Google has most of my email because it has all of yours (2014)
67 comments
·May 6, 20250xbadcafebee
moralestapia
If the post office (or somebody else) reads your mail that's a federal crime.
Your analogy is moot.
kjellsbells
As I see it, the problem is that the email address has been conflated with your identity, and that is extremely problematic. It should only ever have been a somewhat transient reachability identifier. As an identity it then gets linked to concepts like authorization and trust, eg "we'll send this code to your email, because we implicitly trust that only you can see your email, and that youll always be able to get to it."
Every so often one sees a cri de coeur from someone who has learned this lesson the hard way when Google locks them out of their account, the key to their digital life evaporates, there's nothing they can do about it.
Alternative identifiers exist, eg handles on sites like HN, but they are second-order artifacts of the email as ID.
Given the stakes, then, you have to decide whether to try and control your identity by bulding your own infra for email (domain, mail server, dkim etc and a fair bit of hell), paying for someone to run the infra (eg getting a proton or fastmail address), and hoping they dont enshittify or fail, or letting Google or Microsoft control it and hoping you dont fall foul of them. All these options have drawbacks.
Side musing follows: I dont know what the solution to identity is on the Internet. A very long time ago, X.509 certs issued by quasi government authorities was mooted as part of a international directory system. I can see a future authoritarian state falling in love with this idea again, esp with the resulting lack of anonymity,..but also the ability to "kill" people on the Internet simply by revoking their cert.
thoi4234234234
Not just email - today it's almost impossible to have a decent life without a (smart) phone and being tied-in through OTP verification.
All these things have become so essential that it's shocking that it's not regulated like a utility (or even as a right given their systemic imposition).
thisislife2
AKA, "Shadow profiling" - you can prevent it somewhat by sending Gmail users Protonmail or Tuta's password encrypted email.
jowea
Needs to consider the other big email providers too.
omeid2
Yes, Microsoft has a rather large portion of corporate and business email, a very large portion of it.
Barrin92
I think in general treating email any other way than "everyone will eventually read your mail" makes no sense. Email communication, from forwarding to how people archive, to copy-pasting provides no security and is so brittle, just assume anything you write in an email is for public consumption. Reminds me of a post from a few years ago about encrypted mail as a security LARP (https://www.latacora.com/blog/2020/02/19/stop-using-encrypte...)
If you want secure messaging that nobody else will snoop on use an application dedicated to.. secure messaging. It's never what email was for and it's not how it's being used.
Gigachad
Article is from 2014 where this was more of a valid concern. These days I don't think people send email for anything other than external communication with businesses. And only in western countries.
kevin_thibedeau
The only personal electronic communication I use are the only two widely deployed federated protocols: email and SMS. Everything else involves compromises to enter a walled garden that offers no value to me.
recursive
My experience in 2025 must be extremely different from yours. I don't even know what alternate channels you might have in mind.
princevegeta89
Exactly. Email is never an organized channel for communication. It only makes sense in the corporate world. For users who don't pay for their personal email, email is nothing but a marketing channel and a very inefficient one at that. All the companies and corporations and people try to pretend to make email addresses look confidential and private. But the reality is they just see it as a way to spam you with ads and promotions and meaningless clickbait messages.
The idea of unsubscribing from emails from corporations and agencies is again just an act of pretense. 95% of the cases, it's not done in one click and involves a series of a few confusing steps. Even from a technology perspective, email is fucked and a legacy artifact as of today.
I would love to see a more secure protocol to replace it, where the recipient always has full control over all the messages that he can ever receive.
cryptoz
I mean, for normal people that is exactly how it’s being used. Your receipts for everything are automatically emailed with all kinds of private info for example. Nobody, and I mean nobody, is expecting those receipts to be public. And since all that is in your email you reasonably expect your other email to be private as well.
Email is auth now. People do not use email the way you are describing.
shadowgovt
One of the biggest issues with the way the modern internet works is that it technically works the way GP describes but people believe it works the way you describe.
Even assuming all encryption is configured correctly at the endpoints so we can discount the risk of mid-transit interception and comprehension (do I assume CVS has encryption set up correctly on their outbound receipt emails? I do not...) People think it's like the postal network but it's more like the mail lands at the post office and they hand you a copy of it, while they retain the originals.
xyst
e2e encryption with s/mime is the answer, unless y’all think otherwise.
I played around with it the other day. Installed actalis/digicert s/mime cert on client. Sent emails between the 2 addresses. Emails decrypted locally on clients but same message sent on webmail client is encrypted/unreadable (besides subject line)
dylan604
Tony the tiger says "that's grrrrreat." Now, send an e2e encrypted to another email that is not yours and see how long it takes them to understand what you sent. PGP for email has been around for a very long time, and there's a reason it is unheard of by the general public. it is a pain in the ass.
waynesonfire
Or, it's just too good. Why did it take so long to have encrypted DNS? Another example, https, which uses tls for secure communication still manages to leak the domain name because the Server Name Indication in the ClientHello is sent in plain text before encryption is established. The solution, ECH, is no where to be seen.
The folks that read your e-mail and monitor your online presence do not want you to use these tools.
spacedcowboy
Indeed it is, for now.
paxys
As a bonus your emails will stay protected from the person you send them to as well.
colordrops
It's easier to get someone to install Signal than all of that.
photochemsyn
Google's products are garbage - any honest person can report on the degeneration of their services. That's what happens with monopolies over time.
Google would like you to think they're a God's-eye master of reality of course... but they're not. Just another corporate flop, like IBM etc.
shadowgovt
IBM stock is currently valued at $231.59 billion.
Seems like a pretty nice gig, being a corporate flop.
Congeec
Because social media. The same goes for a phone number. If your contacts give out a phone book, your number is leaked.
null
lovelysoni03
[dead]
waltercool
[dead]
meta_ai_x
[flagged]
user3939382
We need more people that are willing to stand on their principles not less.
Often these measures are a rational reaction to unethical companies that don’t deserve a relationship with us however convenient that may be.
alganet
Simplest explanation is often the most accurate.
A big company wants my data, or is it just an idiot who cloned my hard drive?
Just an idiot who cloned my hard drive is the most likely scenario.
plsbenice34
You are really claiming that Google doesnt want your data? And claiming that big companies in general don't want your data? It's so absurd that i am not sure i understand your comment correctly.
It is an absolute 100% guarantee that Google wants your data
xyzzy123
I think of it more of an aesthetic preference. While I use gmail today I don't negatively view people who choose to self host.
Some people are militant about editors, others are "discerning" (snobbish?) about operating systems or ONLY using free software. It takes all types and they help keep the world going.
It's like a high maintenance garden feature. It signals a few things about you: high technical capacity, unusual amounts of free time, unusual priorities.
RockRobotRock
It's nice to feel like you have some semblance of control in your life, even if it's in a very small way. Everyone has to draw the line between security and convenience somewhere, but I still feel catharsis when I see someone taking a stand and doing the hard thing, even if I myself choose not to do that.
jowea
There are a few other reasons to degoogle than paranoia. The most obvious reason are the surprise bans.
alganet
Nope, Google is a friend. It keeps my records outside of reach of possible lower actors.
If it turns out to be an enemy, then everyone's screwed either way.
jazzyjackson
No, not everyone, just random people who suffer false positives by the abuse sensing algorithms
npunt
When the panopticon eventually processes all if its collected data, and winds up scoring you as above some threshold of having the wrong opinions, or being associated with those who do, you may come to a different conclusion.
We're now very much living in the time when this kind of thing is likely to happen, it's no longer theory or paranoia anymore. Why would powers that be stop at snooping on 20k when we can now basically do it to everyone? I mean, look at the present news cycle and think for a second.
cowmix
Oh thank god Google has stayed so principled under political pressure! Even with the threat of being broken up, they’ve been a rock. And rest easy—your Gmail definitely isn’t being quietly indexed and funneled into some RAG system to help certain friendly agencies flag “disloyal” citizens for... let’s say, enhanced oversight.
As for “Don’t be evil” disappearing from their core values? Totally normal. Just streamlining the brand, I’m sure.
And of course, I hardly know anyone who’s lost years of email, only to have Google’s famously responsive support team leap into action and do absolutely nothing to recover it.
alganet
[flagged]
tasty_freeze
If someone wants to kill you, they can. Get over it. It is silly to lock your door as even a low skilled person with right tools can break in a locked house easily.
TZubiri
huh?
If I send an encrypted email to someone I trust to decrypt it, then they won't have it.
I agree with the sentiment, but E2E encryption exists and is technically possible.
alganet
Yeah. But that's too much paranoia even for me, a schizophrenic.
If someone powerful wants your encrypted data, they will have it. It's dumb.
In my case, it would make them look like fools. Not even a dick pick or secret affair to blackmail me. Just a dumb guy.
I care for my privacy, but I truly have nothing of importance to hide to the point of taking those extra steps.
TZubiri
"If someone powerful wants your encrypted data, they will have it. It's dumb."
But that's not at all the case, you can definitely encrypt data in a way that no one can break it.
Even if you assume there's an all powerful state that can decrypt everything. There's a distribution of malicious actors with varying degrees of power, you'll at least agree that not all eavesdroppers can decrypt your comms, they most certainly will be a minority, and an infitesimally small minority at that point. You can encrypt such that you protect yourself against the 99th percentile.
Regarding what you have to protect, you could be in charge of an organization, and you don't need to encrypt data yourself but consider how data is encrypted by your vendors, and when those vendors get hacked or their db's leaked, you can assess how it affects your company.
Just in general, knowing the many complexities of how data is encrypted and not encrypted and accessed and leaked and subpoenad, is much more useful than the binary of "THEY" have my data or "THEY" don't
Yeah, and also the post office has all of your mail (because they can/do scan it), and pretty much anyone can intercept SMS, only slightly harder to intercept voice calls on PSTN, and SMTP has always been unencrypted. Private databases sold to the government by corporations already have your job history, political affiliations, sexuality, etc.
Most communications throughout history have not been secure. Despite this, it hasn't been abused nearly as much as it could be. I'm not sure if it's because the scale is difficult, or the technical side, or nobody thinks to suggest it to the despots. It's probably a combination of things. Ironically we tend to fear the abuse of power when it doesn't happen, and then ignore or accept it when it does happen. So the fear/hang-wringing/jumping-through-hoops seems pointless.
I still believe that if you really are concerned about what you're saying, you should say it in a clandestine way. E2E encryption is like a giant red flag saying "I might be doing something shady". Asking grandma about her special cakes [when she doesn't bake] will fly under the radar unless someone is looking really hard.