Google has your emails whether you like it or not


While some people try their best to avoid Google by choosing alternate search engines, email providers, and web services, it turns out Google probably has access to the majority of your email communications.

Benjamin Mako Hill, on his blog Copyrighteous, wanted to see how many of his sent emails went through Google’s servers at one point or another. He had been running his own email server, a rather extreme measure to protect his own privacy, for 10 years to keep big companies’ eyes off his emails. Since many companies use Google Apps to host their email, just avoiding Gmail addresses (which is hard enough to do) is not going to save you from passing your emails through Google’s watchful gaze.

Any email sent to  a Google-hosted account and any email sent from  one…has been seen by Google.

Though we cannot know for sure, this starts with the assumption that if an email passes through Google’s servers, they did or do have access to its contents. Given the content scanning they do for targeted ads, chances are the contents have been “seen” by at least a robot at some point in time. Any email sent to a Google-hosted account and any email sent from one, then, we can say has been seen by Google.

With this in mind, Hill built a simple program to analyze all of his personal emails since 2004 and check their metadata to see if they claim to have passed through a Google server. He created graphs to measure the portion of his emails that met this criterion over time. The lines are regressions so you can see the average change over time rather than just a bunch of dots.

The left axis on each graphs ranges from 0% to 100% and the bottom axis ranges from 2004 to 2014. You can see that, despite Hill’s active avoidance of Google in recent years, the trend has still been towards Google seeing more of his sent emails. His total emails that have been seen by Google have gone down recently, but given that his sent are trending upwards, this could easily be an effect of direct mailings from advertisers and the like rather than private communication.

if all of your friends use Gmail, Google has your email anyway.

Of course, if you use Google, they have all of them. Hill was surprised when he found out the Electronic Frontier Foundation’s Peter Eckersley, one of the leading privacy advocates in the country, used Gmail. Hill says, “Peter pointed out that if all of your friends use Gmail, Google has your email anyway.” That’s quite the concession from a guy with a leadership position at the leading anti-data collection interest group.

You could protect yourself if you use PGP encryption, which literally stands for Pretty Good Privacy. For PGP encrypted emails, can’t be opened unless you have two things: the sender’s public key and your private key. The public key is like a password, except the sender probably doesn’t care if you know it. It’s just a way of showing that the email really comes from them. Your private key is known only to you, but is tied to your email identity in such a way that it is the only private key that can fully decrypt and read the email. That means Google and anyone else cannot see PGP-encrypted emails without knowing your secret password.

Of course, despite the relative ease of use if anyone backed it, PGP is not widely adopted at all. Until then, remember that your emails are not private, at least when it comes to corporate snooping.

Featured image by Carlos Luna (Flickr)

Tags: Email Gmail Google Privacy Technology