Gmail’s privacy problem and why it matters

google privacy problem

Gmail faced a storm of criticism this week over its practice of sharing users’ emails with third-party developers. But Gmail’s failures run much deeper than that: The entire business model is incompatible with a free society.

The Wall Street Journal recently published an article highlighting privacy concerns related to Gmail’s use of third-party apps. When users install tools known as “add-ons” in their Gmail accounts, they are often giving outside companies full access to their mailbox. In at least one instance, the WSJ reported, “engineers personally read through thousands of emails“.

In the public debate that followed, many people focused on Google’s poor oversight of these third-party developers and the inadequacy of their privacy policies. While these are important concerns, they distract from the fundamental problem with Google, which is that the company’s entire purpose is to spy on you and sell your private information to organizations that want to influence you.

The real purpose of Gmail

Google’s business model is primarily based on online advertising. The company earned over $95 billion last year selling the personal information of its users to advertisers.

For an advertiser, your emails are a gold mine because we often think of email as a private communication channel. When your bank contacts you or you address an email to your loved one, these seem like two-party conversations. In reality, Google treats your Gmail mailbox as company property, scanning them with powerful software to better understand you.

Founded in 2004, the service now has 1.4 billion users creating a perfect record of their thoughts, behaviors, and interactions. As Google CEO Eric Schmidt said in 2010, “We know where you are. We know where you’ve been.We can more or less know what you’re thinking about.

After years of lawsuits and waves of criticism, Gmail finally announced last year it would stop scanning users’ inboxes for advertising purposes. What they did not mention, however, was that they would continue allow other companies to do just that.

Third-party data mining in Gmail

Since 2014, Gmail has given third-party developers access to the platform’s API, which allows them to build software that can be used within the platform. These add-ons are usually productivity tools, such as task managers or document signing apps. When users install them, they grant these apps permission to read their emails.

What is not overtly stated, however, is that the add-ons may actually be a front for profitable marketing activities. Buried in their privacy policies are vague disclaimers that allow the companies to harvest and share your data with their advertising partners. Gmail allows this to happen because third-party apps make their platform more valuable.

By scanning your emails, companies can learn information about your email habits, the things you buy, how much you spend, and who you are. Typically this information is anonymized but not always. According to the Wall Street Journal, the add-on developers sometimes shared redacted screenshots of entire emails. In one instance, two engineers read through 8,000 personal emails in order to calibrate their algorithms. The users were never informed about this.

These activities are extremely similar to those that led to the recent Facebook-Cambridge Analytica scandal. When the abusive practices of Facebook’s third-party app developers came to light, the fallout included a #DeleteFacebook hashtag and a congressional inquiry into Facebook’s privacy practices. Though Google has so far avoided intense controversy, its surveillance operations are far greater than Facebook’s.

Privacy is necessary for democracy

This is not just about strangers having access to your love letters, intimate photos and online purchases. It’s also about the kind of society we want to live in. Gmail is designed for mass surveillance, and such a powerful tool could be easily misused. The intelligence software Google is developing could someday be turned against us in ways we cannot predict. The Facebook scandal has already given us a glimpse of this power, which can even be used by malicious actors to undermine democracy. Imagine if Cambridge Analytica had access to your inbox.

Human rights defenders saw the potential for harm from the very beginning of Gmail. Five days after its launch, a group of privacy advocates wrote a letter to Google expressing their concerns. They said Gmail’s plan to scan emails for marketing purposes “violates the implicit trust of an email service provider.” Gmail has violated that trust again and again, and it will continue to do so because invading people’s privacy is essential to its business model.

How to protect your privacy in the age of Google

Fortunately, the ad-based business model is not the only viable way to commercialize online services. At ProtonMail, we implement end-to-end encryption, which means users have the only keys to their data. Your inbox is safe from corporate surveillance and offers increased security in the event of a data breach. Encryption also makes targeted advertising impossible. So while we offer free accounts, we are supported almost entirely by paid users. This means our interests are aligned with those of our users, most of whom believe paying money is preferable to paying with their data, given the privacy and security risks.

When you pay for the services you use, you can be sure you are the customer and not the product being sold to advertisers. If you’re tired of your personal information being sold, processed, and profiled, then consider switching to a service that puts privacy first.

The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Ben Wolford

A journalist by training, Ben has reported and covered stories around the world. In 2014, he founded a magazine, Latterly, devoted to international reporting on human rights. He joined ProtonMail to help lead the fight for data privacy.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

10 comments on “Gmail’s privacy problem and why it matters

    • We are working on our own calendar. If everything goes well, we hope to release the beta version by the end of 2018.

  • But Gmail is free.For Protonmail we have to pay.All option are need money .Protonmail is very restrict.That why people choose Gmail.

  • Google sucks. We deleted all our GMAIL family and work accounts in 2016 and switched to ProtonMail. I knew that Google was spying on users and gathering information from their emails. But in those days it was the lesser of evil – other email providers were no better. I learned about GPG-mails too late – in 2016. And instantly moved on to ProtonMail.

  • Hello Protonmail Team!

    that’s great to hear how you fight for privacy, that’s I left Gmail and bought your plan.

    But every day looking forward to leaving google drive to buy your ProtonDrive. Tell me please, when it happens?

    Best from Prague!

    • We don’t have a concrete ETA at the moment. If all goes well, we hope to have a working version by Q2 of 2019.

  • I agree with the article that Google has and will continue to build a massive surveillance net encapsulating the world. My Gmail account is a shell and have deleted virtually all records of usage, weblogs, Youtube search and viewing, and all other meta data I could locate. Of course using a proxy is important and am happy to see Proton is covering privacy with both secure email and a proxy. Keep up the good work! Remember privacy is a right, not an option.

  • “When you pay for the services you use, you can be sure you are the customer and not the product being sold to advertisers.”

    You are in the privacy/security arena? Your statement is largely false. I pay(ed) for my ISP, my android phone, and my phone plan (a lot of money) and I still get tons of my data stolen/used by all of those for advertising profit without any possible recourse left and right.