Join 3,520 readers in helping fund MetaFilter (Hide)


Google Has (Almost) All The Email
May 12, 2014 9:15 AM   Subscribe

Even if you don't have a Gmail account, many of your contacts do. So Google has a lot of your email, even if you have been trying hard to avoid that.
posted by COD (105 comments total) 14 users marked this as a favorite

 
Popular email service is popular.
posted by GuyZero at 9:32 AM on May 12 [17 favorites]


It amazes me what gets sent over email. Let's say you use direct deposit at work, and you have, say, a Mint account, which emails you when you get a large deposit into your bank account, and how much. It is trivial for Google to scan through the contents of your email to figure out how much you make, and then target ads to your income demographic — not just for gmail-email, but through and on any other Google service, application or platform you use.
posted by Blazecock Pileon at 9:35 AM on May 12 [1 favorite]


Reminds me a bit of that Time article from a couple of weeks ago about someone trying to hide their pregnancy from the internet. All it takes is someone with GMail to mail you "congrats on your baby!" and now Google can tag your email address as "likely pregnant." And you have zero control over that.
posted by smackfu at 9:35 AM on May 12 [1 favorite]


They would have a lot more of mine if the gmail app on my nexus made any sense to me. As it is the chumps in Australia who keep trying to provide me with real estate and the US who keep offering to buy my namesake's F150 are probably providing a fair amount of cover for the real me. This is largely the product of me being able to get my real name on my account due to getting invites through MeFi when gmail started. Looking through my regular non-gmail inbox though, gmail only accounts for about 0.9% of my incoming mail.
posted by biffa at 9:35 AM on May 12 [1 favorite]


they know what my cat looks like? 99% of my email is the most boring, trivial, mundane shit you ever read.
posted by bruce at 9:36 AM on May 12 [2 favorites]


Email is no longer something you can readily do yourself, unless you are dedicated and informed. Ars Technica recently had a spralling 4 part multi page series on how to run your own email server. It was 350000 words. I read several parts in and got a headache.

Also, unless you use end to end encryption, it is impossible to count all of the companies that could potentially have your email. Every network your email traverses could potentially have a copy. And people have been banging the encryption drum for years, and the programs are still difficult to set up and use, so adoption rates are low.

One of these days, we need to take email out in the back and shoot it. It has terrible security. The solution to that is to pile layer after layer of figdety technology to make sure spam doesn't get through and everything else does. I don't really see a good replacement though. These days, a distributed, encrypted, open API'ed, vendor independent protocol has about zero possibility coming out of silicon valley. No money in it, and no interest from regular users.
posted by zabuni at 9:37 AM on May 12 [33 favorites]


smackfu: Not just pregnancy though. Sad to hear you have cancer/hepatitis/ingrowing toenails. Congrats on the engagement. Shame about the missed grades. Plenty more fish in the sea!
posted by biffa at 9:39 AM on May 12 [1 favorite]


And your ISP sees all your emails. Like someone said in the comments to the article: "If your email correspondence is sensitive encrypt it. If you need to protect metadata then maybe email isn’t the best communication method."
posted by Triplanetary at 9:40 AM on May 12 [6 favorites]


It is trivial for Google to scan through the contents of your email to figure out how much you make, and then target ads to your income demographic

Google probably has simpler and clearer signals of that sort of thing. It can already infer what gender you are with a pretty high level of accuracy just by looking at your web search and/or ad-clicking activity. Go to https://www.google.ca/settings/ads if you want to see Google's inferences about you for advertising purposes and/or opt out of interest or demographic based advertising. But there's no need to scan for paycheque emails when they can just see whether you're searching for organic quinona recipes or information about WWE.

Anyway, a much more pressing concern is outright hacking of your email server. Who would last longer against a state-sponsored hacker trying to get your email - Google or you?
posted by GuyZero at 9:41 AM on May 12 [24 favorites]


All it takes is someone with GMail to mail you "congrats on your baby!" and now Google can tag your email address as "likely pregnant." And you have zero control over that.

Target can predict whether you're pregnant simply by observing what you purchase. No one has to say anything to anyone. And you have less than zero control over that.
posted by GuyZero at 9:42 AM on May 12 [2 favorites]


Anyway, a much more pressing concern is outright hacking of your email server. Who would last longer against a state-sponsored hacker trying to get your email - Google or you?

Neither, if you assume that the NSA has pressured Google and/or the makers of your server hardware/the hosting provider you use into giving them backdoor access.
posted by Wretch729 at 9:43 AM on May 12 [1 favorite]


While I'm sure this will convince nobody, the NSA does not have backdoors into major internet companies.

Googlers say “F*** you” to NSA, company encrypts internal network
posted by GuyZero at 9:46 AM on May 12 [1 favorite]


Go to https://www.google.ca/settings/ads if you want to see Google's inferences about you

That's pretty neat. Apparently, I am binnable into "Agricultural Equipment", "Brazilian Music", "Forestry" ,"Paleontology", "Reggaeton", "Search Engine Optimisation & Marketing" and "Yard & Patio" ad categories, among others.
posted by Blazecock Pileon at 9:46 AM on May 12 [8 favorites]


I stopped using just one account for email. Its a pain to check, but have fragmented and distributed communication across different providers (free and domain based, online and thunderbird etc) for different people. I expect they are all read/metadata'd whatever but are they integrated enough to provide a complete picture as using just one account used to be able to do?
posted by infini at 9:47 AM on May 12


Mind you, as we all tend to say, I have nothing to hide, but it provides me with some small amusement in life to put a spoke in the wheel of the observers ;p
posted by infini at 9:47 AM on May 12


And you have less than zero control over that.

For Target, you can still pay with cash and not use a loyalty card.
posted by smackfu at 9:51 AM on May 12 [1 favorite]


Go to https://www.google.ca/settings/ads if you want to see Google's inferences about you

I thought I'd opted out of this when it first came out, but nooo.

Also, it turns out I'm a 30 year old male interested in technology, fitness, and I have no language.
posted by lysdexic at 9:51 AM on May 12


Google probably has simpler and clearer signals of that sort of thing.

Oh, I know. I used a popular non-Google room rental service recently, and then I started getting a lot of ads about airlines offering tickets to that destination, almost immediately after the confirmation emails.

Google is creepy. Especially about reading my email, but I'm resigned to the fact that there aren't many alternatives that are any better, in that regard, and lack of encryption makes alternatives largely moot, since email goes from node to node in plain view. I would definitely pay for an end-to-end encrypted email product, if there was a way to make it work.
posted by Blazecock Pileon at 9:55 AM on May 12


Heh...Google has so many misconceptions about me, it's like they're family.
posted by malocchio at 9:58 AM on May 12 [48 favorites]


Of the things google says I'm interested in but am not:

Anime & Manga, Autos & Vehicles, Bollywood & South Asian Film, Dance & Electronic Music, East Asian Music, Fighting Games, Military, Rap & Hip-Hop, Robotics, Shooter Games, Urban & Hip-Hop, Vehicle Simulators .

I am curious where it gets this.

Google "knows" a lot about me.
posted by jeather at 9:59 AM on May 12


google thinks i'm into 'hygiene and toiletries' based on my youtube history.

I am completely stumped on that one.
posted by empath at 10:05 AM on May 12


How to shave with a straight razor tutorial video?
posted by Aizkolari at 10:07 AM on May 12


google asked me to log in (odd because I am logged in)
posted by infini at 10:07 AM on May 12


While Google may be creepy, at least they're competent about it and, most importantly offer some tools to control your interactions with them.

I worry more about the incompetent creeps like Target and Yahoo and the small mom-and-pop retailer selling internet access and screen door installations.

Someone has to deliver my email. Someone has to worry about my security---I'm sure not capable or willing to put the time in. It clear from the past few years that not only are we at risk from pretty sophisticated criminals, but that sovereign spying is rampant online.

Just like we have to trust banks to manage our money, we're evolving into a society where trusting someone with our online identity is a necessity, if we want to be part of everyday life.

To me, it's not terribly surprising that someone is collecting that data. There are too few large players to be really anonymous any more. As mentioned above, email is inherently insecure, like sending a letter unsealed. Anyone in the chain between sender and recipient can read it. You can choose Google or Facebook, you can try to fragment trust to minimize any one exposure, but now, in the second decade of this century, we all have to trust some entity. I think the only choice we have now are between companies that try to do this respectfully, and those that try to take untoward advantage or are overly intrusive.
posted by bonehead at 10:12 AM on May 12 [7 favorites]


It's kind of funny that you're all pretty good at making the point I wanted to make...

I used a popular non-Google room rental service recently, and then I started getting a lot of ads about airlines offering tickets to that destination, almost immediately after the confirmation emails.

Google is very good at certain types of targeting for things that are pretty obvious and have high commercial value - e.g. travel.

google thinks i'm into 'hygiene and toiletries' based on my youtube history.

Beyond those highly valuable/really obvious types of things, Google gets pretty bad, pretty quickly.

Google is not built out of magic. It's built out of data analysis, both automated and manual. And most things are too hard to analyze accurately even for the man behind the curtain.
posted by GuyZero at 10:13 AM on May 12 [2 favorites]


I would definitely pay for an end-to-end encrypted email product, if there was a way to make it work.

BP, you need to buy a BlackBerry. I'm actually not kidding about that.
posted by bonehead at 10:14 AM on May 12


Now I'm disappointed that all Google knows about me is my gender. It got my age group wrong and had nothing listed for interests. :(
posted by Jacqueline at 10:14 AM on May 12


Blackberry uses good old unencrypted SMTP once it leaves Blackberry's servers, just like every other email provider in the universe.
posted by GuyZero at 10:15 AM on May 12 [3 favorites]


google asked me to log in (odd because I am logged in)

That's because the link is Google Canada. Just use google.com/ads/settings if you are in the U.S., or your country-specific url if you're logged in somewhere else.

I don't remember doing so, but I guess I opted out of everything already. Good to know.
posted by gemmy at 10:18 AM on May 12 [1 favorite]


True, but device to device, on the BB parallel network, they are secure. That is their big selling point after all.

There are a few companies that could do exactly this, and have enough leverage to make it stick as a standard: Google, Apple, Facebook, perhaps MS. Start an internal protocol with end-to-end encryption, then standardize it.

Given Google's moves to encrypt all of their web traffic, I would not be surprised to see Google Secure Mail in the near future.
posted by bonehead at 10:20 AM on May 12 [1 favorite]


Given Google's moves to encrypt all of their web traffic, I would not be surprised to see Google Secure Mail in the near future.

It's possible, but they'd be cutting themselves off at the knees to do this, since they would no longer have access to the rich data within your email.
posted by Jairus at 10:27 AM on May 12


Google doesn't know my gender, my language, and has about 74 of my interests, including (all of these things I do not care about one whit): Bollywood & South Asian Film, Cheerleading, Circus, Golf, Gymnastics, Hair Care, Motorcycle Racing, Parenting, SEO & Marketing, Toyota, Vehicle Brands, Yoga & Pilates.

I am a-ok with this level of incompetence.
posted by Lemurrhea at 10:28 AM on May 12 [1 favorite]


I always knew I wasn't cool, but Google thinks I'm about 10 years older than I am.
posted by straight at 10:28 AM on May 12 [4 favorites]


> Go to https://www.google.ca/settings/ads if you want to see Google's inferences about you

Well, they have inferred that I let google.ca run javascript in my browser. They are wrong about that.

Possibly the second inference is that I stay logged in to my Google account when I'm not reading my Gmail. They are also wrong about that.

www.google.com is as wrong about those as google.ca is.

However, despite all these mistakes, and not having Gender, Age, or Language values for me, they list "Agricultural Equipment" as the first of my interests. How the fuck did they figure that out?
posted by benito.strauss at 10:31 AM on May 12 [3 favorites]


Google thinks that I speak Dutch, which I don't, and that I have an interest in "property," which I guess kind of do in that I like stuff, but that's a fairly inscrutable interest.
posted by Bulgaroktonos at 10:35 AM on May 12 [1 favorite]


It's possible, but they'd be cutting themselves off at the knees to do this, since they would no longer have access to the rich data within your email.

So one of the challenges to encrypting email is the there's no separation between envelope data and the actual email body in SMTP. So emails have to be unencrypted at some point simply to route them properly. A real encrypted email spec could of course change this.

But even so, the email has to get unencrypted in order to display it. Even if emails are encrypted in transit and at rest (that is, while being transmitted and on disk) they can always get unencrypted temporarily for the purposes of displaying them to the user or scanning them for keywords. There's nothing inherent in email encryption that precludes keyword scanning.
posted by GuyZero at 10:35 AM on May 12


BP, you need to buy a BlackBerry. I'm actually not kidding about that.

I'd be stuck talking with an ever-smaller audience of BlackBerry users. I was thinking more about a real-world option that wasn't owned by any one party, where anyone in my magical world that I talk to — including businesses I do custom with — uses digital signatures and encryption to keep our conversation out of the hands of ad companies.
posted by Blazecock Pileon at 10:35 AM on May 12 [1 favorite]


I am a-ok with this level of incompetence.

Mine had only 5 things, 4 of which are wildly inaccurate, such as being interested in football and house painting, and home & garden. They only one the got right was the wonderfully pinpoint-accurate term "Movies."

On one hand it's nice to see it not good at its job, but on the other its kind of insulting that it's not even trying to get to know me.
posted by chambers at 10:36 AM on May 12




404. That’s an error.

The requested URL /ads/settings was not found on this server. That’s all we know.


LOLBUTTS
posted by infini at 10:36 AM on May 12 [1 favorite]


But even so, the email has to get unencrypted in order to display it. Even if emails are encrypted in transit and at rest (that is, while being transmitted and on disk) they can always get unencrypted temporarily for the purposes of displaying them to the user or scanning them for keywords. There's nothing inherent in email encryption that precludes keyword scanning.

If your email client is sending the content of your emails somewhere when you open them, there's basically no point at all to doing email encryption, as far as I'm concerned.
posted by Jairus at 10:44 AM on May 12


Paying cash at Target is not secure. There are at least 50 cameras on you at all times in a Target store. Go ahead - look up and count 'em.
posted by Monkey0nCrack at 10:54 AM on May 12 [2 favorites]


If your email client is sending the content of your emails somewhere when you open them, there's basically no point at all to doing email encryption, as far as I'm concerned.

Almost all web clients would have to do something like this. However, I would think that Google (or whomever) would have to decrypt the email on their servers, then re-encrypt for https to sent it to you. Not perfect, but it would significantly reduce the number of entities with access to your decrypted mail.
posted by bonehead at 11:00 AM on May 12 [1 favorite]


(Maybe the programmers here can comment: would it be realistically possible to write a client-side secure mailbox in one of the browser scripting languages, like Lastpass does with a password cache? The difference being that the Lastpast encrypted blob is tiny, and email archives are now in the 10s of GB.)
posted by bonehead at 11:11 AM on May 12


There are at least 50 cameras on you at all times in a Target store.

I don't shop at Target, but is it like Starbucks? Because sure, there are cameras. Look up and count 'em. But after you're done counting, look where they're pointed. Those are loss prevention cameras, not data-mining tools. They are all pointed at the cash registers. Starbucks could care less if you get mugged in the narrow hallway leading to the restrooms, just so long as the cashier is actually ringing up those coffees she's selling.

Someday facial recognition might reach a point where paying cash at Target will land you in a database. We're not there yet and it's tinfoil to suggest otherwise.

Back on topic, I'm fine with targeted ads. Advertising is an inescapable part of our culture, and if I'm going to be pestered with them, damn right I'd prefer they be targeted. I tell Facebook that I'm "in a relationship" and it won't shut up about Match.com and Singles.com. I switch my cell phone to Verizon—for, one would presume, a two-year contract—and suddenly AT&T is bombing my inbox. I've completed two postgraduate programs and I still get ads, both online and via snail mail, for bachelor's degrees. If advertisers are going to waste my time then I'd prefer they not waste my time, y'know?
posted by cribcage at 11:16 AM on May 12 [3 favorites]


And your ISP sees all your emails.

Oh, it goes further than that. Two years ago in this house, we bought a couple of discontinued chairs from a large retailer. We placed them at the dining room table to replace some old ones in poor repair and quite liked them. I did a bunch of google image searches to see if I could find the proper name of the style so we might eventually get some more. They were parson's chairs, and for about three weeks thereafter I hand an avalanche of ads online telling me where I could buy two parson's chairs for only $349.99-order-now-and-receive-free-shipping. "Okay," I thought, "that was to be expected -- I didn't empty my browser cache or anything." Months later, I bought my partner some stylish boots for Christmas, paid via debit card -- and for weeks afterwards, this style of boots figured prominently in my online ads. My bank account connects to my facebook profile, it seems. (And that aside, who buys multiple identical pairs of boots? Who is the target market here?)
posted by ricochet biscuit at 11:20 AM on May 12


> Go to https://www.google.ca/settings/ads if you want to see Google's inferences about you

Ahhhahhahahahhaha it thinks I'm into Bodybuilding cause I search for Jay Cutler highlights a lot. WRONG JAY CUTLER, GOOGLE.
posted by nathancaswell at 11:25 AM on May 12 [1 favorite]


Doctor Strangebrin, or: How I Learned to Stop Worrying and Love the Panopticon will end with a montage of realtime bank account "recent transaction" screens.
posted by Flunkie at 11:25 AM on May 12 [3 favorites]


Weird. Apparently one's interests change rather rapidly. At first, a visit to that ad settings page about 10 minutes ago told me that I was interested in breakfast foods and a few other food-related keywords. A visit just now, though, tells me I'm interested in "Email & Messaging," "Internet & Telecom," and "Social Networks."
posted by limeonaire at 11:28 AM on May 12 [4 favorites]


(And that aside, who buys multiple identical pairs of boots? Who is the target market here?)

This is probably remarketing where the advertiser drops their own cookie on your browser in conjunction with an ad network cookie and targets you with hyper-specific ads. Also.

Retargeted ads sort of work but there's an unfortunate combination of limits to the technology and bad implementation of the existing technology.

Most advertisers (as far as I can tell) drop a remarketing cookie when you look at some specific product. But they don't un-drop the cookie if you actually buy the product. If you don't buy it's a reminder that you wanted to buy that thing, hey, here it is, maybe you actually do want to buy it after all, just click! That part is pretty effective.

The part where they keep showing you stuff you bought a week ago, yeah, not so much. The trouble is that the first part works sufficiently well that advertisers don't give a shit about this part. I'm actually not 100% sure whether they could remove these cookies even if they wanted to. I suspect they don't really try though.

For better or worse, Google gets a lot of the blame for this stuff which is really just badly implemented online advertising being done by third-parties. You might as well blame your local municipal bus agency for the bad ads on transit stops.
posted by GuyZero at 11:32 AM on May 12


This is why I always say, if you have something to hide, you shouldn't be on the Internet.

And also prepare to fake your own death, have a small collection of falsified identities and aliases, change your walking gait, alter your voice, and have a trusty cosmetic surgeon.
posted by FJT at 11:34 AM on May 12 [3 favorites]


(Maybe the programmers here can comment: would it be realistically possible to write a client-side secure mailbox in one of the browser scripting languages, like Lastpass does with a password cache? The difference being that the Lastpast encrypted blob is tiny, and email archives are now in the 10s of GB.)

Yeah, you certainly don't want to have to download your entire mail history every time you want to see if there's any new messages. So one big encrypted blob is not viable (you can't diff encrypted data). You might be able to do this with each message encrypted separately. At the very least, you'd need to keep enough unencrypted metadata to decide whether to download and decrypt each email. This could just be arrival time and message-id though.

I'm not sure how lastpass handles synchronization; if you have several clients connected at once, all potentially marking stuff as read or deleted or whatever, this could get a little hairy.

However there are some very nice to have email features that really involve the server reading the whole email:

Full text search. Even if you didn't have to downloading and locally decrypt every email on your phone, this will be slow if you don't do any indexing ahead of time. That indexing is not something that you want every email-capable device you own to have to do.

Spam filtering. You absolutely don't want to have to download and decrypt every single spam you get just to throw it out.

A client-to-client encrypted email system would be limited to people who were willing to sacrifice those features. Which I don't think is that many.

If you are willing to leave headers (mostly sender, subject, time) unencrypted (which you'd need to do if you want push notifications), you can do per-message encryption today with PGP or whatever. There's clients that handle this reasonably well, I believe. If you set up a rule to reject all incoming mail that is not PGP-encrypted, now you're using a client-to-client-encrypted email system! But nobody else is using it, and you still lose all those server features.
posted by aubilenon at 11:37 AM on May 12 [1 favorite]


I don't shop at Target, but is it like Starbucks?

No. The ceilings of the Targets I've been into in the last year are studded with cameras - one roughly every 10-15', covering the entire ceiling of each floor. These are used for loss prevention (and for building cosy relationships with state and local law enforcement), but also for other purposes - from their privacy policy:

In-Store Cameras: We use in-store cameras for security purposes and for operational purposes such as measuring traffic patterns and tracking in-stock levels.

From a recent Consumer Reports article:

“Most of the big chains are trying video analytics,” says Robert Hetu, research director for retailing at Gartner, an investment research firm. But retailers want their own privacy. Macy’s, for example, employs video analytics, according to printed promotional materials from Cisco, a maker of such systems, but a Macy’s spokeswoman didn’t return our repeated calls for comment. A Target spokesperson refused to comment about the store’s use of video analytics and other tools, even though its privacy policy states that the retailer collects information “recorded by in-store cameras.”

I'd be surprised if the deliberately vague language in the privacy policy doesn't mask some very invasive data collection.
posted by ryanshepard at 11:40 AM on May 12 [1 favorite]


I'd be surprised if the deliberately vague language in the privacy policy doesn't mask some very invasive data collection.

Well, more like they know they need data and it's easy to collect, but they have no fucking idea what the hell they're going to do with it.
posted by GuyZero at 11:41 AM on May 12


Ahhhahhahahahhaha it thinks I'm into Bodybuilding cause I search for Jay Cutler highlights a lot. WRONG JAY CUTLER, GOOGLE.

Well, either you like bodybuilding or you hate football...
posted by one more dead town's last parade at 11:46 AM on May 12 [2 favorites]


A word for when you're afraid to look at a dress online because you know it will follow you to every other website forever.

Back to email: I remember when I signed up for the looong beta phase of Gmail. I noticed the ad placements were pretty clumsy, especially when talking about Serious Things. Every so often the juxtapositions were comical and I'd trade screen shots with my buddies and we'd laugh.

Nowadays I don't even see the ads - the right hand side of the pane is invisible to me.
posted by lysdexic at 11:55 AM on May 12 [3 favorites]


All this has ever come down to is the value of meta data. The only way to remain unknown... is to fill in all the blanks with noise.

Sure, it's a lot of burned cycles signifying nothing...

But then the West Antarctic Ice Sheet is in a state of unstoppable collapse...
posted by PROD_TPSL at 11:56 AM on May 12


see Google's inferences about you
Woooo, great success! They believe that I'm male, which I think I might have told them when signing up for an account, and they claim to know nothing else about me.
posted by Flunkie at 11:56 AM on May 12


Huh. Just looking now, I don't have any ads. Possibly because I'm using the basic interface. After checking one where I use the new standard interface, there's ads everywhere.
posted by lysdexic at 11:57 AM on May 12


Apparently I opted out of the Google Ad tracking, as they got nothing on me. Or they got nothing they are disclosing.
posted by COD at 12:03 PM on May 12


I was looking at engagement rings a while ago, and every single website I looked at had ads for rings. Not really great when you share your computer with your girlfriend and she doesn't know what you're planning..
posted by empath at 12:08 PM on May 12 [4 favorites]


> Anime & Manga, Autos & Vehicles, Bollywood & South Asian Film... . I am curious where it gets this.

Among other things, the Google Analytics trackers that many websites use. Including Metafilter.

Google Analytics is one of the better ways for websites to monitor traffic and patterns, and it's free, but Google wouldn't be providing it if they weren't able to monetize the data themselves.

So if you surf Metafilter for an hour this afternoon, you might have been temporarily tagged as interested in patent law, popular music videos, Oracle databases, newspaper comics, soccer, and transgender issues.
posted by ardgedee at 12:27 PM on May 12 [1 favorite]


Wow, Google thinks I like country music. That makes one of us.
posted by mlle valentine at 12:30 PM on May 12


they know what my cat looks like? 99% of my email is the most boring, trivial, mundane shit you ever read.

Iteration #7953057834 of "My life is boring, so nobody should care about the panopticon".
posted by anemone of the state at 12:38 PM on May 12 [6 favorites]


Of the things google says I'm interested in but am not:

Anime & Manga, Autos & Vehicles, Bollywood & South Asian Film, Dance & Electronic Music, East Asian Music, Fighting Games, Military, Rap & Hip-Hop, Robotics, Shooter Games, Urban & Hip-Hop, Vehicle Simulators .


Great something else I have to worry about. Google me is probably a lot more interesting than real me...
posted by Naberius at 12:39 PM on May 12 [3 favorites]


Email is no longer something you can readily do yourself, unless you are dedicated and informed. Ars Technica recently had a spralling 4 part multi page series on how to run your own email server. It was 350000 words. I read several parts in and got a headache.
--zabuni
I'm actually one of those people who just built their own mail server using a conflation of that Ars Technica guide and another site in order to get off the increasingly mediocre included mail service that 1&1 bundled in with shared webhosting.

No, I don't really care to switch over to Google for philosophical and practical reasons (it seems like their IMAP connection for native email clients is problematic anyway and I have a pretty sweet push email service now) but I'm willing to make peace with them being on the receiving end of most of the mail I send.

I did set up my mailstore to sit encrypted on the hard drive of the virtual private server and if the instance is rebooted it would require manual intervention on my part to unlock it. I also set it up so the only communication it accepts from mail clients is encrypted and, on the SMTP side, it attempts to communicate via encrypted protocols first before falling back to plaintext. I'm not seriously considering it but I've read convincing arguments saying that you can likely configure your SMTP server to only accept encrypted connections and still receive a good 95% of the total delivery attempts--part of that reason is because of the massive popularity of Gmail. On top of that, I've got s/mime signing and encryption implemented across my mail clients. It's kind of fun.

At the end of the day, I don't think my email is really that much more secure than anybody else but I did fulfill my primary goal of learning a heck of a lot more about dovecot, postfix, and general Linux administration than I did a week ago.
posted by whittaker at 1:04 PM on May 12 [5 favorites]


(After reading this thread I kind of want to rescind my previous comment. But I am bewildered since I don't really listen to country. Or spend much time thinking about American Football or Industrial Design for that matter. To my knowledge, anyway. Who knows what Google knows that I don't.)
posted by mlle valentine at 1:05 PM on May 12


People are so paranoid, it's great. As if anyone cares about your email. I'm glad this guy wasted all that money for the peace of mind, besides if Google only has a third of his email, the government probably has another third, and the communists have the leftovers.
posted by ReeMonster at 1:06 PM on May 12


Like Blazecock Pileon, I'm also into reggaeton and paleontology. Also classical music, folk & traditional music, makeup & cosmetics, TV reality shows, and sports.

Except that I'm not. I mean, I like paleontology, but I'm not into it, and the rest are just plain wrong.

(I assume the classical music one is based on some recent Googling I did for certain kinds of music software. The rest are a mystery to me.)
posted by escape from the potato planet at 1:07 PM on May 12


Apparently I opted out of the Google Ad tracking, as they got nothing on me. Or they got nothing they are disclosing.

Following the link above I also got nothing, but if I changed the google domain from .ca to .co.uk it revealed some terrifying truths. So it might only work in whatever country you're living in.
posted by dng at 1:10 PM on May 12


Go to https://www.google.com/settings/ads if you want to see Google's inferences about you

The Googles know nothing.

Is it because I have NoScript (Firefox add-on) enabled?
posted by littlesq at 1:18 PM on May 12 [2 favorites]


Blazecock Pileon: "https://www.google.ca/settings/ads"

One category - Parenting.

Despite no real effort in masking my interests, they are SO wrong.
posted by Samizdata at 1:24 PM on May 12


gemmy: "google asked me to log in (odd because I am logged in)

That's because the link is Google Canada. Just use google.com/ads/settings if you are in the U.S., or your country-specific url if you're logged in somewhere else.

I don't remember doing so, but I guess I opted out of everything already. Good to know.
"

Got a 404 on that one.
posted by Samizdata at 1:26 PM on May 12


OTOH, I just got malware spam to a MaskMe account I used with Forbes, so Forbes subscribers should be aware.
posted by Samizdata at 1:33 PM on May 12


Hrm, yeah, reggaeton and Toyota and "TV Family-Oriented Shows" and East Asian Music which I'm not even sure what that is, probably I'd like some of it if I ever heard it but... I kind of wonder what the point of all that is, for them.

Like, if I was interested in buying a new car, ever, and liked Toyota, that's a valuable piece of information for google to have. On the other hand, I have to think that reggaeton, as such, does not have an annual 9-figure advertising budget to waste on the likes of me.

Also, I'm supposedly interested in parenting websites, and well that is some nonsense.

So the good news is, evil or not, at least google sucks at this kind of thing. The bad news being, obviously, that I should probably assume that the NSA also has this 'information' and probably sucks just as badly at analysis, so I'm likely to be a couple of random youtube viewings, or something, away from being flagged as a terrorist for no apparent reason.
posted by hap_hazard at 1:56 PM on May 12


I like Fastmail. But half my e-mail is on Google servers anyway, because everyone else uses Gmail.
posted by professor plum with a rope at 2:04 PM on May 12


404

Sorry! It's www.google.com/settings/ads, I mistyped it earlier.
posted by gemmy at 2:16 PM on May 12


I'm perpetually surprised when I see people who are borderline obsessed about privacy but use things like the internet. I get being very private. I understand where that comes from, and I agree there is something annoying about some faceless corporation having information about you. But I also like the internet and personalization, so I just have to accept it. I suppose if one is really worried about it, one can always get off the grid and follow this guy's lead.
posted by dios at 2:40 PM on May 12 [1 favorite]


I suppose if one is really worried about it, one can always get off the grid and follow this guy's lead.

I think the average person in a thread like this is hoping to find the very small middle ground you've left there between panopticon and being Ted Kaczynski.
posted by rutabega at 2:45 PM on May 12 [4 favorites]


I think the average person in a thread like this is hoping to find the very small middle ground you've left there between panopticon and being Ted Kaczynski.
posted by rutabega at 4:45 PM on May 12


Well, they shouldn't have to look very hard because we are in it.
posted by dios at 3:09 PM on May 12 [2 favorites]


One of these days, we need to take email out in the back and shoot it.

Yea, and replace it with Facebook messaging or Google Wave?

Who would last longer against a state-sponsored hacker trying to get your email

The State has something called Subpoena - no need for "hacker".

"My life is boring, so nobody should care about the panopticon".

U R Me mask - combine with an IR hat and your story can be you are Jesus or an alien when ppl come to talk to you.

It'll make your life not-boring fast.
posted by rough ashlar at 4:21 PM on May 12 [1 favorite]


The State has something called Subpoena - no need for "hacker".

Thankfully the Chinese government cannot subpoena emails of human rights monitoring organizations. This does not mean that they do not want to read them or that they are not being read.
posted by GuyZero at 4:35 PM on May 12 [1 favorite]


Google is creepy. Especially about reading my email, but I'm resigned to the fact that there aren't many alternatives that are any better, in that regard

Errr, you can run your own server for email. How you can run your own search engine, your own cell phone/cell phone network, your own site to share videos, and your own SIP to POTS endpoint to avoid Google.

But why single out Google? What large data-driven firm isn't doing the same creep-peep show work?

(I'd dig up the CIsco and IBM press releases showing the cameras built into LED streetlighting - but who here will be educated with "I didn't know that"?)

, and lack of encryption makes alternatives largely moot, since email goes from node to node in plain view. I would definitely pay for an end-to-end encrypted email product, if there was a way to make it work.

You could always opt to only talk to other SMTP services that offer encryption. Alas, your self-signed cert won't work with such servers...at least from what I've seen.

Email existed before gmail - all that open source software is out there and able to be setup. One just has to decide it is worth the effort.
posted by rough ashlar at 4:47 PM on May 12 [1 favorite]


Just because you're boring doesn't mean you should be ok with people you don't know reading your email.

Just because you're boring doesn't mean that you are a person that deserves less privacy.

Just because you're boring doesn't mean that strangers should be able to watch you take showers.
posted by oceanjesse at 4:47 PM on May 12 [5 favorites]


Compton panopticon reporting...showing that its not just the big-uns like Google doing the creep-peep show.
posted by rough ashlar at 4:55 PM on May 12 [1 favorite]


Ah, nice. Google (claims to) knows nothing about me, even though I've been using their email for ten years. I am unknown. Well, except they have a guess as to my age range, give or take five years.
posted by lovecrafty at 5:42 PM on May 12


Just because you're boring doesn't mean you should be ok with people you don't know reading your email.

Just to be clear --- people aren't reading your email at Google or Hotmail or other mail providers (I mean maybe there is some little company that has people on staff reading emails, but it would be weird/unusual). Machines are parsing it and extracting information for various purposes (spam classification, advertising, etc). People can have whatever level of comfort or discomfort they want from that, but I think most people do at least think its different than, say, if the post office had a room full of people who opened each envelope and read the contents. I don't know of any major mail provider that doesn't parse email, since basically all offer spam filtering these days.

Although, the proper metaphor for email is _not_ an envelope, but a postcard --- anyone in the chain of transmission can read it (ISPs, clients, mail hosting companies, etc).

Personally I wouldn't want an email service that didn't at least parse all my email and do spam detection, since that would put a lot of work back on me.
posted by wildcrdj at 6:28 PM on May 12 [1 favorite]


Not that it puts your mind at ease, or anything, but more than half of those Target camera bubbles are empty. They move the cameras around on occasion, but many of the bubbles are never used, and just serve as preventative measures.
posted by graventy at 7:52 PM on May 12 [2 favorites]


I suppose if one is really worried about it, one can always get off the grid and follow this guy's lead.

I am not going to click on the link, but instead assume that it's a gif of Ron Swanson throwing his computer into a dumpster.
posted by littlesq at 8:43 PM on May 12 [1 favorite]


I am apparently google-interested in a few dozen different car brands. I do not own a car and am mystified by this.
posted by vibratory manner of working at 10:57 PM on May 12


My favorite thing about the google ad tracker thingy has always been that it estimates my age as 65+. I'm not even close (26) and I have no idea why it thinks that! It's pretty great that I search for elderly male things apparently.
posted by Carillon at 11:27 PM on May 12


Doesn't Disconnect prevent this type of data collection?
posted by Brocktoon at 12:03 AM on May 13


My standard advice to everyone who asks (and you people, who didn't): Treat your email as if it's public, like anybody can read it. The mindset switch is helpful in a few ways.

For secure communication, use something else.
posted by dickasso at 2:47 AM on May 13


> Just because you're boring doesn't mean you should be ok with people you don't know reading your email.

People you don't know are not reading your email. There aren't any humans reading your email aside from you and your intended recipients (modulo the people you inadvertently include in any "Reply All" clicks). Which is to say, when staff are caught reading customer email, even Google knows better than to defend them.

What is happening is your email is being data scraped, and then that data is being used for marketing directly to you ("He wrote about flowers. Here are some ads for bouquets sent by mail.") and being used as large-scale data pools to establish patterns of activity and trends. ("People mentioned flowers in email most often during x to y days before Mother's Day.").

This might sound like splitting hairs. The privacy issues are serious and I think Google and their peers should be held more strictly accountable than they are. Reducing the argument to "Strangers are reading my email" is technically wrong and easily refutable, and shifts the debate on Google's behalf.
posted by ardgedee at 4:32 AM on May 13 [2 favorites]


I am amused by comments here about how inept big corp is at data mining about them.
I went to a meeting with some IT guys from the largest grocery conglomerate where I live, and they told me about their profiling based on what Tesco does in the UK. They develop incredibly rich profiles of all their customers, based on store loyalty cards linked with credit/debit card numbers. They link these with aggregated traffic details and stuff like time of day, purchased items, bank preferences etc. to build a very detailed picture.
They don't especially care what your name is, but if they can identify 39 key characteristics that drop you into a market segment niche of only a few other individuals they can market to you as effectively as if they lived in your kitchen.
And because they also run insurance, banking, pharmacy, telecommunications and other businesses they can exchange that data to know you even better.
Sure, what Google is choosing to reveal about you to its 3rd party ad network might have a bunch of glitches, but be assured they know more about you than your mother.

As the man says on the value of privacy, I have nothing to hide. But while I have a very high opinion of Honda cars, I'd rather that opinion was private when I walk into the dealership.
posted by bystander at 5:38 AM on May 13 [5 favorites]


bystander makes a decent point, that the amount of knowledge about an individual can drive them into a micro-niche of consumer profile. I believe that this can be done.

And the assumption that this allows them to market to me more effectively seems logical.

But I just don't see it. I know everybody thinks that marketing doesn't work on them, and marketers snicker and grin at such naivete, but the idea of prompted marketing, something dropped in front of me at the right moment, is the crucial exchange that makes me either decide to purchase, or decide to purchase from a specific buyer, well, does that happen to you a lot?

It seems like a lot of collection, but what are the results? Color me skeptical at the effectiveness.
posted by dglynn at 7:08 AM on May 13


dglynn you can be skeptical. I personally think me and you are maybe at the edge of the profiling, because sometimes we don't participate or deliberately throw a spanner in the works, and maybe we see it being effective less often. But the guys I met spent literally millions of dollars on this capability, and felt they were smugly one up on their competitors, with sales results they felt they could quantify to make it a no brainer investment in the mining tools.
I have no doubt they were much more deeply knowledgeable about their customers than they would like the media (for example) to know.
posted by bystander at 7:31 AM on May 13


bystander, the business world overflows with guys who are sure their advertising or marketing is a huge success and very, very few who can prove it.
posted by straight at 9:53 AM on May 13


The guys in direct-response can prove it with numbers so hard they'd break your teeth.
posted by GuyZero at 10:14 AM on May 13 [2 favorites]


Google (claims to) knows nothing about me

My whole page says NA. Is this because I opted out early, or does everyone who opted out see this?
posted by jessamyn at 10:55 AM on May 13 [1 favorite]


If you use the same computer all the time and don't log in when you search, you'll get a lot of N/A. I log in on one browser but not the other at work, so there's the 30 something professional in Chrome and the great unknown in Iron.

My home computer has a completely different profile of me when I go to /settings/ads. It's actually more accurate.
posted by lysdexic at 12:29 PM on May 13


My whole page says NA. Is this because I opted out early, or does everyone who opted out see this?

Are you sure you're logged in? It won't give you an error if you're not, just a whole screen of N/A's.
posted by rollbiz at 4:33 PM on May 13


Apparently I'm interested in shooter games, despite not having played once since Doom II in 1994. It's a slow-burning interest. Any decade now I'll try another round.
posted by The corpse in the library at 9:46 AM on May 14 [1 favorite]


Are you sure you're logged in?

Yep, the little thing in the corner has my name on it. I win at Google!
posted by jessamyn at 9:49 AM on May 14


I win at Google!

Congratulations at winning Google! We'd like to send you a reward for successfully staying anonymous on-line. Please choose from among the following available prizes:

[ ] A "Mommy loves her Baby" throw pillow
[ ] A "Silver Fox" t-shirt
[ ] A poster of a girl in a bikini and a Ferrari
[ ] A Rainbow Flag
[ ] A 3-month supply of prostate health pills
[ ] A "Rrriot Grrl" backpack

Don't forget to include a valid mailing address, and give us your email address so we can send you updates on your prize!

Your best pals on-line,
GoogleCorp
posted by benito.strauss at 10:10 AM on May 14


My whole page says NA. Is this because I opted out early, or does everyone who opted out see this?

I have a hard time believing Google is being forthcoming with these profiles - my guess is that they're more an exercise in public relations than a reflection of the data they're using for targeted ads and selling to third parties. You may have just been flagged as someone who is concerned about online privacy.
posted by ryanshepard at 5:14 PM on May 14 [2 favorites]


« Older The Oracle vs. Google decision has been reversed....  |  Tranform any text into a paten... Newer »


This thread has been archived and is closed to new comments