Archive for September, 2010

The Privacy Dangers of Gmail, Yahoo Mail, Hotmail, etc. and the Cloud

Tuesday, September 28th, 2010

Privacy erodes.  Just ten years ago most savvy internet users kept their own data on their own computers.  We did this partly because of privacy fears, but we did it mostly because it was technically advantageous and in truth was the only viable option.  The Windows users among us used offline POP/SMTP email clients Microsoft Outlook and Eudora, and when limited to a UN*X shell, we used readers like Elm and Pine.  But time moved on and the advantages of online services like Gmail became too hard to resist.  Vast storage, access from anywhere, ease of use, lack of maintenance, no need to backup (theoretically), etc.  I began using Gmail first as my online interface and a temporary holding place for my POP mail destined for Microsoft Outlook.  But after a few years I slowly stopped using Outlook.  And now as I look back I realize just how much privacy I’ve given up.  Let me be clear, I’m not particularly paranoid.  I don’t believe in a government so powerful that it can read every email flowing over the interwebs, nor a company so corrupt that it mines every ounce of the data it holds.  But, it’s not too much of a stretch to wonder just what could be made of your life if someone else had the occasion to examine it without context.  What might occasion that I’m not sure, we are not so important that someone would be likely to without some precipitating cause, real or imagined.  But with all the warrantless wiretaps going around, based on scant reason for suspicion, surely there miscarriages of justice are happening every day to some percentage of us, and we are effectively allowing someone else to sift through our lives.

And in the past we could expect some relative privacy by design.  A government which wanted to know what we were doing or thinking would need access to our homes, to the places we kept our data.  And that barrier has been a sufficient check to balance government curiosity.  Government is no different than the sum of the tendencies of its people.  We will all do what we can easily get away with, and warrantless wiretaps where government agencies can bypass a judge and send off a letter to request phone, email, etc. records from the companies you do business with are just one example.  While the invasion is effectively the same, they would concede to going before a judge if it required physically entering your home to retrieve the exact same data.  When all your data is housed outside of your home, you are vulnerable.

And there is little one can do if you choose to use online services for your mail.  If that service retains your email, it can certainly be accessed by those with the alleged authority to do so.  And there is no guarantee deleted email is really deleted from their system.  They may retain the data as a favor to you in case you change your mind,  they may retain the data on backups they have made, and the machines which handled your data will have remnants of your data until and unless it’s overwritten.  And of course anyone you’ve corresponded with could have their copy of your email similarly available.

I’m not suggesting everyone jump the Gmail ship and go back to the online stone age, but it is important that we all know what we’ve tacitly agreed to, and that we all encourage our government to acknowledge that our privacy extends beyond the borders of our domicile.  Until they do you can choose to use your own non-storing POP/SMTP mail system or switch to a secure online email system such as Hush Mail.

^Quinxy