Hacker News new | ask | show | jobs
by ryanwaggoner 3032 days ago
Google sifts through your e-mails, which compromises a cornerstone of your digital identity. People needing to send you an e-mail will also seldomly appreciate their e-mail being read by Google.

Google doesn't "read your email", they index it. Which allows you to search it. And then they show ads that are targeted to keywords that appear in the index. Gasp!

I seriously don't understand what the big deal is. Genuinely, what is the risk or concern here?

And I really doubt that GDPR is going to kill Gmail. They need that index to provide the search capability, if nothing else.

I think many of you who are fans of GDPR are going to be gravely disappointed.
1 comments
Sylos 3032 days ago
Well, tell me what the big risk or concern of a Google employee sitting down and actually reading your e-mail is?

Them indexing it, correlating it with all that other data they already have on you, storing and actively working with this data, including allowing 3rd parties to run near-arbitrary JavaScript on your client, based on near-arbitrary criteria they can specify, is in my opinion much worse.

Opens you up for this data being stolen off of Google's servers and for all kinds of attacks:

- Spear phishing

- Narrowing down the criteria, so that it only targets you, then reading out the IP that you're connecting from. If you're travelling from public WiFi to public WiFi, this can describe your path extremely precisely.

- Malware distribution in those ads. As the ads can be targetted to relatively small groups, they aren't going to be as thoroughly vetted and malware can go unnoticed for quite a while.

As for the GDPR killing Gmail, that's not what I meant. They'll have to make a good few adjustments, but they'll be able to continue operating it.

What I meant is killing Google's practise of having every question of consent being ticked off with one global ToS. That is something where the GDPR is quite clear that it's not legal. You have to ask for consent for each piece of information individually (exempt is information that you actually need to operate the service) and you're in general not allowed to bury questions of consent in ToS.

link