Wednesday, 7 April 2004

Google's "Gmail" tempting, but dangerous

Web-based e-mail has become the international traveller's primary mode of communication with friends, family, and business associates back home and around the world. And a common problem is that travellers don't receive important messages because their e-mail boxes have filled up between stops at cybercafés, so no new messages can be accepted.

So Google's launch this week of a beta test of a Gmail "free" e-mail service with a gigabyte of storage per mailbox, so that "you'll never need to throw anything away again", looks especially tempting to travellers.

But there's a catch (as there usually is when a for-profit company offers something "free"). Several catches, actually, some of them sufficiently serious that, as a consumer advocate for travellers, I've joined 28 other leading national and international consumer and privacy advocates in a joint letter -- available from the World Privacy Forum (PDF) and the Privacy Rights Clearinghouse (text/html) -- urging Google to revamp the Gmail service and its policies.

Google's purpose in offering to archive larger volumes of e-mail is to be able to earn more money from advertisers for the ads they will show you each time you read your e-mail on their Web site. Advertisers pay much more per viewer for ads that are shown to people who might actually be interested in the advertised product. By scanning their archives of your messages for key words each time you read your mail, they will be able to show you ads readed to the words in your e-mail. Google hopes that the higher prices they can charge advertisers for these "targetted" ads will offset the additional cost of the storage and scanning needed for the targetting.

But it order to target the ads it shows you as narrowly, and profitably, as possible, Google's privacy policy for Gmail permits them to keep copies of all your messages for as long as they like, even after you have deleted them or closed your Gmail account. So even if you can't read your old messages, Google can still read them, and will still have them available if the government asks for them.

Google claims that they don't currently "intend" to have humans read Gmail archives, or share them with its other business units. Under Google's current plans, only robots will be used to scan your messages and select macthing ads. But intentions aren't promises, and like most privacy policies, Google's "policy" isn't a legal commitment. As the letter from myself and other consumer advocates says, "In a nation of laws, Google needs to make its promises in writing."

Google's policy on sharing Gmail user information with the government is even more troubling: Google reserves the right to provide personal information (including complete e-mail archives) "to satisfy any ... governmental request."

The difference between "request" and "order" is crucial": All Google's policy means is that Google will wait until the government asks for your mail archives before they turn them over. But Google can give any government agency or officer anything they ask for, without the need for them to go to court or get an order requiring Google to turn it over. And Google doesn't have to tell you if they've turned over all your e-mail to the government for the asking. A meaningful privacy policy should provide that personal information will be given to the government only in response to a court order requiring it.

Under the USA Patriot Act, of course, a "national security order" compelling the disclosure of information can be issued without the need to go before a judge, and can include a "gag order" forbidding the recipient of the letter from disclosing what information they have provided to the government. That means claims by Google, or anyone else, that they never reveal customer information can't be believed: As long as the Patriot Act remains on the books, such claims could be government-ordered lies.

The only way to be sure that your personal information isn't available to the government for the asking is to ensure that all copies of it are deleted. But that's exactly what Google won't let you do with Gmail.

But if you can't rely on Google to delate your Gmail messages when you want them to, neither can you rely on Gmail to keep your messages as long as you'd like.

You get what you pay for: Like any other operator of a "free" (advertiser-supported) e-mail service, Google reserves the right to discontinue the service and/or close any individual account any time they feel like it.

By far the most common e-mail problem for travellers is losing their archive of e-mail addresses because it was stored on the server of a company that went out of business or, for any reason or no reason, closed their account or deleted their messages. I once lost touch with some good friends for almost a decade because their ISP went out of business, taking with it the e-mail message from me that was their only copy of my address, and their e-mail address that was the only way I had to contact them on the other side of the world. And I hear stories like this constantly from other travellers.

Giant searchable in-boxes will, as they are intended, prompt people to rely on Google's servers as the sole archive of their e-mail messages.

Losing a megabye of Hotmail messages can be problematic (as I mentioned, the worst loss is typically the loss of the addresses, rather than the actual message content -- travellers also regularly lose address books stored on PDA's or cell phones that break or are lost or stolen and haven't been backed up while travelling), but losing a gigabyte of Gmail, perhaps including the only copies of your digital travel photos, could be a much greater disaster.

You can't back up your e-mail over the Web except by laboriously forwarding each message to another mailbox, which no one remembers to do religiously. In order to back up your e-mail, you need to be able to acces your mailbox with some standard mail client or protocol from another computer.

Neither Google's Gmail, Microsoft Hotmail, nor Yahoo Mail permits you to access your mailbox by any standard protocol. Why should they? They make their money through advertising, and unless they insert ads into your messages (which they also do) they can only show you ads -- "targetted" or otherwise -- with your messages when you view them on their Web site.

What can you do about all this? Here's my advice:

  1. If you want to store and search archives of your e-mail messages, do so on your own computer or one controlled by someone you know well and trust to protect your privacy.
  2. If you store any information (address book, vital documents, e-mail messages) on someone else's server, especially a Web service, make sure there is a way to back up your data, and use it regularly, without fail. I keep multiple encrypted copies of my e-mail archives (more than the gigabyte Gmail allows) and PDA and cell phone memory backups in secure locations physically separate from my devices or primary servers.
  3. Find and use an e-mail service that is accessible with a standard POP and/or IMAP e-mail client, and download your e-mail regularly to someplace you can back it up and keep it secure -- don't let it accumulate on the server. Most ISP's offer both Web-based and POP/IMAP access to the same mailbox.
    So what if it's not free? Is US$5-10 a month too much to pay to spare yourself and your correspondents from having ads inserted in each of your messages, and being able to keep your mail secure?
  4. Most importantly, in the current state of the law in the USA: If you care about your privacy, don't use Web or data storage services based in, or contolled from, the USA.
    Data stored in the USA has, in general, no legal privacy protection, and is particularly vulnerable to secret seizure by the government under the Patriot Act, without a warrant or court order. If you care about data privacy, keep your data in a country that respects the international norms, such as Canada or any of the countries (25, as of 1 May 2004) of the European Union.
    I use Altern.org, a free and ad-free Web-mail service, also accessible by POP or IMAP, that's based in France (yes, the user interfcae is in French) and has a strong record of defending its users' privacy and anonymity. My Web site, blog, e-mail list server, and primary e-mail server (including Web, POP, and IMAP access) are all in a hosting facility in Canada. On the Internet, it makes little functional difference where servers are located, and Web and e-mail hosting (like travel and almost everything else) are currently cheaper in Canada than in the USA anyway.

There are lots of alternatives without the drawbacks of Gmail, Microsoft Hotmail, or Yahoo Mail. What have you got to lose but Big Brother looking over your shoulder?

Link | Posted by Edward on Wednesday, 7 April 2004, 12:42 (12:42 PM) | TrackBack (0)
Comments

GMail, Hotmail etc. are all free - it's a take or leave decision. If you need 1GB for your mails (for free), there is basically no way around GMail at this point besides SpyMac ( http://www.spymac.com/ ).

Posted by: Ranger, 13 May 2004, 10:45 (10:45 AM)

You are right when you say that Gmail is very-very good for travellers... I'd say even for non-travellers as you don't need to delete files anymore... regarding privacy issues, you should never keep very-very confidential documents on email (irregardless of web-based or your own computer - i.e. your computer hangs and can't be recovered), even hardcopies should not be kept (robberies, fires, etc...)... So I'd say if you are just too paranoid about privacy issues, then you should not keep any confidential matters anywhere (not even in your head - i.e. truth serum)...

Posted by: Xovox, 6 September 2004, 05:01 ( 5:01 AM)

If I told someone that I invented the following machine, what would they say (suspend your disbelief for a moment):
It would open all letters sent through the postal service and remove all potential junk mail. However, it would also scan the contents, compare keywords with a database and place relevant advertisement pages with the letter in a new envelope and send it on its way. Oh, and by the way, it would make a photocopy of the letter and store it in a vault- even if the original was burned in the fireplace by the recipient.
You'd say holy crap that's scary, but that's what GMail does.
If gMail wants to be free it should do what other free websites do... post ads on the site- or even send advertisement e-mail of its own (i.e. spam, ugh) to its users. It should not, however open personal e-mails.

Posted by: Josh, 14 October 2004, 09:49 ( 9:49 AM)

good point the difference between request and order, I don't know why they are so free to give your info away to snooping governments unless they are really a front for the cia like google-watch.org says. i just got gmail anyway but keeping it anon

Posted by: z, 24 March 2005, 19:36 ( 7:36 PM)

I must say, this was pertinent to gmail at the time of its release. It no longer has that "danger" as users now sign up for the service. Furthermore, gmail offers many features that Hotmail, and Yahoo do not offer; an example would be POP 3 Access (free). I am of the opinion that gmail is by far the best email service availible

Thanks very much.

Posted by: Saiyon, 17 April 2008, 09:31 ( 9:31 AM)
Post a comment









Save personal info as cookie?