queerbychoice: (Default)
queerbychoice ([personal profile] queerbychoice) wrote2004-06-26 12:47 pm
  • Add Memory
  • Share This Entry
  • Current Mood: annoyed
  • Current Music: kids outside

Why Not to Use Gmail, or Even Send Mail to Gmail Addresses

. . . unless you just have complete faith that the same law enforcement systems that spied relentlessly on everyone from Senator John Kerry to Dr. Martin Luther King, Jr. and recently infiltrated a local peace organization in Fresno, California will just magically never ever try to bother you.
"Google offers 1 gig of storage, which is many times the storage offered by Yahoo or Hotmail, or other Internet service providers that we know about. . . . Google admits that even deleted messages will remain on their system, and may also be accessible internally at Google, for an indefinite period of time. . . . After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. . . . Google's language means that all Gmail account holders have consented to allow Google to show any and all email in their Gmail accounts to any official from any government whatsoever, even when the request is informal or extralegal, at Google's sole discretion. . . . Google has not even formally stated in their privacy policy that they will not keep a list of keywords scanned from incoming email, and associate these with the incoming email address in their database. They've said that their advertisers won't get personally identifiable information from email, but that doesn't mean that Google won't keep this information for possible future use. Google has never been known to delete any of the data they've collected, since day one. For example, their cookie with the unique ID in it, which expires in 2038, has been tracking all of the search terms you've ever used while searching their main index."

     from http://gmail-is-too-creepy.com

"California Attorney General Bill Lockyer has acknowledged a letter sent by EPIC, Privacy Rights Clearinghouse, and World Privacy Forum regarding Gmail and California's two-way consent requirement in its wiretapping laws. Lockyer wrote in a response dated June 4: 'The potential exposure of Gmail users to liability for violation of Penal Code section 631 is of particular concern, as are the rights of those who are not subscribers to Gmail but who send e-mail to those who are.' . . . Thirty-one privacy and civil liberties organizations have signed a letter urging Google to suspend its Gmail service until the privacy issues are adequately addressed."

     from http://www.worldprivacyforum.org (which also has the full text of Lockyer's letter)
And here's how and why to anonymize your Google cookie.
Threaded | Top-Level Comments Only

[identity profile] jaq.livejournal.com 2004-06-26 08:34 pm (UTC)(link)
To be fair, these issues aren't really particular to GMail. These stories are just more FUD-spreading.

[identity profile] queerbychoice.livejournal.com 2004-06-26 08:45 pm (UTC)(link)
True, they are not specific to Gmail but they do become more prominent a concern on Gmail because Gmail doesn't ever need to delete any any information from lack of space. And Gmail's privacy policies are also a little more vaguely worded than some.

[identity profile] yonmei.livejournal.com 2004-06-26 09:24 pm (UTC)(link)
Personally, I've been watching with interest as so many of my friends suddenly do the "See! Want! Have!" with regard to a Gmail account. It's certainly being marketed very successfully to geekdom - all these people are convinced that Gmail is going to be the Next Big Thing and want to be early adopters.

[identity profile] queerbychoice.livejournal.com 2004-06-26 09:47 pm (UTC)(link)
I think Gmail has made very successful use of the idea that simply making something hard to obtain will cause a lot more people to desperately want to obtain it. The fact that it's by invitation only makes people either (a) feel like they need to get it in order to feel elite and give out invitations to it in order to show off how elite they are, or (b) feel like they ought to accept the invitations just in case they might want to use it later and give out invitations just in case somebody else might want to use it, even if they don't actually see anything all that great about this service they're recruiting people to.

Invitations = free advertising. If you ever want to recruit as many people as possible to anything, make sure you tell everybody they can only get in by special invitiation.

[identity profile] djpekky.livejournal.com 2004-06-27 12:00 am (UTC)(link)
Can I link your entry?

I won't until you authorize me. But I feel tempted to put this in my journal.

Peace!

Pekky

[identity profile] queerbychoice.livejournal.com 2004-06-27 12:09 am (UTC)(link)
Go ahead. Everyone's always welcome to link to any of my public entries.

"There should be a law against that"

[identity profile] datagrok.livejournal.com 2004-06-27 01:07 am (UTC)(link)
Subject in quotes because that phrase is one of my biggest pet peeves.

I'm glad there are sites out there making people aware of the privacy implications of using Gmail.

I wish as many people were as excited about public-key authentication and encryption technologies as there are about Gmail. But despite the privacy problem, Google has something novel and unique that provides real competetion in the "free web-based e-mail" "market." How shorty after Gmail was released did Hotmail and Yahoo both improve the quality of their free offerings? Competition benefits everybody.

I really hope that Gmail's success or failure rests on people's (un)willingness to use it, or to correspond with people who do, rather than outraged privacy groups clamoring to pass a law through a legal system that doesn't get the net that will end up poorly-implemented and misused. If businesses are smart enough to make it a policy to block all "business" email traffic through Gmail, that will make it less popular. If Joe Cool Computer Geek gets auto-responses from all his friends that say "please correspond with me from a non-Gmail account, thanks." That could also make it less popular.

I'm very curious to see where this will go.

Re: "There should be a law against that"

[identity profile] piman.livejournal.com 2004-06-27 05:05 pm (UTC)(link)
The word "law" only appears in the context of "lawyer" on gmail-is-too-creepy. "law" on appears in the context of "wire-tapping law" on worldprivacyforum.

I don't think their group is proposing a law to stop them, or advocating one.

[identity profile] luinied.livejournal.com 2004-06-27 11:22 pm (UTC)(link)
I'm usually all for anything that educates others about protecting their privacy, but all of the worry over gmail irks me. Not because I think it's unfounded, but because it focuses entirely on gmail, leading the average person to believe, first of all, that this might be part of some evil Google master plan, but more importantly that they're "safe" as long as they continue to use some other service. Which they're not.

When you have an email account on someone's server, your email is stored in plain text on a hard drive of a machine that is completely out of your control. When Google warns that deleted email will not be immediately and absolutely purged, they're not really saying anything new; they're just trying to cover their asses from people who have unrealistic expectations about how email works, especially email that's stored on a huge network of machines. And even once a message is "fully" deleted, there's still a good chance that it could be recovered via tricky hard drive analysis.

So yeah, you're trusting Google with a lot if you use gmail. But you're not trusting them any more than you'd trust anyone else. And if you're worried about correlations between email accounts and search engine cookies, I'd worry a lot more about anyone with a Hotmail account who uses IE's default search engine, as I trust Microsoft a lot less than I trust Google. If you want to be sure that nobody can read your email, you need to encrypt it.

[identity profile] queerbychoice.livejournal.com 2004-06-27 11:42 pm (UTC)(link)
Yahoo's email policy says, "once messages are emptied from the trash folder, they are permanently deleted from the Yahoo Mail server and cannot be recovered." True, they probably still could be recovered via tricky hard drive analysis, but I question whether a subpoena would specify that they must try to undelete all deleted files in search of even more information to turn over to the government. In any case, the fact that they are deleted from the server at least increases thechance that they'll be overwritten with other information.

Are there really people who use Microsoft's search engine? I guess there must be lots of them, now that you mention it, but they're all internet illiterates who don't know how to change the default or haven't even figured out how much better a search engine Google is. In view of this, they're probably the kind of people who'd be a lot harder to get the word out to than Gmail users.

[identity profile] luinied.livejournal.com 2004-06-28 12:59 am (UTC)(link)
I think the real difference here is which level of "deletion" the two policies are talking about. Yahoo seems to be aiming at people who might want to get their own mail back after deleting it, which is something that I doubt Google supports, either. Google, on the other hand, is talking about whether the actual data is still there, which of course it is, because of the nature of how deletion works. Now it may be the case that information lingers on longer at Google than it does at Yahoo - and it probably is the case, since Google's data is so widely distributed - but I highly doubt that the degree to which the information is deleted or not deleted is actually different.

Basically, whenever anything is "deleted" in any reasonably efficient computer system, what actually happens are a series of events where one abstract level says "well, I'm done with this; I'll act as if it's gone, and let you, this lower level, deal with reclaiming it as you see fit". If you're using a standard email client on a local message, it doesn't take long for this chain of messages to reach the very bottom, where blocks on a disk are actually marked as "ok to overwrite", but when the communication is happening between multiple machines - and trust me, Yahoo would not have a single server for mail storage either - this takes longer. And it takes longer when this reclaiming isn't done right away for efficiency purposes, which you can do if you have lots and lots of space.

But even after everything has been marked as overwritable by the very bottom of the operating system, it's still incredibly easy to recover the deleted data. That's what the free "undeleter" type programs you can find do, generally speaking - and such programs do, in fact, tend to recover large collections of files at once, which you then have to sort through to find the one[s] you want. It only gets hard once the data has been overwritten; that's when drives need to be subjected to the various tricky expensive hardware things that I'm not qualified to explain. But even then, it can be done.

So yeah, I know I cannot technically disprove the idea that Google is keeping email around purposefully, and I am certainly not qualified to be a file system or mail server implementor... but from what I do know, all signs point to Google's treatment of mail being no different from anyone else's; they're just being a bit more honest about what happens when you press the delete button. It likely takes a bit longer for data blocks to actually get marked as reusable, but I'm sure that the time it takes for this to happen with other major services is a lot longer than most people would suspect.

*apologies for being long-winded*

[identity profile] queerbychoice.livejournal.com 2004-06-28 01:19 am (UTC)(link)
Hmm, you may have a point about Yahoo having multiple servers and not necessarily deleting it from all of them. But although certainly I'm aware that the "and cannot be recovered" part of Yahoo's statement referred to "cannot be recovered by you, the end-user," I interpreted "deleted from the server" to mean "deleted from all servers," and thus only recoverable if the government actually commanded them to undelete all recoverable deleted files. And I tend to question whether the U.S. government would do that with Yahoo's servers. I know they would do that if they were trying to recover information from an individual suspect's personal computer, but it seems like subpoenas to ISPs are usually worded in terms of "please hand over all your files," not "please undelete all deleted items on your servers and hand them over," and certainly not "please hand over your actual servers themselves so we can run terribly advanced attempts to recover even the deleted files that have already been overwritten."

"So yeah, I know I cannot technically disprove the idea that Google is keeping email around purposefully"

Ah, but I never suspected them of doing any such thing. Not in the least. I merely accuse them of not carefully bothering to delete the email, which is what they would do if they were considerate enough to want to protect their customers from having their data handed over in the event of a government subpoena. Public libraries regularly destroy their records to protect visitors from having that information be at risk of government subpoena. It shouldn't be too much to ask Google to tret their customers' data with as much concern for their privacy as libraries do - especially when you consider how much more personal most people's email is than their library book history is.

[identity profile] luinied.livejournal.com 2004-06-28 05:04 am (UTC)(link)
Well, the FBI has been known to have a thing for confiscating computers based on rumors and never returning them... I'm not sure how many they'd confiscate from a major player like Yahoo or Google, but I suspect it's a moot point, as anyone, from the biggest name to the smallest local provider, is going to end up bending over backwards to give whatever is demanded of them. I mean... didn't eBay brag not long ago on how cooperative they were with law enforcement officers, giving whatever information was requested, no questions asked?

And I still contend that this whole matter of delayed deletion vs. "instant" deletion is just a matter of Google alluding to their underlying filesystem while other providers brush those details under the table. I just wish a Google engineer of some sort would publicly talk about these things, as this seems to be one of the details that everyone has latched on to about gmail, but perhaps they're just being typically secretive about their implementations.

Re: "There should be a law against that"

[identity profile] datagrok.livejournal.com 2004-06-29 12:25 am (UTC)(link)
Erm, *rereads* yes, you are correct. I was getting ahead of myself, predicting the ways that passionate people might overreact without fully understanding the technology. Apologies for being unclear on that.

But then I did some more research, and it seems this kind of overreaction has already ocurred: April 28, 2004: Anti-Gmail Bill Introduced (http://google.blogspace.com/archives/001210).
Threaded | Top-Level Comments Only