Wednesday, 7 April 2004
Google's "Gmail" tempting, but dangerous
Web-based e-mail has become the international traveller's primary mode of communication with friends, family, and business associates back home and around the world. And a common problem is that travellers don't receive important messages because their e-mail boxes have filled up between stops at cybercafés, so no new messages can be accepted.
So Google's launch this week of a beta test of a Gmail "free" e-mail service with a gigabyte of storage per mailbox, so that "you'll never need to throw anything away again", looks especially tempting to travellers.
But there's a catch (as there usually is when a for-profit company offers something "free"). Several catches, actually, some of them sufficiently serious that, as a consumer advocate for travellers, I've joined 28 other leading national and international consumer and privacy advocates in a joint letter -- available from the World Privacy Forum (PDF) and the Privacy Rights Clearinghouse (text/html) -- urging Google to revamp the Gmail service and its policies.
Google's purpose in offering to archive larger volumes of e-mail is to be able to earn more money from advertisers for the ads they will show you each time you read your e-mail on their Web site. Advertisers pay much more per viewer for ads that are shown to people who might actually be interested in the advertised product. By scanning their archives of your messages for key words each time you read your mail, they will be able to show you ads readed to the words in your e-mail. Google hopes that the higher prices they can charge advertisers for these "targetted" ads will offset the additional cost of the storage and scanning needed for the targetting.
Google claims that they don't currently "intend" to have humans read Gmail archives, or share them with its other business units. Under Google's current plans, only robots will be used to scan your messages and select macthing ads. But intentions aren't promises, and like most privacy policies, Google's "policy" isn't a legal commitment. As the letter from myself and other consumer advocates says, "In a nation of laws, Google needs to make its promises in writing."
Google's policy on sharing Gmail user information with the government is even more troubling: Google reserves the right to provide personal information (including complete e-mail archives) "to satisfy any ... governmental request."
Under the USA Patriot Act, of course, a "national security order" compelling the disclosure of information can be issued without the need to go before a judge, and can include a "gag order" forbidding the recipient of the letter from disclosing what information they have provided to the government. That means claims by Google, or anyone else, that they never reveal customer information can't be believed: As long as the Patriot Act remains on the books, such claims could be government-ordered lies.
The only way to be sure that your personal information isn't available to the government for the asking is to ensure that all copies of it are deleted. But that's exactly what Google won't let you do with Gmail.
But if you can't rely on Google to delate your Gmail messages when you want them to, neither can you rely on Gmail to keep your messages as long as you'd like.
You get what you pay for: Like any other operator of a "free" (advertiser-supported) e-mail service, Google reserves the right to discontinue the service and/or close any individual account any time they feel like it.
By far the most common e-mail problem for travellers is losing their archive of e-mail addresses because it was stored on the server of a company that went out of business or, for any reason or no reason, closed their account or deleted their messages. I once lost touch with some good friends for almost a decade because their ISP went out of business, taking with it the e-mail message from me that was their only copy of my address, and their e-mail address that was the only way I had to contact them on the other side of the world. And I hear stories like this constantly from other travellers.
Giant searchable in-boxes will, as they are intended, prompt people to rely on Google's servers as the sole archive of their e-mail messages.
Losing a megabye of Hotmail messages can be problematic (as I mentioned, the worst loss is typically the loss of the addresses, rather than the actual message content -- travellers also regularly lose address books stored on PDA's or cell phones that break or are lost or stolen and haven't been backed up while travelling), but losing a gigabyte of Gmail, perhaps including the only copies of your digital travel photos, could be a much greater disaster.
You can't back up your e-mail over the Web except by laboriously forwarding each message to another mailbox, which no one remembers to do religiously. In order to back up your e-mail, you need to be able to acces your mailbox with some standard mail client or protocol from another computer.
Neither Google's Gmail, Microsoft Hotmail, nor Yahoo Mail permits you to access your mailbox by any standard protocol. Why should they? They make their money through advertising, and unless they insert ads into your messages (which they also do) they can only show you ads -- "targetted" or otherwise -- with your messages when you view them on their Web site.
What can you do about all this? Here's my advice:
- If you want to store and search archives of your e-mail messages, do so on your own computer or one controlled by someone you know well and trust to protect your privacy.
- If you store any information (address book, vital documents, e-mail messages) on someone else's server, especially a Web service, make sure there is a way to back up your data, and use it regularly, without fail. I keep multiple encrypted copies of my e-mail archives (more than the gigabyte Gmail allows) and PDA and cell phone memory backups in secure locations physically separate from my devices or primary servers.
- Find and use an e-mail service that is accessible with a standard POP and/or IMAP e-mail client, and download your e-mail regularly to someplace you can back it up and keep it secure -- don't let it accumulate on the server. Most ISP's offer both Web-based and POP/IMAP access to the same mailbox.
So what if it's not free? Is US$5-10 a month too much to pay to spare yourself and your correspondents from having ads inserted in each of your messages, and being able to keep your mail secure?
- Most importantly, in the current state of the law in the USA: If you care about your privacy, don't use Web or data storage services based in, or contolled from, the USA.
Data stored in the USA has, in general, no legal privacy protection, and is particularly vulnerable to secret seizure by the government under the Patriot Act, without a warrant or court order. If you care about data privacy, keep your data in a country that respects the international norms, such as Canada or any of the countries (25, as of 1 May 2004) of the European Union.
I use Altern.org, a free and ad-free Web-mail service, also accessible by POP or IMAP, that's based in France (yes, the user interfcae is in French) and has a strong record of defending its users' privacy and anonymity. My Web site, blog, e-mail list server, and primary e-mail server (including Web, POP, and IMAP access) are all in a hosting facility in Canada. On the Internet, it makes little functional difference where servers are located, and Web and e-mail hosting (like travel and almost everything else) are currently cheaper in Canada than in the USA anyway.
There are lots of alternatives without the drawbacks of Gmail, Microsoft Hotmail, or Yahoo Mail. What have you got to lose but Big Brother looking over your shoulder?Link | Posted by Edward on Wednesday, 7 April 2004, 12:42 (12:42 PM) | TrackBack (0)