Well colour me surprised.
Use something for 'free'? Expect to pay somehow.
However, what I didn't see in the article was anything about paid for accounts. Now that would be a shitstorm.
Although Google stopped mining Gmail accounts for data useful to advertisers last year, it left an API open allowing others to do just that, the Wall Street Journal reports. Employees at third-party developers were permitted to operate on real Gmail emails to improve their systems, a practice described by one former employee …
You know you have to sign up ("connect") to these 3rd party services right?
Don't associate your account (which of course needs a sign in) and you have nothing to worry about.
This "news" days more about brain-dead cretins that just click any old prompt thrown at them, rather than Google or 3rd parties using its API.
"Although Google stopped mining Gmail accounts for data useful to advertisers last year, it left an API open allowing others to do just that...
... and thus created a nice little loophole for themselves - any complaints about privacy can neatly be foisted off onto the third party developers...
where it.. belongs..?
Seriously, if you have to explicitly grant that third party the API access to your email, what else should Google do in order to not be pitchforked for allowing the app to access your mail, when you want the app to access your mail?
Is the problem that the API exists, and can be misused by apps that lie, so Google should remove the API? But shouldn't similar APIs be removed too? Messaging? Contacts?
What are people demanding here?
Can I be the only person who has negative reactions to on line ads? Every time a video auto plays I become very angry. Popups are disabled, if an ad is obstrusive enough for me to notice it then I get angry again at the poor design choices that are introducting friction into my task. Every time I go onto facebook I make a point of liking stuff I don't like, I go into ads and point out better bargins elsewhere or criticise the product. I know I am probably in the minority but the more people push back by attacking the ads and poluting the process by which the data is gathered the sooner (hopefully) companies will realise that a lot of online exposure is doing them more harm than good.
it's the only realistic way to find out what is going on in people's lives
It's certainly one way for some people to promote the unrealistic things they say are going on in their lives without being challenged and for others to pretend they're interested in people they can't actually be bothered to speak to directly.
In the goold old days it was perfectly acceptable to send far-flung friends and family a card every Christmas.
You seem to have failed at understanding the point of this story, Google aren't giving your emails to anyone, you are granting permission for others to access it.
Stop being a cretin and granting everything you dont understand.
Review what YOU granted in the past here:
https://myaccount.google.com/privacycheckup
No, I understand. The point - which YOU can't seem to understand - Google, Facebook and other social media services are, IN FACT the collectors, and distributors of your data to third parties such as Cambridge Analytica for one, the shady data firm who, loved to rape data that unsuspecting people left on Facebook. Google does the same with peoples' data with their own analytics and others'. Here is the point: The surrendering of authority by Google, Facebook, and other social media to third parties is not ethical even though their terms and conditions tricks you to agree to their shady 'moral principal'.
If I don't use Gmail, and don't have an account with Google, at what point did I "opt-in" to (or more likely, fail to "opt-out" of) allowing Google and others to access the content of email that I have sent to individuals who happen to use Gmail? How do I find out what permissions others have granted to Google et al. to access and use *my* data? And how do I even know for certain whether a given recipient is actually a Gmail user, given that some corporate email addresses may be Gmail in disguise, and some individuals may use Gmail to aggregate email from non-Gmail accounts?
This looks like a clear breach of the GDPR. The only real question is, who is committing an offence: Google, for allowing access to my data; third-parties for using the data for purposes for which they haven't obtained specific consent; or Gmail users, for granting Google and others access to my data without my consent? I suspect Google has the greatest liability here, for running a data processing system that fails to have GDPR-compliant mechanisms in place for safe-guarding third-party data.
Google seem to be presupposing, incorrectly, that all data associated with a particular account is the account holder's data. This is the same error in reasoning that Facebook make in their justification for shadow profiles, i.e. unlawfully holding and processing personal data relating to individuals who are not users, and refusing to protect against abuse of such data, by claiming, obtusely, that the data and the right to consent both "belong" to the account-holder who provided the data to Facebook, rather than the person whose data it is under the law.
Misuse would imply the reading of your email was not covered by a 'permission'. So on a technical level this is not misuse. But by any common understanding, well, did the users properly understand the permissions? Did anybody really suppose they had understood, or rather is this enterprise predicated on their expected ignorance?
To me they read like you are giving permission for the application itself to read your emails, artificial intelligence, not flesh and blood.
Well, if they are mining my e-mail for the ideal ads to push at me, they are mining for cornish cotted cream and scones.
The 'targeted' ads at the top of my e-mail have been and continue to be wide of the mark (if they wre astro-navigating to Mars, it's be 'Lost in Space').
I don't know why anyone would buy their services - I certainly wouldn't, have seen the result from the 'target' end.
I've been getting a lot of dating ads recently, although I've not been looking (ever, on gmail) - and I refuse to believe the lack of romantic e-mail is what they are picking up on (I might be a catholic bishop).
"Unfortunately some companies take personalization to an extreme, but an online experience devoid of personalization would feel oddly generic to the average consumer,"
Where can I sign up to feel oddly generic web sites? Considering that dark text on light backgrounds are the current fashion, I much prefer light text on a dark background, and most sites don't offer a dark theme, I do all my web site personalization in my browser. I also personalize my online advert experience, by removing most of them.
It's not a good look to refer to everybody as consumers though.
"Google has argued that nothing is proprietary, and like AMP, it's all based on open-source and open published standards."
Like how their chat system started off being a somewhat well behaved Jabber / XMPP thing, but has drifted away?
I honestly thought that this was common knowledge. It's why I don't use GMail (outside of my workplace, where I'm forced to), and I don't send email to GMail accounts when at all avoidable.
Fortunately, I only personally know a single person who still uses GMail for their private email.
"If the emails were indeed being read without the author's explicit and clear consent, this would likely be unlawful under GDPR"
Well, let's just leave this worry hanging here.
"Again, if no consent were obtained, it would contravene Google's own developer agreement, which requires explicit opt-in consent when a user's "non-public content is obtained through the APIs"."
And let's double down on it instead of investigating the answer.
"In a statement published on its website, Return Path founder Matt Blumberg said his firm had co-operated with the reporter but expressed dismay that the report was "extremely and somewhat carelessly selective"."
Can someone confirm if this user-facing API permission request is in fact the selectively omitted thing?
Apparently it's in the source article. Evil applications can get at your data, if you explicitly allow them to.. ?
Yes there's a difference. I never gave the GMail app that came with my phone permission to do anything, in fact I disabled it and installed K-9 Mail instead. K-9 Mail has all the permissions it asked for, I trust it, that's why I picked it. If K-9 Mail starts sending emails to third parties, a permission it never asked for, a lot of people will be very surprised, likely we'll read about it on El Reg, it's quite popular. So the only entities reading my emails are me, K-9 Mail, my email server/s, any email servers between me and the recipient, and the recipient (and what ever software they use), perhaps the ISP / government / Gmail / wife / husband / 12 year old offspring at their end if they are not quite as paranoid as me, and perhaps any nasty people or TLAs snooping on our wires...
Sigh, might as well just tell world+dog these days if its email.
"So that would be an algorithm, artificial intelligence, a machine - not a person."
And what does Sample Application then do with the data? Sell it on? Use it as a basis for spear-phishing? Although the article says there's no evidence this has happened what we should be more interested in is the absence of evidence that it hasn't. Yes, I know finding evidence to prove a negative can be difficult or impossible but if companies want to be trusted simply saying they don't know something bad hasn't happened isn't really going to cut it.
What's "private email" (unless you're running your own mail server)?
Not sure if serious, but: Private email as opposed to work email.
Many people have an email account provided by their employer, and only use it for work. They have a separate "private" account, which they use for their communicating with friends and family.
Some people even have a "work" mobile phone, and a "private" mobile phone.
"Unfortunately some companies take personalization to an extreme, but an online experience devoid of personalization would feel oddly generic to the average consumer," he wrote.
So where is the problem? When I can't use adblock, etc. (work computer) I ignore ads. I guess I'm not normal according to them. Don't need, don't want "personalization". The computer is a tool, not my friend.
Feels like parents are condemning their kids them to some god awful future Stasi-like state-surveillance / interference... For what? Some convenience / cheap tech today. Its a pretty dangerous tradeoff. At least go down to the crossroads and get killer guitar chops if you want to trade with the devil etc...
I'll gladly take the "oddly generic" web over unwanted, irrelevant ads any time. Why do you think I run ad block. Just wish they'd develop a way to spoof sites that have a hissy fit if you're running an ad blocker. And all my browsers are set to wipe ALL history when closed, and I regularly use the Google Three-finger Salute - CTRL-SHIFT-DEL.
This is exactly why I decided to use the following guide to build and host my own email server -
https://arstechnica.com/information-technology/2014/02/how-to-run-your-own-e-mail-server-with-your-own-domain-part-1/
Slightly outdated, but still valid once you tweak a few elements like choosing different CA or DNS provider. Or you can do it the lazy method and use iRedMail - https://www.iredmail.org/ which is scripted.
If a Linux begineer like myself can do it, anyone who is fairly computer savvy can.