[mseebach]

TANSTAAFL. Google doesn't not respect your privacy, but there is a risk that could change. Personally, my money is on that Google's ad revenue is best protected by them respecting their users privacy.

Any mail host carries the risk of a privacy breach, either accidental, such as a hacker attack, less so, such as selling the service to someone who cares less or completely on purpose - simply turning around and selling your data.

All of these scenarios are vastly less likely to happen for Google in my risk analysis.

[SMrF]

"Google's ad revenue is best protected by them respecting their users privacy."

Their economic incentives are aligned in exactly the opposite direction. The more they know about you the more money they make, ergo the recent privacy policy changes which now tie your data across all of their services. In my opinion this is already a privacy violation, even if they don't sell my data to unscrupulous marketers. It should be opt-in. I believe the relevant quote is from Eric Schmidt, ""Google policy is to get right up to the creepy line and not cross it."

If you read their privacy policy, there is an entire section called "Information we share" that is worth reading. It's short, so that's good.

But still, I don't completely buy the notion that as long as Google doesn't resell my data to some "unscrupulous" marketer they are respecting my privacy. If at some point in the future they buy-in to Zuckerbergs "everyone should be open about everything" philosophy and create another privacy policy that isn't opt-in... I guess we're all screwed.

[mseebach]

First, I do not consider munching my data algorithmically to serve me ads is any more a breach of privacy than SpamAssassin feeding my email into a Bayesian corpus of "ham".

Many people seem to have a problem with the outcome of the process being ad revenue rather than spam suppression, I emphatically do not share that concern.

> But still, I don't completely buy the notion that as long as Google doesn't resell my data to some "unscrupulous" marketer they are respecting my privacy. If at some point in the future they buy-in to Zuckerbergs "everyone should be open about everything" philosophy

My argument centres around the fact that they already have a very profitable business model based on this data and thus they are unlikely to "pull a Facebook".

If they start changing direction on the business model, chances are that it will be foreshadowed some time in advance, and luckily it's downright trivial to switch mail providers as opposed to "switching" away from Facebook.

[icebraining]

it's downright trivial to switch mail providers

Yes, but on the other hand, that only prevents them from getting any new emails; they still have all your emails up to the moment you decide to change.

[mseebach]

While I'm sure the wrong people can do nasty things with a large back catalogue of e-mails, for marketing purposes knowing what you're up to now is vastly more valuable. Which means that if Google start scaring people and they leave, their current, profitable business model is hurt.

[stroboskop]

Could you tell us more about your analysis? I would especially like to know if you consider the extent of Google's collection of users' private data.

[mseebach]

First, do note that I also talk about a bet ("my money is on.."). The core of the analysis is that Google with Adsense has a revenue system that makes their interest showing me the most relevant ad. The more they know, the better the ad, the more revenue. The "bet" part is that this revenue is worth more than shady marketers would be able to extract from the data.

The best way for Google to know a lot about me is for them to not give me any good reason not to let them track me, scan my email etc. Any meaningful breach of privacy will erode that faith. Regular ads don't have that faith (an adblocker is invariably the plugin I install), Facebook don't have it (Facebook disconnect is the second one). Google can very easily be added to that list.

Also, Google is large enough and public enough that any significant erosion of privacy will trigger public intervention. A kind of "too big to fail".

[fauigerzigerk]

Letting someone read my mail and track me across the internet is a loss of privacy. There is no need for a breach or erosion of privacy, because by using gmail I'm giving up my privacy in exchange for a free email service. That's simply the deal.

The question is, does this undeniable loss of privacy matter and can we know how great that loss will eventually be? I think it does matter, partly because we cannot know or control the extent of the loss and we cannot easily take it back (if at all).

There's also a great security risk if so much sensitive information is stored in one place. Google is certainly more competent than I am in securing their database. But the incentive for someone to steal it from them is orders of magnitude greater as well.