No, Gmail isn't private at all – but you can fix that
Big corporations like Facebook and Google offer you free services to make your lives easier, right?
Well, not really. As the popular marketing saying goes, if you're not paying for it, you're the product.
At this point, it should come as no surprise. But think how our perception of Google has changed over time. Remember feeling happy that information finally got more accessible online?
But then, you should also remember how Google’s “Don’t Be Evil” motto gradually disappeared as the company sought more and more profits. So let's see why Google's prime service – Gmail – isn't private at all.
But luckily, there's a fix for that.
Your Gmail privacy is under attack
The Wall Street Journal (WSJ) published a report in 2018 raising questions about third-party Gmail apps and Gmail privacy as a whole. First, some backstory:
In 2017, Gmail allegedly ceased scanning the content of your emails to display targeted advertising. Everyone gave a sigh of relief. As it turns out, it was a bit premature.
What does Google say?
If true, all of this is very damning. Moreover, it just doesn’t seem good enough to do what Facebook did – deny any wrongdoing and pretend that the platform has no responsibility in the matter. To be fair, Google has treated the allegations a bit more seriously.
Suzanne Frey, Director of Google Apps Security, Trust, Compliance, and Privacy has undersigned a response that downplayed Gmail privacy issues and reassuring users that every third-party app must pass a rigorous review process, which includes both manual and automated steps, to verify whether the apps meet two primary requirements. They must:
• Accurately represent themselves: Apps should not misrepresent their identity and must be clear about how they are using your data. Apps cannot pose as one thing and do another and must have clear and prominent privacy disclosures.
• Only request relevant data: Apps should ask only for the data they need for their specific function—nothing more—and be clear about how they are using it.
The positive sign is that Google clearly feels at least somewhat responsible for how third-party devs use the Gmail platform. Unfortunately, in practice these requirements do little to protect Gmail privacy, because these measures were already in place. If the WSJ report is to be believed, Google has left more holes for third parties to exploit in their quest for your private data.
The difficulties of webmail protection
Some of the cases described in the WSJ article seem creepy at best and illegal at worst. For example, the report mentions a company called Edison Software, the developers of a mobile email organizer app. Its development process involved reading the emails of hundreds of users for “guidance.” What’s worse, is the fact that this is not unique – employees often read private messages in order to improve algorithms, fix bugs, etc. In this case, users’ last line of security is a simple non-disclosure agreement.
Potential culprits include any app that scans your email for data – travel planning apps, price comparison apps, email organizer apps, marketing apps, the list goes on. Many different segments of the business world are interested in email data because it includes many things these businesses wouldn’t normally be able to access in bulk. Bills, private conversations, shopping information, and more – all of that is gold for Big Data.
The WSJ report draws on interviews with dozens of employees working for developer companies. The picture they paint is pretty grim. Users sign away access to their private information after getting fooled by privacy policies written in legalese or by simply refusing to read them. According to some interviewees, Google does little to make sure data-hungry app developers don’t abuse their users. For example, at least one respondent denies ever going through any Google manual review process for developers or apps, which was something that was claimed in the company’s official response.
How you can protect your privacy
If this news is giving you flashbacks to all things dystopian, don’t worry – you’re not crazy. It’s about time everyone starts paying attention to the privacy of our digital lives. The truth is, we still can’t fully conceptualise digital surveillance. Yet because of the web, our privacy is a lot more at risk now than it ever was.
There are methods to protect yourself. In this case, the path is both simple and completely impossible.
The first thing you should do to circumvent these privacy issues is to go to Google’s Security Checkup page. Here, you can see the list of third-party apps that have access to your data. With the click of a button, you can disable whatever worries you and protect your privacy. Google knows an awful lot about you, including your Gmail activity, so do not forget to limit access to your Gmail account.
The second step is the impossible one – start paying attention to those privacy policies! We know time is short but bear in mind that crafty legalese is the weapon of choice for privacy-thieves.
Lastly, we should keep the noise up. As long as people are interested and speak out, there might be consequences for overstepping your email privacy. More importantly, perhaps we’ll even be able to have a reasonable conversation about what those boundaries should be!
You may also like to read: