Google's Gmail, other services let third parties read user emails, report says

135

Comments

  • Reply 41 of 82
    dewmedewme Posts: 5,335member
    I cannot access the WSJ article due to the paywall but I assume the gist of the story has to do with third party apps being granted access to your Gmail inbox, not the (lack of?) privacy of Gmail itself. I've been using an app call TripIt that constantly asks me whether I want to allow it to scan my Gmail inbox. I always answer NO. I do forward travel related confirmation emails to TripIt so it can produce a convenient timeline with reservation confirmation numbers, links to relevant map information, reminders, etc.

    It's very obvious to me what the ramifications would be of granting anyone or anything access to my Gmail inbox. While I don't knowingly allow access to my Gmail account, if I did I would have to treat the particular email account as essentially semi-public/unprotected and make sure I don't have anything in my inbox that I do not wish to share. Additionally, I would be ethically and morally compelled to let everyone I share the Gmail address with know that responding to me via that address places the contents of their email in the same unprotected category.

    At some point, like several years ago, we were all aware that the privacy of many services was sketchy at best. We all knew, or should have known if we actually read EULAs and privacy statements, that there was little to no expectation of privacy with some apps, especially the freebies. We still engaged in unprotected communication and poor cyberhygiene nevertheless. I'm as guilty as anyone and have tried to regain control of the situation. However, there's no way to recall all of the horses that have already left the barn and if nasty warts, uncontrolled drips, or itchy rashes start showing up on one of my "unprotected" email accounts it will not be a huge surprise, especially where Google is involved.

    If you catch something from Google, please don't feign surprise. You knew it, it smelled bad, and you did it anyway.
    williamlondon
  • Reply 42 of 82
    gatorguygatorguy Posts: 24,176member
    dewme said:
    I cannot access the WSJ article due to the paywall but I assume the gist of the story has to do with third party apps being granted access to your Gmail inbox, not the (lack of?) privacy of Gmail itself. I've been using an app call TripIt that constantly asks me whether I want to allow it to scan my Gmail inbox. I always answer NO. I do forward travel related confirmation emails to TripIt so it can produce a convenient timeline with reservation confirmation numbers, links to relevant map information, reminders, etc.

    It's very obvious to me what the ramifications would be of granting anyone or anything access to my Gmail inbox. While I don't knowingly allow access to my Gmail account, if I did I would have to treat the particular email account as essentially semi-public/unprotected and make sure I don't have anything in my inbox that I do not wish to share. Additionally, I would be ethically and morally compelled to let everyone I share the Gmail address with know that responding to me via that address places the contents of their email in the same unprotected category.

    At some point, like several years ago, we were all aware that the privacy of many services was sketchy at best. We all knew, or should have known if we actually read EULAs and privacy statements, that there was little to no expectation of privacy with some apps, especially the freebies. We still engaged in unprotected communication and poor cyberhygiene nevertheless. I'm as guilty as anyone and have tried to regain control of the situation. However, there's no way to recall all of the horses that have already left the barn and if nasty warts, uncontrolled drips, or itchy rashes start showing up on one of my "unprotected" email accounts it will not be a huge surprise, especially where Google is involved.

    If you catch something from Google, please don't feign surprise. You knew it, it smelled bad, and you did it anyway.
    As long as you realize it's not specific to Google and GMail. Yahoo, Microsoft, "most major email providers" as well IIRC according to the source, and as far as I can tell including Apple? Everyone suddenly went silent when I asked for confirmation. Do you perhaps know? If you install Spark or Airmail on your Mac or iPhone can it access, aka "Read", an email I send you?
    edited July 2018 muthuk_vanalingam
  • Reply 43 of 82
    nunzy said:
    When those Google people chant "do no evil" over and over like a mantra, it has an effect. It plants it in them that they really should be doing evil.

    Google tried to kill iPhone.  Does it get more evil than that?
    Wow, Nunzy, you nailed it.

    Using the word “evil" in their mission statement, Goophabet points the company in exactly that direction, because our minds can only move toward things, not away. So, if Goophabet wanted to avoid being evil, they would have chosen a slogan or mission statement along the lines of “Be honorable”, “Be virtuous”, etc. But they didn’t!

    Goophabet knows exactly what it’s doing. How else do they base 90% of their business upon using its users’ private information to make money, i.e., by generating revenue through surveilling its users?
    nunzyfastasleepwatto_cobra
  • Reply 44 of 82
    And people keep harping on about Facebook and Cambridge Analytica, always giving Google a great big pass. Google has been at it longer, has wider reach, is much better at it, and has far more customers than Facebook.
    I doubt most users care what happens to their private data. I only know that investors of data-harvesting companies are quite happy with such easy profitability available thanks to unconcerned consumers. Apple is losing out financially due to its consumer privacy stance and Wall Street is quite unhappy about Apple not taking advantage of easy money. Facebook will be quickly going to $250 a share while Apple struggles to break $190. Facebook's profit margins are unbelievably huge and it's basically just a social app company. Google will be allowed to get away with what it's doing with private user data and continue to make easy profits without limits or constraints. As long as there is easy money to be made from taking private user data, Google will continue to thrive. Facebook and Google will never be regulated or even fined for harvesting and selling user data. Those companies are indeed, very lucky, to be so highly valued and praised by everyone.
    williamlondon
  • Reply 45 of 82
    gatorguygatorguy Posts: 24,176member
    And people keep harping on about Facebook and Cambridge Analytica, always giving Google a great big pass. Google has been at it longer, has wider reach, is much better at it, and has far more customers than Facebook.
    ...Google will never be regulated or even fined for harvesting and selling user data. 
    Obviously Google wouldn't be fined for selling personal data. It's not something they do anymore than Apple does.
  • Reply 46 of 82
    maestro64maestro64 Posts: 5,043member
    Gatorguy, stop justifying and referencing Google EULA, spend some time and educate yourself on legal contracts and agreements. You take the words writing on face value, EULA are filled with weasel words and broad non specific statement and this is done for a reason is allow Google to so pretty much as they like and the burden falls to the user to provide Google's true intent. People knowingly or unknowingly agreeing to things and they do not understand Google's intent behind the words. You have no clue what Googles intent is or was when those EULA were written. I have negotiate agreement and I can tell most of the time is spent on understanding the intend of the words and phases, in most cases some words have very specific legal definition and intent, beyond this you can not assume intent.

    As I shared before, at pervious employer I found evidence of Google doing things with their email client in our corporate environment which we had specific guarantees they would not do. I share this with our corporate legal team and their answer was this is the reason Corporate legal and HR were not allowed to use Google mails because Google would not warrant against inappropriate use of information stored on google servers which was company confidential. Google will not warrant or indemnify that your personal information on their servers will not be use for other purposes, the key legal words here is "warrant" and "indemnify".

    Please stop saying and trying to convince people Google systems are not reading/analyzing peoples' personal communications. You have no proof to back that statement up, reference the EULA is not proof and it is not worth the webpage it is written on. No one has taken Google to court on their EULA and proven Google's intent behind the EALU and shown exactly what they are doing with information stored on their servers. By the way if you read it, Google reserves the right to update the EULA at any time. So is the user obligate to the current EULA of the one when they first signed up, do you have the copy of the EALU when you first signed up.
    edited July 2018 williamlondoncgWerks
  • Reply 47 of 82
    StrangeDaysStrangeDays Posts: 12,834member
    gatorguy said:
    dewme said:
    I cannot access the WSJ article due to the paywall but I assume the gist of the story has to do with third party apps being granted access to your Gmail inbox, not the (lack of?) privacy of Gmail itself. I've been using an app call TripIt that constantly asks me whether I want to allow it to scan my Gmail inbox. I always answer NO. I do forward travel related confirmation emails to TripIt so it can produce a convenient timeline with reservation confirmation numbers, links to relevant map information, reminders, etc.

    It's very obvious to me what the ramifications would be of granting anyone or anything access to my Gmail inbox. While I don't knowingly allow access to my Gmail account, if I did I would have to treat the particular email account as essentially semi-public/unprotected and make sure I don't have anything in my inbox that I do not wish to share. Additionally, I would be ethically and morally compelled to let everyone I share the Gmail address with know that responding to me via that address places the contents of their email in the same unprotected category.

    At some point, like several years ago, we were all aware that the privacy of many services was sketchy at best. We all knew, or should have known if we actually read EULAs and privacy statements, that there was little to no expectation of privacy with some apps, especially the freebies. We still engaged in unprotected communication and poor cyberhygiene nevertheless. I'm as guilty as anyone and have tried to regain control of the situation. However, there's no way to recall all of the horses that have already left the barn and if nasty warts, uncontrolled drips, or itchy rashes start showing up on one of my "unprotected" email accounts it will not be a huge surprise, especially where Google is involved.

    If you catch something from Google, please don't feign surprise. You knew it, it smelled bad, and you did it anyway.
    As long as you realize it's not specific to Google and GMail. Yahoo, Microsoft, "most major email providers" as well IIRC according to the source, and as far as I can tell including Apple? Everyone suddenly went silent when I asked for confirmation. Do you perhaps know? If you install Spark or Airmail on your Mac or iPhone can it access, aka "Read", an email I send you?
    No, Apple employees nor its partners can personally read your emails, as in by a human, in order to sell you stuff. Happy to believe this whataboutism if you have links to indicate it’s the case. 
    williamlondonwatto_cobra
  • Reply 48 of 82
    RebelwacRebelwac Posts: 2unconfirmed, member
    So if an user manually installs an add-in, agrees on the popup window that shows all the permissions (including the read email permission), this is somehow Google's fault? It's not like they give permissions to third parties without user consent or knowledge
    muthuk_vanalingambulk001
  • Reply 49 of 82
    dewmedewme Posts: 5,335member
    gatorguy said:
    dewme said:
    I cannot access the WSJ article due to the paywall but I assume the gist of the story has to do with third party apps being granted access to your Gmail inbox, not the (lack of?) privacy of Gmail itself. I've been using an app call TripIt that constantly asks me whether I want to allow it to scan my Gmail inbox. I always answer NO. I do forward travel related confirmation emails to TripIt so it can produce a convenient timeline with reservation confirmation numbers, links to relevant map information, reminders, etc.

    It's very obvious to me what the ramifications would be of granting anyone or anything access to my Gmail inbox. While I don't knowingly allow access to my Gmail account, if I did I would have to treat the particular email account as essentially semi-public/unprotected and make sure I don't have anything in my inbox that I do not wish to share. Additionally, I would be ethically and morally compelled to let everyone I share the Gmail address with know that responding to me via that address places the contents of their email in the same unprotected category.

    At some point, like several years ago, we were all aware that the privacy of many services was sketchy at best. We all knew, or should have known if we actually read EULAs and privacy statements, that there was little to no expectation of privacy with some apps, especially the freebies. We still engaged in unprotected communication and poor cyberhygiene nevertheless. I'm as guilty as anyone and have tried to regain control of the situation. However, there's no way to recall all of the horses that have already left the barn and if nasty warts, uncontrolled drips, or itchy rashes start showing up on one of my "unprotected" email accounts it will not be a huge surprise, especially where Google is involved.

    If you catch something from Google, please don't feign surprise. You knew it, it smelled bad, and you did it anyway.
    As long as you realize it's not specific to Google and GMail. Yahoo, Microsoft, "most major email providers" as well IIRC according to the source, and as far as I can tell including Apple? Everyone suddenly went silent when I asked for confirmation. Do you perhaps know? If you install Spark or Airmail on your Mac or iPhone can it access, aka "Read", an email I send you?
    I assume Google isn't the only stinky email provider. I assume Yahoo, Outlook.com, and other services are similar. In this case it sounds like Google is allowing apps access to your inbox at the Google servers, not on your machine. 

    The email pricey and security issue is a real problem for not only casual/home users but for corporate users as well. It is very easy for sensitive corporate information to leak out. One company I worked for required every email footer to have a disclaimer stating that if a recipient received the email in error - delete it. That's beyond naive and somewhat laughable. The only system that comes close to working is to have an air-gapped email system with no interconnects at all. But even then people find ways to cross the air gap including transcribing emails, copy & paste, etc. There's probably better ways to solve this issue with blockchain but for the average Schmo all we can do is use encryption, e.g., PGP, and try to have something akin to an air gapped setup by using different email accounts for different transactions and different levels of sharing. I just don't believe that services like Gmail will ever be truly secure or private because there's nothing in it for Google to make it that way. Finally, based on the popularity of services like Facebook, most people don't care about privacy.
    watto_cobra
  • Reply 50 of 82
    gatorguygatorguy Posts: 24,176member
    gatorguy said:
    dewme said:
    I cannot access the WSJ article due to the paywall but I assume the gist of the story has to do with third party apps being granted access to your Gmail inbox, not the (lack of?) privacy of Gmail itself. I've been using an app call TripIt that constantly asks me whether I want to allow it to scan my Gmail inbox. I always answer NO. I do forward travel related confirmation emails to TripIt so it can produce a convenient timeline with reservation confirmation numbers, links to relevant map information, reminders, etc.

    It's very obvious to me what the ramifications would be of granting anyone or anything access to my Gmail inbox. While I don't knowingly allow access to my Gmail account, if I did I would have to treat the particular email account as essentially semi-public/unprotected and make sure I don't have anything in my inbox that I do not wish to share. Additionally, I would be ethically and morally compelled to let everyone I share the Gmail address with know that responding to me via that address places the contents of their email in the same unprotected category.

    At some point, like several years ago, we were all aware that the privacy of many services was sketchy at best. We all knew, or should have known if we actually read EULAs and privacy statements, that there was little to no expectation of privacy with some apps, especially the freebies. We still engaged in unprotected communication and poor cyberhygiene nevertheless. I'm as guilty as anyone and have tried to regain control of the situation. However, there's no way to recall all of the horses that have already left the barn and if nasty warts, uncontrolled drips, or itchy rashes start showing up on one of my "unprotected" email accounts it will not be a huge surprise, especially where Google is involved.

    If you catch something from Google, please don't feign surprise. You knew it, it smelled bad, and you did it anyway.
    As long as you realize it's not specific to Google and GMail. Yahoo, Microsoft, "most major email providers" as well IIRC according to the source, and as far as I can tell including Apple? Everyone suddenly went silent when I asked for confirmation. Do you perhaps know? If you install Spark or Airmail on your Mac or iPhone can it access, aka "Read", an email I send you?
    No, Apple employees nor its partners can personally read your emails, as in by a human, in order to sell you stuff. Happy to believe this whataboutism if you have links to indicate it’s the case. 
    That's not at all what I asked. I guess a red herring that points to a false conclusion is at least something . Everyone else  would seem to prefer not answering at all (inconvenient truth? Not sure), so kudos for that.

    Anyway can Apple read your emails by machine scanning? Can Apple use a real human to do so if the situation were to require it? I don't see a single thing in Apple's EULA that would indicate they can't whether for legal or business reasons. Did you see something I didn't that says otherwise? You seem very sure they cannot and never will. But this story is more about granting 3rd party access to your email (and by extension mine too)

    I want to be certain I understand you since you seem to be commenting on a very specific aspect only, human reading for marketing, which is not what the question was:
     If you're using Edison or Airmail or Spark on your Apple device can those developers/apps "read" an email sent from me to your Apple email account, whether done by machine or human and whether strictly for marketing or not? According to the source article Edison actually used some human scanning and Edison is an iOS app too. 
    edited July 2018 muthuk_vanalingam
  • Reply 51 of 82
    GeorgeBMacGeorgeBMac Posts: 11,421member
    And people keep harping on about Facebook and Cambridge Analytica, always giving Google a great big pass. Google has been at it longer, has wider reach, is much better at it, and has far more customers than Facebook.
    Don't go there...
    Equating Cambridge Analytica's attack on out elections to marketing is a VERY False Equivalency.

    (And too all those:  "Who?  What?  Nobody attacked our election!", That is what Cambridge Analytica specialized in.   They were mercenaries selling out to the highest bidder to change elections)
    muthuk_vanalingamwilliamlondon
  • Reply 52 of 82
    GeorgeBMacGeorgeBMac Posts: 11,421member
    kkqd1337 said:
    I pay for my email on a Microsoft Business Office 365 Exchange account to prevent this.

    its like $20-30 a year. I mean surely we value our privacy that much don’t we? For email which we now use for literally everything.

    But I guess if you want free you have to make compromises.
    "You have to make compromises"
    That only works if the company you are "compromising" is honest.  Google was running a scam:  "We don't read your emails".   Now we now why:   They just sold them to others to read!
  • Reply 53 of 82
    GeorgeBMacGeorgeBMac Posts: 11,421member
    "Your Fidelity Investments statement is ready.   Click here to...."
    "Your Discover Credit Card statement is ready.   Click here to..."
    "Your Citizens Bank Account statement is ready.   Click here to..."

    It's why I run two emails:   One iCloud and one with my old, original email.  I limit my iCloud email to financial stuff and close friends.  The other is for junk.  It's very different reading my social comments than it is my financial background data.  Totally different really.
  • Reply 54 of 82
    maestro64maestro64 Posts: 5,043member
    dewme said:
    gatorguy said:
    dewme said:
    I cannot access the WSJ article due to the paywall but I assume the gist of the story has to do with third party apps being granted access to your Gmail inbox, not the (lack of?) privacy of Gmail itself. I've been using an app call TripIt that constantly asks me whether I want to allow it to scan my Gmail inbox. I always answer NO. I do forward travel related confirmation emails to TripIt so it can produce a convenient timeline with reservation confirmation numbers, links to relevant map information, reminders, etc.

    It's very obvious to me what the ramifications would be of granting anyone or anything access to my Gmail inbox. While I don't knowingly allow access to my Gmail account, if I did I would have to treat the particular email account as essentially semi-public/unprotected and make sure I don't have anything in my inbox that I do not wish to share. Additionally, I would be ethically and morally compelled to let everyone I share the Gmail address with know that responding to me via that address places the contents of their email in the same unprotected category.

    At some point, like several years ago, we were all aware that the privacy of many services was sketchy at best. We all knew, or should have known if we actually read EULAs and privacy statements, that there was little to no expectation of privacy with some apps, especially the freebies. We still engaged in unprotected communication and poor cyberhygiene nevertheless. I'm as guilty as anyone and have tried to regain control of the situation. However, there's no way to recall all of the horses that have already left the barn and if nasty warts, uncontrolled drips, or itchy rashes start showing up on one of my "unprotected" email accounts it will not be a huge surprise, especially where Google is involved.

    If you catch something from Google, please don't feign surprise. You knew it, it smelled bad, and you did it anyway.
    As long as you realize it's not specific to Google and GMail. Yahoo, Microsoft, "most major email providers" as well IIRC according to the source, and as far as I can tell including Apple? Everyone suddenly went silent when I asked for confirmation. Do you perhaps know? If you install Spark or Airmail on your Mac or iPhone can it access, aka "Read", an email I send you?
    I assume Google isn't the only stinky email provider. I assume Yahoo, Outlook.com, and other services are similar. In this case it sounds like Google is allowing apps access to your inbox at the Google servers, not on your machine. 

    The email pricey and security issue is a real problem for not only casual/home users but for corporate users as well. It is very easy for sensitive corporate information to leak out. One company I worked for required every email footer to have a disclaimer stating that if a recipient received the email in error - delete it. That's beyond naive and somewhat laughable. The only system that comes close to working is to have an air-gapped email system with no interconnects at all. But even then people find ways to cross the air gap including transcribing emails, copy & paste, etc. There's probably better ways to solve this issue with blockchain but for the average Schmo all we can do is use encryption, e.g., PGP, and try to have something akin to an air gapped setup by using different email accounts for different transactions and different levels of sharing. I just don't believe that services like Gmail will ever be truly secure or private because there's nothing in it for Google to make it that way. Finally, based on the popularity of services like Facebook, most people don't care about privacy.

    To your point, this is something many people and companies do not understand, by allowing sensitive, private, company confidential information to resided outside the corporation, any claims you my have to protect that information is limited. If you try to sue someone and claim the information is private or confidential and the other party can show you did not do everything possible to protect the information your case may be mute, since you do not have control over information stored on Google servers. There is already case law on this subject, companies loss cases since the other side show the company did not take simple precaution to protect their information just saying it confidential is not enough anymore.

    The pervious company I worked for required all external communication which contained company confidential information had to be encrypted with PGP since we have no idea where the information would be routed and stored. Only the end recipient had the key to decrypt the email.
    cgWerks
  • Reply 55 of 82

    It really doesn't matter what these companies are doing as far as your privacy goes. If you want to get upset about your privacy being breached, direct your ire at AT&at and the NSA. And yes, it is far worse than you might have imagined. The have access to ALL e-mails originating in the U.S. and much of them from the rest of the world and this has been going on for a long time. If you want privacy, stay off the internet.

    https://techcrunch.com/2018/06/25/nsa-att-intercept-surveillance/

  • Reply 56 of 82
    tallest skiltallest skil Posts: 43,388member
    Ahhh well I don't expect many to extrapolate to potential design scenarios... It's not about us finding out about us, backasswards or otherwise... Flip the switch and what happens next ? Can what we know today as 'civil society' change rapidly...? The Kremlin apparently switched to typewriters...
    The slippery slope fallacy. You’re on a roll. 
    Slippery slope isn’t a fallacy. I’m not sure what his post was supposed to imply, though.
    Soli said:
    bobolicious said:
    The Kremlin apparently switched to typewriters…
    What does that mean?
    Looks like classic ‘muh russia’ spam. No argument at all, so jump straight to the boogeyman that the government says is responsible for all evil.
  • Reply 57 of 82
    Rayz2016Rayz2016 Posts: 6,957member
    gatorguy said:
    It’s easy enough to not use a Gmail account. What’s a lot more difficult is not e-mailing with anybody who uses Gmail, which matters because presumably Google can read incoming messages too, and so often the incoming message content is included in a response, so third parties can read your e-mail whether or not you ever agreed to anything. 
    If you're using Edison or Airmail or Spark on your Apple device can those developers "read" an email sent from me to your Apple email account? No one has answered that yet so perhaps you know?

    @williamlondon @StrangeDays ; @Rayz2016 ; @chasm @ericthehalfbee @bestkeptsecret ; , do any of you know? You're all generally pretty knowledgeable about this stuff.



    Uh uh. 

    You made the accusation so you do the legwork. 

    Common sense tells me that Apple must be able to read the emails because their kit can read emails out loud, but what's your point?

    No matter how much you scour your search engine of choice for evidence that Apple is as bad as Google, there is one truth you cannot escape: everything Google does (the car project, the search engine, the fibre networks) is done to serve their core business: leafing through your personal data like weird Uncle Silas rifling through grandma's underwear drawer. That is their foundation; their reason to exist. That is what they do.

    Having said that, I think Apple should stop putting the Google search engine front and centre; the results from it have been getting poorer for years; Google favours sites that put their content through Google servers. What the hell is that about? Oh yes, because Google has a better chance to sniff your packet if you go directly to their sites.
    edited July 2018 StrangeDays
  • Reply 58 of 82
    gatorguygatorguy Posts: 24,176member
    Rayz2016 said:
    gatorguy said:
    It’s easy enough to not use a Gmail account. What’s a lot more difficult is not e-mailing with anybody who uses Gmail, which matters because presumably Google can read incoming messages too, and so often the incoming message content is included in a response, so third parties can read your e-mail whether or not you ever agreed to anything. 
    If you're using Edison or Airmail or Spark on your Apple device can those developers "read" an email sent from me to your Apple email account? No one has answered that yet so perhaps you know?

    @williamlondon @StrangeDays ; @Rayz2016 ; @chasm @ericthehalfbee @bestkeptsecret ; , do any of you know? You're all generally pretty knowledgeable about this stuff.



    Uh uh. 

    You made the accusation so you do the legwork. 


    What accusation? That's called a question. See the little curly mark at the end like this one? Don't pretend you don't know the difference. 
    I didn't ask about Apple either. Ii asked whether developers could access your Apple mail. 

    So a poor attempt at misdirection on your part, far too transparent, but that's tending to be your MO with difficult questions IMHO. If you don't feel like being forthright then why bother responding at all?

    FWIW I didn't give Apple permission to read my emails if they do, nor did I give permission to any 3rd party apps you or others might have installed either if those developers are doing so. If you think Google is wrong wouldn't Apple be just as wrong if they each allow it? Of course they would be... If it were wrong.
    edited July 2018 muthuk_vanalingam
  • Reply 59 of 82
    macxpressmacxpress Posts: 5,801member
    Boy the ole fandroids are out by the masses trying like hell to cover Google's ass now! Here's so koolaid if you get thirsty along the way. 
    StrangeDays
  • Reply 60 of 82
    IreneWIreneW Posts: 303member
    Have any of you actually read (and understood) the source report? Because AI apparently didn't.
Sign In or Register to comment.