Big corporations like Google and Facebook offer free services, but how free are they? In reality, there’s no free service out there. You’re trading something for access to these platforms. If you’re not spending on it, you’re the product.
Google has changed over the years and incorporated new tools to enhance security and privacy. However, there are areas the company still struggles to secure fully. As the company sought more profit, they resorted to using Gmail as a data collection point for marketing, exposing users to privacy concerns.
A Wall Street Journal article highlighted the privacy concerns brought by Google’s use of third-party apps. When you install “add-ons” in your Gmail account, you give third-party companies access to your inbox. According to the WSJ report, in some instances, engineers read through thousands of emails, posing a genuine privacy threat that Google has failed to address.
Reviewing the effect of these Gmail privacy concerns, many people focused on Google’s lack of oversight of third-party developers. Many experts argued that Google has failed to implement adequate privacy policies to stop the Gmail privacy problem. These loopholes highlight Google’s privacy weakness as their business model involves spying on users and selling their data to advertisers. Organizations use your data to influence your buying decisions.
So, should I trust Gmail? No. But there are a few things you could do to minimize exposure to privacy vulnerabilities.
What’s the real purpose of Gmail?
In the financial year 2018, 70% of Google’s revenue was from advertising through their different properties, including Gmail. In 2020, Google earned $146.92 billion from selling ads through its Ads platform, allowing advertisers to run ads across Google’s extensive ad network. The majority of Google’s revenue comes from advertising.
With all these facts, is Gmail secure and private? Google’s model is based on advertising, selling users’ personal information to third-party companies, who use it to customize ads. Perhaps that’s why there’s a boom in users turning to privacy-oriented Gmail alternatives. For advertisers, your emails are valuable and offer essential clues that make it easier to customize ads. While you may think your email provides private communication, many of the things you do are visible to Google.
Your Gmail inbox serves as Google’s company property. Google scans your communication to understand you better and create an accurate profile that they sell to advertisers. With over 1.4 billion users, Gmail offers a robust platform for the company to collect valuable data about users. In 2010, Eric Schmidt, Google’s CEO, admitted that the company knew about their users’ location and where they’ve been. They could accurately tell what each user was thinking. It points to an extreme violation of users’ privacy.
Following years of criticism and lawsuits, Gmail announced in 2017 they would stop scanning user emails to offer ad targeting. The company said it does not collect personal data about its corporate customers using G Suite services. They decided to include the policy in their free consumer version to create a uniform policy for Gmail users. But despite policies, Google failed to acknowledge they continued to allow third-party companies to scan your emails and collect data.
Gmail third-party data mining
Google has put a commitment towards securing your experience. However, you might still be wondering, “are my emails private on Gmail?” The answer is a simple No. From 2014, Gmail allows third-party developers to use the platform’s API to create software that they can use within Gmail. Often, these add-ons are productivity tools, like document signing apps and task managers. When you install them, you grant the apps permission to read your emails.
However, Google does not state this relationship, and many of these third-party apps don’t reveal either. These add-ons can serve as a loophole for profitable marketing activities, exposing you to the same privacy violations Google promised to stamp out. In their privacy policies, you’ll find vague disclaimers that give the companies permission to harvest and use your data for advertising purposes. Gmail does nothing to prevent such practices because third-party apps provide a valuable experience that improves their platform.
When they scan your emails, third-party companies can discover a lot about you. They might know your habits, the amount you spend, the places you visit, and the things you buy. Such information allows them to create your profile, making it easy to customize ads that target you. Typically, your emails are anonymized, but sometimes companies can get redacted screenshots of your emails. In a WSJ report, two engineers accessed 8000 personal emails while calibrating their algorithms.
Gmail did not notify the users who suffered this intrusion. This Gmail privacy problem is a significant threat as it allows people with malicious intent to access your most important conversations. The vulnerabilities make it possible to intercept essential documents and other material users believe confidential when they share via Gmail.
These privacy violations are similar to those that prompted the Facebook Cambridge Analytica scandal. Facebook’s third-party developers abused the privacy loopholes on the platform to harvest user data. They used the information to design ads that drove sentiment to help politicians gain an advantage over their competitors. Following the Facebook scandal, individuals across social media ran the #DeleteFacebook campaign in protest. It led to a congressional inquiry into the company’s privacy practices. While Google has not found itself in the same position as Facebook, it uses more robust surveillance systems than Facebook.
Gmail’s privacy mode and privacy-intrusiveness
One of the solutions people believe can counteract the vulnerabilities on Gmail is using Gmail’s confidential mode. This feature allows you to use a self-destruct timer or password protection. According to Google, recipients of the message cannot copy, forward, download, or print it. You can set the expiration date of the message, and this feature also allows you to revoke access at any time.
While you may find this an essential protection against Google’s privacy problems, it’s among Gmail privacy myths you should be careful about. Gmail created this feature when privacy concerns on their platform continued rising. However, the feature is neither private nor confidential as Google still offers unlimited access to your emails even when using confidential mode.
There are three key problems with Gmail’s confidential mode:
- Google enjoys full access to your emails even when you use the self-destruct timer
- Emails are not end-to-end encrypted
- Google links your recipient’s phone number if you password-protect the email.
These factors expose the confidential mode to additional privacy concerns, making it less of a privacy-protecting feature. You cannot get excellent privacy because the emails you send through this mode are accessible by third parties. Hence, it increases privacy risks compared to sending the information via the regular email system.
There’s not much benefit from Gmail’s confidential mode. For genuinely private emails, you should opt for a secure email service that encrypts emails manually. The only benefit you get from Gmail’s confidential mode is that receiving mail service cannot see emails sent through this mode. When you send emails from Gmail to a Yahoo user via confidential mode, the recipient cannot see the email. Still, Google retains full access to the email, giving you insignificant benefits.
Privacy for democracy
Privacy goes beyond ensuring people don’t access your love letters or online purchases. It’s about building a society that protects everyone’s rights. Because Gmail’s services rely on mass surveillance, this intrusion to privacy could be misused, especially for political expediency.
Facebook’s Cambridge Analytica scandal exposed how privacy vulnerabilities could impair democracy and lead to the violation of human rights in unpredictable ways. When malicious actors access private data about people, they can use it to undermine democracy. You don’t want to imagine what would happen if Cambridge Analytica accessed your Gmail inbox.
From the very beginning of Google, human rights defenders have identified problems. Just five days after Google launched Gmail, privacy advocates wrote to Google expressing concerns. They argued that Gmail’s insistence they would scan emails for advertising purposes violates the trust an email service provider must maintain. Gmail has continued to violate that trust with lax policies. Invading users’ privacy helps the company as it’s a part of its business model.
How can I protect myself when using Gmail?
The only way to use emails safely is to take personal responsibility and ensure the service does not violate your rights. Selling ads is the primary business model for Gmail, so you don’t expect the company to implement new policies to protect users.
The best solution is to use secure email services that provide end-to-end encryption, which means you have the only keys to your data. It helps to keep your inbox safe and prevents corporate surveillance. You don’t have to worry about data breaches as all your data is encrypted and only available to people you grant access to. Also, encryption makes it challenging to implement targeted advertising. A paid service will be a good option if you’re sharing sensitive materials you don’t want to expose to privacy vulnerabilities.