Gmail’s privacy problem and why it matters

google privacy problem

The Wall Street Journal recently published an article highlighting privacy concerns related to Gmail’s use of third-party apps. When users install tools known as “add-ons” in their Gmail accounts, they are often giving outside companies full access to their mailbox. In at least one instance, the WSJ reported, “engineers personally read through thousands of emails“.

In the public debate that followed, many people focused on Google’s poor oversight of these third-party developers and the inadequacy of their privacy policies. While these are important concerns, they distract from the fundamental problem with Google, which is that the company’s entire purpose is to spy on you and sell your private information to organizations that want to influence you.

The real purpose of Gmail

Google’s business model is primarily based on online advertising. The company earned over $95 billion last year selling the personal information of its users to advertisers.

For an advertiser, your emails are a gold mine because we often think of email as a private communication channel. When your bank contacts you or you address an email to your loved one, these seem like two-party conversations. In reality, Google treats your Gmail mailbox as company property, scanning them with powerful software to better understand you.

Founded in 2004, the service now has 1.4 billion users creating a perfect record of their thoughts, behaviors, and interactions. As Google CEO Eric Schmidt said in 2010, “We know where you are. We know where you’ve been.We can more or less know what you’re thinking about.

After years of lawsuits and waves of criticism, Gmail finally announced last year it would stop scanning users’ inboxes for advertising purposes. What they did not mention, however, was that they would continue allow other companies to do just that.

Third-party data mining in Gmail

Since 2014, Gmail has given third-party developers access to the platform’s API, which allows them to build software that can be used within the platform. These add-ons are usually productivity tools, such as task managers or document signing apps. When users install them, they grant these apps permission to read their emails.

What is not overtly stated, however, is that the add-ons may actually be a front for profitable marketing activities. Buried in their privacy policies are vague disclaimers that allow the companies to harvest and share your data with their advertising partners. Gmail allows this to happen because third-party apps make their platform more valuable.

By scanning your emails, companies can learn information about your email habits, the things you buy, how much you spend, and who you are. Typically this information is anonymized but not always. According to the Wall Street Journal, the add-on developers sometimes shared redacted screenshots of entire emails. In one instance, two engineers read through 8,000 personal emails in order to calibrate their algorithms. The users were never informed about this.

These activities are extremely similar to those that led to the recent Facebook-Cambridge Analytica scandal. When the abusive practices of Facebook’s third-party app developers came to light, the fallout included a #DeleteFacebook hashtag and a congressional inquiry into Facebook’s privacy practices. Though Google has so far avoided intense controversy, its surveillance operations are far greater than Facebook’s.

Privacy is necessary for democracy

This is not just about strangers having access to your love letters, intimate photos and online purchases. It’s also about the kind of society we want to live in. Gmail is designed for mass surveillance, and such a powerful tool could be easily misused. The intelligence software Google is developing could someday be turned against us in ways we cannot predict. The Facebook scandal has already given us a glimpse of this power, which can even be used by malicious actors to undermine democracy. Imagine if Cambridge Analytica had access to your inbox.

Human rights defenders saw the potential for harm from the very beginning of Gmail. Five days after its launch, a group of privacy advocates wrote a letter to Google expressing their concerns. They said Gmail’s plan to scan emails for marketing purposes “violates the implicit trust of an email service provider.” Gmail has violated that trust again and again, and it will continue to do so because invading people’s privacy is essential to its business model.

How to protect your privacy in the age of Google

Fortunately, the ad-based business model is not the only viable way to commercialize online services. At ProtonMail, we implement end-to-end encryption, which means users have the only keys to their data. Your inbox is safe from corporate surveillance and offers increased security in the event of a data breach. Encryption also makes targeted advertising impossible. So while we offer free accounts, we are supported almost entirely by paid users. This means our interests are aligned with those of our users, most of whom believe paying money is preferable to paying with their data, given the privacy and security risks.

When you pay for the services you use, you can be sure you are the customer and not the product being sold to advertisers. If you’re tired of your personal information being sold, processed, and profiled, then consider switching to a service that puts privacy first.

To find out more, please see Best Gmail alternative for privacy and security.

The ProtonMail Team

Sign up and get a free secure email account from ProtonMail.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Ben Wolford

Ben Wolford is a writer at Proton. A journalist for many years, Ben joined Proton to help lead the fight for data privacy.


Comments are closed.

35 comments on “Gmail’s privacy problem and why it matters

    • We are working on our own calendar. If everything goes well, we hope to release the beta version by the end of 2018.

  • But Gmail is free.For Protonmail we have to pay.All option are need money .Protonmail is very restrict.That why people choose Gmail.

  • Google sucks. We deleted all our GMAIL family and work accounts in 2016 and switched to ProtonMail. I knew that Google was spying on users and gathering information from their emails. But in those days it was the lesser of evil – other email providers were no better. I learned about GPG-mails too late – in 2016. And instantly moved on to ProtonMail.

  • Hello Protonmail Team!

    that’s great to hear how you fight for privacy, that’s I left Gmail and bought your plan.

    But every day looking forward to leaving google drive to buy your ProtonDrive. Tell me please, when it happens?

    Best from Prague!

    • We don’t have a concrete ETA at the moment. If all goes well, we hope to have a working version by Q2 of 2019.

  • I agree with the article that Google has and will continue to build a massive surveillance net encapsulating the world. My Gmail account is a shell and have deleted virtually all records of usage, weblogs, Youtube search and viewing, and all other meta data I could locate. Of course using a proxy is important and am happy to see Proton is covering privacy with both secure email and a proxy. Keep up the good work! Remember privacy is a right, not an option.

  • “When you pay for the services you use, you can be sure you are the customer and not the product being sold to advertisers.”

    You are in the privacy/security arena? Your statement is largely false. I pay(ed) for my ISP, my android phone, and my phone plan (a lot of money) and I still get tons of my data stolen/used by all of those for advertising profit without any possible recourse left and right.

  • So, when will protonmail users get the option to block free email domains like gmail, hotmail, juno, etc…???

  • I shall provide you fellows with a brief, basic security guide for Windows OS and Google Chrome regular users. It’s important to mention that i cannot personally guarantee the ongoing integrity of these safety measures and that you should make an habit of at least keeping yourself to date with the assistance of several renowned tech online magazines and journals.

    Add-Ons: HTTPS Everywhere; UBlock Origin; Privacy Badger. The more unnecessary and disreputable Add-Ons you have, the more unique will your browser fingerprint be and the risk of information leakage. Always properly configure your Add-Ons (as everything else).

    Emails Clients: Protonmail; CounterMail; Hushmail; Mailfence; Tutanota. Don’t forget that your data won’t be encrypted if you send information to unencrypted clients like Gmail (by standard configuration).

    Use a VPN service like ProtonVPN. Try out their free 7 days premium trial service and don’t forget that their free version is the only one without bandwidth limits. Check vpn(dot.)com and thatoneprivacysite(dot.)net for some independent and technical input. vpnmentor(dot.).com is also a good reference. I cannot stress enough that you should support Protonmail and ProtonVPN if you can, because they are a major flagship of internet freedom and privacy.

    Use Avast Anti-Virus for real-time protection and Malwarebytes for deep scanning. Comodo or Kaspersky line of products at a corporate level.

    Always use a trustworthy password generator and repository (software or text based). Try to use different aliases for every website you use and always use different strong passwords.

    Use encryption whenever necessary, software like Veracrypt (check signature) and Bitlocker are common references.

    It’s entirely up to you how far do you wish to take your security precautionary measures. Having the access to proper security and privacy tools becomes somewhat redundant if your decisions are not sound minded. Nurturing awareness to these matters will become second nature and you won’t stress over it as much as in the initial phase of learning.

    As for the article in question, it was not surprising in the least. I was merely wondering when would someone whistleblow the news. I still have a Gmail account for the sake of the features that encompass their services, but i would never trust Google products with sensitive information. Google is a massive web crawler that records everything you do in the internet, far beyond whatever information you input in their search engine. The only way to remove personal information from their repositories (or anybody elses) is to exercise your privacy rights and even them, you would have to take their word for it.

  • just open the book. Does protonMail have China government background and support? We are all online and understand the security issues. So many double spy online to gather all different dissidents and information. I am waiting your model answers.

    • ProtonMail has no connection to China, nor any other government for that matter. We are a small independent team fighting the big “fish” and state surveillance, hoping to make the internet a better place.

  • That Protonmail is planning other features, including calendar and Proton Drive, is excellent news and will do a lot to help Gmail users migrate. However, Gmail is also very fully-featured in its calendar offering, so it’s important that things like search and file attachments are implemented.

    In the meantime, there good replacements for Google Drive already that implement end-to-end / zero-knowledge encryption. These include Tresorit, SpiderOak, and iDrive. Check their various features to find the one that suits your needs the most. There is also Cryptomator, which is a free and open source way to add a layer of encryption to files you store with services like Google Drive. It’s an excellent privacy enhancement whilst we wait for Proton Drive.

  • I signed up on google and i never knew what problems it faced. I was hacked and the hacker stole my credit card information and my email info. It was horrible. I called google and they didn’t do anything about it! Iy was horrible and very very scary

  • Hi,
    I’m a victim as a Gmail user. Unfortunately we all know Google use our personal data to make money. As long the service is going smoothly we don’t think about it in how bad situation we are.. It is not only our privacy,. It is an inhuman automatic system where you can try everything you will not get any help if you from unknown reason can’t get in your own e-mail account. There is no one live person or an emergency phone number or anything which can support you. You can get a heart attack on the front of your computer from the helpless situation in which you have a Google account..
    I went through the hell as an elderly,,not healthy woman and it is the reason I found you from the many e-mail provider At this time I try to make no mistake and don’t handle my privacy to a dishonest e-mail provider.
    I learnt my lesson on the hard way so now it is very relaxing to learn and helpful system..
    Thank you.

  • Protonmail has free accounts, too @ole. And your emails are more secure than Gmail.

    Can you explain how Protonmail is more restrictive?

  • Hi!

    I don´t know if you guys are thinking in following a hardware criation path in the long run. I think that´d be awesome if you decide to produce a secure mobile phone at the future. Or, you could consider to create a new mobile software free of google android´s chain. It´d be a great advance to ours “google´s libertation”


  • I downloaded proton vpn,
    Whats the best browser to install?
    or is it safe to use google search while vpn is activated?

  • Protecting yourself from surveillance in the age of Google and Facebook is difficult and takes a lot of learning. I believe very few people will do that.
    But there is one thing that anyone can easily do and what invalidates the whole business model. Use an ad blocker. They may know what you think and whatnot, but if they cannot show you the ads then nobody is is going to pay for them. This is how an ordinary person can realistically fight back.

    • Hi! That doesn’t sound right. Please try another browser. If you still encounter issues, please open a support ticket here:

  • I’m so happy to read this. This is the kind of manual that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this greatest doc.

  • I’m so happy to read this. This is the kind of manual that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this greatest doc.

  • How can I remove my GMail Account and keep my Proton App. I can’t use Proton and download the app without having a Google Account

  • I tried ProtonMail, not for long, unfortunately.
    I set the 2FA and never received the code on my phone and that was it. In an instant, I couldn’t access my emails and resetting my password my emails would have been lost. So what’s the point in that?

    Okay, Gmail can potentially read your emails but Gmail never failed me. I’ve always been able to access my emails whenever I went
    In just 2 weeks, I was locked out of my Prontonmail account, 2 weeks. I’ve been using Gmail for 15 years. Not once I was locked out.

    Privacy matters just as reliability and if I can’t rely on ProtonMail to make the 2FA work, I’m certainly not gonna move to ProtonMail and trust them with my emails and my access to specific websites for which my email is registered

    Until you fix this up
    Enjoy the rest of your day