I just moved all my archived email going back to 1998 (when I really first started saving emails) into my Gmail account. There are probably two standard ways of responding to this:
1) Cool
2) Oh knows! Google can read all your private emails now!
I happen to be one of those people that actually take private property rights seriously and am concerned about privacy laws and so on. However, in this circumstance to those who hate the idea of storing email on Google’s servers I can only respond by saying that I:
1) …Have nothing that’s too “secret” in my email. It’s mostly boring stuff to others and interesting because it documents aspects of my life which flood me with memories that go way beyond the words and paragraphs of the emails themselves. I’m sure there are things in my emails that would be embarrassing if they were revealed but I should be able to live up to the mistakes I’ve made and the bad things I’ve said and been party to.
2) …Realize that if the Feds want my email, I think they’ll find a way to get it. I don’t appreciate their nosiness but I don’t think that Google is going to let Joe Shmoe into my email account or simply offer my email records to the Feds. I could be wrong, but then again, I could accidentally lose a hard drive that had a copy of the same emails and run into the same problem.
3) …Think that instead of the common response of “don’t let anyone online know anything about you”, that I should attempt to embrace (ahh, the warmth) the future of broad information sharing with the full realization that everything that’s out there including my blog, my resume, my family photos, my emails, my forums entries, etc. are potentially available for exploitation. What does this mean? It means that if you have secrets, stop recording them! If you must record them, encrypt them using a non-trivial encryption method and at some level, protect it with information that is (again) NOT RECORDED anywhere but in your brain.
The reason I make point 3 is that so many people I know are totally paranoid about the Internet and the potential for identify theft and other things. However, they don’t live their life day-to-day in the knowledge that much of their information is in fact still leaking out and becoming available (dumpster diving, data theft and loss at financial companies, disgruntled — heck, even gruntled employees stealing information). If it’s leaking anyway and we must (or at least MOST of us must) rely on things like imperfect financial institutions and garbage companies then it’s silly to pretend that you’re protected. Instead, I think the better approach is to be aware that in the “digital age” information is incredibly easy to collect, extract, and decrypt. Put price tags on information (like your bank passwords) and be aware of policies that your bank has with regards to “insuring” you against loss should your account be compromised. Stop thinking it won’t happen but start thinking about ways that it CAN happen and your life can still go on. People put far too much faith in things like SSL (for secure online transactions). Don’t think that it can’t be broken or that the NSA doesn’t have a dedicated real-time SSL decryption method for something like that. Never believe it when people tell you that something is “unhackable”.
I’ve heard people tell me about how posting pictures of your kids on the Internet could result in them being Photoshop’ed by child pornographers. I don’t really know how to respond to this… It just seems a little silly. Of course they could — but why does this matter to me? For that matter, how would I find out…??!? There’s always a risk of having people find your personal information (like your address) but I just don’t understand the obsession about trying to hide it. It’s available! It’s out there already! If you have a secret that no one else knows (at all) then maybe you should keep it “off the grid”. But for things like your name, address, email, phone, etc. live with the realization that it’s not private anymore. If you want it to be private, prepare to not use them for anything.
If you need anonymity, there are certainly some good ways of covering your tracks. However, the difficulty in doing this even one time is high — I think it’s likely impossible to do this routinely and still effectively communicate. If you’re reading this post, you’ve left some trace of your presence. Yes, you might be using a proxy, but you left a trace at the proxy also. If you’ve accessed it via a proxy from a coffee shop,well, you’ve left a trace on the security camera there. It never really provides total anonymity — it just makes it difficult and expensive to find you. Don’t get me wrong, I think it’s excellent that people develop attempts at anonymity on the Internet (like Tor) but it’s not providing TOTAL anonymity any more than a password will ever provide TOTAL security. If all your doing is attempting to stop marketers from bombarding you with ads or targeted marketing, then great. I do the same (often, but not always).
So, that all said, I guess my philosophy could be summed up by saying that I’d rather wait up for trouble, ready to deal with it than fall asleep thinking that I’m safe. If it’s worth securing, realize that you’ll have to fight hard to keep it secure and that trivial things like emails are probably not worth the effort.
#1 by pedro mg on December 6, 2007 - 9:13 pm
Hi Andrew,
did the email move run well ? Did you use the script ?
May I point one advantage free open source software brings into this discussion ? By using an open source script to, say, upload thousands of emails, one can check and analyze the source code for “phone home” features. With proprietary closed source software, its much more difficult to assert that. In short, FOSS can in fact provide extra safety (of course if one knows how to read code).
I agree, Security is a complex “system of equations”, lots of variables…
#2 by Andrew Flanagan on December 6, 2007 - 10:57 pm
Pedro mg — I probably should have mentioned your script. Yes — the script worked well and I appreciate the effort you put into it. I did make a few minor changes (like passing in the subject instead of the message number). There were a few “append” errors but I simply reran the import for the error’ed messages and it worked great.
I really do enjoy FOSS for the security you mention. I don’t really mind having to pay for a program or utility but I do hate that it could actually be stealing information from me. My thanks again to you!
Yet another advantage is that you can get updates from the users of your script (I don’t if the timestamp thing I mentioned was a helpful fix for you, but hopefully so).
#3 by Vater on December 7, 2007 - 2:42 pm
Andrew;
1. Have you checked into the relationship between Google and the Bilderbacks or the Committee on Foreign Relations? The Club of Rome? You never know why they may want info on you.
2. We always had our kids run around the streets with bags over their heads. That way, if they were photographed by some strange dude, they couldn’t be used for child porn.
#4 by pedro mg on December 7, 2007 - 11:05 pm
Andrew,
yep, the patch was commited 😉 as i commented.
As i inserted in the brief comments at the beggining of the code: use; refactor; share.
That code security part brings to mind the HP keyboard driver that was making a “phone home” web call. A user discovered it, traced the ping and called HP. No one apparently knew about it, so they went to the driver programmer. He said something like wanting to know what special keys people were using the most… :O
long live fs/oss !!
#5 by Jamie on December 27, 2007 - 3:53 pm
I’m with you on letting Google take care of my email. If the feds really want it, they will get in no matter where I have it and no matter how it is stored.
So there is no point in being paranoid about it.