Why Not to Use Gmail, or Even Send Mail to Gmail Addresses

[queerbychoice]

. . . unless you just have complete faith that the same law enforcement systems that spied relentlessly on everyone from Senator John Kerry to Dr. Martin Luther King, Jr. and recently infiltrated a local peace organization in Fresno, California will just magically never ever try to bother you.

"Google offers 1 gig of storage, which is many times the storage offered by Yahoo or Hotmail, or other Internet service providers that we know about. . . . Google admits that even deleted messages will remain on their system, and may also be accessible internally at Google, for an indefinite period of time. . . . After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. . . . Google's language means that all Gmail account holders have consented to allow Google to show any and all email in their Gmail accounts to any official from any government whatsoever, even when the request is informal or extralegal, at Google's sole discretion. . . . Google has not even formally stated in their privacy policy that they will not keep a list of keywords scanned from incoming email, and associate these with the incoming email address in their database. They've said that their advertisers won't get personally identifiable information from email, but that doesn't mean that Google won't keep this information for possible future use. Google has never been known to delete any of the data they've collected, since day one. For example, their cookie with the unique ID in it, which expires in 2038, has been tracking all of the search terms you've ever used while searching their main index."

     from http://gmail-is-too-creepy.com

"California Attorney General Bill Lockyer has acknowledged a letter sent by EPIC, Privacy Rights Clearinghouse, and World Privacy Forum regarding Gmail and California's two-way consent requirement in its wiretapping laws. Lockyer wrote in a response dated June 4: 'The potential exposure of Gmail users to liability for violation of Penal Code section 631 is of particular concern, as are the rights of those who are not subscribers to Gmail but who send e-mail to those who are.' . . . Thirty-one privacy and civil liberties organizations have signed a letter urging Google to suspend its Gmail service until the privacy issues are adequately addressed."

     from http://www.worldprivacyforum.org (which also has the full text of Lockyer's letter)

And here's how and why to anonymize your Google cookie.

Comments

[queerbychoice.livejournal.com]

Hmm, you may have a point about Yahoo having multiple servers and not necessarily deleting it from all of them. But although certainly I'm aware that the "and cannot be recovered" part of Yahoo's statement referred to "cannot be recovered by you, the end-user," I interpreted "deleted from the server" to mean "deleted from all servers," and thus only recoverable if the government actually commanded them to undelete all recoverable deleted files. And I tend to question whether the U.S. government would do that with Yahoo's servers. I know they would do that if they were trying to recover information from an individual suspect's personal computer, but it seems like subpoenas to ISPs are usually worded in terms of "please hand over all your files," not "please undelete all deleted items on your servers and hand them over," and certainly not "please hand over your actual servers themselves so we can run terribly advanced attempts to recover even the deleted files that have already been overwritten."

"So yeah, I know I cannot technically disprove the idea that Google is keeping email around purposefully"

Ah, but I never suspected them of doing any such thing. Not in the least. I merely accuse them of not carefully bothering to delete the email, which is what they would do if they were considerate enough to want to protect their customers from having their data handed over in the event of a government subpoena. Public libraries regularly destroy their records to protect visitors from having that information be at risk of government subpoena. It shouldn't be too much to ask Google to tret their customers' data with as much concern for their privacy as libraries do - especially when you consider how much more personal most people's email is than their library book history is.

[luinied.livejournal.com]

Well, the FBI has been known to have a thing for confiscating computers based on rumors and never returning them... I'm not sure how many they'd confiscate from a major player like Yahoo or Google, but I suspect it's a moot point, as anyone, from the biggest name to the smallest local provider, is going to end up bending over backwards to give whatever is demanded of them. I mean... didn't eBay brag not long ago on how cooperative they were with law enforcement officers, giving whatever information was requested, no questions asked?

And I still contend that this whole matter of delayed deletion vs. "instant" deletion is just a matter of Google alluding to their underlying filesystem while other providers brush those details under the table. I just wish a Google engineer of some sort would publicly talk about these things, as this seems to be one of the details that everyone has latched on to about gmail, but perhaps they're just being typically secretive about their implementations.