Is Gmail worth the risk?

Is Gmail worth the risk?

Summary: Gmail users are passionate devotees of the free Google email service. Some typically jaded bloggers even believe that Gmail is "perfect" (see "Google's Gmail: Still far from perfect.

TOPICS: Google

Gmail users are passionate devotees of the free Google email service. Some typically jaded bloggers even believe that Gmail is "perfect" (see "Google's Gmail: Still far from perfect.").

I believe otherwise, as I warn in "Gmail and Health URLs: Why Google cares less about your privacy, and why you should care":

Should Google love be unconditional? Should Google love blind users of the risks they run by using its services? Should Google love exempt the Google corporation from scrutiny of its stated and real desire to manipulate all of the “the world’s information,” personal, public and private, in support of its multi-billion dollar profit objectives?

NO. Google Gmail is not email business as usual.

SO WHAT, is a typical Gmail user response: “I have nothing to hide, I trust Google, Google is secure…”

Such flippant retorts are as naïve as Google’s “do no evil” slogan.

Nothing is risk-free: Risks of fraud, data manipulation and identity theft can be reduced, however, by choosing email systems which provide for more user control and which are not integrated within data mining business models.

Many "TalkBackers" at my blog are strong believers in Google, perhaps even Google lovers, and they believe in Google Gmail:

"Kama-sama": Oh no! Now they'll have access to pictures of my pets and where I'm planning on meeting a friend for lunch tomorrow. And the only reason I can think of that someone will actually look through the messages is if that person commits a felony and they're to be used as evidence, in which case I'm all for that since the person gives up most of their rights at that point anyway. I've got nothing to hide, so I'd gladly pay that "price" for this service.

"TalkBackers" have also expressed concerns about Google's ambitions with Gmail:

"mrwonder": GMailUnPrivacy.It gets interesting when you notice the topics of ads on your email frame. Try putting different topics into letters sent from or to your gmail account. There is definitely data mining in action....Fortunately, there is no crosslink between your gmail identity and any other.


PS: By reader request, and in conjunction with the rebranding of my blog to "Digital Markets," I will be "talking back" to my passionate "talk backers" in TalkBack, so I invite you to "ADD YOUR OPINION!"

[poll id=20]

Topic: Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The risk?

    Sorry, what exactly is the risk? You mention identity fraud, but that is pretty much rife with physical snail mail anyway. What are the other risks?
    • Giving Them Your Data

      I'd say the real risk is in storing your data, including medical info, on their servers. Personally, I think that's a pretty big risk, but your assessment may differ. Despite the charges of "yellow journalism" in another post, I think someone should probably point out to the internet population in general what some of the risks may be, although I'd like to think people would be bright enough to see the risks themselves. There's always going to be a fairly large percentage who will either not think about or who will discount risk, and those are the people Google is counting on to build their base. There's also always going to be a smaller percentage who are more cautious, those who will wait and see. All I can say is in this situation, people really have nothing to loose by being cautious. We've created a lot of the security havoc online with an attitude of "yeah, sure, let's do it!" without completely thinking through the risks that are inherent to any new technology.
      • worthy response

        Here's a counter-question that occurs to me.

        Is our medical data safer in a number of big-insurance-corps, with their low skill clerical staff and IT departments, or in a state-of-art Google who knows what they're doing with security?

        Security is an art guided by diversity of clear ideas, not markets of conventional thinking, isn't it?

        On the Yellow Journalism opinion, here is a counter-example, also from ZDNet. Here, someone looks at the benefits of a Google capability, and also asks fair questions of it.

        Shows real inquiry can be done, and that it will look much different from the diatribe all cross-connected here.

        Kind regards
        Narr vi
  • There is too little awareness

    Google already has all your searches saved on their servers. We saw from the AOL leak in the summer that you can find people's identity just from those. Now you want to give them all your emails. And, some people will use their Agenda. Google will have complete information on all your activities. And if there is a leak, or a change in ownership of Google, it will all be there to use, or abuse. Nobody who uses the Google search engine should do anything else with Google. That is already enough information.
    • yeah right...

      Don't log into google when you search then! (Oh, and quit google desktop whenever you connect to the net...)
  • Personalised Advertising...

    True gmail uses it... But so does yahoo mail... If you want gmail secure, do what I do. get mozilla thunderbird, set your gmail account to use pop, (from start if you don't want to use the web one again), and then go to the help guide for thunderbird and gmail. No ads (therefore no emails scanned). Yes, in the help files they explained it... it's scanned when you load the page. So if you don't load the ads, or just block them using firefox's adblock extension...

    **NOTE: I do not mean to cause this panic about yahoo mail... the content of you mail is not saved! there is no reason to worry, unless you're paranoid!
  • Yellow Journalism

    Have you ever heard of it?

    This is what you are doing, it seems in each of your postings.

    A perfect example is your article on Click Fraud.

    You distort. You selectively report. You give false views of processes you don't apparently understand.

    You are giving ZDNet a very bad name.
    Narr vi
  • GMAIL and Junk

    If Google wants to look and my JUNK mail then so be it. I, like most of your readers, have another 'secure' email program that we use and rarely allow others the address.
  • On Caution

    I've never full relied on any of the web-based email providers with ALL of my information. Never used their calenders or fully filled out the contact info, etc. because I didn't rely on them to keep this information safe. My biggest problem with Google gmail (which I use) is that they keep copies of ALL my emails. Since I have nothing to hide that shouldn't really worry me, but it does. It's like being stalked. Nothing stolen, nothing used (maybe), but the idea of someone fingering my clothes, going through my journals or sizing me up leaves me feeling abused in a vague sort of way that you can't quite put a finger on. Vague or not the feeling remains and so does the fact that you're being stalked. That being so one never knows when (or if, to be honest) it's going to become more intrusive -- when is their "interest" going to move from vague to very much in your face?

    I used to have my bank and PayPal emails go to gmail, but no longer. I now send it to a 'secure' gmail account where once I download it to my computer it's off their servers. And certain newsletters, too, are sent to my private email address (and always have been). The less info 'they' have on my interests/outlook, the more 'invisible' I believe I am. And what I believe is very important to me. Call me paranoid, but I believe I'm just that much less of an interest for email pawing than I was six months ago.
    • Are you sure?

      [i]where once I download it to my computer it's off their servers.[/i]

      You sure of that. I think elsewhere on zdnet I read that your email is archived on googles servers even after you delete it or download it. I know when I download from gmail with Thunderbird, delete any unwanted emails, then login to my gmail account and look in the deleted folder, my deleted emails show up in there. I think they are archived as soon as they are received by the mail server, which means it doesn't matter if you are downloading them or not.

      And just out of curiosity, what did you mean by "I now send it to a 'secure' gmail account"? I would personally like mine secure too, but know of no way for that short of encrypting it.
  • WHAT "risk"?

    There is no "risk" with GMail that ALL email systems do not present. The idea that GMail is "dangerous" compared to AO-Hell, Yahoo!, AT&T, or ANY OTHER email system is ridiculous and bigotted.

    If you want total privacy, STOP using ALL telecommunications. Otherwise, expect that the NSA and/or FBI is reading & listening to everything you generate electronically.
    • I agree

      What exactly was the point of this article? The "risk" of Gmail wasn't even clearly defined. When you compare Gmail to any other existing email model, it isn't any more or less secure.
  • Gmail vs. GPS

    OK, so you are worried about privacy, what about GPS and your cell phones????? Do we hide in caves like Osama been hidden!

    Just a thought!
  • Gmail worth it for non sensitive use

    I'm totally with you on the risks involved in GMail.

    I have a Gmail account just like I have a Hotmail account and a MyTrashMail account. These provide limited and clunky functionality and I use them with this in mind. Between them they provide several different layers of email accessibility. Anything to do with work or close friends goes through my other private email or work email addresses.

    I don't particularly care about Data Mining to provide Ads. In 10 years of internet use I've never clicked on an ad on a website. If I want something I'll look for it when I need it.

    I would extend the same concerns about Gmail to other apps like Google docs and spreadsheets. BUT while I see the benefits of Gmail I see no reason why I would ever want to use an online application like this. I will always want my office and productivity apps directly on my machine along with the documents. In these areas I wish Google all the worst luck possible in their attempt to compete with desktop applications.
  • Depends

    Use the department store test.

    If you can walk into a crowded Walmart and comfortably broadcast your message over the store public address system, then you should be okay to use GMail. If not, then send your message by a different, more secure means.
  • What about Yahoo and Hotmail

    Yahoo and Hotmail are not any better. They both insert your true IP address in the headers of each email you send using their service. So much for being anonymous with Yahoo and Hotmail.
  • Is Internet worth the risk?

    Yes and no, the world is a dangerous place to live in but there is no other way so let's enjoy it.
    Same thing can be said about Internet, it has its good ansd its bad.
    And exactly the same happens with Gmail. I trust it but I would not rely on it if my business dependen on it. Nor would I rely on Hotmail or Yahoo. Yet I trust Gmail for keeping those mails I want to keep but that would no harm me if lost. I Hotmail for its messenger and Yahoo because its free and I was curious about it.
    Do they read my mail? Well, enjoy it!
  • Use Windows Live Mail

    Use Windows Live mail, it works much better, is easier to use and should be more secure as it is new, and is designed to eventually replace hotmail.
  • An easy way to protect your privacy when needed

    Have you seen this:
    A quick and esay way to secure your Gmail messages and attached files when needed.

  • open letter to google

    I previously contacted Google about these very concerns over their services. I never received a reply, but I specifically mentioned I was concerned about leaving years worth of personal information on permanent record.

    Keyboard hardware and software hacks are so easy these days, I asked Google for a simple system to help reassure me that my information was remaining private. I proposed that the opening page show the time/date stamp of my last login and (if requested) the ip address. This way I can feel more confident about the security of my information..

    So far they have never implemented any type of progressive security agenda. I think this is a huge mistake that someday could bite them in the posteriour.

    Some other possibilities include incoming IP address verificiation (unless I'm on vacation, I access the account from static ip's).

    I also proposed that they market or sell a duplicate set of USB keyfobs with a long long security key burned into ROM. These fobs would only be necessary for retrieve historical mails.

    I can't answer the question 'is gmail worth the risk'; because the answer is more complicated than that. It IS worth the risk for my personal correspondences with family... And it IS great for receiving newsletters that I like to search and index.

    However, I do not use gmail for banking or account correspondence. Or any type of correspondence that I consider even remotely confidential. I use many email accounts and also have used a handful of the new disposable accounts.

    Google should be at the forefront of web based email security and they have taken no innovated or progressive measures. That said, I love having a searchable index to all of historical mails.