Print 55 comment(s) - last by nafhan.. on Apr 17 at 11:36 AM

Google says that Gmail users consented to scanning and practice is part of the normal delivery process

Google has updated its Terms of Service (TOS) to fully disclose to users that their incoming and outgoing emails are automatically analyzed using software. The software is analyzing the emails to create targeted ads that can be served to the user.
Google's TOS reveal that emails are scanned when they are stored on Google services and when in transit.
Google is currently fighting in court on allegations of violating the privacy of hundreds of millions of users. Courts in the U.S. decided last month not to combine several suits into a class action against Google.

Some Gmail users believe that Google is violating state and federal laws with its email scanning practices. Google continues to argue that users of Gmail consented to the activity and that it is part of the normal email delivery process.
The update terms of service spell this out more specifically. The new update reads:
Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
Google spokesman Matt Kallman said Google's changes, "will give people even greater clarity and are based on feedback we've received over the last few months."

Sources: Reuters, Google

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Fail
By Solandri on 4/15/2014 3:43:50 PM , Rating: 2
You can use the email service provided by your ISP. Or by some other non-giant data mining corporation.

That actually decreases your email's privacy, because email is sent as cleartext. Your email goes through three network transmissions before the recipient can read it:

your computer -> your mail server (e.g. gmail)
your mail server -> recipient's mail server
recipient's mail server -> recipient's computer

All of these are normally done in cleartext, meaning anyone with access to any of those networks can read your email.

Google dropped support for non-SSL connections to mail services about a decade ago. The only way to transmit mail between your computer and gmail's servers is with SSL encryption. A lot of the bigger webmail services followed in Google's footsteps and made their service https-only (Yahoo finally did it this year). Most of the smaller ones haven't because while the extra CPU usage of a single SSL connection is not much, the extra CPU usage of thousands or millions of SSL connections is pretty substantial. If the webmail portal at your ISP is not https or you do not use SSL with their POP/IMAP service, then anyone between you and the ISP's mail servers can read your mail.

Requiring SSL secures the first step in the above chain (assuming you use gmail). If the recipient also uses gmail or another SSL-only service, this secures the last third step. If the email is gmail-to-gmail, your mail is as good as completely private (except from Google) because there is no second step. If your email is gmail-to-yahoo, the first and third steps are secure, but the second step is not (gmail's servers communicate with yahoo's servers in cleartext because that's what the Internet email spec calls for).

For the second step, it's the number of network hops which counts, since that represents how many networks your cleartext email crosses. The big services like gmail and yahoo tend to use big upstream providers with direct peering agreements, so your cleartext mail has to cross fewer networks. The smaller ones like your local ISP or cable company tend to use lower stream providers, meaning more hops before your mail gets to its destination. Each hop is yet another network where a bored or corrupt employee could be reading your emails.

So it's not really a choice between a giant data-mining corporation, and no data-mining corporation. It's a choice between a giant data-mining corporation, and who the h*ll knows who is reading your emails. (And when you send email from a gmail account to anything other than a gmail account, it's still who the h*ll knows who is reading your emails. Just less so that if you weren't using gmail or yahoo or hotmail.)

RE: Fail
By Motoman on 4/15/2014 5:49:28 PM , Rating: 2
Not all small email services are cleartext - anyone can buy an SSL cert, and as far as that goes, even if you're using Gmail, you have the same theoretical risk if the person on the other end isn't using SSL.

On the other hand, someone illicitly picking up your emails is likely guilty of wiretapping, or some other applicable offense, and you can prosecute them. What Google et al are doing is perfectly legal - your only recourse is to not let their services use you.

"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)
Related Articles
Google: Yes, we "Read" Your Gmail
August 15, 2013, 3:30 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki