|
December 2005 In Google We TrustInternet users should think carefully before relying on Gmail. By Simson Garfinkel
This story, by a veteran TR correspondent, first appeared in the Dec. 2005/Jan. 2006 issue of Technology Review. It explores the complex issues of privacy and data security as they relate to Gmail, the increasingly popular, free web-mail service from Google. Google's Gmail raises important questions about the security and privacy of our personal information -- questions that should matter not just to users of the free Web-based e-mail system but to everyone who exchanges e-mail with Gmail users. And since the technical underpinnings of Gmail might very well be the prototype for the next generation of desktop-computer applications, the answers to these questions potentially affect everyone. But wait -- this is not another diatribe against the targeted advertisements Gmail shows while you read your mail. All of the worry surrounding that single issue has obscured a far more important one: data integrity and security. Gmail is so powerful, fast, and convenient that there's a huge incentive for you to keep all of your e-mail there. But there's a catch: Gmail makes no promise that a mail message you save today will still be there tomorrow -- nor that e-mail you delete today will be gone tomorrow. Using Gmail means placing a lot of trust in Google. When Gmail was launched in April 2004, it boasted three strengths: scale, search, and sales. Scale was the most obvious; Google promised each user the ability to store a gigabyte of e-mail when competitors like Hotmail were offering a measly two megabytes. Google could make this offer because, at the time, its 100,000-plus computers had more than 20 petabytes of combined storage. Since then, Google has shown it can buy new hard drives faster than its users can fill the old ones up. Search was Gmail's second strength. Instead of asking users to create "folders" and archive their e-mail like obedient file clerks, Gmail allowed them to simply click "archive" and banish e-mail messages from their in-boxes to an unseen holding area. Gmail users retrieve their archived mail by searching for it -- a process that is so fast and thorough that it's actually liberating. Sales was Gmail's third strength -- one that was surprisingly controversial. When Google announced Gmail, it proudly proclaimed that it would analyze e-mail messages for common keywords and use them to customize advertisements. For example, an undergraduate reading a message about an upcoming assignment might simultaneously see an advertisement for a site that sells term papers. Despite this apparent convenience, many privacy activists -- me among them -- called upon Google to describe how its targeted-advertising technology worked. The company responded this past October by dramatically expanding and clarifying its privacy policy. Google now explains that the advertisements are based on your computer's IP address, the content of the message you're reading, and your previous use of Gmail. But don't worry, Google says: your e-mail is scanned only by computers and never by human beings. In addition, Google now makes it clear that you can delete individual e-mail messages or your entire Gmail account at any time. If you do, however, your old e-mail might remain on Google's servers for up to 60 days and on its "offline backup systems" for even longer. Although this may sound like an unacceptably long time, Google has in fact done a far better job in addressing the concerns of privacy activists than its competitors ever did. |
Share »
Digg this
Add to del.icio.us
Add to Reddit
Add to Facebook
Slashdot It!
Stumble It!
Add to Newsvine
Add to Connotea
Add to CiteUlike
Add to Furl
Googlize this
Add to Rojo
Add to MyWeb
Favorite
Print
E-mail
The Future of Search
07/16/2007
Massachusetts Institute of Technology
Comments
Guest (Bob Campbell) on 12/29/2005 at 8:08 AM
1
Despite the hype surrounding the brand new old technology of AJAX, it does nothing to allay user fears, both corporate and consumer, surrounding security and downtime because of service outages.
I work for a financial services company. The company has all of web based email services blocked internally. Users simply cannot get to these types of email accounts. And for someone to use our products, they must have a regular email account with their ISP and cannot use a web based email account for verification.
Guest (John Hammond) on 02/01/2006 at 12:00 AM
1
Guest (Tharglet) on 02/01/2006 at 12:00 AM
1
But that depends if ur ISP has blocked the mail ports or not
Guest (DAVID C SKUL) on 02/10/2006 at 12:00 AM
1
If you rent a home, the lease always states that the landlord has the right of entry at any time for any reason.
Gmail and all the other free mail services are entitled to the same right of entry.
They own the house and you have agreed to let them come in anytime they want. Read the terms of service!
David C Skul - CEO
Relativity, Inc.
http://www.relativitycorp.com
Guest (Gmail User) on 01/08/2006 at 3:12 AM
1
Thus you can save them and backup. I hardly ever use gmails interface only to do a quick cleaning now and then i use thunderbird to handle ALL my email and have always been able to back it up to my backup hard drive
Guest (Jamie) on 02/01/2006 at 12:00 AM
1
Backup - As noted by several already, you can and have been able to backup your mail using POP for some time.
Find something serious to discuss before wasting my time in the future, please.
Guest (Tharglet) on 02/01/2006 at 12:00 AM
1
A lot of the websites one visits is ad supported, each having ads on other sites.
And ISPs don't put the ads on a page, they email them to you.... well some do.
Guest (vysakh Chandra) on 01/09/2006 at 3:42 AM
1
Guest (Bob Campbell) on 12/29/2005 at 8:08 AM
1
Despite the hype surrounding the brand new old technology of AJAX, it does nothing to allay user fears, both corporate and consumer, surrounding security and downtime because of service outages.
I work for a financial services company. The company has all of web based email services blocked internally. Users simply cannot get to these types of email accounts. And for someone to use our products, they must have a regular email account with their ISP and cannot use a web based email account for verification.
Guest (Gmail User) on 01/08/2006 at 3:12 AM
1
Thus you can save them and backup. I hardly ever use gmails interface only to do a quick cleaning now and then i use thunderbird to handle ALL my email and have always been able to back it up to my backup hard drive
Guest (vysakh Chandra) on 01/09/2006 at 3:42 AM
1
Guest (YDLH) on 01/10/2006 at 12:00 AM
1
Guest (Erika Chow) on 02/01/2006 at 12:00 AM
1
Guest (Brian Utterback) on 02/01/2006 at 12:00 AM
1
Guest (Mike) on 02/03/2006 at 12:00 AM
1
Guest (Bruce McIntosh) on 02/01/2006 at 12:00 AM
1
Guest (Maxine Clarke) on 01/17/2006 at 12:00 AM
1
Guest (James) on 02/03/2006 at 12:00 AM
1
Gawd have you seen how bothersome the other 'free' mail hosting sites are? A real pain - so much so not worth using!
Its fast, offers many features, and being web-based, anywhere in the world.
Guest (Anonymous) on 02/09/2006 at 12:00 AM
1
Guest (Eduardo Kives Ostronoff) on 02/01/2006 at 12:00 AM
1
Guest (John Hammond) on 02/01/2006 at 12:00 AM
1
Guest (Tharglet) on 02/01/2006 at 12:00 AM
1
Guest (Mark) on 02/01/2006 at 12:00 AM
1
Guest (Tharglet) on 02/01/2006 at 12:00 AM
1
Why else would banks send ur pin in a separate letter to your card? Paper is generally safer.
But nothing is truly "safe"
Guest (NAW) on 02/01/2006 at 12:00 AM
1
Another point, the gov't will end up getting what they want. Microsoft and AOL have been in the game long enough to know I bet...although I admire Google's "independence".
IF the gmail account dies, I'll get another free POP account somewhere else, thats going to take all of 5 minutes!
Oh yeah, if you have things to hide, don't be dumb enough to use email.
Guest (LG) on 02/01/2006 at 12:00 AM
1
Guest (R Barrera) on 02/01/2006 at 12:00 AM
1
Guest (KQ) on 02/07/2006 at 12:00 AM
1
Guest (Steve Rose) on 02/03/2006 at 12:00 AM
1
Steve
Guest (A Robulack) on 02/16/2006 at 12:00 AM
1
I consider the largest risk to users from GMail and other internet-based application services to be paranoid US anti-terrorist legislation.
Without even informing a user, US-based companies must hand over any and all data related to a user under the Patriot Act. This applies to international subsidiaries of US companies, as well.
So at any time, Google may be forced to hand over one's entire GMail account to the US federal government and that user would be none the wiser.
Guest (anon) on 05/21/2006 at 12:00 AM
1
If you think your email was ever private look up the carnivore FBI system. Then you will see the truth my friend. MAHAHAHA