I own a email@example.com address and it turns out there are a lot of people who share that name.
So when I started receiving emails for other people I just hit spam, until the day that wasn't enough. When I noticed that Google Assistant was telling me about flights and hotel bookings for other people who share my name whose email I'd long deleted.
And is it possible to delete those things? To rid yourself of the various places the intelligent data emerges? Seemingly no. I found no way to stop being told about these actions relating to other people... constantly being shown PII relating to those other people (flight booking numbers, delivery addresses for things they'd ordered).
I deleted and marked those emails as spam as much to ensure I wasn't receiving other people's PII... yet Google was "intelligently" preserving this and showing it back to me at every opportunity.
Very frustrating, and it makes me wonder if I ever enter an email incorrectly where my personal data will end up.
Edit: I couldn't even see the flights I've been prompted about recently on https://myaccount.google.com/purchases so I guess there are additional systems that have similar functionality.
The most fun so far for me was when someone used my email to sign up for Ashley Madison (the affair dating site). Of course, they were compromised a few years later and someone built a tool allowing you to search their users by email. Guess who appeared to be having an affair then? Tough one to explain to someone non technical...
This wasn’t the first time this kid had used my address, and my social media reconnaissance had revealed he was quite the little jerk.
When I got those invoices with his parents contact info, there was a serious temptation to print out and mail a little care package of everything their baby boy had been up to. Alas, life was quite stressful at the time, and I never made the time to follow through.
1) I've received a bunch of Fw: emails from an Australian person over the years that I ignored as spam. Until he sent a very personal one, inviting me to catch up over beers since it's been so long, at which point I took pity and replied along the lines of "Hello! This is not the address of who you think it is. You're emailing the wrong person. Have a nice day." To which he replied "Lol, nice one!" Eventually the emails stopped.
2) I received a message from a major American company that if I didn't take action urgently, something or other would happen to my requested service. Ok, fine. Then within the next 5 months I've received at least half a dozen emails from them titled "FINAL WARNING: ...", stressing just how important it was for me to acknowledge it. I suspect the company is run by the people behind the Final Destination films or the Final Fantasy games.
GDPR will help you there. Less than 5 minutes and I had it solved.
But for about eight years I received numerous emails for some town council member in England. At first, I replied back to explain the misdirected mail, but they kept coming. Meeting minutes. Town council activities. Pamphlet distribution arrangements. A message from a member of the British parliament.
Then one day, I'm not sure what happened, but it must have clicked with them. I received a "test" email addressed to both myself and the actual intended recipient, in which it was explained that they presumed they had the correct address all along because the mail didn't bounce.
After that, the messages stopped. I kind of miss getting them now, but I'm glad they got it all sorted out.
What scares the crap out of me is in the last week I've been getting bombarded with Zyrtek (an allergy med) ads. Now, I'd never seen an allergist or been diagnosed with an allergy until 9 days ago. The only person I communicated this to electronically was my father, and over SMS. I've not been researching allergies online, my doc gave me plenty of dead tree material.
So, how do Google and other advertisers know I have an allergy? Are they harvesting SMS as well? Are carriers selling SMS data for targeted advertising? If my health care provider is selling that info, thatd be a HUGE HIPPA violation. (Yes, I'm in the US).
Edit: grammar and clarity of thought.
The help section it links to omits a statement used in another section, namely the " Copy a code in a message" section note: https://support.google.com/messages/answer/6080324?p=smart_r...
I now try to cancel or change any order I get as that ends up working best to have the real firstname.lastname@example.org figure it out. It’s also amazing how many sites let you do important stuff like change airline tickets without login and how many sites never confirm email.
I spent two years with Uber trying to fix someone using my email and driving. I would get password reset emails all the time, but I couldn’t use them because they had their phone as two factor. Really frustrating.
I signed up for gmail years ago, and got my email@example.com address. I don't use it at all  so any email I get there is spam or a mistake. I've sent out countless "this isn't the person you thing it is" emails to car dealerships, sporting events, random strangers sending me family photos, etc. It's simply amazing how often this happens.
 I run my own email server on my own domain. I got gmail.com just to see how their email client worked, back when they first announced it.
Most memorable was an invite to a Man U friendly in Hong Kong, including a seat in a luxury box. I wrote back and was like you got the wrong guy but can I go? They wrote back and said sure if you can get to HK by Thursday. As a passport-less college student, I couldn’t swing it.
Another time, somebody with my name was some kind of assistant to a congressperson. I got an email that said, “We have something for the senator, where should we send it?” I gave them my address (in Portland, OR) and hoped I would end up in some kind of political thriller situation. Ended up being some dumb poster lol.
So many people have provided my GMail as their own that its and endless stream of missed communications and noise. Worse yet - apparently it's distorting the profile Google (and whatever other government agencies track this stuff) have built about me.
So when I get something like that, I get to immediately go into "My credit card has been compromised mode".
It’s extremely frustrating. At least once a week there’s an attempt by someone to recover my email address as they think it’s theirs.
They’ve had issues for years, and don’t seem interested in ficin
Isn't this a security hole? Even if I don't know your password, just knowing your address means I know your first and last name. Now I got 3 pieces of information that can be used to social engineer my way through tech support.
I had no real choice but to create a new (and more esoteric) email address
GP’s email address is firstname.lastname@example.org
Lots of people are named John Doe, and some of them think their email address is email@example.com
When those people buy something online, they (incorrectly) provide their email address as firstname.lastname@example.org
Emails about the products purchased end up going to GP
Google shows GP information about products that show up in his email
I did that 2 years ago and decided to go with Fastmail.
And then I slowly updated my accounts/contacts to my new email: email@example.com
Nowdays I never get new emails on my gmail account and last weekend I decided to finally remove gmail from my phone (but configured to automatically forward just in case).
migadu.com even offers reg-ex based catch-alls, pretty nifty.
A catch-all adress is an adress where all emails of your domain that you didn't explicictly make a email adress for will land.
So if you own foobar.eu and you made firstname.lastname@example.org your catch-all adress, you could just make up arbitray email adresses on the spot (e.g. email@example.com) and all mails that are sent to that adress will land in your catch-all adress.
There are multiple cool things about this:
- you can just block that adress if it annoys you
- if you ever get spam and it is adressed to firstname.lastname@example.org you know exactly who fucked with your data
- you don't have to disclose your primary email adress to stranges, you can just make something up.
FastMail's web interface lets me do this (as does its iOS client), but has anyone found any other (preferably macOS/iOS) apps that support this natively? I generally prefer native apps over web-based, and FastMail's iOS app leaves something to be desired.
Unfortunately, some mail providers (like Migadu.com) block sending mails with "From" anything other than primary user address, even through they "support" catch-all. I was especially disappointed as that stopped me from using IDN mail address. I successfully created mail account using Punycode and I was able to receive mails with national characters, but their filter stopped me from sending.
I know IDN mail address is risky, but it's something I wanted to test. My surname contains non-ASCII character.
They indicated in January that they are working on allowing customization "From" filter customization, but it is still now available and contact with them is very difficult (they are not replying to mails unless you repeat question a couple of times). To be fair, I'm not paying yet (I wanted to test IDN works and it did not, so I'm not very interested in paying when they offer free account anyway).
Although I realize these days a number of modern clients store copies of your email on their own servers for push notifications (or more nefarious) purposes, so maybe Thunderbird really still is the best option out there. Regardless, thanks for taking the time!
Runbox is also probably a small team, but their responsiveness to mails is very good (usually a few hours or maybe a day or two at the most).
I don't like Fastmail and other providers who charge a lot per mailbox (a lower storage limit is not a big deal for me) when one needs many mailboxes with separate credentials (not aliases).
The only sure way would be to self-host but that has its own considerable headaches.
And speaking of Fastmail: I sincerely doubt they're reading your emails. They make money solely by providing email services to (for the most part) businesses. If it came out that they were reading emails A) it would probably be a violation of their contractual obligation to their customers, and B) their reputation would be permanently destroyed.
This said, I personally used gmail for years (and still do for work), but these days I just want that business model out of my personal life.
(I don't think this article is a dupe; current events have recontextualized the debate)
But they stopped reading it for showing contextual ads.
They're still reading it to show you useful information across Google properties, like in Google Maps the location of the theater you bought tickets to see a play to tonight. Removing that would be removing a useful features that people liked (unlike the ads).
But we learned over time that they're doing massive data trawling, in this case every purchase made. And as always there's a theoretical advantage...maybe in the future Google will identify when you can get something for less, etc. But the reward (much like the location of a theatre) is so tiny and abstract that if people had the choice most would say no thanks. Just as I don't need Google to tell me about my flights, I have much better alternatives for that. In each case the advantage is 99% for Google, 1% for the consumer, but it's coached in a "your advantage" pitch much like a Payday Loan company commercial that talks about how much they just want to help people out.
Google Maps on iOS a while back was seemingly irritated that I had its permission set to only see location while I have the app open. "But if you allow background logging we can tell you where you parked!" it whined. In return for giving Google the wholesale access to my location I would get this minuscule possible advantage. No thanks.
There's no way to know if the email you were sent is spam without looking at it, in some sense.
I downed you before but can't undo it now it seems. My apologies.
I've had e-mail messages open in the GMail web interface that when I search for the words I can actually see on my screen come up with nothing.
Or did "reading" in your post mean that you think people actually read and manually type in those lists?
Misleading suggestions, as they had stopped parsing them to attempt to generate adverts from the data they could gather there, but continued parsing for other purposes.
Just recently someone here said that mails are not screened/indexed for this purpose when I said: "If you are not paying for it, you are the product." They are not giving anything for free.
The data used to show you upcoming flights and purchase info isn't used to advertise for you, its used to show (hopefully) useful reminders.
The data in question here is nothing compared to what your credit card company, bank, Amazon or TurboTax has.
Unlike many folks here I find value in this and can't see it harming my privacy. In fact I think Gmail is still dumb compared to what Google or maybe a startup could potentially provide.
I'd love to be able to ask a query such as "show me the receipt for that red flower pot I bought last year" or "show me all my dentist appointments this year".
I thought I had all my Google privacy settings at "paranoid", but I did not know this was even occurring.
While I do understand the point that /purchases looks creepy, your comparison is dishonest.
If gmail (and email in general) is going to make use of the "mail" analogy, that comes with the expectation that they do not open your mail.
Google is still trying to figure out exactly how much you earn. DMPs like Adobe's and Oracle's know the exact number and can help companies target people basis salary.
Google is accumulating data coming from purchases on 3rd party services, without having asked you to do so. You may be fine with that, some people are not, and on top of that, disabling that behavior and deleting the already accumulated data is difficult, or impossible. That's what the article is about.
Also, banks and credit card companies are highly regulated. Google is not. I guess it should be.
I have to say FastMail works really well on my Apple devices. iOS and macOS have worked perfectly so far for mail, calendar and contacts.
The only pain point was 'losing' my custom domain Google Account when I cancelled G Suite. Migrating mail, etc. wasn't an issue as FastMail has a pretty solid import tool. However one area that caught me out was export/import of my 800+ YouTube subscriptions (that number shocked me aswell).
Turns out YouTube has no such functionality so I ended up having to hack a semi-automated solution but even that wasn't straight forward as YouTube has limits on how many new subscriptions you can make in a ~6 hour window.
I wish Google had some kind of "convert my G Suite account into a consumer Google Account" function instead the moment you cancel the G Suite plan any accounts simply vanish and you then have to sign up again for a consumer Google Account. Quite the pain in the ass.
Anyway it is nice to be free from Google's core services and I am very impressed with how smooth migrating to FastMail has been. If anyone is thinking of doing the same and wants to know anything specific feel free to drop me an email, info in HN profile.
Do you have any other registrar suggestions?
The domain is "thelittleshits.net" (I'm absolutely serious, I needed a domain for testing a deployment and couldn't come up with anything)
I find it very satisfying that a good engineer went on to succeed and would definitely trust the engineering competence of Fastmail.
Is there any service that will host my email with as many users as I want for a flat (or bandwidth/storage-based) fee?
Or if you want to pay for one mailbox somewhere and then have customized forwarding, I found this thing called Forward Email in another thread that looks interesting and I want to try setting it up self-hosted: https://forwardemail.net/#/
Huge props to any service that has an honest list of reasons not to use them. I'm a little concerned that one of those things is "no SLA", though; yes, mail delivery is resilient, but if I can't access email all the time I'm gonna be grumpy.
They've come in handy for a couple of my colleagues.
Additionally, mxroute does not seem to provide any trials. Its policies say that payment issues from the customer have to be resolved within 24 hours, but that refunds to the customer may take 72 hours. That seems unfriendly to me.
(Assuming that you are not talking about spam but actual important messages).
EDIT: Oh and as an anecdote I also have a FastMail account and as far as I can tell all my emails "land" on gmail accounts.
These benefits are broadly true of most paid-for private email hosting providers.
I'm sure they could sell that data (maybe even to Google) even if they don't sell ads themselves.
(I'm not saying they do read emails, but "more money" is a big incentive)
If they ever do start privacy farming then I'll be incentivised to move my domain to a separate supplier.
If I didn't care about that I'd just be using Google's "free" service already. So FastMail are incentivised to protect their business and to not compete head on with Google.
Why would I pay for something that gives me an inferior experience?
You have to do that yourself but personally I prefer being in control of that anyway.
I trust gmail's security more than tripit, thanks. I think I'd be more worried about the world learning of my trip history if I used tripit than if I used gmail for that.
And also, the average user does not care. They don't want to think about it even to the point of researching a service, they get used to their phone telling them they have a flight the next day, and they want that to keep happening. They don't think about how it works and if they did, "oh no my privacy" is not something they'd think afterward.
It's not "stupid". Caring that your data is not being used to make opaque decisions in other products that you have no visibility or control over is something that people are allowed to care about.
When it's just an email can be deleted and when it is you don't have to wonder if it's purged from 10 other systems. That it's not showing you is what some people want, regardless of whether you do or not.
Whether a product shows that data or not, it can still make those decisions if it has that data. Both Fastmail and Google have that data. It is certainly naive (if not stupid) to conflate data use with privacy and get suckered into spending money on that confusion. Data collection is what matters for privacy.
Google has said they do not use the info in advertising or sell it to anyone else. Either you think they're telling the truth or you don't.
If you think they're being truthful, there is no problem to solve here.
If you think they are lying, then you'd be stupid to assume they won't recompute the data secretly without telling you.
Either way, deleting the copy of the data that you can view accomplishes nothing.
Let me turn the tables on you -- why doesn't Google have a button to delete all of them at once?
However, I have a feeling that removing your Google history doesn't actually remove it, just prevents you from seeing it.
I'm over VPN so they insist this device isn't recognized (even though I've signed in from this exact machine, over this exact VPN connection, last week). Google helpfully offers to send me a security code over the phone.
Even better, though, it has a "Can't use your phone?" option. You know what happens if you click that option?
It takes you to a screen that says "You're trying to sign in on a device Google doesn't recognize. For your security, use your phone to show it's you signing in and not a hacker." and the only option on that screen is "Go back & use phone."
I think there's a joke about how to understand recursion here but I can't quite put my finger on it yet.
I don't know if it's going to get to the point where it hurts their business (I'm just one person), but I'm to the point that targeted advertising is a really good way to make me not want to buy a product.
I too switched away after being a lifetime Google Advocate: Android, Chromebook, GCP, Linux + Chrome and many, many of their products. Honestly, I don't care about privacy that much I'm just sick and tired of how good Google became at distracting me! Never mind the ads and how I had to use incognito search for anything because if I searched something (e.g. buying a monitor) google keeps suggesting similar stuff to get my attention or suggesting articles on the homepage of Chrome (mostly android).
What was once a simple beautiful tool to find answers, fast. became part of every aspect of my life, trying to get more and more of my attention/time.
Time is gold. Google lost respect for my time and I lost respect for Google.
Fastmail is a leading contender, but thanks for posting Migadu. It does sound interesting.
They offer a lot for a low price, but I wonder how?
They don't respond to queries or requests. I presume that's how. To avoid repeating my comments too many times, let me suggest looking at my other comments on this post.
Yeah but you still click the link to go to those sites in the search result, right?
1. Archive export. This is the main thing, I've got a 15 year record of emails and now and then being able to search back to something that happened 5-10 years ago is a life-saver. Is there even a way to export your gmail archive?
2. What to replace it with? I've heard FastMail is a good alternative, and some people really like ProtonMail, but I've had a hard time evaluating services because it's not a trivial thing to set up and use an alternative email account, and I'm not sure what other than real daily use would be a valid test run.
Third-party email services may also have flows for importing email from GMail, for example Microsoft Office 365:
1. Use Google Takeout to download your emails as MBOX
2. Download your emails over SMTP or POP using an email client and import them into another email account. I believe Thunderbird can do this.
3. If you're switching to FastMail they have a import tool based on SMTP.
It even has a link in the setup that imports your existing messages from GMail.
I still have a couple of GMail accounts, and am surprised to report that in the last month, GMail has been getting more spam than Fastmail.
Fastmail also has far fewer false positives.
I recommend trying it. You can always switch bad.
If you’ve ever let a service scrape your inbox for travel itineraries they probably read all your email ever and sold that information. Surprise!
I logged into the link provided in the article and got a message “You don't have any purchases”.
Maybe this feature isn’t available to me since I’m a G Suite user rather than a gmail user? I actually wouldn’t mind having this feature available, although I do keep google’s location history disabled.
I say this based on information I've read in the past about how G Suite / Google Apps accounts are treated. I hope this is the case, but am certainly not sure about it.
I have a junk Gmail account that I sign up for everything with - retail store loyalty programs, accounts on various retail websites, etc etc. I have had the address for 6+ years and it thinks I've only bought 7 things - some concert tickets, a pair of gloves, and a pair of shoes.
They just stopped giving a shit. Funny, how all the senators talk about breaking up Facebook when Google is 100x bigger and 100x monopolistic.
Break up Google. And unban my account in the process ;)
Even if you ignore the privacy implications and the fact that it's a company whose business is to target ads, there is still incompetence. Case in point: my YouTube history regularly gets mixed with somebody else's. I get videos watched by a child that likes Masha and the Bear and Peppa the Pig. Reported to YouTube a number of times, they seemingly ignored it and don't care.
I turned off my history, but I still get recommendations for Masha and the Bear.
Now, that purchase history of yours, who else gets to see it?
Today, this is what shows up: https://imgur.com/UF2YBVa
5-6 years ago, here's what it looked like: https://imgur.com/lBWWkin
Honestly, amazon has so much information about what I buy and why I buy it, I'm a little upset that I can't get these data from any retailer I shop at and import it into some software where I can actually look at what the trends are.
Seems likely to be useful for Google too in the way you describe, although it isn't clear to me how Google uses it.
A credit card company can legitimately use fraud detection as a reason for looking at purchases. They can upsell budgeting software as another legit option people would accept.
Why would Google be tracking this information? What use is it for them if they truely not doing it for ads?
I was oddly reminded of the Selfish Ledger video that was leaked from Google... https://www.theverge.com/2018/5/17/17344250/google-x-selfish...
LIZ FIGUEROA, (D) State Senator, CA, 1998-06: We walk into this room, and it’s myself
and two of my staff— my chief of staff and one of my attorneys. And across from us
was Larry, Sergey, and their attorney.
All of a sudden, Sergey started talking to me. He said, “Senator, how would you feel
if a robot went into your home and read your diary and read your financial records,
read your love letters, read everything, but before leaving the house, it imploded?”
And he said, “That’s not violating privacy.”
I immediately said, “Of course it is. Yes, it is.” And he said, “No, it isn’t.
Nothing’s kept. Nobody knows about it.” I said, “That robot has read everything.
Does that robot know if I’m sad or if I’m feeling fear, or what’s happening?”
And he looked at me and he said, “Oh, no. That robot knows a lot more than that.”
If Google truly doesn't use the purchasing data to sell ads, why did they pay their expensive engineers to develop the tools to extract the data from email receipts?
An ecosystem with useful features leads to profitability without any sort of malice, like people buying Android (or pixel) phones, or google homes, or whatever.
Next I might consider leaving my bank if I don't like their customer service or finding a new credit card company if I dislike their rates. Sounds crazy I know!
Sometimes people even use this 'Internet' thing to share information and opinions regarding various companies' policies- and buyers in a free market may make new purchase or signup decisions based on this free exchange of information, which is exactly what the author has done here. Yowza!
Legitimately cannot understand this argument of 'how dare you have opinions and share information on the Internet about a company'. Is Google supposed to be above reproach or something? What is your argument? Because of Google's privacy policies I have chosen to stop using Gmail. I don't think they're evil and I'm not anti-capitalist, I just disagree with the inherent privacy tradeoff- the market at work. (And if they track me even when I'm not a user, then I think regulation should address that)
I wouldn't be too shocked if no single human actually knows what the real retention behavior is for gmail.
You're not looking hard enough.
Is there any way other than deleting the account from stopping this?
It says I have to delete the mails to delete the data, but I have already deleted the mails (as I usually do) and the data is still there!
Including information like flights and purchases.
The media's modus operandi is to try and implicate tech companies with supposed violations whether it's justified or not, they will gain clicks and tarnish the reputation of a hated competitor, there are no drawbacks, they also keep perpetuating the notion that utility and invention must be sacrificed on the privacy altar.
Deleting emails is no solution - Google has already scanned the email by the time it shows up in your mailbox.