, 2004-06-14
Mass acceptance of the keyword scanning in Google's new e-mail service could leave government spooks feeling lucky.
Expand all |
Post comment
The Trouble with Gmail
2004-06-14
Todd Knarr (3 replies)
Todd Knarr (3 replies)
The Trouble with your generalization
2004-06-15
Asheesh Laroia [comments@asheeshenterprises.com] (2 replies)
Asheesh Laroia [comments@asheeshenterprises.com] (2 replies)
The Trouble with your generalization
2004-06-16
Mark Rasch (2 replies)
Mark Rasch (2 replies)
The Trouble with your generalization
2004-06-18
Roger (1 replies)
Roger (1 replies)
A different prospective? [ Your argument isn't analytical ]
2004-06-16
Bipin Gautam <visitbipin_hotmail+com> (1 replies)
Bipin Gautam <visitbipin_hotmail+com> (1 replies)
* IF Google and its employees abide by the enforceable policies to which you agree when signing up for Gmail, then your privacy is not at risk from Gmail's search features. [1]
* IF they don't abide, then you're screwed - but the same is true for any ISP, totally regardless of built in search features. The crooked admins without Adsense will just use grep ...
* In either case, your privacy is also at risk from all the dozens of random intermediate mail relays with whom you have no relationship at all.
You observe:
"You don't imagine that everyone has caught on to the fact that e-mail has always been an insecure method of communicating, do You?"
Of course not. But educating those people is a problem for all of us [2], not some special obligation to Google. Their obligation is simply to do no worse than anyone else, and they have. Adsense makes no difference to this.
Analogy: a laundry service offers to sort your laundry by colour. "My god!" you cry "I don't want these people fondling my underwear!" Your friend points out that all laundry services have to do that anyway because it's really hard to pack it with tongs. "Um, yeah, but with these people I know they're doing it!!"
Notes:
1. Yes, there is the theoretical paranoid risk that a merchant seeing that your HTTP_REFERRER comes from gmail.com, will deduce that one of their Adsense terms was found in one of your emails. In practice this doesn't really tell them much, though. The mere fact that you choose to visit their website provides MORE information, and until you choose to give them personal information they can associate neither fact with an identity.
2. Personally, I've found one of the best ways to convince someone that it's a real problem and not just some theoretical paranoid fear, is to sit at his workstation and use telnet to forge an email to me (CC him) purporting to be from him. Strictly speaking this proves the forgeability of email rather its lack of privacy, but in most business settings that's more important anyway. With this technique, at one company I got no less a personage than the Asia/Pacific manging director to mandate PGP!
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/248/26794#26794