Google argues for right to continue scanning Gmail (nbcnews.com)

71 ups - 19 downs = 52 votes

46 comments submitted at 11:43:53 on Sep 6, 2013 by J_Neil

  • [-]
  • keraneuology
  • -11 Points
  • 14:10:46, 6 September

It wouldn't be as bad if they were only scanning for keywords to target ads - do that, yeah, whatever.

But they were just caught following links within those emails. That crosses a line.

  • [-]
  • occamstaser
  • 6 Points
  • 14:22:34, 6 September

What line? Your data is their product. Why do you think it's free?

from https://www.google.com/about/company/

"Google’s mission is to organize the world’s information and make it universally accessible and useful."

What you haven't realized is that the "data" is the stuff you input into their products. They own it, they will use it as they see fit. At the end of the day you either trust Google to "don't be evil" or you don't. Privacy has been and always will take a back seat to their mission.

I say this as someone who does trust Google.

  • [-]
  • keraneuology
  • -9 Points
  • 14:38:18, 6 September

Your data is their product, but only when it is within your email. Scan for key words, not a problem. Follow links to an outside server to which they were not invited then they have gone too far.

Just because I send you a link to a photo - with the link including a username and password to make it easier for you to view the photo - does not mean I want Google to index the image.

  • [-]
  • occamstaser
  • 4 Points
  • 14:48:22, 6 September

They webcrawl so going to a link and indexing more of the internet is absolutely in line with their mission.

Moreover if you want to have a private website on the internet you should password protect your website.

  • [-]
  • keraneuology
  • -4 Points
  • 15:11:27, 6 September

It is in line with their mission but if a non-gmail user sends a confidential link to a gmail user then they have a reasonable expectation not to have google accessing their server without permission.

  • [-]
  • occamstaser
  • 4 Points
  • 15:16:28, 6 September

I disagree and I think Google disagrees. For you to have any reasonable expectation of privacy with a website you need to password protect it. I guarantee that Google is not crawling websites that are protected by passwords.

This is analogous to leaving your stuff on your lawn. If someone comes by and sits in your chair and leaves again no sane person will think you have been slighted even if the sitter got that information from a stack of papers you let them hold.

  • [-]
  • keraneuology
  • -2 Points
  • 15:27:53, 6 September

A better analogy: you live in a gated community and give google the ok to fly their helicopter over it and they assume this means that they are permission to land and pick fruit from your tree.

  • [-]
  • Lentil-Soup
  • 2 Points
  • 17:20:34, 6 September

That's a horrible analogy. Let's say you live in a gated community where when you moved in, you agreed to have all packages x-rayed before being delivered to you. A package is sent to you, picked up by the community courier, x-rayed, documented, and then delivered to you.

  • [-]
  • occamstaser
  • 3 Points
  • 15:31:09, 6 September

If you are not password protecting your website you should have no expectation of privacy. What is the difference between some 11 year old typing random things into the bar and accidentally going to your site and Google going there. In the end the outcome is the same.

You leave the front door open and get upset when people walk in. I am not seeing the logic here.

  • [-]
  • Atroxide
  • 2 Points
  • 15:17:00, 6 September

> Follow links to an outside server to which they were not invited Why doesn't the outside server have a robots.txt if they don't want their contents being public? The web is public, you don't have to have permission to type in a website address and any one can do so with or without having an actual link to begin with. Maybe instead these people sending private information needs to ensure there information is actually secured?

  • [-]
  • keraneuology
  • -2 Points
  • 15:26:53, 6 September

> Why doesn't the outside server have a robots.txt if they don't want their contents being public?

Besides the point. Just don't follow links in somebody else's email. Why is this so difficult?

  • [-]
  • thirdegree
  • 1 Points
  • 18:27:45, 6 September

Not beside the point. robot.txt is the standard "you are not welcome here" for webcrawlers, if you don't have it on a site then you might as well have a welcome sign on it.

  • [-]
  • Klathmon
  • 2 Points
  • 16:49:33, 6 September

That's part of the spam filtering system.

If those links go to known spam/phishing sites then google has another way to mark the email as spam, giving it the edge over a competitor that does not do that.

Additionally, nobody at google can casually scroll through your emails, these are automated systems doing this, and matching them against databases of stuff. If you have a problem with this then you should stop using all email alltogether.

Want to know something scary? Without Google "following links" in the headers of emails, they would have no way of verifying who actually sent that email. So if Google gets forced into not being able to do this, i could just start attaching any address i want to outgoing emails, and you would have no way of knowing.

I hope you know how to trace the route back to see if it's actually legitimate, and don't mind doing that very long and tedious process for EVERY single email.

  • [-]
  • keraneuology
  • -2 Points
  • 17:27:21, 6 September

They weren't following the links in the headers, they were following links in the body of the email. You can scan the headers all you like, my problem is with clicking on links in the body which is an interaction not a scan.

  • [-]
  • occamstaser
  • 2 Points
  • 17:40:11, 6 September

I think the point he is making that if someone is sending you links to spam sites, Google wants to prevent that and the only way they know if it is a spam site is if they analyze it by going there.

  • [-]
  • Klathmon
  • 2 Points
  • 17:47:39, 6 September

Once again, nobody is "clicking" links. A computer is reading the URL's, then getting the headers and following redirects on those pages to determine if they go somewhere nefarious so that Google can warn you if something seems "phishy"...

Not only that, but Gmail has an option to automatically turn text links into URL's and it needs to verify that the text it thinks is a URL is actually a URL. The best way to do that is to send a ping and see if you get a response.

Finally, it's been shown in multiple court cases and in multiple countries that if a URL is public facing, with no authentication measures on it, then it is considered PUBLIC!

If i can type a URL into my address bar, you can't sue me for doing it. These laws are the same for Google.

If you don't want anyone going to your URL, don't send it. And if you need secure information, put it behind a login system, not just a random URL.

  • [-]
  • RugerRedhawk
  • 5 Points
  • 14:24:28, 6 September

So use another free email provider, or host your own. I don't give a shit and I like their interface.

  • [-]
  • Atroxide
  • 2 Points
  • 15:18:00, 6 September

You missed the point of the lawsuit. its not gmail users filing the lawsuit, its people who don't use gmail filing the lawsuit because despite not agreeing to google's terms of service, google is still scanning their emails when they send mail to someone who does use gmail.

(Not a good reason, but just pointing the flaw in your logic, i do agree google should be able to do this)

  • [-]
  • RugerRedhawk
  • 2 Points
  • 16:25:16, 6 September

Good distinction I didn't notice.

  • [-]
  • keraneuology
  • -9 Points
  • 14:29:00, 6 September

Who peed in your corn flakes this morning?

  • [-]
  • RugerRedhawk
  • 9 Points
  • 14:31:34, 6 September

Your arbitrary line in the sand 'peed in my corn flakes'.

  • [-]
  • keraneuology
  • -3 Points
  • 14:36:33, 6 September

It isn't an "arbitrary" line in the sand. An automated scan of an email for automated ad targeting is one thing.

To intercept, parse and act on the contents of an email outside of the display is something entirely different. It goes far beyond what Google says they were doing and is a blatant violation of privacy and could be breaking the law in a couple of cases: google has the right to parse YOUR EMAIL. No rational person will object to this. But when they use links in your email to ACCESS ANOTHER, UNRELATED COMPUTER SYSTEM then they are no longer merely parsing your email, they are accessing a foreign system on presumed consent which may or may not be the case.

  • [-]
  • occamstaser
  • 3 Points
  • 15:37:42, 6 September

Google is allowed to access any computer system that is publicly available on the internet. Same as you. That is how the internet works. Regardless of where they got the information they are allowed to do that.

Where the line is drawn, is if you password protect your site they are not allowed to enter it. They are not doing that as it would be in breach of the law.

  • [-]
  • keraneuology
  • 0 Points
  • 16:08:55, 6 September

Unpublished, private links are not "publicly accessible"

  • [-]
  • VikingCoder
  • 2 Points
  • 16:26:44, 6 September

(I think you and I are on the same page, I'm not trying to argue with you, I'm just venting...)

When you send me an email, it becomes mine, and if I agree to terms of service for how I handle and process my email, that's my business.

If you don't like how I handle email you sent me, that's your problem.

If you want to demand that I not use GMail, etc., when I receive email from you (based on some understanding you think you and I should have, which you feel is in contradiction with GMail or other provider's terms of service), then you and I can have that conversation.

You have no legal or logical basis to sue GMail.

This lawsuit is poop.

  • [-]
  • occamstaser
  • 2 Points
  • 17:30:48, 6 September

Yes, yes they are. Security through obscurity is no security at all.

http://en.wikipedia.org/wiki/Securitythroughobscurity

To make my point, lets talk about definitions here

publicly: done, perceived, or existing in open view

accessible: able to be reached or entered

So if the link is in the open view(not password protected) and able to be reached(on the internet), it is publicly accessible.