Republished by Slate. Translations available in French (Français), Spanish (Español), Chinese (中文)
For almost 15 years, I have run my own email server which I use for all of my non-work correspondence. I do so to keep autonomy, control, and privacy over my email and so that no big company has copies of all of my personal email.
A few years ago, I was surprised to find out that my friend Peter Eckersley — a very privacy conscious person who is Technology Projects Director at the EFF — used Gmail. I asked him why he would willingly give Google copies of all his email. Peter pointed out that if all of your friends use Gmail, Google has your email anyway. Any time I email somebody who uses Gmail — and anytime they email me — Google has that email.
Since our conversation, I have often wondered just how much of my email Google really has. This weekend, I wrote a small program to go through all the email I have kept in my personal inbox since April 2004 (when Gmail was started) to find out.
One challenge with answering the question is that many people, like Peter, use Gmail to read, compose, and send email but they configure Gmail to send email from a non-gmail.com “From” address. To catch these, my program looks through each message’s headers that record which computers handled the message on its way to my server and to pick out messages that have traveled through google.com, gmail.com, or googlemail.com. Although I
14 Comments
renewiltord
I have my personal email set to Gsuite. I hide nothing. It’s in my DNS MX. Just look it up before you send me a message on my personal. Since MX records are what you need in the first place, it’s what you should be checking. If someone wants to opt out, they are welcome to.
alganet
[flagged]
TZubiri
Only by a very wide definition of "having" your email. Having data in one of your servers means not much if it's not usable or findable.
Can a government submit a subpoena to Gmail asking for your emails? Unlikely, they would just answer that you are not a client of theirs and as such they don't have your emails.
Can they submit a subpoena asking Google to hand over all of the emails that your clients sent or received from your address? Sure they can. It's going to be a way harder sell to the judge and the reason and burden of proof will be that much higher, as it would essentially be closer to fishing or mass surveillance. But it's something that I can see passing for cases of national security or child abuse. Nothing I would personally worry about, but I understand if you want to wear a tinfoil hat.
Semantics and nuance matter.
xyst
e2e encryption with s/mime is the answer, unless y’all think otherwise.
I played around with it the other day. Installed actalis/digicert s/mime cert on client. Sent emails between the 2 addresses. Emails decrypted locally on clients but same message sent on webmail client is encrypted/unreadable (besides subject line)
meta_ai_x
[flagged]
jowea
Needs to consider the other big email providers too.
photochemsyn
Google's products are garbage – any honest person can report on the degeneration of their services. That's what happens with monopolies over time.
Google would like you to think they're a God's-eye master of reality of course… but they're not. Just another corporate flop, like IBM etc.
Barrin92
I think in general treating email any other way than "everyone will eventually read your mail" makes no sense. Email communication, from forwarding to how people archive, to copy-pasting provides no security and is so brittle, just assume anything you write in an email is for public consumption. Reminds me of a post from a few years ago about encrypted mail as a security LARP (https://www.latacora.com/blog/2020/02/19/stop-using-encrypte…)
If you want secure messaging that nobody else will snoop on use an application dedicated to.. secure messaging. It's never what email was for and it's not how it's being used.
Congeec
Because social media. The same goes for a phone number. If your contacts give out a phone book, your number is leaked.
waltercool
[dead]
kjellsbells
As I see it, the problem is that the email address has been conflated with your identity, and that is extremely problematic. It should only ever have been a somewhat transient reachability identifier. As an identity it then gets linked to concepts like authorization and trust, eg "we'll send this code to your email, because we implicitly trust that only you can see your email, and that youll always be able to get to it."
Every so often one sees a cri de coeur from someone who has learned this lesson the hard way when Google locks them out of their account, the key to their digital life evaporates, there's nothing they can do about it.
Alternative identifiers exist, eg handles on sites like HN, but they are second-order artifacts of the email as ID.
Given the stakes, then, you have to decide whether to try and control your identity by bulding your own infra for email (domain, mail server, dkim etc and a fair bit of hell), paying for someone to run the infra (eg getting a proton or fastmail address), and hoping they dont enshittify or fail, or letting Google or Microsoft control it and hoping you dont fall foul of them. All these options have drawbacks.
Side musing follows: I dont know what the solution to identity is on the Internet. A very long time ago, X.509 certs issued by quasi government authorities was mooted as part of a international directory system. I can see a future authoritarian state falling in love with this idea again, esp with the resulting lack of anonymity,..but also the ability to "kill" people on the Internet simply by revoking their cert.
thisislife2
AKA, "Shadow profiling" – you can prevent it somewhat by sending Gmail users Protonmail or Tuta's password encrypted email.
lovelysoni03
[dead]
0xbadcafebee
Yeah, and also the post office has all of your mail (because they can/do scan it), and pretty much anyone can intercept SMS, only slightly harder to intercept voice calls on PSTN, and SMTP has always been unencrypted. Private databases sold to the government by corporations already have your job history, political affiliations, sexuality, etc.
Most communications throughout history have not been secure. Despite this, it hasn't been abused nearly as much as it could be. I'm not sure if it's because the scale is difficult, or the technical side, or nobody thinks to suggest it to the despots. It's probably a combination of things. Ironically we tend to fear the abuse of power when it doesn't happen, and then ignore or accept it when it does happen. So the fear/hang-wringing/jumping-through-hoops seems pointless.
I still believe that if you really are concerned about what you're saying, you should say it in a clandestine way. E2E encryption is like a giant red flag saying "I might be doing something shady". Asking grandma about her special cakes [when she doesn't bake] will fly under the radar unless someone is looking really hard.