Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmail accounts being actively read by 3rd party vendors


  • Please log in to reply
8 replies to this topic

#1 ranchhand_

ranchhand_

  • Members
  • 1,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:03:32 AM

Posted 03 July 2018 - 10:36 AM

Google said a year ago it would stop its computers from scanning the inboxes of Gmail users for information to personalize advertisements, saying it wanted users to “remain confident that Google will keep privacy and security paramount.”

But the internet giant continues to let hundreds of outside software developers scan the inboxes of millions of Gmail users who signed up for email-based services offering shopping price comparisons, automated travel-itinerary planners or other tools. Google does little to police those developers, who train their computers—and, in some cases, employees—to read their users’ emails, a Wall Street Journal examination has found. [underline mine]

Entire Article:

http://www.foxnews.com/tech/2018/07/03/techs-dirty-secret-app-developers-are-sifting-through-your-gmail.amp.html

 


Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:32 AM

Posted 03 July 2018 - 10:49 AM

I actually hadn't even heard that news from 2017 about Google stating that it was going to stop scanning e-mail messages to target advertising (among other things, too).

 

I signed up for Gmail almost as soon as it existed, and in my opinion they were entirely forthcoming about the fact that your messages would be scanned by algorithms for several different purposes, but that the messages would not be being read by individual employees.

 

I have never been under the delusion that e-mail is anything better than semi-private, at best.   There is a real misunderstanding on the part of the public and, I'd say, a decent swath of the tech world, about the actual nature of e-mail as most of us use it, and I don't mean Gmail users, either.   There is not any significant security, at all, to prevent message interception (sniffing) for anyone who's willing to have the warped ethics and technical skill to do it.

 

On a message by message level, the probability of any one of those being intercepted somewhere, by someone, is high enough that I would never put something in e-mail that I did not want there to be any chance of someone finding out other than the intended recipient.  E-mail is simply not a secure communication medium, which is one of the reasons that virtually no medical service provider will communicate any medical information via e-mail as it poses a high probability of running afoul of HIPAA (in the USA).


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#3 MarkMackerel

MarkMackerel

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 03 July 2018 - 09:29 PM

Pretty bad from google.

I use tutanota.com for my emails. It's pretty secure. I guess you can never know for sure though.

#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:32 AM

Posted 03 July 2018 - 11:14 PM

End-to-end encrypted communications are definitely more secure than regular e-mail.

 

But, and I could be mistaken about this, don't they (and I don't just mean tutanota, but any end-to-end encrypted service) require everyone involved to be on it?  This may be a stupid question, but because I have never felt the need to encrypt in general I really don't know.   I would imagine that you can't send a message encrypted under tutanota to me on gmail and have me be able to read it, but I could be utterly mistaken.

 

End-to-end encryption is a "closed system", isn't it?

 

Addendum:  Scratch the above, as the answers are contained on this tutanota page:  

 

                                https://tutanota.uservoice.com/knowledgebase/articles/470785 

 

It is a closed system if end-to-end encryption is involved, but a one-sided (the tutanota or other encrypted mail service user) encrypted system for the tutanota user's side when storing what had been sent unencrypted to "the outside world" or received unencrypted from the same.


Edited by britechguy, 03 July 2018 - 11:19 PM.
Addendum

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#5 JohnC_21

JohnC_21

  • Members
  • 24,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 04 July 2018 - 10:53 AM

It's my understanding that the third party vendors are developers of Apps for smartphones. 

 

https://www.theverge.com/2018/7/2/17527972/gmail-app-developers-full-email-access



#6 MarkMackerel

MarkMackerel

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 04 July 2018 - 07:38 PM

End-to-end encrypted communications are definitely more secure than regular e-mail.
 
But, and I could be mistaken about this, don't they (and I don't just mean tutanota, but any end-to-end encrypted service) require everyone involved to be on it?  This may be a stupid question, but because I have never felt the need to encrypt in general I really don't know.   I would imagine that you can't send a message encrypted under tutanota to me on gmail and have me be able to read it, but I could be utterly mistaken.
 
End-to-end encryption is a "closed system", isn't it?
 
Addendum:  Scratch the above, as the answers are contained on this tutanota page:  
 
                                https://tutanota.uservoice.com/knowledgebase/articles/470785 
 
It is a closed system if end-to-end encryption is involved, but a one-sided (the tutanota or other encrypted mail service user) encrypted system for the tutanota user's side when storing what had been sent unencrypted to "the outside world" or received unencrypted from the same.



Thats correct. From my research tutanota seems like a good option for securely using email.

#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:32 AM

Posted 04 July 2018 - 08:46 PM

From my research tutanota seems like a good option for securely using email.

 

 

I guess if your recipients are also using it, too.

 

This is one of the reasons I don't think end-to-end encryption is "the best thing since sliced bread" since most folks using e-mail don't use it and won't use it.  If you send out a message to someone not on tuanota it is unencrypted in transit just like normal e-mail.  If someone "from outside" sends you an e-mail, it is unencrypted in transit, as it is normal e-mail.

 

It seems to me that there is very little in the way of actual e-mail account hacking.  There's lots of sniffing, lots of server hacking off and on, and end-to-end encryption works only on closed systems.

 

It seems easier to me to accept the fact that e-mail, regular e-mail, cannot be presumed to be secure and to communicate accordingly.  It's the nature of the beast.  Postal mail and phone conversations are much better protected legally and, in the case of postal mail, much more secure in practice.


Edited by britechguy, 04 July 2018 - 08:47 PM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#8 JohnC_21

JohnC_21

  • Members
  • 24,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 05 July 2018 - 08:40 AM

Yeah, end to end encryption works nice if both people are using it. I believe Whatsapp now has end to end encryption on text and voice but since it's owned by Facebook???. Banks use their own messaging center on the web site itself to keep things secure.

 

phone conversations are much better protected legally 

 

You need a warrant to tap a landline but I'm not sure how mobile works. The new SCOTUS rulling requires a warrant for phone location but I don't know about the cell call itself. The NSA sucks down cell calls without a warrant. 


Edited by JohnC_21, 05 July 2018 - 08:40 AM.


#9 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:32 AM

Posted 05 July 2018 - 09:02 AM

Yeah, end to end encryption works nice if both people are using it. I believe Whatsapp now has end to end encryption on text and voice but since it's owned by Facebook???. Banks use their own messaging center on the web site itself to keep things secure.

 

phone conversations are much better protected legally 

 

You need a warrant to tap a landline but I'm not sure how mobile works. The new SCOTUS rulling requires a warrant for phone location but I don't know about the cell call itself. The NSA sucks down cell calls without a warrant. 

 

Any service offering end-to-end encryption would have to be insane to provide any workaround for it.  They've got their business to protect, and that includes businesses owned by Facebook.

 

I believe you need a warrant to do the equivalent of tapping any phone call, but I could be wrong.  It would certainly be very easy to intercept calls from both wireless phones (as in for landlines where there's a base unit and handsets) and mobile phones if you know what you're doing, but it's still probably not legal.

 

The NSA surveillance, based on all reports, was related to location data, not call content (but, of course, one knows that they'll be monitoring call content that they believe needs to be monitored, but likely with warrants within the USA).

 

https://www.washingtonpost.com/apps/g/page/world/how-the-nsa-is-tracking-people-right-now/634/

 

https://www.cbsnews.com/feature/nsa-surveillance-exposed/

 

https://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/

 

https://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html?utm_term=.8b32f81f071c

 

Again, we're back to an, "it's the nature of the beast" thing.  Even if the NSA and other entities are forbidden from doing this, and were honoring that, the nature of the technology is such that those who wish to behave illegally have the ability to do so with ease.  And that's even in regard to listening in to calls.  Of course, wiretapping is very easy, too, but the legal penalties for doing so are very steep.  That still won't prevent those that really, really want to surveil from doing it.

 

I have said, again and again, that people need to understand the actual risks posed by any technology they use.  E-mail and mobile phones cannot be considered to be secure means of communication, and that's been true of both since their introductions.  To believe otherwise is to ignore a vast amount of history at this point and one must operate under the understanding of what is.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users