If you use Gmail, know that "human third parties" are reading your email

Originally published at: https://boingboing.net/2018/07/03/if-you-use-gmail-know-that.html

…

Good link! Zero for me, thankfully.

Does this include calls with Google Hangouts? I swear I had an all too weird moment two weeks ago, while talking with an online friend from Germany. As soon as we hung up, I received a marketing spam email that tied directly into our topic of conversation.

Headline is misleading and fear mongering. should add the caveat if you’ve opted in to use some 3rd party software that’s requested it.

So if I grant access to third parties to read my mail, then that’s what they might do?

I suspect all web-based emails are combed for content, and they also track you. I started getting spam emails on more than one account for something that I googled one time. Not in my rarely used gmail though, it’s delightfully spam free.

If you install one of a large constellation of apps on your phone, then buried in the permissions and fine print is the ability to read your mail.

I really should use my own sites email and stop being lazy

Right - and it might not be specific to GMail. Mark linked to Google’s page that shows what you have given permission to and I bet other email providers have similar pages.

Hey Barney! We got another one for The List!

Why keep struggling? Privacy is dead. Just accept it already.

That’s… suboptimal.

I am curious to know exactly what the parameters of this are. It sounds like the article is radically downplaying the actual seriousness by suggesting that virtually all of the mail-reading is being done by computers (which everyone already knows is happening), but for that to be true, the employees must be physically capable of reading any message they want. Google can’t possibly have any way to prevent or detect targeted, human snooping if it’s exposing plaintext messages at that scale.

Your privacy would literally be more secure if you left your unlocked phone next to a copy of your driver’s license at a bus station for 24 hours. I don’t think they’re conveying the level of compromise involved here, if the quoted reporting is accurate.

I don’t download apps and I have turned off all permissions or disabled Google Services to the extent that you can. Yes, this limits me in some mobile services, but I use my phone for calls and internet access, and almost always thru secure Wi-Fi. I’m not worried about accessing ESPN in a Subway.

The article isn’t about phone apps but things that use your GMail access (aka the webapp). E.g. this discussion system (Disqus) has an option to use GMail for logging in and may ask for some permissions when you are authorizing it to do so. I don’t think Disqus asks for e-mail access, though.

Phone app cannot ask for access to your e-mails, it would need to ask for access to your GMail account which, while possible, is a huge red flag by itself.

E-mail account is a very sensitive thing and if someone gives access to it to a random 3rd-party in order to have price comparison service or some coupons, they get what they deserve, IMO.

All in all, people need to start actually reading (and try to understand) what are they clicking “I agree” on. Ignoring it because the fine print or permissions are “too technical” or “incomprehensible techy mumbo-jumbo” won’t make them any less binding or the consequences less grave (unless the politicians wake up and regulate - which can make things actually worse).

BTW, here is a non-paywalled version of the same article:

Mark, your headline seems to be incorrect.

Google said only companies that had been vetted could access messages, and only if users had “explicitly granted permission to access email”.

Well, are they ever embarrassed.

Had a similar thing happen a week ago with Hangouts. A Youtube video mentioned during the call (Flight of the Concords song about a magic dragon…somewhat obscure) showed up in my recommended videos on Youtube. Of course, that was Google listening in to push other Google services. Still eerie.

Thanks for posting the non-paywalled link

btw:

Do you mean us, right here, now? If so, this is Discourse (which you may know, and maybe just misspoke/typed). I like Discourse so much I just want to make sure they get proper credit

You certainly have every right to discard your own personal privacy. However, I would ask you kindly to avoid discarding my personal privacy as well. Privacy is far from dead.

Yes, Discourse, too… (at least, for this BBS)

P.S. If the practice is allowed by Google’s T&C, why should the Security Checkup indicate anything, if it’s not a violation? I get a green checkmark – “No issues found” – but what constitutes an “issue?”