossier on any given user is complete enough to no longer read the drivel one sends to another to predict your future choices.
That or they will have someone else read the emails for them... like the NSA. Also, all "cloud" emails older than 6 months don't require a warrant to be obtained [1].
This most likely is a pragmatic financial decision. Contextual advertising is generating a lower CPM than data/person based advertising.
Said differently the relevance that can be extracted from your specific email is less than the cumulative knowledge that Google has about you from other sources.
Gmail ads were no just contextual. Advertisers were able to target people who received email from a particular domain. Can you imagine the power of being able to target customers of a competitor that has been developing their customer relationships for years?
This is 100% conjecture, but I wouldn't be surprised if it was this domain targeting (which is what many advertisers were using) that was the thing that Google's big clients were complaining about.
But couldn't the contextual email data be used to supplement the global personal data google already has on you? I don't understand why they would willingly forgo this data.
This seems like one of those decisions that is a net negative for functionality in favor of quelling some misguided privacy concerns. Hopefully this doesn't lessen the quality of ads by much.
I've often wondered why nobody brings this up more.
If you're going to see ads for things, why on earth wouldn't you want them to try to better target you? The whole point is for you to find out about things that might be useful for you.
Why would I want less of the useful things? Why would I want worse advertising?
I think some people make the assumption they are targeted for products that might be beneficial for them. But why would that mostly be the case ? Someone with an online shopping problem would be a perfect target for a flurry of ads, and getting better targeted ads would just be screwing that person more and more.
Even in a saner scenario, the most informative ad you can imagine will still isolate you from the information you would have got by doing your own research. But since you have most of the information you wanted to have, you won't bother checking that much more.
IMO even in the best case scenario, helping people to be lazy on things they are interested in is counterproductive in the long term.
I think the question is what is advertising. Is it a service that educates or is it an intrusion that attempts to sell things? Is it both things?
Why do some people dislike advertising? Is it only that they are unmatched? Are there other reasons. If you wish to find an answer to your wondering, wonder on those issues.
I remember there was a recent paper that dealt with this, too, but I can't find it right now. But it basically demolished this argument that it's impossible to stop spam if the email is encrypted.
That blog post doesn't actually say anything about how they do spam filtering on encrypted emails. Everything they talk about is bog-standard spam filtering, including comparing against known spam and Bayesian filtering, both of which are impossible to do on encrypted emails. It's not clear if they're doing reputation analysis, which is the other big anti-spam measure impossible on encrypted email (I suspect it's the main component of their "we're not telling you what we're doing"). The SPF/DKIM/DMARC and blacklist checks are the only things you can reliably do on encrypted email.
They do say "In future blog posts, we will cover the challenges of preventing ProtonMail from being used by spammers and the challenges of doing spam filtering with end-to-end encrypted emails which we cannot read", but I can't find any such blog posts.
Encrypting email to a single recipient is (a weak) proof of work.
There's a big difference between sending 10k copies of a plaintext email, and retrieving a public key and encrypting to 10k recipients - not to mention that filtering out all non signed/not-signed-by-trusted-key should be a decent start for a whitelist/greylist.
I'd be curious if anyone ever got gpg-encrypted spam?
Another approach would be to have to pay the equivalent of USD 5-10 cents in some email crypto currency in order to allow an unknown sender to put their email on my inbox. If I reply or add the sender to my whitelist the fee is automatically refunded to the original sender and future messages between both parties would won't require a transaction fee any longer.
It can probabky be done if you're using a email client. Webapp (like gmail)? Probably not feasible because of how much data you need to download every time.
To be fair, your “basic privacy rights” have nothing to do with this, it's about simplifying Google's efforts to sell services (which weren't actually effected by this anyway, but perception is a different thing than reality) to enterprise customers.
As the founder and CTO of Blekko search engine, one would imagine that you would be familiar with Google's personalized advertising policies: https://support.google.com/adwordspolicy/answer/143465?hl=en (Found through a quick Google search)
Interesting - as an advertiser I generally recommend using the email address "sent from" as your main source of targeting but combining that with specific keywords within the gmail campaign can be super helpful at finding people at the exact right time.
Good for them. Though it goes without saying email is insecure. If enterprise clients dislike an algorithm scanning their email contents, maybe they should also consider that email generally has unencrypted transit and storage.
It basically means that they already track so much information about you that they don't need to monitor the contents of your email anymore.
Now Google knows:
- all your searches (know your interests),
- a great percentage of the pages you visit (ads and analytics)
- all your contacts and how frequently you connect to them (metadata in gmail)
- the places you visit (geolocation in Android)
- Google logins (know the sites that interest you the most)
I wonder if Google will be pushing end-to-end email encryption? They have already had some experiments on it.
They have the majority browser, they have the lions share of email hosting. It they played their cards right, they could claim the entire email ecosystem, except for the small portion who won't use Google products on principle. The questions would be would 3rd party clients be allowed, and how would Apple fight it.
Or maybe this is all just a smoke screen to sucker dumb corps. In the existing architecture, your emails still need to be scanned so they can be indexed for search. You could get the same result scanning these indexes as scanning the emails themselves, so from a privacy perspective it could be a non-event.
You seem to comment frequently here on HN where I consider most users to be above average in the level of intelligent replies so your trolling seems quite out of place.
But will they stop using Hangouts IM content for customer segmentation? I probably say much more relevant things in Hangouts (from a marketing perspective) than in email.
I think I've become jaded because I just don't believe it. It's like Google Home. A wonderful device but when I heard it may start listening to everything I say... I just figured yeah, that should be expected. So now I just expect Google to read, listen, and analyze everything I do with their products.
Maybe I don't understand google home because I don't have one, but to be able to detect whatever keywords cause it to listen to you doesn't it have to listen to everything you say?
I feel like any device that has a microphone is suspect if you want total privacy, but listening to what you say seems like an integral part of the device. You can only hope (and independently verify) that they don't store everything you say.
It's my understanding that there's a low power, always-on service listening for stuff like "Alexa"/"OK Google", and only when it hears a keyword does it start "listening" and sending data back for parsing/processing.
I could be wrong and/or they could be lying about how the product really works. Could probably monitor your network traffic if you really wanted to find out.
They use basic detection to listen for keywords locally, and only if they keyword is triggered will they start sending data to their servers (which has significantly more powerful language parsing logic).
I wonder what the conversion rates on these within-client ads are. I know I've never opened any no matter how well-targeted or 'interesting' the ads were, because the immediate response is to just want to sweep the inbox clean.
Even though it never really bothered me because Apple Mail does not pull anything but the actual email message from Gmail, so I never see them, I still would like G to stop scanning anything personal. Period.
In addition, I suspect, given that every time you walk into a Starbucks your phone is probably connecting to the network "Google Starbucks", that they probably know how you feel about coffee.
Actually I'd prefer they did so they can optimize their cash flow and my targeted ads so I can continue using their free product and all it's nice features without any compromise.
If they're not using it for ads, there's a good chance that it's in Google's best interest to not know the contents of people's email. It lessens the impact of a potential breach, and it greatly simplifies their responses to gov't requests to 'we have no method to access this data, you must contact the account holder directly'.
How do you know? That's the problem with closed source software, and software that runs in someone else's computer. You have no idea what it does. You aren't in control. Someone else is deciding what code runs on your computer. That's a problem.
Cue discussion of how with open source you don't really know either, since nobody can read and find out all the backdoors in the source of the whole system.
Big companies can't hide this stuff forever, you can eventually figure out, it is just better business-wise for them to just state they read your emails for ads, it can cost them a lot if they don't, plus most people don't really care.
A few weeks ago a friend and I were talking exclusively through WhatsApp about a trip to London(in Portuguese with our very unusual jargon), I didn't do any search for anything related it was all within our conversation, a couple days later Facebook had a post on my timeline saying: "heading to London? Check what your friends did there".
I don't remember reading anywhere that WhatsApp reads your conversations for ads, but it was clear to me that's where they got the information, it was spooky at first.
WhatsApp doesn't read your conversations for ads because it can't. Message content is end-to-end encrypted. You must have leaked your plans through some other medium inadvertently.
This is called retargeting and is even worse from a privacy perspective: now your data is going through multiple layers of ad buying tools, analytics, ad exchanges, aggregators, ad networks, etc.: http://2bd2y2367xnj3kpntjsifzmf-wpengine.netdna-ssl.com/wp-c...
That is actually an interesting argument, that they don't lie about this because if it ever came out they would be in deep shit.
Speaking of which, I had a similarly creepy moment just yesterday. I was watching an episode of the Simpsons, and wanted to Google the Bart blackboard gag in the intro because I didn't get it. Just I type the first word and it immediately suggested the rest. Very creepy because I wasn't watching through any Google service (on an Android phone though).
Except web-based (or "cloud" now I guess) services like gmail are not running on your computers (apart from the javascript, but you can see that so you should be happy).
In this case it is google's code running on google's computers.
> In this case it is google's code running on google's computers.
Which is mostly based on Free Software, starting with GNU/Linux. The Affero General Public License is intended to disallow this loophole of "it is only running on our servers, hence we are technically not distributing it, so we do not have to release the code": https://www.gnu.org/licenses/agpl-3.0.html
How do you know they were ever reading your email to begin with? Maybe they were never reading your email and this is just a publicity stunt to backtrack on an unpopular decision that they never actually made.
I'd argue it's extremely naive to not have that world-view. Especially given all the evidence of closed-source software doing things like this in the past.
It was interesting (but I suppose a random bit) that after reading this article a new email showed up in my gmail inbox that was spam. I wonder if this isn't the first move in a plan to create a 'pay' gmail service for individuals.
HAL: Ads will continue to appear inside the free version of Gmail, as promoted messages. But instead of scanning a user’s email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube.
Quite obviously Google feels their profiling of users from other sources is good enough that they can afford to throw them a bone - not to mention save themselves a bit of effort since they will no longer need to maintain two systems for GMail.
Does that mean that Google now has no more use for Gmail, and soon millions of people will be scrambling to cover yet another product sunset?
That would certainly cause an enormous loss of goodwill, but.... imagine this scenario:
Google has some slow growth quarters, they need to keep the numbers up for shareholders. They start to examine what they can squeeze. Gmail costs them X (hundreds?) millions per year, but doesn't gain much from it...
Certainly its unlikely, as it is also a SSO tool, etc. Still....
I significantly doubt it. It's ubiquitous internally. It's a major selling point of GSuite. It'll likely remain one of Google's biggest ad-serving faces outside of Search.
They may get rid of one of their applications (gmail OR inbox), but I doubt they'd get rid of the entire platform. They'd lose more revenue than they'd recover.
So much for the argument "how else is Google going to make money if it isn't reading your emails?!"
Companies can make money without tracking you 24/7 and reading all of your private content. They just choose not to, because it's easier, and then spread the propaganda that those things are "needed" to stay in business.
Google will stop reading my emails for Gmail ads because I will stop using Gmail. It's kind of a sad story, because they are the good guys, but once they built a huge company they started to focus on maintaining it, possibly at any cost. This is a cautionary tale: power corrupts. You, me, everyone. And yes, the web will produce dictators we never imagined possible, because the Internet is so powerful it will enable them.
I also think this power is symmetric in who it enables. Unlike land ownership or TV broadcasting entry isn't expensive and the needed tools can easily be smuggled. Anyone can easily gain immensely from this free-flowing font of knowledge and communication.
A potential dictator must take great pains to use gain that huge power in the Internet era and I think you are right that we will see some insanely powerful dictators. However, I think we see fewer than in previous eras though.
I think there is some interesting middle ground where you could use machine learning to go from 'show only relevant ads' to 'show only ads you might actually click on with greater than .001 probability'. I guess this is like 'extreme' outlier detection but it'd be interesting to see what revenue the ads at the 'long tail' of likelihood generate anyway. My guess the bulk of it is from the standard high CPC stuff like Mortages and Insurance. Google says it does this but i'm not too sure - I've never intentionally clicked an adword and yet they're still shown to me.
Anyway this may solve the tragedy of the commons situation we're in now and allow us to move away from the technology war of ad blockers, ad blocker blockers, ad blocker blocker blockers, etc.
edit: removed comment on clarity of Gsuite vs Free due to downvote brigade.
> Paying Gmail users never received the email-scanning ads like the free version of the program, but some business customers were confused by the distinction and its privacy implications, said Diane Greene, Google’s senior vice president of cloud.
Google doesn't read e-mails from GSuite. So the change is to stop reading from Gmail's free accounts.
Seems pretty clear to me. GSuite never had email scanning.
>Alphabet Inc.’s Google Cloud sells a package of office software, called G Suite, that competes with market leader Microsoft Corp. Paying Gmail users never received the email-scanning ads like the free version of the program, but some business customers were confused by the distinction and its privacy implications, said Diane Greene, Google’s senior vice president of cloud. “What we’re going to do is make it unambiguous,” she said.
I'm fine to let them scan my emails for spam filter, yet they use it as an excuse to justify their data collection and other things they do with my data, which is unacceptable for me. How would I know if they are going to do things against my interests one day? Ads targeting is already against mine.
I used to see Google as a stalker. How naive I was. There are billions of people being stalked, exploited, and the whole process is automated. It comes to me that users are not victims of stalking, they are lab rats.
Now Google stopped reading emails for ads, but they'll still read for other purposes, which still makes me as a user feel insecure. I value my privacy, I have my dignity, I shouldn't be a lab rat that they can just observe however they want only because they provide free cheese.
Even if I start using a paid account to stop them from reading my emails (assume paid account with better privacy protection is possible), I couldn't stop them from reading others'. Stopping the data collection of one user won't change the situation, they still have other lab rats' data they could collect and analyze, which enables them to learn or predict other rats' behaviors.
The worst thing is, Google is not the only company doing this right now. Surveillance technologies are developing, it's like every data company has grown their teeth and become more thirsty for blood.
https://www.reuters.com/article/us-eu-privacy-idUSKBN14U1FL https://www.theguardian.com/technology/2017/jan/10/whatsapp-... http://www.kemplittle.com/site/articles/kl_bytes/the-draft-e...