Linked by Thom Holwerda on Tue 3rd Jul 2018 00:29 UTC
Privacy, Security, Encryption

Third-party app developers can read the emails of millions of Gmail users, a report from The Wall Street Journal highlighted today. Gmail’s access settings allows data companies and app developers to see people’s emails and view private details, including recipient addresses, time stamps, and entire messages. And while those apps do need to receive user consent, the consent form isn’t exactly clear that it would allow humans - and not just computers - to read your emails.

Wait, you mean to tell me that when I granted one of those newfangled we-will-organise-your-email-for-you email clients access to my email I granted them access to my email? I am shocked, shocked I say!

Privacy and security stories tend to get easily inflated, and while it indeed sucks that actual people at said companies can read your email, you did explicitly grant them access to your email account. It's all spelled out right there in the Google account permission dialog. These companies aren't here to make your email lives easier - they're here to mine your data and sell it to third parties.

You wouldn't let a random small company install cameras in your house. Why do you treat your email any differently?

Permalink for comment 659432
To read all comments associated with this story, please click here.
RE: That quote is a bit silly
by sj87 on Tue 3rd Jul 2018 07:26 UTC in reply to "That quote is a bit silly"
Member since:

That quote is rather silly; if an application/website can access your email, then, of course, the creators/maintainers will also be able to.

No, that's complete bullshit. If you're granting permissions to an app, it's just a piece of code living on your phone. If the app wants to share that data over to a cloud, it should be prompted separately. To be even more clear, it should somewhere state that sharing the data this way will then give no holds barred access to a third party.

Yes, it is very naive to assume that the "app" is only the code on your phone, but it should not be the regular people's concern to try to decode what these dialog messages are likely to mean or in the worst case possible will allow.

They only see a message on their screen, they do not understand that it is an automated listing of certain properties defined in a simple text file, not an actual technical mechanism that would safeguard one's personal information.

Edited 2018-07-03 07:36 UTC

Reply Parent Score: 3