I'm also a Googler these days (via Fitbit). The assumption being made in this entire discussion is that the purchases are mined from Gmail, but that doesn't appear to be correct.
From the screenshot, the items are part of the "Purchases and Reservations" activity category that the parent points to. According to to the help documentation of the category, it specifically refers to purchases made directly within Google Search, Maps, or Assistant. I personally have precious few (4) items in this category, particularly when compared to the large number of purchase confirmation emails sitting in my Gmail account. And there is a UI for deleting the purchase records from my history.
Meta-comment, I find discussions of this type tend to elide the distinction between data used for personalization with data used for advertising. Say what you will about the very fact that the same organization has both, but I do think the distinction is both important, and communicated well neither by Google nor by anyone else writing on the topic.
If I send an email to someone appearing to expect a reply, and I don't get a reply within X days (I think X=5), Gmail surfaces the email with a chip saying "Sent 5 days ago. Follow up?"
If I receive a travel reservation confirmation email, I receive a calendar reminder on my phone a few days before the trip.
This is personalization. But years ago Google made a commitment not to use Gmail data to customize ads (after initially doing so). So there's a real difference between personalization data and ads data.
Closer to home for me, we are legally barred from using Fitbit data for ads or allowing any system (or person!) in the Ads organization to access it in any way. But nobody said we can't personalize your Fitbit experience based on data derived from, say, your Fitbit exercise history.
I was spooked enough yesterday by newsweek offering to take my money and showing my gmail user details! Why do third party sites have access to my full name? I'm running an adblocker, a DNS block list, disabled third party cookies etc. Anyway I think my gmail account's days are numbered. Maybe I am willing to trust Google or at least compromise but not newsweek.
Yeah, it happens in Firefox for me too. If I'm signed in to Gmail in Firefox and visit, say, Kayak or Priceline, I get the same popup. Safari seems to block it though.
There's a particular type of "login/signup to this site with your google account" popup that only happens in chrome. From the comment posted, that appeared to be what they meant.
>> This is personalization. But years ago Google made a commitment not to use Gmail data to customize ads (after initially doing so).
Oh! Well, I actually did not know this. You are saying they realized they shouldn't use my Gmail to customize what ads they show me; how can I verify you are right to say so?
>> So there's a real difference between personalization data and ads data.
Googler here, who worked on Workspace (which gmail is a part of). Anyone who works in workspace could confirm that, it's something that is taken very seriously. On the personalization side - smart compose in gmail, where there's typing recommendations, that's personalization, where a machine learning model looks at your email and generated a specific model for you that suggests text. The data never leaves gmail, and it's not used for any other purpose, and no one has access to it. That's different than, "let's use your email to generally learn about you and recommend ads or content to you".
Google processes your data to fulfill our contractual obligation to deliver our services. Google’s customers own their data, not Google. The data that companies, schools, and students put into our systems is theirs. Google does not sell your data to third parties. Google offers our customers a detailed Data Processing Amendment that describes our commitment to protecting your data.EY, an independent auditor, has verified that our privacy practices and contractual commitments for Google Workspace and Google Workspace for Education comply with ISO/IEC 27018:2014. For example:
We do not use your data for advertising
The data that you entrust with us remains yours
We provide you with tools to delete and export your data
We are transparent about where your data is stored
You can get even more detailed in the DPA:
Customer instructs Google to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services and TSS; (b) as further specified via Customer’s and End Users’ use of the Services (including the Admin Console and other functionality of the Services) and TSS; (c) as documented in the form of the applicable Agreement, including this Data Processing Amendment; and (d) as further documented in any other written instructions given by Customer and acknowledged by Google as constituting instructions for purposes of this Data Processing Amendment.
If I'm using a free personal account, where is the contractual relationship? My understanding is the terms are "take it or leave it, G can do anything permitted by law, and the user has no standing in court for any harm related to G's services". Is it possible for an individual to pay a token amount to get a real contract? Not intended personally, just trying to understand
There is no free account. You pay with your data. Recent right to repair legislation in Germany makes the concept of "paying with your data" explicit for the first time even in law text. So courts can no longer doubt that it is paying. But of course it has existed implicitly for years in many contexts. Not sure whether there have been high profile cases whether giving data is "paying" or not. A contract does not require payment by money.
Whether a contract is formed when you register and agree to their terms would depend on locally applicable law. I don't recall stories that courts would have deemed registrations on the internet invalid in general. Certain terms in the aggreement definitely.
The terms of service and privacy policy (https://policies.google.com/privacy) are the contract. And my rough understanding (not based on reading the contract, something said internally at Google a while ago about what is in them) is:
- Your "content" (data in Gmail, Docs, Photos, etc) won't be used for advertising. (Only for personalization, like the Gmail smart compose, asking Assistant about the status of your order, etc.)
- Your "activity" (your searches, etc -- what you can see at https://myactivity.google.com/item roughly) can be used for advertising, though you can turn it off (see https://adssettings.google.com) or delete it. (IIUC, you have more granular privacy controls as a logged-in user as you can delete individual items….)
This is how it should work. But there is no way to verify if that is also how it actually works. So it amounts to a pinky promise and from any large company that to me is not enough, so while I appreciate your candor and your belief in that your employer is abiding by this I hope you will forgive me from having a lot of lingering skepticism.
Fundamentally it’s impossible to prove a negative, so agreed that it’s a pinky promise. I would say that I am a little closer to the problem space than just ”believing” from my time working in this area and dealing with these issues.
I routinely dealt with situations where connecting workspace data with other teams, even with explicit opt-in from users, at best required building incredibly detailed data scrubbing and log redaction to ensure no user data persisted outside of the workspace systems, in case it might accidentally end up used for some non-workspace purpose. At worst it was simply not possible, or not worth the other teams time to build things to a standard that would satisfy legal and privacy.
For sure, it’s possible there is some secret system or accidental data exposure, as I said, can’t prove a negative. But I will freely confess that I was someone who was generally skeptical of Google’s approach to data handling and always believed Gmail data and everything else was mined for every purpose until I joined Workspace. Once I was inside and saw how carefully it was treated and how many rules there were around anything you do with user data even within the Workspace teams, I was honestly nonplussed. It made product development harder.
Yeah, that statement is an oversimplification of an oversimplification. The idea behind it philosophically is that it is far easier to prove that something exists/is happening than to prove that it is not. Essentially that if someone is going to make the claim that google is doing X, the proof is easy: a single instance of it happening. To prove google is not doing X requires you to create a collection of all of googles actions, prove that it is a full collection of their actions, and then prove that within that collection exists what the topic of debate is. Therefore, while it is not technically impossible to prove that google is not doing X, for the purposes of debate we should treat it as if it is and the burden or proof should rely on the person claiming that google is doing X.
Of course, as people living in the world we don’t necessarily need full proof to try and protect ourselves from the actions of an entity we don’t have full knowledge of. But saying “I don’t want to give google X data because of what they theoretically could do with it” is different rhetorically from saying “I believe that google is doing X with the data, and if you don’t prove otherwise it’s probably true.”
I just grabbed that from the support article because it was first in my search history - that's the support article related to @domain.com workspace users, so it's framed in that context. For the purely consumer use case (it's the same):
> When you open Gmail, you'll see ads that were selected to show you the most useful and relevant ads. The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you're signed into Google. We will not scan or read your Gmail messages to show you ads.
The way you state this is as if Google is absolutely transparant about the data they're gathering and processing. Yet in practice it's nearly undoable for even experienced readers.i get emailed on a regular basis that Data processing agreement X of Google Service Y has been changed. Than there's is also the plethora of dark patterns within Google, for example the location functionality on Android. I get prompted that my location functionality is not working and that I must enable wifi tracking as well. Location is just working fine, be it on a worse resolution. Now if you'd be honest in the prompt, you wouldn't suggest the service is broken, but gave it less attention. If Google were really honest and transparant on all the data they're using, and making it easy for users to make a choice in how and what, than my take is that most users would opt-out.
But luckily google provides us with a completely gdpr compliant opt-out for Google Analytics.
To be 100% clear, I'm only talking about gmail, and by extension, Workspace, because I until recently worked there and saw firsthand how data was treated.
"Oh! Well, I actually did not know this. You are saying they realized they shouldn't use my Gmail to customize what ads they show me; how can I verify you are right to say so?"
and then my response:
"Googler here, who worked on Workspace (which gmail is a part of). Anyone who works in workspace could confirm that, it's something that is taken very seriously."
It's a cut and paste from the linked support article, hardly my preferred mode of communication. Elsewhere in the thread I cut and paste from other content that's a little bit more plainspoken.
My comment was directly in reference to this thread's topic, which is the use of gmail data for ads vs. the use of gmail data for the personalization of gmail. Your comment isn't germane to that topic.
True, but the "no one has access to it" part is an unequivocal statement that happens to be false. We should keep in mind at all times who has access to all of Google's data whenever they wish.
You can't do threat modeling if you don't accurately model the various threats. Everyone at Google could be completely trustworthy but there's still huge insider risk thanks to US spying.
Again, my comment about "no one" was in the context of ads personalization, as in "no other part of google that might want to consume the model for broader use".
If we are going to do "threat modeling", we should also talk about the risk of nation state actors penetrating Google, or compromising your browser and getting access to your gmail that way. Or an accidental bug that changes everyone's password to be 12345. Yes, or the federal government could subpoena it.
Lots of things could be true and possible, but none of them are relevant in a discussion that's about the _internally permitted use of data within google_.
They are relevant in a discussion that's about the data flow from when Google gets data. As a Googler, the distinction between the two might feel very different, but as a user, I don't care whose fault it is, or what's technically going on in the legal description of Google's corporate structure; I didn't even notice the distinction between the two conversations (and assumed you were having the one I mentioned) until you pointed it out.
The message doesn't really land with me because it's so specific. Not using collected data for "ad targeting" leaves a LOT of room for uses of the data that I object to, including marketing purposes that don't happen to be ad targeting.
That's good because my mailbox is filled with mail from other people. I signed up to gmail on day one using the x.lastname(at)gmail.com address format. Before dot meant "alias".
However I now get email from various people around the world with xlastname(at)gmail.com addresses. Apparently your email is not unique in the world, but only in your region, kind of (?!).
I get important emails (hotel bookings, insurance mails, trip reservations, orders, lawyer documents) from people which use xlastname(at)gmail.com in the USA, Canada, Australia, and Europe. All with similar names to me, obviously the surname is the same, but first name is different, just the same initial.
I've confirmed (by contacting some of them) that they are not missing out on any important documents. For some reason Google's system is duplicating emails meant for other people into my mailbox.
Only mails using x.lastname reaches MY inbox. If I tell someone I know to send a mail to xlastname I wont receive it, making the statement here...
> However I now get email from various people around the world with xlastname(at)gmail.com addresses. Apparently your email is not unique in the world, but only in your region, kind of (?!).
No, it's globally unique. I worked on this system for years. When it looks up an email address, it first looks in a globally consistent database [1] for an email record keyed by "canonicalized" address, with dots stripped out, everything in lowercase, and certain letter/number combinations replaced that are too similar like '1'->'l'. So if you sign up with x.lastname(at)gmail.com, no one else in the world can have xlastname(at)gmail.com, x1astname(at)gmail.com, xl.astname(at)gmail.com, etc. Part of this record's value is the original email address with the 'l's and '1's how you chose them. If those don't match the query, the system returns not found, just as it would if there were no record for the canonicalized form.
> I've confirmed (by contacting some of them) that they are not missing out on any important documents. For some reason Google's system is duplicating emails meant for other people into my mailbox.
I'd be _shocked_ if that were true. It'd be a very serious privacy incident and is contrary to my understanding of the system. Far more likely it's what I've seen with my own email addresses. Someone else incorrectly writes your email address instead of theirs into some system. Usually you're the only person who gets the email, but they might send something to two addresses, or they could even set up a forwarding rule from an address they have to an address they incorrectly think they have. They may say they're not missing any important documents, but maybe they have the documents in another system and don't know they're supposed to have gotten an email copy also. Or maybe they don't know what they're missing and don't understand what you're saying. This group of people was not selected for tech savviness. They might have just made a typo once, or they might keep doing this because they don't understand email at all.
> Only mails using x.lastname reaches MY inbox. If I tell someone I know to send a mail to xlastname I wont receive it, making the statement here... https://support.google.com/mail/answer/10313 ...false (for me).
That's odd. You can write to support if this is a problem. Support tickets actually reach engineers when necessary (yes, even for free gmail.com users).
It seems vaguely possible given the age of your account that your email record state and the current code are inconsistent in some way, like the field that stores your email address with the 'l's and '1's in your preferred form actually having the dot when it's not supposed to or some such. If there is such an inconsistency, one of my former teammates will fix the code or the database state (running a cleanup that finds all affected records) so they're consistent.
Or maybe the xlastname ones are just ending up in your spam folder. /shruggie
I have fullname@gmail.com, and I routinely get full.name@gmail.com mail intended for what is obviously two different people. I have no idea what their real email addresses are of course, but I've contacted both of them on Facebook and tried to explain that full.name@gmail.com is my email address, not theirs - neither replied, both continue to use it for tons of sensitive stuff. I don't understand why they haven't noticed the lack of critical, sometimes personal, email. It's bizarre.
I have a first-initial-lastname gmail address and receive more email for people with same-first-initial-lastname than I do actually for myself. One of them likes to go to expensive hotels somewhat often. I get the receipts. It's weird.
Trust once broken is next to impossible to restore. Besides that there is no way to verify this for outsiders, so you may as well assume that it is done because there is money in it. Google lost the moral high ground in these discussions long ago.
If Google personalizes your data, but doesn't pipe it into ads.google.com, then it's not ads data.
> how can I verify you are right to say so?
I mean, you could say "how can I verify Google isn't using my Google password to decrypt my Chrome data and pipe it into Google Ads", but you'd have no way of verifying that, besides taking their word for it. https://variety.com/2017/digital/news/google-gmail-ads-email...
That’s the crux with tech these days. Many companies took advantage of people’s data when they shouldn’t have. If they want to walk that back and behave in a good way, how can anyone prove it.. taking their word for it isn’t good enough.
For example, data on which videos on YouTube I watch are used to personalise my recommendations. My feed becomes subjectively more interesting to me. The ads aren’t personalised because I don’t see any ads. So my data is being used, just for my benefit. Does that make sense?
I see ads on my Apple TV but they're not personalized, just random food delivery, lots if ads for chips, shampoo and meds, or the usual junk that you see on cable TV. I fail to see how this brings me any benefit.
> If you're watching YT and think you are not seeing ads, then you're being foiled.
Actually running an ad blocker/paying for Premium means you aren't seeing ads, pushed by Google. Any creator might be showing you sponsorships/product placements of course, and Google has no say in that.
When I say "you're being foiled" I'm not talking about product placements. I'm talking about how Google designs its sorting algorithm for me, on my personalized YT front page and how that assortment challenges me to become involved, enticed even, to view/buy certain things.
So you think google is guiding you, based on your profile based on all the data they have collected on you, to (for example) specific tech product reviews in order to entice you to consume goods at retailer walmart/dell/apple/samsung etc?
Exactly. The more data, the more control over interactions the other party has to extract maximum value. I’m always surprised when people don’t understand this. They get it if you talk about the real world, but don’t if suddenly the information is exchanged over computers.
So, my gmail is fname.i.lname@gmail.com. I see SOMEONE else's purchase in my history.
That persons name is shown as fname lname@gmail.com. Same as mine except .i. is three spaces.
WTF? Does Google have a bug here? Is there an actual real life human I could send this to?
Edit: the only purchase I see of mine are for Apps I bought from the play store. These don't show up in the link that the Googler posted above.
Isn't it sad that a company that totally dominates modern email, plays so fast and loose with email standards?
And not just obscure standards; email addresses are very much public-facing elements of email. The expectation when you register an email address is that that address is now uniquely associated with you. The public does not expect that an email might be delivered to other inboxes than their own.
Why does gmail elide dots again? There must be some reason why a big email provider would deviate so egregiously from the conventions all other email services comply with.
/me not a gmail user, except for certain account recovery purposes.
I see, but these "receipts" are just emails. I would be extremely surprised if someone else's emails are getting routed to your gmail inbox. Seems very unlikely...
Yeah, user error is more likely here, knowing the security in place at Google. That said, I suggested submitting it since the exercise of creating a repo will make it clear one way or another.
Win / win either way for OP. Learning opportunity or a bit of cash in hand for relatively little investment.
The link above, https://mail.google.com/mail/u/0/#search/category%3Apurchase... is just a search of your Gmail inbox for "category:purchases". You get exactly the same results by opening Gmail and entering "category:purchases" in the search box. Each of the results is an email that was delivered to your Gmail address, i.e. an email actually in your Gmail inbox or archive. So if you're saying you're seeing someone else's purchases, it means email meant for them was delivered to you (and you didn't notice it at the time for some reason). You can click through to each individual email to see when it was sent and by whom etc. So if it's a bug, it's a bug with Gmail delivery itself; it's not a bug with the purchase categorization specifically.
It’s not a security issue. It’s a user confusion and poor validation issue.
I was an early GMail user and have a common-ish name. I probably get 30-50 emails a month from confused people ranging from contracts to receipts to racy photos.
I used to get alert emails, from google, for what appeared to be someone with my email address in another tld. I probably could have reset their password and accessed everything. Maybe they can access my email.
I sought support but never got anything official and commenters brushed it off. But I'm pretty sure it was similar to your issue.
Thanks for the link. Unfortunately, there is no UI for removing this category when it's incorrect or when I wish to opt out.
Ironically, since the only purchases my Gmail contains receipts for are for someone who isn't me but apparently decided to use my email address, whatever database these are feeding that Google thinks is "about me" is steadily being corrupted to death by a complete stranger.
Not going to be so great when they engage in criminal activity that points back to you. I do a password reset on their account whenever I find someone using my email. Then you can change the email to a throwaway or delete the account. It's unsafe to let it be.
There is a long paper trail full of evidence of my attempting to contact people to get them to stop sending me someone else's email. If some idiotic prosecutor can't tell the difference between some jerk in Missouri and me, they deserve the judge's derision when the confusion is uncovered.
Gmail does not allow changing email addresses, and if I delete the account, I lose access to a recovery email that I'm executing a multi-year migration away from. That's simply not an acceptable step to take to mitigate the unlikely risk you describe.
There's also some jerk at AOL who forwarded their email to me mistakenly over a decade ago, and I've tried to contact AOL, which of course they won't consider since I'm not the person who set the broken forward.
While I appreciate your concern, I've already taken it into consideration as best as permitted by the tools available. If you are aware of a way to change a gmail address without creating a new Google Account, then of course I would love to hear about it.
It's a lost cause. I'm over a decade into the transition you are undertaking and I've basically just accepted that it will always be an account I can't get rid of - so I use it as a "you need my email address but I don't trust you" account. Nobody ever has any concern if you give them a gmail account.
Over 50% of the email this account receives is for other people and frequently the "To:" field isn't even an exact match for my address!
If you do start getting stuff that looks like it might cause you problems: be proactive. Do not wait around to embarrass some prosecutor. By that time, you've already spent thousands of dollars and had your reputation dragged through the mud. I once started getting legal threats meant for someone else. I had a lawyer call up that lawyer and it was cleared up in less than 10 minutes. Another time I started getting emails from/to a person with the same name as me at the State Department that definitely should not have been sent through a non-government server. I talked to someone I knew at the US Attorneys Office about it and those emails stopped immediately (doubt that guy still works there, LOL).
I believe the suggestion is to do something about the account on the other service that has been pointed to your address, e.g., if United Airlines is sending you mail about flights you never booked, perform a password recovery on the UA account thereby locking out the person that entered the wrong email address. I'm not sure I agree. But then it doesn't often happen to me.
That could be inferred as unauthorized computer systems access under various laws, so I don't personally, but it's definitely something you can try to do in varying degrees.
Right, and in the absence of evidence making assumptions is a very natural human thing to do. But eth0up went through the trouble of finding pretty compelling evidence that the data was not being used for advertising purposes, quoted it, and still chose to believe the opposite.
Yes, because whimsical potato, I am true, fearless believer and desciple, hater of evidence, prophet of assumption, protector of anonymous tubers.
Not because google is in the business of data and advertising or has the ability to cleverly manipulate language to their advantage or would ever consider being evil. I'm quite confident google wouldn't use such data in ways that could be connected to advertising. All your google data are belong to privacy.
> Be kind. Don't be snarky. Have curious conversation; don't cross-examine. Please don't fulminate. Please don't sneer, including at the rest of the community.
Did you mean purchases from Google Voice, Google Fi, Google One, YouTube, Google Cloud, or Nest? Or purchases with Google Pay, Android Pay, or perhaps "send money with Gmail"?
Recently discovered these all seem to be unlinked, after I has to change my payment instrument in a dozen different places.
Honest question here, why do people put this in their response? I don't think there is any chance that one might thing "kyrra" is speaking on behalf of Google.
I like it when people disclose that they have a deeper connection to a company being discussed than most people. It's fair disclosure, especially because it indicates where their biases may lie (and we all have biases).
But once someone says "I work for X", they must also say that they're not representing the company. Companies get a bit upset if their employees appear to be representing company positions without authorization, even if no reasonable person would thing they were.
Perfectly sensible policy and I for one appreciate insiders clarifying misinformation especially on such issues, while still notifiying their potential conflicts.
Disclaimer: I am not a googler, opinions are what google tells me to think.
Some comments I see (not speaking of this thread per se, but in general on HN) are really close to conveying internal company information. Which is beyond mere opinion and only available to someone inside the company. Some people clearly use the disclaimer to elevate their "opinion" to the level of authority.
It's not about access to information. It's about removing the possibility of being confused for a spokesperson of Google's.
This is in contrast to comments you see here like "hi, Ben Foobar from [company being discussed] here", where the company is being formally represented and communicating with HN.
Naturally Google doesn't engage this way on HN, but the disclaimer is written out of habit and an abundance of caution.
It looks like there is a section called "Smart features and personalization" in the GMail settings (not the general Google account settings; specifically the GMail settings) under the General tab.
It indicates that "Gmail, Chat, and Meet may use my email, chat, and video content to personalize my experience and provide smart features. If I opt out, such features will be turned off."
It's strange that this major privacy setting is buried specifically in the GMail section and not mentioned in the main Google account Privacy Checkup. I never knew it existed.
Not to give undue credit to Google.... but I do recall a popup in gmail about personalization not too long ago (either this year or last) with the option to opt-out.
Mine is empty as well, so I must have found the toggle someplace. Also, I fwd then delete all my gmail to my "real" email account but presumably Google could have already "read" my mail.
Mine is empty as well. I think this article is misleading. The takout list does not come from gmail, but are "purchases made directly within Google Search, Maps, or Assistant".
I do wish gmail would keep track of all my purchases. Keeping a folder named "shopping" is ok, but it could be so much more.
Next to each purchase I'd love to see:
- link to a manual, youtube videos about this product.
- remainders when stock is low (for things I might reorder).
But Google follows and track you without actually using their products as well, and they do it at massive scale.
When the pervert is taking pictures of your daughter at the beach promising to fade out the face you don't take go to other beach as an answer. Your company tracks everyone everywhere, not only on their properties.
Zero respect for Google or Googlers just like I have 0 for perverts.
You can't attack another user like this, regardless of whom they work for. I've banned this account. It's important to quality of discussion here that people be free to post about things they know about, and people tend to know a lot about what they're working on or what other people at their employer are working on. Allowing full-out attacks like this would disincentivize them to post, which would be strictly bad for HN: more aggression, less information. We want exactly the opposite of that.
---
Separately, would you please stop creating accounts for every few comments you post? We ban accounts that do that. This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html.
You needn't use your real name, of course, but for HN to be a community, users need some identity for other users to relate to. Otherwise we may as well have no usernames and no community, and that would be a different kind of forum. https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...
Not defending Google or dude above, but at this point I really can't blame neither Google nor people working there. Almost everyone in a position to affect change is well aware of this and everything morally reprehensible either Google, Facebook, Apple, Reddit, TikTok, Twitter, Snap, Medium (add like 20 more) does.
Complaining about companies will change nothing as long as there are people using them. Whenever the privacy topic comes up a few people come back with I have nothing to hide, or it's too difficult to figure out which is good, or my life is busy and I can't focus on that, or it's all fucked might as well just install cameras in my shower. All this means is that: a lot of people don't care or are too nihilistic to want to change, and neither of these groups deserves sympathy.
If you still use Gmail, you don't get to complain that they scan your email, or use it to sell you stuff, etc... If you use Alexa you don't get to complaint that they might be using other trigger words to register interest, or that your parrot ordered something by mistake. These companies have been making their position on all of this extremely well understood over the last freaking decade.
If you're in a position to let someone who's genuinely not aware of this and still uses Google, you can maybe consider telling them, if they change then that's a net positive on the side of humanity, if they don't then it's on them.
That is not at all a fair take. These companies go out of their way to make their onboarding funnels as seamless as possible, and then jam all the negative side-effects of signing up into an impenetrable wall of text. Not everyone has been in tech for a decade, new users fresh to the internet and life in general sign up every day and these companies rely on their naivety and exploit that.
The consequences are clear to US but we know what to care about, there are teenagers on Facebook, Instagram, anbd Google services. Do you really think they understood the implications of lifelong digital surveillance? Not to mention the thousands of smaller tracking and advertising companies that bottom-feed in the background without so much as a peep. Your behavior lives in the databases of companies you've never heard of before, and they sell it for pennies such is their value of your privacy.
You probably consented to Facebook having access to your photographs in order to do the business you expected them to do with it, such as show it to others in your friends group. Did you anticipate them using your face in advertisements? Did you expect them to run ML algorithms on them in order to suck out advertising interests, did you anticipate the use of your data to form cohorts that allow you to be advertised at by companies you've never heard of?
Depending on when you signed up, you couldn't have, because half of these things didn't even exist when many of us gave them consent. Now think of the billions of users these companies have that don't even know what the word cohort means, and your position is essentially that well they don't know they should be mad, so it's fine to exploit them.
I didn't say people should be blamed for signing up, but for continuing to use these companies and services after seeing many people burn or because they prefer the convenience. If you:
- want the convenience
- are not willing to pay for it
- and have gone out of your way to avoid doing your research on how this thing works
== it's on you
but i'm not saying this to blame people really, i want people who are in this position to take responsibility for themselves and look up wtf is (for example) google doing and how is it free, then choose if they're ok with that (and stop complaining) or are not (and quit it). Enough people leaving Gmail will absolutely make a dent in how Google thinks. I'm optimistic about this. More people are waking up to the technological-slavery we're living in.
Funnily enough I am cynical about this, I don't think people will en masse figure it out and ditch the services as I don't think it's on teir radar at all. Which is perhaps why I feel more strongly that it's exploitation versus a choice they make.
It's why in this circumstance I am pro regulation on the adtech industry, as I feel it is the only way to protect people who don't see the dangers. Similar to how regulation is the only way we get ethical food production at such a large scale. When systems get too big, past regular human scale and on to conglomerate scale, it's hard for the average person to see and understand the whole system and its harmful factors.
>These companies have been making their position on all of this extremely well understood over the last freaking decade
I don't think that's fair. These systems are extremely complex. I work in the user privacy space for a company you've heard of, and I can't say that people don't care. I think they don't understand. They don't understand that these companies have PhD educated ML data scientist getting paid outrageous salaries mine your behavior and influence it. I will never, ever blame the user for being exploited. I will always blame the people who continue to work on these systems, because these systems are evil.
> They don't understand that these companies have PhD educated ML data scientist getting paid outrageous salaries mine your behavior and influence it
What I think is a fallacy is that _any_ of us even understands exactly what that means. The data science crap is (from what I hear from people in the industry) is mostly hype.
> I will never, ever blame the user for being exploited.
It's not exactly exploitation if the user is aware of what's happening and change causes them only inconvenience. People don't even turn off GPS on their phone even though they only actively use positioning like once a week just to avoid the inconvenience of having to go to privacy settings and turn it on/off, basically they'd rather be tracked the whole time just to save 3 seconds. If you do this you're not being exploited, you're willingly accepting this transaction. It's their loss.
The thing that every single person can see is that these companies don't have the customer's interest primarily in mind. Google is not giving free stuff because they're generous (and they shouldn't be, people should understand that companies exist to make money by "supposedly" providing value). Their standard position is hypocritical. Amazon argues for higher min wage not because they care about welfare, but because they want to prevent competition from even a 1% chance of gaining a tiny share in some market, as long as min wage can only be paid by Amazon and not some random small business, they're winning.
Our problem is not that companies are doing any of this. It's that when EA did that whole gambling/surprise-box crap, people complained and complained for months, but a lot of those same people STILL played the same stuff and bought stuff from the company. This leads to the conclusion that people don't want anything to be different, but they like to complain and have moral high standing.
> The thing that every single person can see is that these companies don't have the customer's interest primarily in mind.
I've tried to talk about privacy with many people, but very few people think about things like that. They don't even know what things like "server" mean. Even if they have a vague awareness that companies are conspiring against them, they give up because they have been told that "'They' already have all my data so there is nothing I can do."
I understand the difficulty in explaining the technical stuff. Partly i think it's also on people to learn a little. Not in a few months and not to become tech savvy, but ust the basics about what the heck internet is and what's the difference between that and the web for example. Technically this is a 50 year old invention, if you absolutely understand nothing about the internet you're almost actively trying not to learn or read, with that being said I think we should have more basic technical education specifically designed for non-tech people.
> Even if they have a vague awareness that companies are conspiring against them, they give up because they have been told that "'They' already have all my data so there is nothing I can do."
Yeah like I said, it's a nihilistic attitude. For example saying that more countries should have nuclear weapons just because around 9 have it already is cannot be an argument. 10 countries having them is more dangerous than 9.
And by the same rational, if Google already owns you, it doesn't mean that you it's ok to sign your soul away to TikTok now!
> Partly i think it's also on people to learn a little.
It isn't just limited to non-tech people. Even many programmers even aren't aware of it. They know how to code, but they don't understand the larger systems that they are a part of.
Wow. It's not even just everything you buy from Google--from the post it seems like they actively compile and organize the data from every purchaser transaction that touches your GMail account.
I think we deserve to hear from Google about this one. Unless we have already?
> Wow. It's not even just everything you buy from Google--from the post it seems like they actively compile and organize the data from every purchaser transaction that touches your GMail account.
IIRC, that's why Amazon purchase emails are utterly useless now. They realized Google was getting their precious customer data via Gmail, so they cut off the flow years ago.
It's another example of how the modern economy has many consumer-hostile incentives that have actually led to regressions rather than improvements.
That’s funny, I wondered why Amazon order emailed sucked so hard lately. Thought it was just them being dumb.
I liked getting an email with the item, price, shipping, etc. Now it’s just an order number and shipping notice and I have to click on the order to figure out what items are coming. Particularly fun when I order 6 items and they get split into 6 shipments. Or just trying to keep track of my dozens of Amazon orders.
I switched to Walmart as they send useful product updates.
>That’s funny, I wondered why Amazon order emailed sucked so hard lately. Thought it was just them being dumb.
It's the opposite.
Amazon wants you to click back into the store to buy things. One way to do that is forcing you to view orders in the store instead of your email inbox. They care more about that than Google seeing your purchase history.
It's not like killing it will make your emails from Amazon better. Now that Amazon realizes that data can be scraped by anyone, they won't leak it again.
Huh, I suppose that's why I sometimes have to click through several different Amazon emails to find the specific order or shipment I'm looking for. They've removed the details from the actual email.
I.e. forcing you to use their platform to access this data, instead of an independent platform that is e-mail. Nice way of taking away users' control over their own data.
On the contrary, it's sort of a way to give users more control over their data.
I work for another online retailer and have been involved in discussions about this same topic (order information in emails we send), and the way we looked at it was that:
- Gmail collects this data from emails
- The overwhelming majority of users are unaware of this data collection
- If we included the data in the email, while knowing that Gmail was collecting it and knowing that most users are not aware, that was tantamount to us just willingly handing over the data to Google without the users' consent
Because of this, we asked ourselves if users would likely feel upset with us willingly handing over data to Google without consent, and we decided that yes they would. So we made a trade off to not include that data in emails because we thought that was more important than the hit to UX we would take from making the emails less informative.
Either way we had to make a decision on behalf of our customers and we knew that no matter which one we chose, we knew some portion of users would be unhappy and decided to go with the more privacy-conscious choice.
I think the followup question in these cases is whether consumers can get the data _off_ of the main websites.
I do see a decent argument for companies being a little bit more conservative about what information they put in emails when this kind of information collection is largely invisible to the general public. It's just important to balance that against data silo worries by making it easy for customers to export their data and hook purchase confirmations up to other services that users might actually want to have access.
I'm not convinced Amazon makes these kinds of decisions out of a concern for user privacy (especially since Amazon isn't actually consistent about hiding this information in their emails as far as I can tell), but I'm sure some retailers are.
You're already using their platform to generate the data, I don't understand the problem with also using it to view that data.
Not providing intricate details about your purchases in email is a privacy-enhancing feature, given that probably most of their customers are using gmail.
Emails today work as receipts. I once had an issue with amazon where I bought a hight value item (relative to my usual buying pattern), and they silently cancelled and deleted it. When I contacted support, they first said if it's not in my orders list, then I never ordered it. Then I showed them a screenshot I have taken from my phone previously, with the order number, and they said it was from an account that does not belong to me. It took multiple calls to support over a few hours for them to finally admin that they deleted it.
They can fix their privacy issues on their platform, I want my email receipts.
Yes, you can. Go to https://www.amazon.com/gp/b2b/reports and you can generate a report of items, orders, returns, or refunds for a time period you select. It generates a .csv file.
The report contains far more information than you can scrape from their old order emails, including: Date, ID, Title, Category, ASIN/ISBN, UNSPSC, Condition, Seller, List Price,
Purchase Price, Quantity, Payment Instrument, Shipping Address, Carrier, and more
Damn, I've been searching for that for a while. It used to be linked from the order history page and isn't anymore. I thought they had removed that feature. It is a bit annoying that I can get a CSV from my bank in under a second, but it takes a few minutes to get an order report for a similar date range from amazon.
They did fully remove it about a year ago. At the time, the official support response was to point people at the GDPR export. Based on my email from when I requested a GDPR style export, that was around 2020-09-15.
It was just in the past week or so that I noticed that it's back.
It's on your main account page under "Download order reports"
I actually export the data from Amazon every year. They have nice CSV reports with all orders and all products, including cost, category, ASIN, etc. I wish there was a way to hook that up into mint.com to auto-categorize Amazon purchases.
I noticed they stopped including product details in emails a few years ago, didn't click until reading it now that they're doing it to prevent data mining. Kind of makes sense if you think about it, but maybe they should have an option for that for people that self-host their e-mail or use privacy-focused providers.
Had everyone not given full access to a worldwide privacy invading operation such as google, it might not have been a problem. You reap what you sow, and HN has sown plenty of Google seeds.
It's not a Google thing; it's an Amazon thing. Amazon is hyper-paranoid about leaking any aspect of its purchase history data; that's what it considers the "special sauce" every bit as much as Facebook guards its social graph or Google guards the ad fraud detection algorithm.
I have my e-mails well indexed for search and Amazon's order history is most certainly not more searchable than trying to rifle through e-mails. In particular if I have a charge for $12.34 on my credit card, I can find an e-mail with that string in under a second, but I have to slowly page through my amazon orders doing a ctrl-f for 12.34 on each page.
Amazon used to let you at least download a CSV for a date range, but the don't even let you do that anymore!
I can search the million+ collection of messages on my mac in a second; with no paginated results page, no ads and no UI tricks designed to upsell me or get me to reorder things. And I'm not even using a fancy mail client, it's just Apple's humble Mail.app.
> Huh, I suppose that's why I sometimes have to click through several different Amazon emails to find the specific order or shipment I'm looking for. They've removed the details from the actual email.
Yeah, and there's nothing you can do. I don't even use gmail anymore, and the emails are still garbage. I think for awhile they used to include a truncated name of one of the products in the order, but it looks like they even removed that (sometime around August 2019, based on my emails).
Unrelated observation: in my original comment I added a second paragraph noting that this regression was due to the incentives caused by modern capitalism (and it is: owners trying to extract maximum value for themselves, even if that means hurting their customers), and it immediately started getting downvoted. Then I change "capitalism" to "economy" and it started going up again. Some people are really sensitive. It must be blasphemy to criticize the invisible hand and the wisdom of the owners ti guides. I guess right is whatever they do.
Could also be that they just want you back on their site because some ab test at some point decided you're more likely to be buy from them again if they can get you back onto amazon.com
> It's another example of how the modern economy has many consumer-hostile incentives that have actually led to regressions rather than improvements.
To be honest, I actually think it's probably more privacy-conscious to eliminate as much information as possible (but no more) from these kinds of emails. While I suppose Amazon is concerned with competitive behaviors from Google, I'm more concerned that Google or any other actor with access to my email could look through my purchasing list, or my library reading list, or...
Email is an insecure and non-private medium, but we often use it for items that require some level of security or privacy. I'd prefer if more companies held that information closely.
> To be honest, I actually think it's probably more privacy-conscious to eliminate as much information as possible (but no more) from these kinds of emails.
But that makes them useless for what they are, especially the shipping ones: "You made three orders recently, one shipped. If you actually want to know which one (and you haven't memorized your order IDs) click here!"
This is actually a pretty annoying regression for me, because I buy things from many sites and have no way to search my overall order history anymore.
> Email is an insecure and non-private medium, but we often use it for items that require some level of security or privacy. I'd prefer if more companies held that information closely.
It is, but there's no better system and ruining email doesn't solve that privacy problem (e.g. Amazon may sell this information). At a minimum, it should be a setting so people can opt to get useful emails if they want to make that tradeoff.
Yep. The decision for Google to have access to the contents of my email is mine, not Amazon's (or whoever else). It's the decision I make when I use a Gmail account, and it's up to me to decide that based on Google' privacy policies and reputation.
If I don't want Google to have any access then I'll use a different provider or self host my email. If I want to publish all of my emails publicly that's also my decision.
your usage is probably much higher than is mine, but generally any purchase doesn't require my attention to shipping. if it's mission critical or I'm impatient I obsessively reload tracking.
on the other hand I don't like having stores advertise to me online because Google slurps up my purchase data.
for me the privacy - or the sandboxing if Amazon sells the data - is worth the inconvenience. but that's like just my opinion, dude
Perhaps because many people, like me, have a primary non gmail address that is forwarded to my gmail address. That, and businesses with custom domains that use Google apps and thus have gmail as the UI.
Even if they say they don’t, how could you ever know they aren’t scanning business accounts? What in Google’s history has given you confidence in this conclusion?
Google has been found to lie and play dirty over and over again throughout their existence. You'd be a fool to think they don't even scan it. For "safety reasons", and oops, the contents of your email have accidentally been logged and stored, what a shame.
The source is Google (https://workspace.google.com/learn-more/security/security-wh...). Of course you can make the "they are lying" argument for anything, but in this case there would be several billion dollar lawsuits from every large company they signed a contract with if this was actually happening.
I completely understand why Amazon has done this. I do something similar, but more targeted -- I avoid sending emails to gmail addresses at all when possible, and when it's unavoidable, I try to make the emails as minimalistic as I can get away with.
I see Amazon as doing something similar, but less targeted at gmail specifically.
I am curious. If customer privacy is such a problem for Amazon and other companies, why don't they have a field in the account, where you could post a public key of some kind (e.g. PGP or S/MIME), so that all email they send you would be encrypted?
I thought it was just because email wasn't secure? That's why health and banking providers send you links to their messages; perhaps this is just for health and banking info.
google keeps trying to make “google shopping” happen. reading customer data helps them improve their store front, amazon would like to avoid helping any (future) competition
>It's not even just everything you buy from Google--from the post it seems like they actively compile and organize the data from every purchaser transaction that touches your GMail account.
Google literally buys a copy of most people's credit card transaction data.
>Google has been able to track your location using Google Maps for a long time. Since 2014, it has used that information to provide advertisers with information on how often people visit their stores. But store visits aren’t purchases, so, as Google said in a blog post on its new service for marketers, it has partnered with “third parties” that give them access to 70 percent of all credit and debit card purchases.
Gmail Search is getting subpar now than it was before. It didn't show the email that I knew the subject, or the body have that. Sometimes I have added the email address or several names to get it to find the email. Sometimes it works. 5 years ago, it has no problem finding those emails. And now, it is hit and miss. This is on my Google Workplace account.
Amazon's order status emails ("Shipped", "Out for Delivery", etc.) used to show the items in the order and how much I paid for them. They stopped doing that[0] last year presumably because of evil behavior like this.
I work for another retail where we discussed this same topic, and during that discussion I talked to some of my friends at Amazon and I would bet a lot of money that your guarantee is wrong. From what they told me, the decision to remove info from the emails was a company-wide campaign that was specifically created as a result of this [0] NYTimes article, which specifically calls out Google snooping on Amazon shopper data.
I'm sure the advertising PMs were happy to support this decision because it got them more page clicks, but my understanding is that the underlying motive was privacy.
privacy, or moat building? I don't consider it a breach of privacy for Gmail to index my purchases in order to show me more relevant ads and help provide a free service. And I definitely want to be able to search that index myself, like if I know I bought a product but can't remember from who or when it was, it sure would be nice to be able to search my Gmail for it.
I would think that too, if there were any ads on the order detail page. Since there aren't (above the fold anyway), wouldn't that just drive up bandwidth costs with no real benefit to Amazon?
yea i like this take better. facebook used to include message or comment content in notification emails. it was nice to get updates without having to log on to their horrible GUI. but of course they cant make ad impressions if i never log on… their emails no longer contain content of comments.
Evil is a huge exaggeration. I wouldn't even call this kind of thing bad - it's why we even get Google services for free at all, and I don't see how it hurts anyone.
The harm is that it hurts the market, because it makes competition between email providers on purely the merit of email providing virtually dead.
(I'm not saying this harm is not "worth it" in some sense, but it's a very real consequence of these giant cross-financed markets - see also mobile operating systems and web browsers.)
As an ex-Googler I believe they also use the data collection to "improve" products such as the Pixel phones. For example, they can compare the # of iPhones purchase receipts (emails accumulated from Apple, Amazon, Best Buy, etc) to the # of Pixel purchases. They compare this kind of stuff YoY and to Google's equivalent products and can build a pretty accurate picture of market adoption.
Isn't this controlled by the "Gmail smart features" setting, which they explicitly had a modal dialog for last year, to make everyone explicitly decide to enable or disable?
I assume they did that because they had to (GDPR, the blog post is tagged as Google in Europe, even if they did it worldwide). I think I opted in.
In typical Google fashion, you had either the choice to enable everything or nothing. I want the tabbed inbox, I don't want smart compose, or assistant integration or... anything else from that post, really.
They also lock all kinds of basic features of Google Maps (like manually set and store my home address) behind the permission to record, store and processes indefinitely my location history.
I wish there was an online service that would let users poison their own data. Like allowing me to intentionally get emails about random stuff, shopping receipts etc from absurd entities just to throw the profilers off our scent. Would be fun.
Same with something I can run Google Maps with my account logged in so that Google thinks I am one heck of a super traveler, and shopper of things.
Something that watches random YouTube videos for me, and randomly clicks on ads for me.. :-)
Uploads random photos into a Google Photos account for me :-)
What I'm hearing is that it's gotten so bad that people are now wanting email spam in order to combat data tracking, if not wanting email spam to combat email spam.
Has anyone else all of a sudden been getting a lot of actual spam delivered to their Gmail Inbox in the last ~3 weeks.
I have been getting a lot. (a couple a week, which is a lot compared to zero for N years.) ((I was a customer of Postini before google bought them and integrated them into gmail as, IIRC, their spam system...))
Edison [1] (who was acquired [2] today by a company that sells your data to hedge funds) does precisely this too, except they sell all your data to third parties. Google at least keeps it in-house I guess?
There was a Tegenlicht [0] documentary on Dutch TV some weeks ago, on how pervasive data collection is 'revolutionising' how the stock exchanges and entire financial world operates. This data really is the new oil, and its analysis gives a headstart, advanced prior knowledge for traders that have early access.
Translated from Dutch: "The stock market should be a level playing field: everyone has the same information. But unnoticed, terabytes of data have entered the stock market. Smart companies dive into the mountain of data that is collected about us, in order to be able to see Apple's sales or the number of Netflix subscribers before the rest of the market does. VPRO Tegenlicht delves into the world of 'alternative data' to see who will win on the stock market, and who will not."
Translated with www.DeepL.com/Translator (free version)
Technology is awesome, but it's fallen into the hands of a bunch of god damn authoritarians. Trust absolutely no one. Paranoid should be your default behavior towards any files you have a device that accesses the Internet. There's 10,000 tentacles seeking that data.
I wish I could pay $20/month for Gmail without the spying and data collection, actual customer support, with a guarantee that my account wouldn't get locked because of one of their fucking mistakes.
I pay $11 / mo and have all of those things. GSuite/Workplace doesn’t run any ads or extraneous tracking, their corporate customers would never allow it.
I used to, before leaving for fastmail. But it's a joke to suggest that you get any meaningful support for your money. And I don't think that my account would get better treatment than a free one if they decided to delete it for some reason.
I run a basic GSuite organization and the two times I've had an issue with the service, I literally had a representative on either chat or phone support within minutes. It was a very pleasant experience.
Happy to spend my money on that. They did have to transfer me twice for a technical issue, but that was resolved too in the end.
I had a google suite account (with one email user) for years.
I had used the account to purchase stuff on Google Play. I wanted to close the GSuite organization account but retain the purchases. Either by transferring to another (disposable) gmail account, or by somehow closing the organization account but continuing to be able to log into other parts of google using a now-third-party email addresss. Or a refund. I don't know what options were available, that's why I contacted support.
So this was a transactional support request, not a Q&A. I did get through to a chat support but their answer was pretty much "I don't know, check the support forums".
I'm not trying to make my point about the situation, more about the customer experience I got for trying to ask what I imagine is a fairly common question.
(I feel like an idiot for spending money on DRM, but different story)
Your point is well-made about the level of support you might get from a Google rep. The answer they should give is that Play store purchases cannot be transferred to protect the IP contracts with sellers, otherwise there could be a potential for an aftermarket on Google Play account assets. I know some people at Google understand that, but I doubt that's in their support playbooks.
So it appears there is no one-click or Google support method for migration to a personal Google account and you cannot ever have a Google account with the same email address except for reactivation of a Workplace subscription. You can move virtually everything with Takeout and use account sharing features for the rest (so long as you have a small family…).
Not being flippant. Google's whole business model is predicated on operating like this. An accountable Google would probably be a very different company with different products.
Google reads your Gmail. They admit it. They've never hidden it, as far as I know. If you choose to use Gmail, you've chosen to let Google's computers read, analyse, and store information about the contents of your email.
All email providers that want customers analyze and store information about the content of emails so they can provide features such as spam filtering and search.
The link, and the custom filter page that it links to, only talk about filtering by sender address and subject line, not by email content. (Although the Subject header is part of the email body.)
Google also does that if I don't use Gmail but send email to someone with a Gmail account, or send email to an address that forwards to a gmail account, etc.
If you own your email domain, it takes all of fifteen minutes to move to something like Fastmail. You just switch the MX records, run a GMail import, and you're done. Plus, Fastmail's UI is much faster than GMail's.
I've been using my own domain for a bunch of years and I'm not totally convinced it's worth it.
People are not used to email addresses with personal domains. I've had people get confused by my email address when I speak it to them. I've switched to just giving out my gmail address if I ever have to speak it instead of being able to write it down.
And developers don't account for custom domains when obscuring your email address. me@myfullname.tld is usually obscured as m**@myfullname.tld. That's pretty bad on password reset forms since it lets someone easily turn my username into my real name. If I had registered with myfullname@gmail.com, they'd get nothing interesting.
Given the way any provider can lock you out at any time using your own domain is absolutely worth it.
I've found if you use something like firstname@lastname.tld people generally get it if they've dealt with any other business email addresses (in some cases it actually makes you appear more professional). They usually have your first and last names before you get onto email addresses so they can piece it together and validate it.
If you're really worried about password resets showing your domain get a second domain and only use that for online transactions, it can then be as obscure as you like. Sure there's an extra cost to that but it's a trade off of cost vs the level of privacy you want.
Very much this. I am a happy Migadu user today. Works on any IMAP-compatible app. I have a domain for myself, and one for my parents. I want to move my extended family to a custom domain. It's even possible for them to create a new Google account with that custom domain for all Google things besides Gmail, yet I imagine a lot of push back to this idea.
Additionally, if you’re in the Apple ecosystem, they introduced custom email domains for iCloud this month with iOS 15 with their cheapest iCloud+ plan for 0.99
If you don't own your domain, email is probably not very important to you, so just set up an autoresponder to tell people to update to your new address and forward the mail to your new provider.
> If you don't own your domain, email is probably not very important to you,
Or, you're part of the 95-99% for whom email and the Internet is of critical importance but because of the ease of access, and the technical minutiae, and generally misplaced trust in corporations, you never learn why this might matter.
Sorry to say it, but I find your comment condescending.
That may be, but us nerds have been giving Google free promotion and goodwill for years and treating them as the "Good" guys. That perception is gradually changing, but its too late. I think the only real solution is that we need a 2021-appropriate privacy framework to handle these issues at the federal level. Opt-in by default should not be the norm for private data.
>If you use #Google Photos, there's a non-zero chance that there are secret, yet public URLs attached to your photos that allow un-authenticated access to every picture in your account. Mine did, and I tested the addresses in incognito and tor browsers and they worked. #privacy
"unauthenticated access" is a stretch. It's like how rawgithubcontent links originating from GitHub.com on private repos contain a query parameter ?token= that is an API token for accessing that repo "without authentication" - it's in the URL, sure, but that URL itself contains a long, random series of characters that is needed to access the content.
I am not that concerned with these opaque URLs as they are basically unguessable (and you will need the URLs to download the data if you are destroying your Google profile, so no other authentication is possible)
But for how long are they retained? Are they generated during the takeout process or do they exist since the photo was uploaded?
It’s also really hard to audit, so if Google shares it and people access it, Google won’t know.
This is not cool for me because I don’t want my photos available to people other than me, even if they have my magic url with a token I didn’t create and can’t revoke.
How is a magic url really any different from a magic login cookie in this case? Yeah, I guess you can't revoke it, but what's the difference if the new cookie/url is equally unguessable?
You can revoke a link. Go to the shared album page. (clicking on the link will take you there) Click the options menu item and there is a toggle for link sharing that will revoke the magic url and token.
You can revoke sharing links, but there are also direct links to photos that work for unauthenticated clients. They aren't presented in the UI as a sharing option; you have to use your browser to copy the link. In other words the only way to make these links public is through intentional user action.
This shouldn't be true any more, I just tried it out by grabbing the lh[0-9]* url for the image bytes and that won't open in an incognito browser without a Google Login. Can you share with me how to reproduce this "url copy"? If you want to send it privately just tack gmail.com onto my username.
Or you can file feedback from the photo web page and just tag me in it.
I just tried it with an lh3 url I got from chrome, opens fine in incognito. Repro easily: from /photo/ page, open image in new tab; copy address to incognito; expected: login challenge, actual: photo.
Secrets like passwords are not "security through obscurity". The existence of a key that can open a lock is not security through obscurity. "Security through obscurity" refers to obscuring techniques, not obscuring passwords and keys. No one has ever referred to RSA as "security through obscurity" because it requires obscuring your private key.
I'm kinda confused which part of this is news? That Google extracts purchase information from mails? That's a feature that's been even exposed in UI for ages! Or that Google uses incoming mail to enrich user profiles? I would have thought that to be obvious? If you put 1+1 together, then it seems pretty unsurprising that they have purchase histories of users.
Very unlikely that they keep the record indefinitely after you delete the email. Instead, it's likely that the systems that store the derived information are not transactionally connected to the email database. Deletions would be reflected eventually, but only according to the periodicity with which the two systems are synchronized.
I would strongly disagree. This type of information is the most valuable information google can collect on an individual. The cost of maintaining this data is so small compared to its value that there is should be little pressure to do anything but store it indefinitely along with any metadata that might be relevant.
Ok, but your conjecture is in contradiction to Google's data retention policies, which describe a process something like what I wrote. It's possible that Google are just lying through their teeth, but I think it's not very likely. I think you have overestimated the value of this sort of information. It is not worth the reputational risk to retain it in contravention of posted policies.
No, Google's policies say they delete some things when you ask them to, but they won't say which things. Maybe email purchases are in this category, or maybe they're in the category of data they keep "for the life of your Google Account", or "for extended time periods".
Fair enough. At this point all we have is conjecture. Their policies seem congruent with my view, and it's also how I would design a system like this. On the other hand, you may be right that this is data they retain forever.
There is no way to know for sure unless someone wants to do an experiment. It would be pretty easy to conduct: do takeout to find a purchase in the history, delete emails associated with the specific purchase, empty the trash, wait sixty days, then takeout again and check if the purchase is gone. But we won't find out today.
> I think you have overestimated the value of this sort of information.
Google's an advertising company. How is having a complete list of all the products I've purchased online not valuable? Seems like a great indication on what kinds of products Google can turn around and advertise back to me.
On the basis of what data do you think that this information is valuable? I don't think my purchases from 5 years ago are meant as useful as the recent ones I made...
He’s talking about how the system architecture would be sanely designed.
He is correct on how it should work.
Now how long the secondary system holds the data is a business decision. Maybe a month/year, maybe forever. Record retention laws may have impact on this.
Now If Google decided to hold the records forever or far beyond any legal requirements then yeah that’s getting evil.
Google has a poor record on GDPR requirements. And in fact, common themes among the issues that they have are undisclosed secondary uses and unreasonable data retention.
Is that true? From what I can find the total amount of their fines is not more than $100M, which is less than I would expect given their size if they were conducting willful ongoing violations. And neither of the two biggest cases involved willful data retention like this: one was about cookie consent and one was about right to be forgotten.
Fine amount is a poor measure of compliance, for a few reasons. First, European regulators prefer nudges and strong words before fines. Second, Google is incorporated in Ireland and the Irish regulator is clearly and blatantly sandbagging enforcement against US companies. The fact that they get fined at all is actually pretty damning: France had to twist and wiggle to be able to fine them without involving Ireland, and part of that was limiting the scope of the violations to things touched on by related laws, which is why the fine only covers cookie consent (governed by ePD).
However, several DPAs and local governments have reviewed Google software for their own GDPR compliance. Several of those findings are available online. These findings don't result in fines, because it's not technically an investigation of Google. But it does involve a thorough investigation of the legal issues of using Google's services, and the results are illuminating.
For example, below is a link to a report the Dutch DPA complied on whether Dutch government agencies can use Google Workspace (formerly GSuite). The conclusion is that Google's privacy protection are catastrophically terribad (for a paid product!). It requires linking to a personal account, purposes of processing are not defined, there's definitely processing going on that's not covered by the contract, etc. Google's linking to personal data in a way that cannot be disabled by administrators means they are a Joint Controller instead of a Processor, and it's not possible for them to comply with various obligations because they're too vague about the purposes of processing.
Again, doesn't result in a fine, because they're not be investigated for violations. Someone is just asking "can we use a Google product?" But the results of that research indicate some deep structural problems.
Also that fine that France issued, where they somehow avoided invoking GDPR directly? Still the third-largest GPDR fine on record. So your expectations for fine amounts are a bit off.
> When you delete data in your Google account, we immediately start the process of removing it from the product and our systems. First, we aim to immediately remove it from view and the data may no longer be used to personalize your Google experience. For example, if you delete a video you watched from your My Activity dashboard, YouTube will immediately stop showing your watch progress for that video.
> We then begin a process designed to safely and completely delete the data from our storage systems. Safe deletion is important to protect our users and customers from accidental data loss. Complete deletion of data from our servers is equally important for users’ peace of mind. This process generally takes around 2 months from the time of deletion. This often includes up to a month-long recovery period in case the data was removed unintentionally.
> Each Google storage system from which data gets deleted has its own detailed process for safe and complete deletion. This might involve repeated passes through the system to confirm all data has been deleted, or brief delays to allow for recovery from mistakes. As a result, deletion could sometimes take longer when extra time is needed to safely and completely delete the data.
> Our services also use encrypted backup storage as another layer of protection to help recover from potential disasters. Data can remain on these systems for up to 6 months.
> some data we retain for longer periods of time when necessary.
> We keep some data for the life of your Google Account if it’s useful for helping us understand how users interact with our features and how we can improve our services. For example, after you delete a specific Google search from My Activity, we might keep information about how often you search for things, but not what you searched for. When you delete your Google Account, the information about how often you search for things is also removed.
Incredibly vague, there is no reason email purchases couldn't be included in this category.
> Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time.
Again, "business requirements" can mean anything at all.
I don't believe you are correct about this. The document is very clearly (to me) talking about ordinary deletion actions, not just formal deletion requests.
Well, read their data retention policy closely. They may discard the raw data after some time but the learning model they trained with it (a model all about you) they keep and continue to use.
I remember when you uninstalled Chrome, it opened your other default browser to display a webpage with the message "You have uninstalled Chrome. We're sorry to see you go!"
That entire maneuver was just to plant tracking cookies into your OTHER browser, for use to track you later on. Dirty, dirty stuff.
I have always wondered if google can see the YouTube, Gmail passwords, not from the database,but you can see your own passwords in the browser in plain text and since all the apps are theirs, a keylogger would be impossible to detect.
Another thing is, do they have a back up of data from the Myaccount. Subdomain that users delete.
Still I trust google and amazon more than Microsoft and apple and Facebook. Just me personal view, I could be totally wrong. The ones I trust are simply more open about data storage and have less dark patterns and clandestine TCS.
But yes, wide spread Gmail usage will make google see many things and they will collect a lot of data. Probably even more delicate data than what Facebook gets to see.
Google should offer a paid gmail service with a detailed privacy contract. Presumably they are not spying on businesses that pay for G Suite. Perhaps this already exists.
Google has been offering that for years. It attracts the opposite complaint: a lot of the features you get with a gmail.com account don't work with the fancier accounts.
I for one am very grateful to see Googlers coming out to post on this thread. PM of GMail?! Thank you.
Replies here show a lot of animosity and distrust... not saying I disagree in general, but on this particular point the response from multiple levels has been unequivocal that "this is not happening", and I believe it.
Of course they do. Gmail's logs of essentially your entire economic activity (travel, flights, driving directions, online orders, food delivery, etc), tied to your identity, is the most valuable thing Google has as an advertiser. (They even buy purchase logs from retailers, tied to phone numbers; recall that you can't get a Google Account without a phone number.) This is why Amazon started somewhat redacting the transactional emails they send out when you buy stuff.
Good thing they keep track of all the spam I get! The membership to something long forgotten, marketing emails from US shops(I don’t live in US anymore) and some developer mailing lists from that one time I had to write to get support.
If they are so evil and clever, I at least make them work through a lot of bull shit before they profile me.
My emails are at Fastmail as a paid user. Hopefully they are away from advertising companies. But, any Gmail user I have emailed would leak that info to Google.
They do a good job of blocking email adverts/spam, but it also competes with their own paid service which shows the user adverts/spam. Okay, maybe I am a bit cynical :)
I love how people are surprised/shocked by this. It's perfectly in line with Google's character, yet every time another example of that character is highlighted people are still surprised. Perpetual surprise. Oh, this fire burnt my finger... oh, that fire burnt my finger... oh, yet another fire that burnt my finger... At what point do realise you're not going to find a cold fire?
Mine showed up nothing even though I buy things every now and then. Google offered to "search for other purchases in Gmail" but I declined. I would be interested to know what Google does do with information in my email account other than the email service.
Is Google Takeout only limited to GMail? I am pretty sure this transaction data can also be gathered via Analytics, so I guess there would be no foul play on the part of GMail. But of course, you are logged into your Google Profile because you use GMail.
It is not limited to that, it encompassed everything under Google umbrella like Gmail, Search, Health, etc. They have multiple options that you can tick the data you want to obtain. To be warn, the folder itself can be absurdly large depending how entrenched you are in Google ecosystem. Last time I checked mine, it is over 50 GB.
Why don't companies like Amazon who care about customer privacy have a field in the account settings, where you could post a public key of some kind (e.g. PGP or S/MIME), so that all email they send you would be encrypted?
Not sure why people are surprised by this anymore. Google is SkyNet, then again most people don’t care. They use the catchphrase, “I got nothing to hide.”, which misses the point entirely.
Are google workspace accounts treated the same? I have several fill me domains hosted with Google duo curious if this behavior tracks over to their paid products
One of these days some simple soul is going to pick up purchase data for the rich and powerful and read it. Then the rich and powerful will be embarassed.
So forgive me for just being a slave to the downvotes, but this is the daily reminder to think critically. What I'd like to know from this user to clarify what's happening here is whether they are a Google Pay user, and if they have "Show bills & receipts from Gmail" enabled in Google Pay. It defaults to off, for what it's worth, but if you enable the feature it might have the effect of pinning this data even if the source emails are deleted.
I remember when Google Mail launched on April Fool's Day in 2004. I thought the 1GB of storage for email was a prank because it was a huge amount to offer for free.
I made an account just to try it out but then I saw all the advertisements it added. Seeing ads based on the content of my email was really creepy. I stopped using Gmail and now I pay Fastmail for my email. It seems worth it to me.
Who here is buying things with or through Google? Who actually has ever used "Google Pay"? Hell, I make it my religious duty to keep my GMAIL account under 15GB at all times, so I never, ever, ever have to reveal any of my banking information to Google.
I would expect nothing less of Hacker News veterans.
This data capture alone was the sole factor that drove me to conclusively exit Gmail. There were many reasons I might have over the years, but this is what solidified feelings into actions for me.
Given the evil google data is the tiniest of tiny subsets of the 'everything you buy' data. Then yeah - not to mention the banks, ecommerce platforms, payment providers and card companies selling the data on to the highest bidder.
I'd expect nothing less, if I ask Google assistant about my last purchases, I expect it's going to show me the data. It's bad enough that Amazon doesn't include what you are purchasing in the email and that you have to open the site to see...
Am I the only person who would never think to give google,facebook, twitter my credit card? Or would never pay them any money regardless?
After linking your credit history the targeting and linking of information that would follow would be a privacy blackhole that would be hard to recover from.
Do they? They’re not the ones actually moving the money in this scenario. Generally KYC and AML laws apply to the actual banks or money transmitter, which sometimes is Google if you use their payment services, but not if it’s just their email.
Anyone who transmits your money, including CC companies, have to comply with KYC and AML laws. I believe this might include Google Pay, but I don’t see how this would include Gmail for cases where you didn’t use Google Pay.
Where? You mean in America? It's really not needed where I am. Also rather doubt I need to pass KYC to buy a burger and fries from a food delivery service in the US.
I’m only familiar with American laws, but KYC and AML laws are not a uniquely American thing. The EU has similar directives, although I'm sure the implementations differ.
And yes, if you bought burgers and fries in the US you actually did pass KYC/AML laws, you are just completely unaware of it. The KYC (know your customer) laws applied when you created your financial account, your bank is obligated to check your identity before creating an account, and the AML laws are about monitoring financial transactions for something fishy.
Here in the US, you need a paper trail for deposits greater than $10k, and banks are on the lookout for “structured” deposits that side step this requirement. So buying a burger occasionally is fine, but if you started buying $15k worth of burgers a month, you’ll start tripping financial systems wondering if you’re doing something illegal.
As a practical matter, this is one reason why people joke about cash only businesses being a front. A cash only laundromat or restaurant is a fantastic way to clean dirty money for use in the us market.
Cash is a great way to prevent governments and overreaching corporations from arbitrarily controlling your money and surveilling you, which are not healthy for people. Remember governments are supposed to work for us, not the other way around.
Most likely a $10K deposit will be reported to the tax department by my bank. If they find that suspicious income they can then notify law enforcement or commence an audit. But otherwise it's no one's business how many burgers I buy.
Google has been doing this for a while, as can be seen when the reporters wrote about it 2 years ago: https://www.theverge.com/2019/5/17/18629789/google-purchase-.... HN discussed it at the time: https://news.ycombinator.com/item?id=19942219
You can see the information it has already collected if you use Google, by visiting: https://myaccount.google.com/purchases
Though oddly my list is empty. I wonder if I disabled this feature at some point?
The help docs: https://support.google.com/accounts?p=orders&hl=en, explain how you can delete this data if you want to.