ProtonBlog(new window)
google privacy problem

Gmail’s privacy problem and why it matters

Share this page

The Wall Street Journal recently published an article highlighting privacy concerns related to Gmail’s use of third-party apps(new window). When users install tools known as “add-ons” in their Gmail accounts, they are often giving outside companies full access to their mailbox. In at least one instance, the WSJ reported, “engineers personally read through thousands of emails“.

In the public debate that followed, many people focused on Google’s poor oversight of these third-party developers and the inadequacy of their privacy policies. While these are important concerns, they distract from the fundamental problem with Google, which is that the company’s entire purpose is to spy on you and sell your private information to organizations that want to influence you.

The real purpose of Gmail

Google’s business model is primarily based on online advertising. The company earned over $95 billion last year selling the personal information(new window) of its users to advertisers.

For an advertiser, your emails are a gold mine because we often think of email as a private communication channel. When your bank contacts you or you address an email to your loved one, these seem like two-party conversations. In reality, Google treats your Gmail mailbox as company property, scanning them with powerful software to better understand you.

Founded in 2004, the service now has 1.4 billion users creating a perfect record of their thoughts, behaviors, and interactions. As Google CEO Eric Schmidt said in 2010, “We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.(new window)

After years of lawsuits and waves of criticism, Gmail finally announced last year it would stop scanning users(new window)’ inboxes for advertising purposes. What they did not mention, however, was that they would continue allow other companies to do just that.

Third-party data mining in Gmail

Since 2014, Gmail has given third-party developers access to the platform’s API, which allows them to build software that can be used within the platform. These add-ons are usually productivity tools, such as task managers or document signing apps. When users install them, they grant these apps permission to read their emails.

What is not overtly stated, however, is that the add-ons may actually be a front for profitable marketing activities. Buried in their privacy policies are vague disclaimers that allow the companies to harvest and share your data with their advertising partners. Gmail allows this to happen because third-party apps make their platform more valuable.

By scanning your emails, companies can learn information about your email habits, the things you buy, how much you spend, and who you are. Typically this information is anonymized but not always. According to the Wall Street Journal, the add-on developers sometimes shared redacted screenshots of entire emails. In one instance, two engineers read through 8,000 personal emails in order to calibrate their algorithms. The users were never informed about this.

These activities are extremely similar to those that led to the recent Facebook-Cambridge Analytica scandal(new window). When the abusive practices of Facebook’s third-party app developers came to light, the fallout included a #DeleteFacebook hashtag and a congressional inquiry into Facebook’s privacy practices. Though Google has so far avoided intense controversy, its surveillance operations are far greater than Facebook’s.

Privacy is necessary for democracy

This is not just about strangers having access to your love letters, intimate photos and online purchases. It’s also about the kind of society we want to live in. Gmail is designed for mass surveillance, and such a powerful tool could be easily misused. The intelligence software Google is developing could someday be turned against us in ways we cannot predict. The Facebook scandal has already given us a glimpse of this power, which can even be used by malicious actors to undermine democracy. Imagine if Cambridge Analytica had access to your inbox.

Human rights defenders saw the potential for harm from the very beginning of Gmail. Five days after its launch, a group of privacy advocates wrote a letter to Google expressing their concerns. They said Gmail’s plan to scan emails for marketing purposes “violates the implicit trust of an email service provider.” Gmail has violated that trust again and again, and it will continue to do so because invading people’s privacy is essential to its business model.

How to protect your privacy in the age of Google

Fortunately, the ad-based business model is not the only viable way to commercialize online services. At Proton Mail, we implement end-to-end encryption, which means users have the only keys to their data. Your inbox is safe from corporate surveillance and offers increased security in the event of a data breach. Encryption also makes targeted advertising impossible. So while we offer free accounts, we are supported almost entirely by paid users. This means our interests are aligned with those of our users, most of whom believe paying money is preferable to paying with their data, given the privacy and security risks.

When you pay for the services you use, you can be sure you are the customer and not the product being sold to advertisers. If you’re tired of your personal information being sold, processed, and profiled, then consider switching to a service that puts privacy first.

To find out more, please see Best Gmail alternative for privacy and security(new window).

Sign up and get a free secure email(new window) account from Proton Mail.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support!

Protect your privacy with Proton
Create a free account

Share this page

Ben Wolford(new window)

Ben Wolford is a writer and editor whose work has appeared in major newspapers and magazines around the world. Ben joined Proton in 2018 to help to explain technical concepts in privacy and make Proton products easy to use.

Related articles

Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail
what is a digital footprint
What you do online isn’t private. Everything you do leaves behind some kind of mark. This trail is often referred to as a digital footprint, and it’s used to track you in many different ways. In this article, we go over what a digital footprint is, h
In February 2024, media reported that Indian authorities may decide to block Proton Mail. Proton Mail is still available in India despite any reports suggesting otherwise.  In response to hoax bomb threats that were sent through Proton Mail, some me