Google: Cloud users have 'no legitimate expectation of privacy' A motion to dismiss filed by Google in a court case last month has offered some juicy quotes about the company's privacy policy, but legally it looks like the Chocolate Factory is in the clear. "Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who …
"There are people who signed up for Gmail without realizing that Google was going to read their emails and show them related ads!"
Yes, there were. They are the same people who believe that their data was / is private on Facebook, MySpace, MS Live, cloud services, SMS, IM, Bing, Yahoo!, AOL etc. etc. etc. and then get all surprised that the government can eavesdrop on the conversations.
Oooh, that's going to leave a mark. The truth hurts. People expected a level of "privacy" but then a fool and his [data] are soon easily parted. It is what you get for handing over ANYTHING to a third party and expecting them to play by your rules: you are simply a sucker.
American government require a court order to read you emails, here we are talking about companies.
I do not know about Yahoo, but in Hotmail you data is private - no Microsoft employee or machine learning algorithms are pouring through your emails. Please note, that Google has recently announced a voice search service, where you can ask things like "When is my next flight". That means that Google looks not just for keywords, but must be using some advanced algorithm to _understand_ meaning of your emails.
The idea of trust regarding Gmail or Hotmail or Yahoo are an illusion created by the power of charm and seduction that these 'free' services peddle. Its like the sweet girl going on a date with the bad boy. It can only lead to empty promises of: "Of course I will still love you after", or 'I won't come in you, I promise'.... Personified these corps are Henry Rollins in a dirty Superman suit singing 'Cos I'm a liar'...
Scanning email for simple pattern matching against known spams differs quite a bit from analyzing your emails (and docs!) to understand you advertising profile. The Google is the worst privacy offender, and while every company is tempted to use fully all the data available, no, it is not true, that all companies are doing the same.
"Scanning email for simple pattern matching against known spams differs quite a bit from analyzing your emails (and docs!) to understand you advertising profile."
Oh so it just so happens that outlook.com *does* deploy programs to analyse incoming email. You said they did not. Which is it? How do you know it's all they do? Because they tell you so?
Simple pattern matching eh? How do you know it's not statistical analysis which bayesian filters have been doing for some years?
You are a riot. Please continue to enlighten us or alternatively please follow me previous advice.
The pixies live on server farms.
The data is transferred onto the farm. The pixies job is to tend the farm, distributing the more fertile data to areas of the farm where it's needed.
The pixie dust grows on the fertile data, harvested when ripe, and then used to power the spam filters :)
American government require a court order to read you emails, here we are talking about companies.
And there is some very interesting legal minefields in that very statement. Technically, if an employee of a company in the USA fires up tcpdump or wireshark, that COULD count as a wiretap and that COULD require a court order, even for a company. ISTR there was some law passed ~10 years ago in the USA that got some people looking a bit nervous, and AFAIK there has been no case about the law to define it's boundaries.
This came up because some customer I was working with didn't know their customers plain text passwords and wanted to fire up dsniff to pull them off the wire when they logged in to their e-mail or whatever (and no, they didn't use SSL). I told them they could do that, but I couldn't be any party to that action and had to explain why.
"American government require a court order to read you emails, here we are talking about companies."
The American government's NSA never requires a court order to read your emails or snail mails on any other kind of mail or data file or stack of papers if any sender or recipient of the email or data is both not a US citizen and is outside the USA.
If you are a US-person communicating with another US-person the NSA may still be able to read your emails without a warrant if you are within 3 hops of a person of interest. (For example a foreign journalist.)
Non-US persons have no right to privacy at all under US rules.
I don't have time to provide the exact link, but you can start reading here and look for other articles on the NSA at Guardian.com.
http://www.theguardian.com/world/2013/jun/23/edward-snowden-nsa-files-timeline?INTCMP=SRCH
This is also true for telephone calls. Any communication which start, end, or both, outside US territory is completely free game for spying/eavesdropping, no warrant needed. Foreigners have zero privacy under US law.
This also was the case long before 9/11, and it was publically known that this was the case.
The only NEW thing revealed by Snowden, and the reason there was such a furore in the USA, was that it turns out the NSA also spies on calls made wholly inside the USA.
I like my privacy and I use GMail.
I still fail to see how GMail violates my privacy in any way.
Let's say I have some private information in my email. What is the route for that information to be known, in any form, by any person, ever?
And if there's no way anybody could ever possibly know my private information, why should I be concerned?
1) Someone at google can simply pull your information, for shits & giggles. Doing that without authorization is probably a firing offense, but that's never stopped anyone before (e.g. nurses reading confidential patient files of celebs).
2) US security services can request the information from Google, and Google, being a US company, must comply (and is by law prohibited from informing you about it).
3) The British secret service is legally allowed to monitor communications to and from websites, which means it can wiretap you when you access your account. Quite probably it can also simply request your data from Google, either directly or via US security services.
I don't have a GMail account. But I receive e-mail from people who do. Even if I refrain from replying to their e-mails, Google can learn things such as my name, my birthday, may family members names, my favourite team, where I went to school, maybe even my address and phone number by reading and analyzing the e-mails that are being sent to me from gmail users.
Maybe this doesn't matter, maybe Google doesn't scan outbound e-mails to non-gmail addresses (hey, pigs could fly!), but as things stand, it looks like I have no recourse in this situation.
I'm not nearly paranoid enough to think that Google actually gives a fiddlers about me personally, but there's absolutely no question that my awareness of this all-seeing-eye has a chilling effect on my use of the web. There are questions that I'll no longer ask, articles that I'll no longer read, because frankly I just don't want them on my "record".
"I don't have a GMail account. But I receive e-mail from people who do. Even if I refrain from replying to their e-mails, Google can learn things such as my name, my birthday, may family members names, my favourite team, where I went to school, maybe even my address and phone number by reading and analyzing the e-mails that are being sent to me from gmail users."
Nobody at Google reads your email. It's stated in the T&Cs. Google "knows" your favorite sports team the same way your hard drive does. Give it a rest.
With both this snippet from Google and the latest crash/burn of Office 361 hitting on the same day, you have to wonder how many people are going to finally realise that handing over all your data/applications/processing to a cloud just might not be the smartest option available. It certainly is not the most secure/resilient.
"Or maybe this is just an artifact of efficiency measures. Their new motto is "Be Evil". Dropping the "Don't" part is a pure business decision."
Well, not yet - but when they do it'll be a part of their spring cleaning process, where they decide to drop things that they feel aren't profitable enough to continue supporting. So at some point that'll include the "Don't" in "Don't be evil" - and might already have done, without them actually telling anyone.
It's hinted at in the article with reference to corporate decision making, but what about the users who are signed up via somewhere else? I know it happened to me a few years ago when I did my CCNA course with the local uni. Midway through they switched from doing internal mail internally to outsourcing it to Microsoft, so all your official notifications go straight into the hands of a private company to be commercially exploited. For an established professional doing an add-on course as an alternative to using a commercial training provider it's unlikely there's much of consequence going to that account, but it's easy enough to imagine troubled or problematic undergrads where such emails could be deeply sensitive.
> didn't Virgin Media switch its email service over to Google ...
Yes, indeed they did:
We use Google to provide our mail service [virginmedia.com]
If you really care enough, a tiny webhosting package can be had for a few pounds/dollars a year, and it will come with enough email capacity to satisfy any domestic user. Then all you have to worry about is where the data are physically hosted.
I think I'd be more concerned that an actual human eyeball might at some point see some of the content of one of my e-mails if I was one of a couple of hundred or even a few thousand accounts being managed at a small operation, during the course of basic spam filter trouble-shooting or system upgrades. The odds of a real human eyeball encountering one of my emails at Google or Microsoft seems a lot lower, but they're likely to be doing a much effective job of profiling me based on the content of every single e-mail that I send or receive.
Not only that, if you've got your own domain name, your email is then independent of any particular ISP should you wish to switch to a different one. Just check the Terms and Conditions of whichever provider you use because some will try to register the domain as one of theirs rather than yours, which makes it more difficult to move later.
No large vendor of cloud offerings is serious about providing reliable uptime. If they were, there would be agreements in place to spread material across multiple providers in multiple geopolitical locations so that companies going out of business, backbones going down, palace coups taking place etc. would have no effect on the integrity of the data.
To do this properly, they would have to give control of the data back to the customer and that is not going to happen without a fight.
Actually, I don't know about you, but I do trust Google not to lose my data more than I trust my own capability not to lose it. Google certainly replicates it across more than one continent, while most of my personal data could disappear if my house just burned down…
Wait, are you saying that there's a demand for that service that the market isn't meeting? Or that the customers aren't prepared to pay what it would cost to "pread material across multiple providers in multiple geopolitical locations so that companies going out of business, backbones going down, palace coups taking place etc. would have no effect on the integrity of the data".
Or are you saying that companies could make money doing that, but don't, because they couldn't be arsed?
I of course understand the outrage, but this is something that hasn't bothered me. Tidbits of data that are useful to Google (in this example), but trivial to me. If I have to endure advertising, I'd rather it at least be relevant anyway.
So if I get an email from my proctologist, I don't care if I see ads for "Arseholes R'Us" instead of "Fix your PC now!" etc.
I similarly don't care about ad network tracking (e.g. cookies) either. It's all the same annoyance to me, if it somehow helps them it's no skin off my ass. I am probably not interested in anything, though. If I want something, I usually already have it or I'll be specifically looking for it.
I notice that the ad networks at theregister display some relevant Canadian ads for me. They looked up my IP address... the cads! (some people genuinely would be bothered by that)
Nosy American security agencies aside (they can go and get stuffed... I certainly do resent them), that mass of data that Google has isn't really a big privacy concern. Google uses most of that information to facilitate my use of their services. They let me opt out of any social networking crap that I don't want, too. I use Gmail (for forum registrations and mailing list stuff) and Youtube and that's it.
However, no, I do not trust third parties to handle my own mail (business or anything else important) but this is more for reliability than privacy reasons. I run my own mail from a server I have in a datacenter. Nobody is going to be reading that, without a warrant or court order. I provide mail services for my family too. I also place greater trust in my own setup, as I have complete control over it. It's been quite reliable over the years, more so than ISP mail accounts.
This post has been deleted by its author
"Nosy American security agencies aside, that mass of data that Google has isn't really a big privacy concern."
...talk about a major failure to join the dots.
Yeah, once it's in Google's hands, there's no possibility of it ending up with the NSA, is there? I mean, there's no possibility that they might acquire that data through either legal (or quasi-legal) means, put pressure on Google or even have it freely handed to them?
As for advertising companies in general, while I'm no fan of excessive ads being shoved in my face, by far the more serious issue is that while *they* only want it to sell us more shite, they're still grabbing it indiscriminately and once they have it it's quite possible for it to be sold on to anyone who wants it. And I don't doubt that they would- and will- sell it to anyone who pays them enough if that's legally permissible.
The fact that ad companies- in the first instance- are willing to wreck our privacy only to sell us more tat doesn't make it any better.
Of course, the power of all this information from various sources is significantly higher once it's gathered together and correlations can be made via data mining, possibly matching up anonymous or "anonymised" people with known real-world identities, at which point every bit of that "anonymous" information is nothing of the sort.
But it's fortunate that no government bodies exist to gather such information, nor that devices which could process- or "compute"- such information have been invented, nor that there is ever *any* danger of this information being misused against political enemies.
...when they rolled it out. I know, it probably only got through to the technorati, but I remember the whole "scanning" thing being all over the web when Gmail was released. Google affirmed at the time that that was how they could offer the service for free.
When you're finished sounding smug... Why don't you tell us whether scanning occurs when "basic html" view is used and images are turned off? No ads are displayed in this configuration, hence the question. (BTW: Before you ask I'm not wedded to Google)
"Why don't you tell us whether scanning occurs when "basic html" view is used and images are turned off?"
Don't know and it's rather beside the point, which is: Google was very up front about the fact that Gmail would be scanned for ad matching. Was I the only one who assumed that meant ads across the Googlesphere, not just in Gmail?
> whether scanning occurs when "basic html" view is used
I'm just guessing, of course, but if I were Google, with a user base which had signed up to the Ts&Cs as written [1], then I'd be doing the scanning on my servers at the time of receipt of the incoming message, not scanning the text at the point that it's sent down the line to the client reading it. The advertising is intended to be tailored to you, the reader, as an individual, not to the content of the message you happen to be reading at any particular moment.
So, your Interest Profile, or whatever they call it, would in that case be built on the basis of your mailbox contents and your Google+ content, if you have any, and it's that which determines which advertisement links come down the line. If you're using a format that doesn't display them, then you don't see them, of course.
[1] I'm one of those people who always reads Ts&Cs. Life is slower, but less surprising that way.
To repeat myself, all the above is a guess based on what I think would be the most efficient way of achieving the objective.
I'm one of those people who always reads Ts&Cs. Life is slower, but less surprising that way
Your life must move VERY slowly indeed given that, for example, the Ts&Cs for PayPal are longer than the text of "Hamlet" (http://www.bbc.co.uk/news/technology-22772321) which at 4,042 lines or 29,551 words is Shakespeare's longest play.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
