[fserb]

if you accountant was a computer.

We have to stop this madness of thinking that "John READS my diary" means the same thing as "The function fread() READS nitems objects". Those don't mean the same thing except in a metaphorical sense. It's insane.

[calibration263]

It's not about who reads it, it's about who has access. If a system has access to read my email as plain text, it means anyone who owns or can get access to that system can read my email.

Some one wrote fread, it could've been john, and john absolutely could be reading your email. Look at the what happened with ubers god mode.

That said the value of gmail for me exceeds the risk of people I care about reading my email getting access or having access. However my(and probably your) subjective view on the value of your emails is absolutely subjective.

[fserb]

Of course access is the important thing.

But then again, in the context of the story, it doesn't change anything. Google still has access to your email. That it is not "reading" for the purpose of ads is just a minor thing that doesn't impact your privacy/security in any way (in the terms that you are describing).

[euyyn]

Probably easier to hack any other mail provider than hack into Google and own it so badly as to being able to read emails in plaintext.

[discordance]

Madness? - remember not long ago when unroll.me was selling your email data to Uber?

[fserb]

yeah, that's a horrible thing. But again, not the same thing as me reading your journal. I'm just claiming that you shouldn't mix those two things.

[CaptSpify]

why does it matter? Google has access to read my email, and if they want (or are pushed to), they can single me out and then go and read them. Sure, 9/10 times it's a bot reading my emails, but there's nothing stopping them from doing it.

[fserb]

it matters exactly because of what you are saying.

You do have protections against someone reading your email at Google. Both from a expectation of privacy, but also from a company perspective. You also do have some non-expectation of privacy (if, for example, the US government wants to read your google email, they can ask for it and they eventually will).

The day someone with a brain and an opinion on Kim Kardashian at Google reads your email, there is a HUGE difference from when Google is "reading" your email for ads/spam/spelling/whatever.

You don't want to blur that line being wishywashy with language. You want to know that difference. The fact that it could happen is why you need that clear separation between "machine reading" and "a person reading".

[CaptSpify]

> You do have protections against someone reading your email at Google.

And those protections are bullshit.

I have no guarantee that they are not reading my email. If a bot has access, a person has access, and people abuse their access all the time.

In fact, there have been cases of googlers reading peoples email. And I'm not blurring any line, I'm stating: Gmail can, has been, and will be abused. To pretend that is not the case is, frankly, naive.

[jsmthrowaway]

I know this is cold comfort, but every single production data access is audited at Google, and that's after one signs more NDAs than you can shake a stick at to even get logs access in the first place. Each incident, with David Barksdale being the worst, has made them lock down logs, PII, and production access at a level unprecedented of any I've seen (including HIPAA shops).

You're correct that the possibility exists, but any Googler inhales heavily and makes sure their paperwork is in order before accessing prod. The warnings that are displayed are not unlike those when you're removing a nuclear core on a starship. It's scary. They want it that way. You need a damned good reason to even look at subject lines in the inbox (like fixing a bug involving subject line rendering that only appears with a user's specific subject line, for instance), and clicking a message is almost certainly a walk. Like, within the day.

They do take this seriously. I wouldn't call it bullshit. The protections I observed were in place before Snowden, so I imagine it's even more rigorous now.

[CaptSpify]

I'm sure they have a lot of checks, but that doesn't really matter if:

A) they can be bypassed, as they have been in the past

B) they can be compelled to hand that data elsewhere

So I'm calling bullshit. Until it's impossible for them to look at my data, then they aren't taking it seriously.

[jsmthrowaway]

You're calling bullshit on what, exactly? I'm providing you perspective on the very thing you're hypothesizing about from firsthand experience.

What is your technical solution for operating Gmail without any Googler having the ability to access some aspect of your data? It's email on the Web. Handling that e2e is pretty much intractable, and cleartext or nearly-cleartext with online keys has to exist somewhere even without the Googley things they do to data. I might posit that building a functional service with that requirement would be impossible for the Gmail case and many others (but I'm ready to be proven wrong).

[fserb]

what's the use case you are worried about? Tell me a story. Who is accessing your date, for which purpose, when, how much, etc... and explain how Gmail is a bad solution because Google "can read it".

Yes, Google does not offer you protection against the Government. That is a true statement. But that doesn't mean that it's all or none. There are so many privacy rights before "a warrant request". And news flash, unless you are extremely good at securing your own mail server, even then you are not protected against a warrant.

Those checks are not bullshit. Every single security system "can be bypassed".