That "algorithm" is a guy in their office. He reads your email. He searches it for common keywords, uses some regexes, but ultimately reads your email, then copies bits out into the system.
I'm all for bootstrapping with things that don't scale, but this example was a bad-faith use of Gmail access. I'm glad I don't use Gmail so couldn't accidentally give a random guy access to my inbox.
Access to my personal email would be pretty much security game over for me as far as I can tell. Other people might feel otherwise.
This throws up all sorts of red flags with us, but not with most people. It's easy to not realise what's going to happen here.
The WSJ really knows how to write misleading, incendiary headlines about tech companies. Like, just read that comment section. Gotta stoke that techlash. Plenty of people have plenty of real reasons to hate Google, but hit pieces designed to drive the non-technical (and apparently some HN readers) to think "Oh no, my Gmails are being sold and read by people"--I guess it's too effective of a strategy to pass up. Just an utter shame.
There is a real problem here, that lots and lots of users that glaze over the "This app can manage (view, send, delete) all of your emails" permission setting without thinking about it. I mean, even I double checked my permissions to make sure I hadn't accidentally given my email access away to a random plugin. What do you do about normal users (like my parents) who will gladly click Next and Confirm on every single popup in front of them, without even attempting to read it?
Because for a lot of people that contains a ton of "password reset" emails with new passwords in plain text.
dons flame suit
We used OAuth to gain access to users' email. We were exceptionally explicit about this—it was the entire point of the service! We only looked at header data but technically we had access to the full text of the email—Google's permissions weren't granular enough for our users to only grant us access to headers.
That was one of our requests to the Gmail team when they announced the Gmail API. I wrote a blog post about its deficiencies from our perspective and one of the engineers on the Gmail team reached out. Mostly, it was just way too slow so we stuck with IMAP.
I was more-or-less running the ingest and storage systems at the time. We were pretty careful and data wasn't shared with any other companies.
IIRC we could access any mailbox/folder in the account.
edit: To be clear, the OAuth prompt clearly says you are granting access to read emails. Yeah, people don't read, but I don't believe we were doing anything wrong.
edit2: Our media coverage (Techcrunch etc) touted the fact we had access to your email—that was the selling point of the entire service! Amazing to me that OAuth has suddenly become evil.
- Tokens can only be used from servers that have been registered with Google, so even if a startup has their OAuth tokens stolen the attacks can't really make requests on their behalf.
- Tokens access has per user and per app rate limits that are configurable in the Google console.
- With read-only OAuth access, there isn't really any value to attackers. E.g. if anyone tried to reset your bank passwords, it would be immediately obvious because they wouldn't be able to delete the password reset emails.
I'm currently (i.e. today) writing a Gmail Add-on that only requires read-only access to the currently open thread rather than requiring it for your entire inbox. (Basically read-only access is granted when you click the icon to activate the add-on within the currently open thread.)
This is something that's become possible in the last six months and is probably a slight improvement from a security perspective, but even the baseline level is pretty solid. The tech industry has yet to see any large OAuth-related security breaches, and frankly we may just never see that given the combination of the good security story and the limited value to attackers.
This seems pretty obvious to me. There are many useful services that do this (SaneBox for example) but DUH how do you expect them to do anything intelligent with your email if they can't read it?
This is all predicated upon the user granting access to their email account though, so this is roughly equivalent to saying "People you sent a letter to can read your letter" ... duh that's why you did it.
Electronic-Mail. That comes with a plurality of baggage associated with the voncept due to the societal concept of Mail.
In the U.S. at least, one's mail IS sacrosanct. The Postal Service, being the message handlers that "set the standard" as it were for other logistics and postage businesses to be measured against
beyond setting limits on transiting parcels to facilitate smooth operation of the system.
They do not "maintain state" about message history either.
They do not scan to detect trends. They do not try to "sanitize" that data to sell to marketers.
Just because there ISN'T a codified rule, DOESN'T mean it's a good idea to go around playing with expectations literally over a century old. If you call yourself a Mail provider of any sort, don't be surprised when people find you looking at correspondences that you end up getting blowback.
Stories (entertainment, not journalism) are filled with people eavesdropping on messages BECAUSE it is exceptional behavior. It wouldn't be worth writing about otherwise.
The type of behavior seems to be especially problematic in the tech world because there is seemingly no cost, or visibility to the non-tech-savvy user that it's happening.
Stop treating the user's data like it's yours. The system is yours. It would have no worth if they weren't using it.
Playing word games and hiding behind the legalese has worked thus far, but the tech literacy of the general populace IS increasing. And if the general populace likes anything, it's common sense and cognitive resonance. Tech will be beaten with the stick once the tech literacy is there.
The privacy reckoning will come if tech doesn't get its act together and GET WITH THE LAST TWO CENTURIES.
The article isn't about some automated service looking at your e-mail. It's about actual humans reading it. Big difference.
I feel like everybody has been brainwashed into thinking Google is awesome and I'm looking at it from a distance, thinking how did they do this.... Tech conferences? Yearly Google io PR?
Somehow people is treating this ad company like they are good guys.
That has obviously changed over the past couple years, in a slow creeping way.
In fact they are probably worse, given how much personal information they hold on people and how willing they are to ignore local laws and regulations.
Not really sure that was ever the case?
I remember when they originally launched - with the "Do No Evil" motto - thinking it was PR bullshit.
If they were "pretty not-evil" at some point, from my PoV it'd have to be before that as I was clearly cynical of them already by then.
It was magnitudes more effective than any marketing I've ever seen Google do. Ethics aside, you could argue that Lifehacker writers should have gotten Google CMO level stock grants.
This page is hard to find and it's even harder to parse the meaning of the current settings, let alone track changes to them over time.
I assume this link works for all accounts? https://myaccount.google.com/security?pli=1
How much value is privacy vs. value of those services?
What you mean, "we"?
I categorically reject any third party getting their nose in my email, including Google.
> How much value is privacy vs. value of those services?
Correcting the question to "is the loss of privacy worth the value provided", again, my answer is absolutely not.
On this point, though, it is less about 'privacy' than it is trust. How much do you trust some random startup techbros with more entitlement than sense with everything in your inbox? Not that that's every startup, but it is enough of them.
But in general, I frankly don't understand why anyone invites random third parties to read their mail. That's crazy to me. Maybe select family, or (if I were way richer) agents with a contractual relationship.
It's ignorance, plain and simple.
Most people (even those with tech experience) don't understand, or care, about the reach of that the companies they rely on have.
Convenience comes at a price, always.
Even if Google were to simplify their ToS and app permission notices as much as possible, a good portion of users would blindly click 'o.k.' and move on.
Are these permissions strictly enforced? I know that Google employees can read my emails (under some specific cases), but can third party app developers also read my emails?
Yes, each of those items corresponds to an OAuth scope. If you try to make an API call for data that isn't covered by the OAuth scopes you have access to, you'll just get an error.
Developers can add broader OAuth scopes to their apps at any point, but if they do then all their users will need to re-authenticate and will see that the app now requires additional permissions.
- Act as a desktop mail client
- Backup your SMS messages to Gmail
- Search your email for forgotten registrations and allow you to cancel
Ideally it should be clear from the context that the app requires this permission. But the problems that plague mobile app and browser extension permission systems exist here as well. The stakes may even be higher.
My SO's response is generally along the lines of 'I'm fine with it, because it isn't in the hands of anyone I know. If you go out and buy that information, that's creepy and scary because you know me.'
I've started coming to terms with the fact that I won't be able to convince her of anything with privacy; because she isn't a technical person, and just like users; they won't care how/why/what cost so long as they can do what they want.
> i've been trying to explain this to my wife for a while and struggle with it lol.
A losing battle, it seems. I find people can't make the pattern connections about good and bad hygiene. So explaining one example doesn't prevent similar behavior in another, even for really "obvious" stuff. Kinda drives me a little crazy.
Putting it on the user to figure out the implications of some obscured click-through garbage text isn't fair.
There is a big difference between, say, a 3rd party application using a google API to work with anonymized keyword data from a gmail accounts VERSUS an actual person being able to browse someone else's gmail inbox.
If Google makes it possible for some 3rd party asshole to peruse the gmail inboxes of whoever uses the service, that should be UPFRONT and VERY CLEARLY STATED.
Edit: Formatting & Spelling
For instance, Google help pages  just talk about "Full account access" and "View your basic profile information." What about apps that can view your calendar? That's in between. What information do those apps actually see? What can somebody do with the information that I might not like? These are hard questions to answer with the information Google gives you.
Grant an application permission because it asked to in order to fulfill a request to handle one particular thing about one particular email. Instead, grant access to your entire email account, not get notified of which emails the application accessed, and get upset because the application exceeded what you desired to grant.
For example, I had enabled IFFT to record something to a Google Sheet periodically. I didn't realize that in doing that, I gave the company unfettered access to my entire corpus of data.
Could moderators fix it, please?
Edit: Found this re-reporting of the story: http://www.businessinsider.com/google-allows-app-developers-...
1. Facebook trick: https://www.fullwsj.com/articles/techs-dirty-secret-the-app-...
2. Decluttered via Outline: http://outline.com/gZTuBC
However, once there's a market downturn, this data will be used for criminal purposes in no time. The malware industry in east european countries with good engineering talent exploded in the 90s after their economies collapsed.
But who cares right?
I feel like this level of naivety towards powering interoperability with brute openness today is just plain stupid and will lead towards a backlash or risk all out witch-hunt against developers and intellectuals in general.
That risk is becoming unacceptable in my opinion and it is worth it to start regulating a bit our profession.
That doesn't seem to be how humans work. Groups that want to do malicious stuff are able to hire people too (eg electon tampering as you mention).
They'd probably have to direct their hiring efforts differently though. Probably towards known areas of er... scum and villany? ;)
Seriously though, they managed to hire people for the electon tampering, so at least it shows it can be done.
However this also means that security relies on the state of the market rather than on good code.