![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
usernamenumberSo there has been a lot of posting, discussion and linking-of-articles
lately with regard to Gmail and privacy. A few days ago I sat down to
write a response to some of these and it snowballed into a
research project/article that might fill your friends page if I didn't
put it behind a cut. I'm pretty happy with the results, though so,
especially if the topic is of interest to you, I'd appreciate it if
people would at least skim. Comments and rebuttals welcome.
=====================================================================
More than one person on my friends list has expressed concern over the hubbub with regard to Google's new "Gmail" service. This is quite understandable given the end-of-privacy-as-we-know-it screeds that have been popping up on the subject. I think it's time someone wrote a rebuttal to these POVs and since no one else (on my friends list) seems to have done it I will. First, I want to make it very clear that this isn't an attack on the LJers who are linking to or espousing the ideas in question. Skepticism is good. In this particular case, a lot of it is well-founded and has been well-founded for years. Non-techies are only now starting to notice this and the more awareness there is the better. That said, I think that the particular focus on gmail/Google is unwarranted and largely due to technical naivete and/or, in at least one case, a webmaster's personal vendetta.
I'd like to cite in particular www.gmail-is-too-creepy.com. Here the author lists four reasons why Gmail is so "creepy" that anyone who cares about privacy should never even reply to a Gmail user, let alone use the service. But before taking these concerns on point-by-point, lets look a bit at the origins of and motives behind the website. I refer you to Exhibit A where we read that the "research firm" behind www.gmail-is-too-creepy.com (hereafter gmitc.com or "the creepy site") is founded and presided over by one Daniel Brandt.
...wait a second.
I recognize that name. I also recognize those hideous MS Paint graphics. Isn't this the same guy who runs google-watch.org? Ah, so it is! Well good; that means I've been saved some research by the folks at google-watch-watch.org. Yes, that's right, this guy's crusade against Google has warranted its own counter-watch. The whole thing started with him being upset that his website wasn't indexed as thoroughly as he wanted it to be (see previous link). Since then he's devoted what looks like an enormous amount of time and effort toward doing everything from building elaborate conspiracy-theory diagrams to flat-out name-calling Gmail users in an effort to convince everyone that Google is the naughtiest thing on the net.
But enough about him. If I don't have anything to say about the actual content of his page then I'm just making ad-hominem attacks. Instead it is my aim to write mature, reasonable responses peppered with sarcasm where gmitc.com says something so silly that I can't help it.
And thus, onward:
I do have my issues with Google and I've learned some interesting things in the research I've done, but my conclusion is still that a lot of the things being associated with Gmail apply to more services (and have less nefarious uses) than people may think.
An example is the Google cookie. It's as much a Google thing as a Gmail thing, but it's a good example nonetheless. A cookie is a small file containing arbitrary data, which can be placed on your system by a website and then referenced on return visits. Maybe that sounds scary, but consider that every time you "log in" to a website or set a preference somewhere (livejournal, anyone?), the chances are very good that you're using a cookie. Cookies are legitimate tools used by many websites. Google's cookie is of concern to people because it has a unique ID number that is associated with the searches you do. While the ID number its self is in no way associated with you as an individual it is associated with your IP address and a timestamp, which means that theoretically, by subpoenaing both Google for their logs and your ISP to see who was using IP x during time y, a search could be linked back to an individual.
I will be the first one to say that if government or anyone else could do that in a trivial fashion (and indeed it's gotten easier of late) it would be a Very Bad Thing. But this is not a Google or a Gmail issue by a longshot. Almost every web server in the world stores information that, with enough effort, can be tracked back to an individual. They may not do it using cookies but they almost always retain logs of which IP accessed which url and when the access occurred. They do this simply because it is useful information for an admin to have. Heck, even gmitc.com has a link to their "Creepy Traffic Graphs", which the observant reader will note displays "unique" visits. Care to guess how unique visitors are identified? It's almost always by the their IP. Your IP. They also know what browser you're using, what operating system and what site, if any, you linked to them from. It's a good thing you trust gmitc.com not to misuse that information, isn't it? In the case of Google, the association of an IP address with clicks and searches is used for (from what I've gathered) improving location-specific matching algorithms, preventing any single IP from trying to artificially inflate a site or ad's score by clicking it repeatedly and so on.
The other special thing about Google's cookie is that it doesn't expire until 2038, which means that your browser will never automatically delete it. But even this is not particularly special anymore as the technique is in heavy use all over the place. It's the reason your login and preferences can be persistent even if you have a dynamic or NATed IP address. Previously either the cookie would expire, causing everything to be lost or you would have to use a login/password for even simple sites like search engines. Even if you feel that the use of such cookies is violatory and not worth the benefits, why pick on Google any more than yahoo.com/yahoo mail, msn.com/hotmail, ifilm.com, bbcamerica.com, lycos.com, amazon.com, barnesandnoble.com, discovery.com, or any of a zillion others that also employ "immortal" cookies?
Groups like the the Electronic Frontier Foundation have, rightly, I think, expressed concern over the fact that Gmail and Google share a domain (www.gmail.com currently forwards you to gmail.google.com). This is significant because pages from a given domain are only allowed to set or read cookies from that domain. So because they share a domain Gmail can access Google's cookies and vice-versa, which could be used to link searches with the personal information in your Gmail settings. Google has stated that they do not share information between their services but has also seemed reticent to make this an official part of their policies. The EFF, unlike gmitc.com, has been having constructive talks with Google and say they are "pleased that Google has so far been forthcoming about many of the features and issues raised by Gmail" and that they "plan to continue... talks with the company".
In any case it's trivial to delete, and in most cases block, cookies in just about any browser. However, the privacy policies of _all three_ major webmail systems (Yahoo, MSN and Gmail) say that disabling cookies may render their service unusable. All three of them also share domains between their search, mail and other services as the EFF points out in their report. So while these are issues, they are in no way Gmail-specific and few real privacy groups are saying that they are.
On that note, lets take a look at gmitc.com's four "problems" with Gmail:
Problem 1: Gmail is nearly immortal
This is one of the arguments that annoys me the most. It goes like this: Gmail offers so much space you may never need to delete anything. Gmail's interface is designed around the assumption that users will "Archive" mail rather than delete it. Therefore every government in the world is just itching to get at this treasure trove of privacy-violating material.
It's this simple: If you want to avoid the possibility of an electronic communication ever falling into the hands of those its not intended for you have two options:
1) Encrypt it.
2) Don't send it.
The internet is NOT a private network. It was not designed with privacy in mind. Every email, every web post, every IM, every anything that you send unencrypted is subject to being seen by someone; if not the feds then a bored sysadmin at any of the several private networks your data travels through. It might not be legal to capture data this way but if we're willing to posit a Gestapo bent on harassing anyone who searches for the wrong keywords, why not that *ahemeschelonahem*?
Gmitc.com does point out that after 180 days of storage data becomes easier for feds to obtain (subpoena vs the warrant required for a wiretap or seizure). But it still requires a subpoena and you can still delete your mail, request that the recipient delete it or encrypt it if you are worried about such things. Refusing to correspond with anyone who has a Gmail account or, worse, trying to legislate Gmail out of existence instead is just silly. You'd better not email me at my yahoo account either because I have mail there dating back to 2000 (and with a measly 100 megs, even!). Oh, and don't email me at work either. I access that mail via IMAP, which means it stays on Red Hat's servers until I delete it (ie forever). In other words, this is also not a Gmail issue. It's not even a mostly-Gmail issue as the storage of "private" communication on other people's servers is literally as old as the net its self. Even with the advent of mass-storage email systems, the disproportionate amount of flak being leveled at Google over the issue is unwarranted. The average email is a couple of kilobytes. The amount of mail that can be stored in a few megs, let alone 50 or 100 has the exact same issues and a similar likelihood of incrimination as that which can be stored in a gig.
Another point: I understand that privacy should be guarded on principle, which is why I'm all for reasonable privacy policies (something I feel Gmail has) as well as the whole "due process" thing. I'm far more worried about how its getting easier and easier for outside forces to gain access to personal data than I am about who's storing what data where. Gmitc.com actually quotes someone espousing a similar opinion (near the bottom of the main page) but shoots her down saying that since Google is international it will be subject to more than just US law. They then helpfully inform her that she is being an "elitist digierati" doing a disservice to the world with her narrow view. Actually, though, it's gmitc.com that is being overly narrow by pretending that the now decade-old issue of traditional law not keeping up with the digital age somehow applies more to Google than to other companies. And in fact, clause 13 of Gmail's Terms of Use reads:
Which, assuming it stands up under international law, rather nips gmitc's argument in the bud I think.
Finally, let's be realistic here: I guess I can only speak for myself but my webmail accounts contain spam, mailing list subscriptions, some possibly-sensitive work emails and correspondence with friends about uniformly banal subjects. I don't use them for anything I could get in trouble for because that's a stupid use for webmail. Any webmail. Or any email, for that matter. I keep my communiques with Al Queada strictly on other media, don't you?
Problem 2: Google's policies do not apply
This one starts by saying "The phrasing and qualifiers in the Gmail privacy policy are creepy enough...".
Let's pause there. Having read Gmail's privacy policy I really am failing to see any creepy qualifiers. It is in fact one of the most simply stated and clear privacy policies I've ever read. For example, the policy's one-paragraph "When we may disclose your personal information" clause is very straightforward:
Now I'll grant that the "good faith" part (shared by Hotmail's privacy policy) is a bit iffy, but even then it states five very specific circumstances (satisfaction of law, internal investigations of TOS violation, fraud prevention, answering support questions and protection of their own property - like, for example, if someone was trying to use malformed headers to exploit the service) under which they would access what data you haven't deleted or encrypted. I challenge anyone to find a webmail service, or even an ISP, that doesn't have a similar clause. For example Yahoo Mail, which the good folks at gmitc.com use for their contact address (more on that later) has a privacy policy which describes these exact same circumstances plus the following gem:
Now, I have been a user of Yahoo mail for many years and have never felt that I've received unwanted solicitations from Yahoo or their "trusted partners". If I did, I wouldn't use the service anymore. But if I was on the lookout for "creepy" provisions in people's privacy policies and didn't just have it in for Gmail...
Anyway, that's not the real "Problem" being discussed here. The gmitc.com site goes on to say that
Google has been equally mute about their plans to annex the Sudatenland, but that doesn't make it especially likely. Nonetheless, critics have a point in saying that Google (and others) should be clearer about exactly what data they collect and what they do with it. In the "Cookies and Log Information" section of Gmail's privacy policy there is a clause about the use of "cookies to collect aggregated information about the use of Gmail to maintain, analyze and improve the service". This is problematic because sensitive information like "The person with cookie ID X received email containing keyword Y 12 times in the last hour" could be described as aggregated data. But then, so could "X percent of people shown ads related to keyword Y actually clicked on ad Z". The latter query, without divulging any information associated with an individual, is also probably of more use to Google.
But the issue of specificity in privacy policies is also not Google or Gmail-specific by a long shot. Show me the section in Your ISP or other webmail's policy that says they don't build a database of keywords scanned by their anti-spam algorithms and associate them with particular addresses. Come to think of it, they almost certainly do. Attaching keyword-derived spam "scores" to source addresses as well as the emails themselves is a common technique in spam filtering (though I'm not an expert in the field). The problem with asking companies to list exactly what they will do with the data they collect is that they then can't execute any new ideas without waiting for a request to go through legal to get the policy updated first. Then again, maybe that's not such a bad thing.
On a related note, Gmail's help section now has an article that seems to have been written in response to some of the concerns raised by gmitc. It's called Gmail and Privacy and I'd suggest reading at least the "Rights of senders and recipients" section.
Having cast doubt upon Google's intentions in problem 2, gmitc.com has set the stage for...
Problem 3: A massive potential for abuse
This is absolutely true. IF Google did such a thing it would have a terrible potential for abuse. It is also true that if AOL, the world's largest ISP, were to log all traffic that anyone sent through their systems they could index every Gmail sent or received by any of their users, plus EVERYTHING else including search keywords used in any search engine. Now that would be *really* bad. IF they did it. This whole "problem" is based around a hypothetical that could apply to thousands of services out there including AOL, Yahoo, MSN, your ISP, the ISP of whomever you send data to and any ISPs between the two of you. Oh, but I forgot: Google is different because it's "creepy".
The whole thing really does come down to trust. That, or just not caring if someone reads your latest post to the David Carradine fanclub mailing list. Sending unencrypted data (or even encrypted data if you're really paranoid) over ANY service on the net implies trust in numerous parties (see list above). And, frankly, I have more reason to trust Google than I do a lot of other services out there or the companies behind them *ahemhotmailahem*. If you don't trust the net, don't use the net. Google/Gmail is absolutely nothing special here.
The next issue involves Google/Gmail's ad system, though not in the way you might expect...
Problem 4: Inappropriate ad matching
What?
Now they're saying that a lack of accuracy in choosing ads is a reason not to use it? Like seeing ads picked randomly from an advertisers' list is somehow better? Their third example even sites an article with ads that they admit are relevant, saying (in big red letters so you know it's important) "A relevant ad that shows poor judgment is much worse than an irrelevant ad that shows poor judgment". The ads in question are attached to an article talking about how Google's targeted ads are an improvement to the web, the problem being that the ads themselves are hawking tools for falsely inflating Google's "PageRank" score.
To be honest, I'm sort of failing to see how this is so bad. As the site points out, the ads in question are relevant: an article about Google produced ads (placed at the request of and generating revenue for the host site, I might add) about something related to Google: PageRank. But PageRank, while it is what got Mr. Brandt all aflutter in the first place, has nothing to do with how Google's Ads are chosen, at least as far as I know, so I fail to see how it demonstrates "bad judgement". Sure, the search engine equivalent of "add 10 inches!!" products are bad, but they exist for every search engine and the fact that these ads even showed up simply demonstrates that Google wasn't censoring ads based on that criterion. On that note, who here is willing to lay money that the gmitc people wouldn't be all over Google if they had censored the ads?
While I'm on the subject, let me take this opportunity to add myself to the list of people who think Google's ads are one of the best things to happen to the net. Elsewhere on the gmitc site they make the following assumption about Gmail users in their infantile "Profile of a Gmail User":
Well sit down, sonny and let me learn you something. I do remember a time when the net wasn't commercial. I also remember a time when webmail didn't exist because there was no way to justify the expense of maintaining such a service. I remember when search engines were crude at best for the same reason and when I couldn't email people I knew because they didn't know what email was. I remember a time when Linux didn't have a decent browser because it wasn't worth anybody's while to code or port one. Then the Internet became commercial.
The simple fact of the matter is that the Internet can either be universal or noncommercial. It can't be both. And this is coming from someone who develops and runs a free service devoted to making it easier to access free software for a free Operating System. In order for the net to exist on the scale that it does someone, somewhere needs to be making a buck. What Google did was figure out how to be both commercial and non-tacky at once. They generate ads that stand a chance in hell of being cared about by the reader in an unobtrusive manner that hardly gets noticed unless you actually decide to look at them. Visit msn.com sometime. Would you *really* rather have pop-ups, pop-unders and flash? *That* is what "undermines the internet experience" and the success of GoogleAds is the single best defense we have against it.
So there are the big four reasons why Gmail is supposedly too creepy to use (or send to). There's more at the site, but I am so sick of seeing "creepy" little guys in black trench coats labeled "Gmail Privacy Officer" that I just can't take it anymore. I guess I'm being unfair by picking on the worst of the anti-Gmail bunch, but it just really got me going. The site's a thinly-veiled personal vendetta full of baseless assumptions and assertions regarding Google's intentions, which have in turn focused the otherwise well-intentioned skepticism of others on the net. Their offensively patronizing tone and flat-out name-calling of the opposition doesn't help either. Blegh.
But hey, while I'm on a roll, one more thing:
Has anyone noticed the address listed on gmail-is-too-creepy.com's contact page? It's creepyGmail@yahoo.com.
Yahoo.com?
I'm apparently not the first to notice this because they have a page explaining their choice. There you will find four reasons why they believe Yahoo qualifies as being significantly less "creepy" than Gmail. I'd like to take a look at these not to rag on Yahoo, but to drive home my point that the issues people are concerned about with regard to Gmail are not Gmail issues at all.
First, they quote Yahoo's privacy policy: "once messages are emptied from the trash folder, they are permanently deleted from the Yahoo Mail server and cannot be recovered". Gmail actually has a similar note in their help section under the "Deleting Email" heading: "Once you delete a message, it's gone for good". But according to gmitc this is just a clever ruse:
This is in reference, I assume, to the following clause in Gmail's privacy policy:
This clause says nothing more than that they keep backups of their data and just because you delete an email or close your account they can't go through terrabytes of tape to get at it. Gmitc.com accurately states (and Gmail acknowleges) that as long as the data exists somewhere it may be subject to subpoena but once again they're taking a general problem and acting as though it applies exclusively (or even mostly) to Gmail. In fact, I'm willing to wager that Google's privacy policy is simply more forthcoming and complete than Yahoo's. Anyone who works in IT will tell you that:
a) Their company makes (or should make) regular backups
b) Their company keeps (or should keep) backups at a different physical location than the main servers in case the building gets nuked and
c) It is impossibly impractical to synchronize backups with the deletion of individual files from the server
In other words, I'll lay money that Yahoo does the exact same thing but doesn't mention it in their privacy policy at all. I agree with gmitc.com that Gmail's privacy policy should include the exact number of days they keep backups in rotation for and an assurance that the data is completely destroyed thereafter. But even as it is Gmail's policy is standard at worst and more complete than others at best.
The second reason is that "Now that Yahoo offers 100 megs, the space problem is not an issue". In other words, they no longer have to delete email because of space concerns. They could even afford to leave emails they might want for future reference around for, say, 180 days or more. Or they could delete them. Either way I trust their judgment and am sure they'll protect their own privacy to whatever extent they feel is necessary.
Reason number 3 why Ymail is different than Gmail is that they prefer Yahoo's filtering options over those of Gmail, which they've never used. Whatever. It's hard to argue with an opinion. I've used both and in my opinion they both have pros and cons. It's hardly a reason to not use Gmail, regardless.
The final reason is a real doozy:
The only thing harder to argue with than an opinion is a "we simply do not agree" assertion. In terms of access to the content of your email the ONLY difference between spam filters and adbots is that results of the latter are more obvious or, at worst, just more tacky. It may give someone who doesn't understand the behind the scene goings-on the impression that they are being "spied" upon, but it's just that -- an impression and one that is no more warranted for one system than the other. In fact, one could argue that Bayesian spam filters are more invasive because they take into account the similarities between your email and those in other people's mailboxes, something that as far as I know Google's adbots do not do.
*whew*. Are you still reading?
Ok, I'm done. In summary I feel that while many of the the privacy concerns being raised are valid, the issues in question apply no more or less to Google/Gmail than to a hundred other providers with similar levels of access to the data you send through their services. Gmail is in no more need of being shut down or "put on hold" than any of the others. What we're dealing with is a much larger issue resulting from the fact that law and the philosophy of law is still failing to keep up with technology and for now the only way around it is to not use technology. Data is being stored about what you do. There is the potential for abuse. But there is also the potential for advancement. Google has made the web immensely more usable in many ways largely through the responsible analysis of this data. If you are concerned about being headed toward times when what you search for or read about is a liability then fight the legislation that makes it easier for third parties to demand this data and tie it to a human instead of an ID number. Targeting Google toward this end is like fighting vote-rigging by burning the ballot boxes.
--usernamenumberATgmailDOTc o m / brad_stephenssmithATyahooDOT c o m
My next (shorter) topic will probably be: "The Gmail interface: Why it is only almost perfect"
=====================================================================
More than one person on my friends list has expressed concern over the hubbub with regard to Google's new "Gmail" service. This is quite understandable given the end-of-privacy-as-we-know-it screeds that have been popping up on the subject. I think it's time someone wrote a rebuttal to these POVs and since no one else (on my friends list) seems to have done it I will. First, I want to make it very clear that this isn't an attack on the LJers who are linking to or espousing the ideas in question. Skepticism is good. In this particular case, a lot of it is well-founded and has been well-founded for years. Non-techies are only now starting to notice this and the more awareness there is the better. That said, I think that the particular focus on gmail/Google is unwarranted and largely due to technical naivete and/or, in at least one case, a webmaster's personal vendetta.
I'd like to cite in particular www.gmail-is-too-creepy.com. Here the author lists four reasons why Gmail is so "creepy" that anyone who cares about privacy should never even reply to a Gmail user, let alone use the service. But before taking these concerns on point-by-point, lets look a bit at the origins of and motives behind the website. I refer you to Exhibit A where we read that the "research firm" behind www.gmail-is-too-creepy.com (hereafter gmitc.com or "the creepy site") is founded and presided over by one Daniel Brandt.
...wait a second.
I recognize that name. I also recognize those hideous MS Paint graphics. Isn't this the same guy who runs google-watch.org? Ah, so it is! Well good; that means I've been saved some research by the folks at google-watch-watch.org. Yes, that's right, this guy's crusade against Google has warranted its own counter-watch. The whole thing started with him being upset that his website wasn't indexed as thoroughly as he wanted it to be (see previous link). Since then he's devoted what looks like an enormous amount of time and effort toward doing everything from building elaborate conspiracy-theory diagrams to flat-out name-calling Gmail users in an effort to convince everyone that Google is the naughtiest thing on the net.
But enough about him. If I don't have anything to say about the actual content of his page then I'm just making ad-hominem attacks. Instead it is my aim to write mature, reasonable responses peppered with sarcasm where gmitc.com says something so silly that I can't help it.
And thus, onward:
I do have my issues with Google and I've learned some interesting things in the research I've done, but my conclusion is still that a lot of the things being associated with Gmail apply to more services (and have less nefarious uses) than people may think.
An example is the Google cookie. It's as much a Google thing as a Gmail thing, but it's a good example nonetheless. A cookie is a small file containing arbitrary data, which can be placed on your system by a website and then referenced on return visits. Maybe that sounds scary, but consider that every time you "log in" to a website or set a preference somewhere (livejournal, anyone?), the chances are very good that you're using a cookie. Cookies are legitimate tools used by many websites. Google's cookie is of concern to people because it has a unique ID number that is associated with the searches you do. While the ID number its self is in no way associated with you as an individual it is associated with your IP address and a timestamp, which means that theoretically, by subpoenaing both Google for their logs and your ISP to see who was using IP x during time y, a search could be linked back to an individual.
I will be the first one to say that if government or anyone else could do that in a trivial fashion (and indeed it's gotten easier of late) it would be a Very Bad Thing. But this is not a Google or a Gmail issue by a longshot. Almost every web server in the world stores information that, with enough effort, can be tracked back to an individual. They may not do it using cookies but they almost always retain logs of which IP accessed which url and when the access occurred. They do this simply because it is useful information for an admin to have. Heck, even gmitc.com has a link to their "Creepy Traffic Graphs", which the observant reader will note displays "unique" visits. Care to guess how unique visitors are identified? It's almost always by the their IP. Your IP. They also know what browser you're using, what operating system and what site, if any, you linked to them from. It's a good thing you trust gmitc.com not to misuse that information, isn't it? In the case of Google, the association of an IP address with clicks and searches is used for (from what I've gathered) improving location-specific matching algorithms, preventing any single IP from trying to artificially inflate a site or ad's score by clicking it repeatedly and so on.
The other special thing about Google's cookie is that it doesn't expire until 2038, which means that your browser will never automatically delete it. But even this is not particularly special anymore as the technique is in heavy use all over the place. It's the reason your login and preferences can be persistent even if you have a dynamic or NATed IP address. Previously either the cookie would expire, causing everything to be lost or you would have to use a login/password for even simple sites like search engines. Even if you feel that the use of such cookies is violatory and not worth the benefits, why pick on Google any more than yahoo.com/yahoo mail, msn.com/hotmail, ifilm.com, bbcamerica.com, lycos.com, amazon.com, barnesandnoble.com, discovery.com, or any of a zillion others that also employ "immortal" cookies?
Groups like the the Electronic Frontier Foundation have, rightly, I think, expressed concern over the fact that Gmail and Google share a domain (www.gmail.com currently forwards you to gmail.google.com). This is significant because pages from a given domain are only allowed to set or read cookies from that domain. So because they share a domain Gmail can access Google's cookies and vice-versa, which could be used to link searches with the personal information in your Gmail settings. Google has stated that they do not share information between their services but has also seemed reticent to make this an official part of their policies. The EFF, unlike gmitc.com, has been having constructive talks with Google and say they are "pleased that Google has so far been forthcoming about many of the features and issues raised by Gmail" and that they "plan to continue... talks with the company".
In any case it's trivial to delete, and in most cases block, cookies in just about any browser. However, the privacy policies of _all three_ major webmail systems (Yahoo, MSN and Gmail) say that disabling cookies may render their service unusable. All three of them also share domains between their search, mail and other services as the EFF points out in their report. So while these are issues, they are in no way Gmail-specific and few real privacy groups are saying that they are.
On that note, lets take a look at gmitc.com's four "problems" with Gmail:
Problem 1: Gmail is nearly immortal
This is one of the arguments that annoys me the most. It goes like this: Gmail offers so much space you may never need to delete anything. Gmail's interface is designed around the assumption that users will "Archive" mail rather than delete it. Therefore every government in the world is just itching to get at this treasure trove of privacy-violating material.
It's this simple: If you want to avoid the possibility of an electronic communication ever falling into the hands of those its not intended for you have two options:
1) Encrypt it.
2) Don't send it.
The internet is NOT a private network. It was not designed with privacy in mind. Every email, every web post, every IM, every anything that you send unencrypted is subject to being seen by someone; if not the feds then a bored sysadmin at any of the several private networks your data travels through. It might not be legal to capture data this way but if we're willing to posit a Gestapo bent on harassing anyone who searches for the wrong keywords, why not that *ahemeschelonahem*?
Gmitc.com does point out that after 180 days of storage data becomes easier for feds to obtain (subpoena vs the warrant required for a wiretap or seizure). But it still requires a subpoena and you can still delete your mail, request that the recipient delete it or encrypt it if you are worried about such things. Refusing to correspond with anyone who has a Gmail account or, worse, trying to legislate Gmail out of existence instead is just silly. You'd better not email me at my yahoo account either because I have mail there dating back to 2000 (and with a measly 100 megs, even!). Oh, and don't email me at work either. I access that mail via IMAP, which means it stays on Red Hat's servers until I delete it (ie forever). In other words, this is also not a Gmail issue. It's not even a mostly-Gmail issue as the storage of "private" communication on other people's servers is literally as old as the net its self. Even with the advent of mass-storage email systems, the disproportionate amount of flak being leveled at Google over the issue is unwarranted. The average email is a couple of kilobytes. The amount of mail that can be stored in a few megs, let alone 50 or 100 has the exact same issues and a similar likelihood of incrimination as that which can be stored in a gig.
Another point: I understand that privacy should be guarded on principle, which is why I'm all for reasonable privacy policies (something I feel Gmail has) as well as the whole "due process" thing. I'm far more worried about how its getting easier and easier for outside forces to gain access to personal data than I am about who's storing what data where. Gmitc.com actually quotes someone espousing a similar opinion (near the bottom of the main page) but shoots her down saying that since Google is international it will be subject to more than just US law. They then helpfully inform her that she is being an "elitist digierati" doing a disservice to the world with her narrow view. Actually, though, it's gmitc.com that is being overly narrow by pretending that the now decade-old issue of traditional law not keeping up with the digital age somehow applies more to Google than to other companies. And in fact, clause 13 of Gmail's Terms of Use reads:
These Terms of Use will be governed by and construed in accordance with the laws of the State of California, without giving effect to its conflict of laws provisions or your actual state or country of residence. Any claims, legal proceeding or litigation arising in connection with the Service will be brought solely in Santa Clara County, California, and you consent to the jurisdiction of such courts.
Which, assuming it stands up under international law, rather nips gmitc's argument in the bud I think.
Finally, let's be realistic here: I guess I can only speak for myself but my webmail accounts contain spam, mailing list subscriptions, some possibly-sensitive work emails and correspondence with friends about uniformly banal subjects. I don't use them for anything I could get in trouble for because that's a stupid use for webmail. Any webmail. Or any email, for that matter. I keep my communiques with Al Queada strictly on other media, don't you?
Problem 2: Google's policies do not apply
This one starts by saying "The phrasing and qualifiers in the Gmail privacy policy are creepy enough...".
Let's pause there. Having read Gmail's privacy policy I really am failing to see any creepy qualifiers. It is in fact one of the most simply stated and clear privacy policies I've ever read. For example, the policy's one-paragraph "When we may disclose your personal information" clause is very straightforward:
As a standard email protocol, when you send an email from your Gmail account, Gmail includes your email address and user name in the header of the email. Beyond this, we do not disclose your personally identifying information to third parties unless we believe we are required to do so by law or have a good faith belief that such access, preservation or disclosure is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or governmental request, (b) enforce the Gmail Terms of Use, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues (including, without limitation, the filtering of spam), (d) respond to user support requests, or (e) protect the rights, property or safety of Google, its users and the public.
Now I'll grant that the "good faith" part (shared by Hotmail's privacy policy) is a bit iffy, but even then it states five very specific circumstances (satisfaction of law, internal investigations of TOS violation, fraud prevention, answering support questions and protection of their own property - like, for example, if someone was trying to use malformed headers to exploit the service) under which they would access what data you haven't deleted or encrypted. I challenge anyone to find a webmail service, or even an ISP, that doesn't have a similar clause. For example Yahoo Mail, which the good folks at gmitc.com use for their contact address (more on that later) has a privacy policy which describes these exact same circumstances plus the following gem:
We provide the information to trusted partners who work on behalf of or with Yahoo! under confidentiality agreements. These companies may use your personal information to help Yahoo! communicate with you about offers from Yahoo! and our marketing partners. However, these companies do not have any independent right to share this information.
Now, I have been a user of Yahoo mail for many years and have never felt that I've received unwanted solicitations from Yahoo or their "trusted partners". If I did, I wouldn't use the service anymore. But if I was on the lookout for "creepy" provisions in people's privacy policies and didn't just have it in for Gmail...
Anyway, that's not the real "Problem" being discussed here. The gmitc.com site goes on to say that
"...nothing in any of Google's policies or public statements applies to those of us who don't have Gmail accounts. Google has not even formally stated in their privacy policy that they will not keep a list of keywords scanned from incoming email, and associate these with the incoming email address in their database."
Google has been equally mute about their plans to annex the Sudatenland, but that doesn't make it especially likely. Nonetheless, critics have a point in saying that Google (and others) should be clearer about exactly what data they collect and what they do with it. In the "Cookies and Log Information" section of Gmail's privacy policy there is a clause about the use of "cookies to collect aggregated information about the use of Gmail to maintain, analyze and improve the service". This is problematic because sensitive information like "The person with cookie ID X received email containing keyword Y 12 times in the last hour" could be described as aggregated data. But then, so could "X percent of people shown ads related to keyword Y actually clicked on ad Z". The latter query, without divulging any information associated with an individual, is also probably of more use to Google.
But the issue of specificity in privacy policies is also not Google or Gmail-specific by a long shot. Show me the section in Your ISP or other webmail's policy that says they don't build a database of keywords scanned by their anti-spam algorithms and associate them with particular addresses. Come to think of it, they almost certainly do. Attaching keyword-derived spam "scores" to source addresses as well as the emails themselves is a common technique in spam filtering (though I'm not an expert in the field). The problem with asking companies to list exactly what they will do with the data they collect is that they then can't execute any new ideas without waiting for a request to go through legal to get the policy updated first. Then again, maybe that's not such a bad thing.
On a related note, Gmail's help section now has an article that seems to have been written in response to some of the concerns raised by gmitc. It's called Gmail and Privacy and I'd suggest reading at least the "Rights of senders and recipients" section.
Having cast doubt upon Google's intentions in problem 2, gmitc.com has set the stage for...
Problem 3: A massive potential for abuse
If Google builds a database of keywords associated with email addresses, the potential for abuse is staggering. Google could grow a database that spits out the email addresses of those who used those keywords... Intelligence agencies would love to play with this information. Diagrams that show social networks of people who are inclined toward certain thoughts could be generated.
This is absolutely true. IF Google did such a thing it would have a terrible potential for abuse. It is also true that if AOL, the world's largest ISP, were to log all traffic that anyone sent through their systems they could index every Gmail sent or received by any of their users, plus EVERYTHING else including search keywords used in any search engine. Now that would be *really* bad. IF they did it. This whole "problem" is based around a hypothetical that could apply to thousands of services out there including AOL, Yahoo, MSN, your ISP, the ISP of whomever you send data to and any ISPs between the two of you. Oh, but I forgot: Google is different because it's "creepy".
The whole thing really does come down to trust. That, or just not caring if someone reads your latest post to the David Carradine fanclub mailing list. Sending unencrypted data (or even encrypted data if you're really paranoid) over ANY service on the net implies trust in numerous parties (see list above). And, frankly, I have more reason to trust Google than I do a lot of other services out there or the companies behind them *ahemhotmailahem*. If you don't trust the net, don't use the net. Google/Gmail is absolutely nothing special here.
The next issue involves Google/Gmail's ad system, though not in the way you might expect...
Problem 4: Inappropriate ad matching
What?
Now they're saying that a lack of accuracy in choosing ads is a reason not to use it? Like seeing ads picked randomly from an advertisers' list is somehow better? Their third example even sites an article with ads that they admit are relevant, saying (in big red letters so you know it's important) "A relevant ad that shows poor judgment is much worse than an irrelevant ad that shows poor judgment". The ads in question are attached to an article talking about how Google's targeted ads are an improvement to the web, the problem being that the ads themselves are hawking tools for falsely inflating Google's "PageRank" score.
To be honest, I'm sort of failing to see how this is so bad. As the site points out, the ads in question are relevant: an article about Google produced ads (placed at the request of and generating revenue for the host site, I might add) about something related to Google: PageRank. But PageRank, while it is what got Mr. Brandt all aflutter in the first place, has nothing to do with how Google's Ads are chosen, at least as far as I know, so I fail to see how it demonstrates "bad judgement". Sure, the search engine equivalent of "add 10 inches!!" products are bad, but they exist for every search engine and the fact that these ads even showed up simply demonstrates that Google wasn't censoring ads based on that criterion. On that note, who here is willing to lay money that the gmitc people wouldn't be all over Google if they had censored the ads?
While I'm on the subject, let me take this opportunity to add myself to the list of people who think Google's ads are one of the best things to happen to the net. Elsewhere on the gmitc site they make the following assumption about Gmail users in their infantile "Profile of a Gmail User":
"You are unaware that creeping commercialism is undermining the Internet experience. You may not even be aware that the Internet was noncommercial until the mid-1990s."
Well sit down, sonny and let me learn you something. I do remember a time when the net wasn't commercial. I also remember a time when webmail didn't exist because there was no way to justify the expense of maintaining such a service. I remember when search engines were crude at best for the same reason and when I couldn't email people I knew because they didn't know what email was. I remember a time when Linux didn't have a decent browser because it wasn't worth anybody's while to code or port one. Then the Internet became commercial.
The simple fact of the matter is that the Internet can either be universal or noncommercial. It can't be both. And this is coming from someone who develops and runs a free service devoted to making it easier to access free software for a free Operating System. In order for the net to exist on the scale that it does someone, somewhere needs to be making a buck. What Google did was figure out how to be both commercial and non-tacky at once. They generate ads that stand a chance in hell of being cared about by the reader in an unobtrusive manner that hardly gets noticed unless you actually decide to look at them. Visit msn.com sometime. Would you *really* rather have pop-ups, pop-unders and flash? *That* is what "undermines the internet experience" and the success of GoogleAds is the single best defense we have against it.
So there are the big four reasons why Gmail is supposedly too creepy to use (or send to). There's more at the site, but I am so sick of seeing "creepy" little guys in black trench coats labeled "Gmail Privacy Officer" that I just can't take it anymore. I guess I'm being unfair by picking on the worst of the anti-Gmail bunch, but it just really got me going. The site's a thinly-veiled personal vendetta full of baseless assumptions and assertions regarding Google's intentions, which have in turn focused the otherwise well-intentioned skepticism of others on the net. Their offensively patronizing tone and flat-out name-calling of the opposition doesn't help either. Blegh.
But hey, while I'm on a roll, one more thing:
Has anyone noticed the address listed on gmail-is-too-creepy.com's contact page? It's creepyGmail@yahoo.com.
Yahoo.com?
I'm apparently not the first to notice this because they have a page explaining their choice. There you will find four reasons why they believe Yahoo qualifies as being significantly less "creepy" than Gmail. I'd like to take a look at these not to rag on Yahoo, but to drive home my point that the issues people are concerned about with regard to Gmail are not Gmail issues at all.
First, they quote Yahoo's privacy policy: "once messages are emptied from the trash folder, they are permanently deleted from the Yahoo Mail server and cannot be recovered". Gmail actually has a similar note in their help section under the "Deleting Email" heading: "Once you delete a message, it's gone for good". But according to gmitc this is just a clever ruse:
"[Y]ou have no way of confirming [that messages you delete are actually gone]. And the worst part is that they also have no way of confirming that the message or attachment they deleted is inaccessible to technicians at Google".
This is in reference, I assume, to the following clause in Gmail's privacy policy:
Because we keep back-up copies of data for the purposes of recovery from errors or system failure, residual copies of email may remain on our systems for some time, even after you have deleted messages from your mailbox or after the termination of your account. Google employees do not access the content of any mailboxes unless you specifically request them to do so (for example, if you are having technical difficulties accessing your account) or if required by law, to maintain our system, or to protect Google or the public.
This clause says nothing more than that they keep backups of their data and just because you delete an email or close your account they can't go through terrabytes of tape to get at it. Gmitc.com accurately states (and Gmail acknowleges) that as long as the data exists somewhere it may be subject to subpoena but once again they're taking a general problem and acting as though it applies exclusively (or even mostly) to Gmail. In fact, I'm willing to wager that Google's privacy policy is simply more forthcoming and complete than Yahoo's. Anyone who works in IT will tell you that:
a) Their company makes (or should make) regular backups
b) Their company keeps (or should keep) backups at a different physical location than the main servers in case the building gets nuked and
c) It is impossibly impractical to synchronize backups with the deletion of individual files from the server
In other words, I'll lay money that Yahoo does the exact same thing but doesn't mention it in their privacy policy at all. I agree with gmitc.com that Gmail's privacy policy should include the exact number of days they keep backups in rotation for and an assurance that the data is completely destroyed thereafter. But even as it is Gmail's policy is standard at worst and more complete than others at best.
The second reason is that "Now that Yahoo offers 100 megs, the space problem is not an issue". In other words, they no longer have to delete email because of space concerns. They could even afford to leave emails they might want for future reference around for, say, 180 days or more. Or they could delete them. Either way I trust their judgment and am sure they'll protect their own privacy to whatever extent they feel is necessary.
Reason number 3 why Ymail is different than Gmail is that they prefer Yahoo's filtering options over those of Gmail, which they've never used. Whatever. It's hard to argue with an opinion. I've used both and in my opinion they both have pros and cons. It's hardly a reason to not use Gmail, regardless.
The final reason is a real doozy:
The best part is that Yahoo does not scan incoming email for keywords, in order to trigger advertising. This would be an insult to us, and a violation of those who send us email. We simply do not agree with those who equate Google's scanning for advertising with Yahoo's scanning for spam detection. Google has crossed a line that Yahoo has no plans to cross.
The only thing harder to argue with than an opinion is a "we simply do not agree" assertion. In terms of access to the content of your email the ONLY difference between spam filters and adbots is that results of the latter are more obvious or, at worst, just more tacky. It may give someone who doesn't understand the behind the scene goings-on the impression that they are being "spied" upon, but it's just that -- an impression and one that is no more warranted for one system than the other. In fact, one could argue that Bayesian spam filters are more invasive because they take into account the similarities between your email and those in other people's mailboxes, something that as far as I know Google's adbots do not do.
*whew*. Are you still reading?
Ok, I'm done. In summary I feel that while many of the the privacy concerns being raised are valid, the issues in question apply no more or less to Google/Gmail than to a hundred other providers with similar levels of access to the data you send through their services. Gmail is in no more need of being shut down or "put on hold" than any of the others. What we're dealing with is a much larger issue resulting from the fact that law and the philosophy of law is still failing to keep up with technology and for now the only way around it is to not use technology. Data is being stored about what you do. There is the potential for abuse. But there is also the potential for advancement. Google has made the web immensely more usable in many ways largely through the responsible analysis of this data. If you are concerned about being headed toward times when what you search for or read about is a liability then fight the legislation that makes it easier for third parties to demand this data and tie it to a human instead of an ID number. Targeting Google toward this end is like fighting vote-rigging by burning the ballot boxes.
--usernamenumberATgmailDOTc o m / brad_stephenssmithATyahooDOT c o m
My next (shorter) topic will probably be: "The Gmail interface: Why it is only almost perfect"
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
+1 Insightful
Date: 2004-07-02 12:35 pm (UTC)Right on Brad, you da man!