Email is indeed woefully insecure, but the problem with Google's "privacy" policy has little to do with whether or not email is a secure medium or not. It's about social norms, and Google's institutional ignorance of them.
Privacy is created by social norms. It's no technical challenge for me to borrow your paper mail from your mailbox, steam it open, read it, copy the bits I find interesting, seal it up again, and replace it in your mailbox. But, in doing so, it's understood that I'm doing an awful thing. It's so awful that it's against the law:
... and, all else being equal, juries will not be inclined to sympathize with me.
Similarly, it's somewhere between very rude and illegal, depending on circumstances, to intercept or interfere with someone's email. If you happen to glance at someone's email you're expected to keep politely silent about it, as you would be if you happened to glimpse your neighbor through a window of their house. You're certainly expected, under pain of felony charges, not to tamper with or forge someone's email, just as you're expected to avoid entering your neighbor's house without knocking even if the front door is standing open.
Google, on the other hand, seems to be constantly trying to establish the precedent that it's perfectly normal and polite for any aspect of your life - currently including, but presumably not forever limited to: the state of your front yard, the contents of your photo album, the list of movies you've watched on YouTube, and the contents of your mailbox - to be sampled, data-mined, correlated, and archived forever by entities completely outside your knowledge or control so long as those entities are using secret algorithms to do it.
If you'd tolerate this behavior in a friend, you may by all means continue to have Google as a friend. I, however, am getting increasingly uncomfortable with Google sitting in my living room, and am increasingly tempted to escort them politely but firmly to the door and then deliberately misplace their address.
The problem with dumping gmail for another email provider is that at least half of the people with whom I correspond use gmail too so my messages wind up on their servers anyway.
Edit: REALLY tired of all the idiotic downvoting lately. What I've said is factual. Don't be such a lazy fuck and post a rebuttal if you disagree.
Yes, and likewise you don't have any guarantee that anyone you talk to, tell stuff, share stuff with, etc. won't go then share that with someone/thing you disapprove of. If that's really an issue for you, then just encrypt all conversations you care about, and don't talk to people you can't trust (and can't trust to use 'secure' methods, for however you define the term secure).
This is not a problem with GMail, per se. It's a broader issue of trust.
The difference is the concentration of email in one company's hands. Ironically it would be less of an issue if all my friends were using different providers but, since they're all on GMail, our conversations get sieved either way.
Sure, but the difference is in the implied consent.
If I continue to use Gmail beyond another week or two (what's that deadline, again?) I've implicitly consented to Google's policy on what they're permitted to do with my email. (One nice thing about Google: I can't really claim they haven't told me about this nonsense. They are taking the notification of their customers very seriously.)
If, however, I'm not actually a Google user, but the Googlers secretly reassemble my mailboxes by sniffing the inboxes and outboxes of all of my friends and relations... well, that's a bigger transgression. They didn't ask my permission to do that, and when they asked my permission to do similar things I said no. So they'd better be good at keeping their activities secret, because if I ever learn that they did it I'll squawk a long, loud squawk.
Sure, social disapproval doesn't have the force of law. (At least, not right away.) But it does have force.
It's not just your email but the recipients as well, and they can do what they want with it. Why would you care if they were able to figure out that you like computers and target more relevant ads?
Here's your rebuttal: shine another light on your situation and suddenly instead of having half the messages ending up on google servers anyways, you have half of your email freed from google servers which is better than having all on it there, privacywise.
I imagine about 20% of my email correspondence is all it would take for Google to form a pretty accurate picture of my interests and habits and circles of acquaintance. That's the way machine learning usually works: you don't need a complete dataset to make useful inferences.
You're right that privacy is all about social norms and expectations. That's why I've never understood how people willingly sharing personal information is considered a privacy issue at all. If I show my friend a postcard sent to me by another friend, no one's privacy has been violated. If I trust a roommate (e.g. a significant other) to read my mail, there's no privacy issue there.
This applies to a huge portion of privacy concerns raised by the tech community. Someone sharing their photos, location, or thoughts willingly on Facebook does not constitute a privacy issue. Someone accepting a fairly clear Google privacy policy and thereby letting their algorithm read all their emails does not constitute a privacy issue.
The real privacy issues are ones where companies don't follow their own privacy policies, or companies' databases get compromised, or companies abruptly change default sharing settings to be more public (which, granted, I believe Facebook has done before).
AFAIK google has broken its own privacy policy, gmail's databases have been compromised and they did change default settings to be more public at least once.
This makes a strong contender of gmail for privacy issues.
That's why I've never understood how people willingly sharing personal information is considered a privacy issue at all. If I show my friend a postcard sent to me by another friend, no one's privacy has been violated.
Really? Because most people would consider that it HAS been violated.
Opting to share something with some person X is not the same as opting to have it shared by X to anyone else, except if you explicitly or implicitly permit him to.
If your gf sends you an intimate mail, I don't think she will not feel her privacy was violated if you show it to your pals.
> except if you explicitly or implicitly permit him to.
What was precisely my point.
> If your gf sends you an intimate mail, I don't think she will not feel her privacy was violated if you show it to your pals.
Depending on the message and your relationship, one might be able to argue that there is an explicit or implicit contract of confidentiality between partners.
I agree, but I think the same applies here--- people expect an implicit contract of confidentiality with utility providers. Most people would feel that wrongdoing took place if the phone company started recording random excerpts of your calls to build a profile on you, and in fact we feel that strongly about it that there are laws banning them from doing so. I would guess that many people don't realize that there aren't similar laws applied to whether Comcast can snoop on your web-browsing, or Google can snoop on your email, as opposed to acting in a classic phone-company-esque service role.
An interesting recent one that's cropped up is whether the electric company can use your electric usage patterns to build a profile on you, perhaps to sell to marketers or government agencies. It's only become feasible to build a detailed profile recently, with the monthly meter-reader slowly being replaced with electronic meters that report back usage much more often; now with appropriate machine learning the electric company can actually, in many cases, detect signatures of specific kinds of appliances, and build a profile of what you do when. European countries have started passing privacy laws around this data; its legal status is less clear in the US. I would guess most people don't realize this is possible, and if they did, would feel it was a violation of an implicit contract.
I'm curious: Gmail, since the very beginning, has been predicated on the idea that Google will serve you relevant, content-related ads. (I thought that was a non-starter, but the world proved me wrong.) How long did you use them, and what finally triggered you to say "No, this is not OK"?
I talked myself into using Gmail as the IMAP server for my business for a while, but then migrated that to Fastmail.
My company uses Gmail and Google Docs, extensively. It's been fun using Gmail, at least before they "updated" the interface. (The new interface has not been my friend, thus far.) I can definitely understand why everyone fell in love with Gmail when it was new.
Giving up Gmail is easy; there are many alternatives. Even Google Search has alternatives. A bigger frustration is Google Reader, which is harder to replace. And I can't give up Docs or Groups cold-turkey, because I belong to groups that use them; fortunately I haven't used them for anything especially private.
How would we deal with spam? Anyways, it's part of their policy and you don't have to use it. Also, you may not understand how these sorts of things work, but most other services will keep such things, that's one of the benefits of the Internet. I don't get you conspiracy theorists on HN.
Privacy is created by social norms. It's no technical challenge for me to borrow your paper mail from your mailbox, steam it open, read it, copy the bits I find interesting, seal it up again, and replace it in your mailbox. But, in doing so, it's understood that I'm doing an awful thing. It's so awful that it's against the law:
http://www.wbrz.com/news/postal-workers-accused-of-tampering...
... and, all else being equal, juries will not be inclined to sympathize with me.
Similarly, it's somewhere between very rude and illegal, depending on circumstances, to intercept or interfere with someone's email. If you happen to glance at someone's email you're expected to keep politely silent about it, as you would be if you happened to glimpse your neighbor through a window of their house. You're certainly expected, under pain of felony charges, not to tamper with or forge someone's email, just as you're expected to avoid entering your neighbor's house without knocking even if the front door is standing open.
Google, on the other hand, seems to be constantly trying to establish the precedent that it's perfectly normal and polite for any aspect of your life - currently including, but presumably not forever limited to: the state of your front yard, the contents of your photo album, the list of movies you've watched on YouTube, and the contents of your mailbox - to be sampled, data-mined, correlated, and archived forever by entities completely outside your knowledge or control so long as those entities are using secret algorithms to do it.
If you'd tolerate this behavior in a friend, you may by all means continue to have Google as a friend. I, however, am getting increasingly uncomfortable with Google sitting in my living room, and am increasingly tempted to escort them politely but firmly to the door and then deliberately misplace their address.