[Previous entry: "The Dymaxion American."] [Main Index] [Next entry: "M-A-R-S, Bitch!"]
04/15/2004 Entry: "The EFF on google's new mail service."
The EFF on google's new mail service.
While the media has largely focused on the fact that Gmail will
scan the contents of your email messages in order to target ads,
the more serious problem from a privacy perspective is Google's
ability to link your Gmail account information with your Google
web searches. By linking your complete Google search history -
tagged with your name and personal details - to your email records,
Google can create a highly nuanced picture of you as a reader
and as a person. Such pictures present irresistible targets for
government investigators, civil lawsuit plaintiffs, and even
identity thieves. A single attack or disclosure could release
deeply sensitive details about your life to the world without
your knowledge or consent.
I really hate the google double standard that so many in the IT industry share. If Microsoft or Apple tried this there would be riots in the street, yet cuddly google can datamine our private emails, store them, and hand them over to anyone with a court order and very few people have raised their voices. I'm still in shock at how few emails are encrypted nowadays and for a gig of free storage we're willing to piss away our privacy to another corporation.
If a critical mass of people started signing and encrypting their email it would keep the feds and anyone with a court order out of our data, stop spammers by blocking bad or known spamming signatures, keep your company's system admin from reading your email, etc.
Who wants to tackle the encryption problem? So far Microsoft has been reluctant to pimp its own encryption features and didn't care when Windows XP broke PGP, the most popular email and file encryption software.
Also, that google cookie on your computer expires in thirty or so years, so they're tracking your searches as we speak. I like to delete mine every so often so I'm not tracked as much.
See Also: Thomas Jefferson: Cryptologist
Replies: 2 comments
Facing the facts, if encryption wasnt so hard to figure out for "Joe Six Pack" and the myth about only people hiding things need encryption, more people would use it.
As you use Mozilla Mail Client or Thunderbird (if I recall correctly-recalling past posts..), have you tried using the PGPi addon? Have you actually signed and sent encrypted email beyond a test or two?
Sorry, not to nit pick, but fact of the matter is that neither of us tech-heads use crypto beyond weak 128bit SSL tunnels with our online banking and routine purchase with Amazon. Mass exceptence? When cows jump over the moon. :P
Posted by Justin @ 04/15/2004 11:46 PM CST
I used a lot of crypto with PGP. The free version had a plug-in for both Outlook and Outlook Express. Then MS released XP which broke the free PGP implementation.
Now I use Thunderbird for email and still haven't migrated to the open source copy of PGP - GPG. I tried to install it on my windows machine with the enigmail plug-in, but nothing came out of it as I couldnt get the damn thing to work.
Its a real shame the free PGP product doesnt work with XP or with the Moz-based mailers.
At this point it looks like interest in crypto has fallen, when its really the solution to a lot of social problems regarding email.
I bet it'll be revitalized when some big company forces all their employees to use some form of crypto and everyone else will just play follow the leader.
Really now, this stuff should be standard with any mail client and easy to use. Why can't email servers hold public keys? Why aren't users asked to generate a certificate when they launch Outlook Express?
There's a solution out there, but until some big privacy 9/11 hits, it seems no one cares.
I think we need a national encryption awareness week. Imagine legions of geeks turning their friends onto crypto products and scaring them into using them by saying "John Ashcroft is reading your mail!"
Even if I get a lot people behind this proposed holiday, what will we standardize it upon? GPG? Certs? GPG is a bitch to use and most Certs cost money. I think thwarte might be giving them away for free for a limited time.
I guess certs are the easiest way to go and Outlook and Mozilla support them natively. Maybe I'll make "Encryption Awareness Week" my next project. I think there's a gee-whiz factor to it that will attract some people and hopefully others will follow the leaders.
I'm sure a lot of people will be sold on the idea that "my boss can't read this?"
Posted by skallas @ 04/16/2004 12:10 AM CST
