[pas]

> " They are willing to give up privacy for free email. "

How exactly does Google/GMail violate the users' privacy with email?

They process the messages, show hyper-targeted ads. End of story.

But is there a Cambridge Analytica for GMail? Can some "app" exfiltrate the emails? Or the contacts of users?

[epistasis]

What you describe sounds exactly like giving up privacy to me, even if it doesn't sound like giving up privacy to you.

And then when you add in all the other tracking that Google does of your web history, search history, location data, that is pretty much all your privacy gone.

Let's say I pay an assistant to help with my email. Even though they are in my employ, I'm still giving up my privacy for the service. Google gives us email service in exchange for that peek in to our private lives.

[fixermark]

"An assistant to help with my X" is a pretty solid, concise description of Google's service suite, complete with the observation about privacy.

[valker43]

In essence, yes. Except the human assistant could technically be coerced to spill the beans on you. Via bribes or blackmail, etc.

Gmail dosen't. The ads you see have nothing to do with your mail activity. They haven't for a while now. Not saying Google is a paragon of privacy, mind you.

https://support.google.com/mail/answer/6603?hl=en

[mehrdadn]

I never understood how scanning emails to show ads is a privacy violation? No information about you is leaking to anyone.

[prophesi]

I think it's the whole _scanning emails_. The information is already leaked at that point.

[mehrdadn]

Leaked to whom though? That's what I don't get. No human is involved in the process and your information is in the hands of the same company as before.

[prophesi]

That's a lot of trust in a black box coded by humans. What's going on under the hood with their Smart Compose? Smart Reply? Smart Labels? It all requires processing very very personal information, and you simply can't vet whether it's all handled securely.

[mehrdadn]

Sure, you're trusting their code is bug free. That's just (lack of) faith on your end. The fact that you decide not to trust their competence certainly does not logically imply that they are invading your privacy. It just means you need to trust their competence or take your business to some company you deem more competent. (Though exactly which company would be more competent in infosec is quite the question, but I digress.)

[savanaly]

Ok so then you need to invent a new word for what is lost when companies further cross the line from [using your data in a totally internal and in fact internal to just your account]. Because it seems like a big step from treating your data as a tool to affect your experience to selling it to other companies to do whatever they want with. What is the primary word associated with that step if not "privacy"?

[JBerlinsky]

Yes, developers can request permission to access your inbox "offline" (i.e. at any time, with a long-term access token). The scope is clearly identified in the OAuth authentication process, and the consent screen clearly asks for permission to (IIRC) "read, write, and delete emails." There are a few well-known applications (Earny and Unroll.me come to mind, off the top of my head) that are known to work with consumer research operations with the resulting data.

[blakesterz]

I am so far willing to give up some small amount of privacy for free email, though I'd also pay Google for it because it is simply the best email hosting I could find. I don't want to host my own email, hosting email sucks. I've tried other email hosters and they just weren't as good. They also have security in place that takes care of all the big things in my threat model.

So when it comes to email... yeah, it's not as private as it could be, but it's about the best I can find for everything else. It ain't perfect, but it's the best option for me right now. Maybe it won't be in a year or two?

[dmitrygr]

That hasn't been the case for nearly five years... Gmail messages are NOT used for any ad targeting.

[bassman9000]

They process the messages

That's SVspeak for

they read your emails

Yes, yes. I know it's a machine.

[pas]

Any email host reads you emails. And not everyone is up to the task of hosting their own emails.