ProtonBlog
google privacy problem

Gmail’s privacy problem and why it matters

Share this page

The Wall Street Journal recently published an article highlighting privacy concerns related to Gmail’s use of third-party apps(new window). When users install tools known as “add-ons” in their Gmail accounts, they are often giving outside companies full access to their mailbox. In at least one instance, the WSJ reported, “engineers personally read through thousands of emails“.

In the public debate that followed, many people focused on Google’s poor oversight of these third-party developers and the inadequacy of their privacy policies. While these are important concerns, they distract from the fundamental problem with Google, which is that the company’s entire purpose is to spy on you and sell your private information to organizations that want to influence you.

The real purpose of Gmail

Google’s business model is primarily based on online advertising. The company earned over $95 billion last year selling the personal information(new window) of its users to advertisers.

For an advertiser, your emails are a gold mine because we often think of email as a private communication channel. When your bank contacts you or you address an email to your loved one, these seem like two-party conversations. In reality, Google treats your Gmail mailbox as company property, scanning them with powerful software to better understand you.

Founded in 2004, the service now has 1.4 billion users creating a perfect record of their thoughts, behaviors, and interactions. As Google CEO Eric Schmidt said in 2010, “We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.(new window)

After years of lawsuits and waves of criticism, Gmail finally announced last year it would stop scanning users(new window)’ inboxes for advertising purposes. What they did not mention, however, was that they would continue allow other companies to do just that.

Third-party data mining in Gmail

Since 2014, Gmail has given third-party developers access to the platform’s API, which allows them to build software that can be used within the platform. These add-ons are usually productivity tools, such as task managers or document signing apps. When users install them, they grant these apps permission to read their emails.

What is not overtly stated, however, is that the add-ons may actually be a front for profitable marketing activities. Buried in their privacy policies are vague disclaimers that allow the companies to harvest and share your data with their advertising partners. Gmail allows this to happen because third-party apps make their platform more valuable.

By scanning your emails, companies can learn information about your email habits, the things you buy, how much you spend, and who you are. Typically this information is anonymized but not always. According to the Wall Street Journal, the add-on developers sometimes shared redacted screenshots of entire emails. In one instance, two engineers read through 8,000 personal emails in order to calibrate their algorithms. The users were never informed about this.

These activities are extremely similar to those that led to the recent Facebook-Cambridge Analytica scandal(new window). When the abusive practices of Facebook’s third-party app developers came to light, the fallout included a #DeleteFacebook hashtag and a congressional inquiry into Facebook’s privacy practices. Though Google has so far avoided intense controversy, its surveillance operations are far greater than Facebook’s.

Privacy is necessary for democracy

This is not just about strangers having access to your love letters, intimate photos and online purchases. It’s also about the kind of society we want to live in. Gmail is designed for mass surveillance, and such a powerful tool could be easily misused. The intelligence software Google is developing could someday be turned against us in ways we cannot predict. The Facebook scandal has already given us a glimpse of this power, which can even be used by malicious actors to undermine democracy. Imagine if Cambridge Analytica had access to your inbox.

Human rights defenders saw the potential for harm from the very beginning of Gmail. Five days after its launch, a group of privacy advocates wrote a letter to Google expressing their concerns. They said Gmail’s plan to scan emails for marketing purposes “violates the implicit trust of an email service provider.” Gmail has violated that trust again and again, and it will continue to do so because invading people’s privacy is essential to its business model.

How to protect your privacy in the age of Google

Fortunately, the ad-based business model is not the only viable way to commercialize online services. At Proton Mail, we implement end-to-end encryption, which means users have the only keys to their data. Your inbox is safe from corporate surveillance and offers increased security in the event of a data breach. Encryption also makes targeted advertising impossible. So while we offer free accounts, we are supported almost entirely by paid users. This means our interests are aligned with those of our users, most of whom believe paying money is preferable to paying with their data, given the privacy and security risks.

When you pay for the services you use, you can be sure you are the customer and not the product being sold to advertisers. If you’re tired of your personal information being sold, processed, and profiled, then consider switching to a service that puts privacy first.

To find out more, please see Best Gmail alternative for privacy and security(new window).

Sign up and get a free secure email(new window) account from Proton Mail.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support!

Secure your emails, protect your privacy
Get Proton Mail free

Share this page

Ben Wolford

Ben Wolford is a writer and editor whose work has appeared in major newspapers and magazines around the world. Ben joined Proton in 2018 to help to explain technical concepts in privacy and make Proton products easy to use.

Related articles

At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta
Google has already taken privacy washing to the extreme by trying to brand itself as “privacy focused”, even though its business model is based on surveillance.  Lately, the company’s marketing strategy has turned toward outright Orwellian doublespe
Last week, the UK government made a statement in the House of Lords acknowledging that portions of the controversial Online Safety Bill might not even be technically enforceable without breaking end-to-end encryption. This rightly received a lot of a
What is email spoofing?
Email spoofing is a technique attackers use to make a message appear to be from a legitimate sender — a common trick in phishing and spam emails. Learn how spoofing works, how to identify spoofed messages, and how to protect yourself from spoofing a
Google Chrome is the world’s most popular web browser by far, with over 3 billion users. Its built-in password manager, Google Password Manager, is its default software to create and store passwords for websites and services. Although convenient for