Gmail: A Rough Guide to Protecting Your Privacy
As we noted last week, Google has introduced a new beta email service called "Gmail" that raises a number of privacy concerns.
While the media has largely focused on the fact that Gmail will scan the contents of your email messages in order to target ads, the more serious problem from a privacy perspective is Google's ability to link your Gmail account information with your Google web searches. By linking your complete Google search history - tagged with your name and personal details - to your email records, Google can create a highly nuanced picture of you as a reader and as a person. Such pictures present irresistible targets for government investigators, civil lawsuit plaintiffs, and even identity thieves. A single attack or disclosure could release deeply sensitive details about your life to the world without your knowledge or consent.
Below, we explain how personal information from your Gmail account can be linked to your Google searches, provide a technical "how-to" for (temporarily) keeping the two separate, and offer our recommendations for a longer-term solution to the problem. Although we focus here on Google, these recommendations apply to any business - Yahoo, Hotmail/MSN - that offers both search and email services and can link the two.
~ The Problem
The problem is that the Gmail service may change this. All of a sudden, Google can know exactly who you are every time you search the Internet using its service. And not only that, its databases know who is sending you email, to whom you respond, and even what you write about. With innumerable search results and up to 1 gigabyte of email messages per Gmail account at its disposal, Google could pull together an extremely detailed dossier on each of the millions of people who use its services every day. Such a vast assemblage of nuanced personal information could become a bigger privacy nightmare than government projects such as Total Information Awareness (TIA).
As we note above, Google isn't the only threat. Yahoo and Hotmail, although they're not (yet) offering to archive a full gigabyte of your personal email messages, can also link your email account to your search history - and to your instant messaging as well. Amazon is getting in on the game, too, announcing this week its new "A9" search service, which will allow the company to correlate your book browsing and purchases with your search and click history via
~ The Fix
Contrary to what we suggested last week, merely deleting cookies "often" is not enough to prevent this from happening. You would have to delete cookies both before and after you use Gmail - each and every time. There's a better way.
Delete Past Linkability
For current and prospective Gmail users, we suggest that you start by deleting your existing Google cookies before you use Gmail (and before you enter your real name or existing email address in any Google form). This will help prevent your pre-existing search history from becoming associated with your identity in the future. (Note that it will also cause you to lose any Google preferences you have entered, such as language or adult content preferences.)
Prevent Future Linkability
In addition, we suggest that you use one of the two following schemes to prevent a link between your Gmail account and your Google searches:
(1) If you don't already have two or more web browser programs installed on your computer, obtain a second browser. Use the second browser only to access Gmail, and never use it for Google searches. To serve as a reminder for which browser to use, you could configure your second browser to load Gmail automatically when it starts.
(2) Use an "anonymizing" or cookie-controlling proxy service such as Anonymizer.com whenever you use Google search. For example, if you are an Anonymizer.com subscriber, you can create a web browser bookmark to the URL https://anon.ssl.anonymizer.com/http://www.google.com/ Use this bookmark whenever you want to make a Google search. You can then feel free to log on to the Gmail service using your ordinary web browser.
~ Our Recommendations to Google
Google doesn't have to make us jump through these kinds of technical hoops in order to protect our search privacy. In fact, Google could easily reassure its users about linking email to search with one simple step. Because each cookie is associated with a particular domain, Google could move the Gmail service from gmail.google.com to www.gmail.com - thereby keeping the gmail.com cookie separate from the google.com cookie. While using separate domains may not be as convenient for some users as a single sign-on at a single domain, single sign-on could easily be offered as an opt-in feature, giving people a fair opportunity to assess the privacy/convenience trade-off before Google starts collecting their data.
~ What's Next?
EFF is pleased that Google has so far been forthcoming about many of the features and issues raised by Gmail. We plan to continue our talks with the company, and we hope that Google will adopt our recommendations. When the final version of the Gmail service is released, we'll take a fresh look and let you know whether or not the service makes the grade for protecting your privacy.
~ The Big Picture
What we've offered here is a short-term fix for current/prospective Gmail users and a few brief recommendations for Google, barely scratching the surface of the privacy issues surrounding Web mail. A temporary work-around is just that - temporary. In the longer term, we are exploring bigger picture issues including:
* Concern over the growing trend to move large portions of people's
lives online via 3rd party providers, abandoning hard-won legal
* Risks of potential correlation of large swaths of private online
activity beyond mail and searching at all the major providers:
MSN, Yahoo, AOL and now potentially Google.
* Different legal rules that may apply to mail that is indexed,
searched or keyword matched by a third party - even when all these
tasks are entirely automated.
* What risks users should be aware of, what technical measures they
can take to protect their privacy, and what legal and contractual
measures they should demand to protect their rights.
Recent DeepLinks Posts
Apr 27, 2015
Apr 27, 2015
Apr 24, 2015
Apr 23, 2015
Apr 23, 2015
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Know Your Rights
- Trade Agreements
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Defending Digital Voices
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2015 Copyright Review Process
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games