[2aa07e2]

My question is, will I be able to use gmail without my google searches being tracked? Google did a great job to "bundle" its ToS into a single generic agreement for all the services under that "Your Google account" umbrella. I would love to opt out of that agreement, retroactively, and still be able to use gmail.

[PeterisP]

It would seem that GDPR requires this ability to exist. Let's wait a few months and see what actually comes out of this and how Google will handle that; AFAIK they haven't laid out how exactly they will comply.

[Sir_Cmpwn]

You can't interact with Google in any way without being tracked. Use DuckDuckGo and another mail service like ProtonMail or your own self hosted solution.

[andrepd]

Alternatively, if you find it hard to abandon Google's great search engine, use a privacy-protecting intermediary, like startpage or searx.

[Sylos]

I would also strongly recommend not using Gmail. Google sifts through your e-mails, which compromises a cornerstone of your digital identity. People needing to send you an e-mail will also seldomly appreciate their e-mail being read by Google.

To answer your question, though, if you live in the EU, then the GDPR, due to be enforced on the 25th of May, does make this practise of Google most definitely illegal. So, in like two years from now, when the lawsuit regarding this concludes and Google is actually forced to follow the law, then you should be able to.

If you still cannot be convinced to drop Gmail, there might be a technical solution to your problem, too.

For Firefox, there's an official extension called Multi-Account Containers, which allows you to have different sets of Cookies in different groups of tabs. And you can tell it to always open certain webpages in certain containers.

So, you would install the extension: https://addons.mozilla.org/en-US/firefox/addon/multi-account...

Then click the new Multi-Account Container button in the toolbar and from there open a new tab in a Container (you can also create a Container specifically for this, if you want).

Then in this new tab, open up Gmail and log in, and again click the Multi-Account Container button in the toolbar and tick "Always open this website in ...".

Finally, open up a new (non-Container) tab and log out from Google there.

[ryanwaggoner]

Google sifts through your e-mails, which compromises a cornerstone of your digital identity. People needing to send you an e-mail will also seldomly appreciate their e-mail being read by Google.

Google doesn't "read your email", they index it. Which allows you to search it. And then they show ads that are targeted to keywords that appear in the index. Gasp!

I seriously don't understand what the big deal is. Genuinely, what is the risk or concern here?

And I really doubt that GDPR is going to kill Gmail. They need that index to provide the search capability, if nothing else.

I think many of you who are fans of GDPR are going to be gravely disappointed.

[Sylos]

Well, tell me what the big risk or concern of a Google employee sitting down and actually reading your e-mail is?

Them indexing it, correlating it with all that other data they already have on you, storing and actively working with this data, including allowing 3rd parties to run near-arbitrary JavaScript on your client, based on near-arbitrary criteria they can specify, is in my opinion much worse.

Opens you up for this data being stolen off of Google's servers and for all kinds of attacks:

- Spear phishing

- Narrowing down the criteria, so that it only targets you, then reading out the IP that you're connecting from. If you're travelling from public WiFi to public WiFi, this can describe your path extremely precisely.

- Malware distribution in those ads. As the ads can be targetted to relatively small groups, they aren't going to be as thoroughly vetted and malware can go unnoticed for quite a while.

As for the GDPR killing Gmail, that's not what I meant. They'll have to make a good few adjustments, but they'll be able to continue operating it.

What I meant is killing Google's practise of having every question of consent being ticked off with one global ToS. That is something where the GDPR is quite clear that it's not legal. You have to ask for consent for each piece of information individually (exempt is information that you actually need to operate the service) and you're in general not allowed to bury questions of consent in ToS.