I’d say this move seems too dumb even for fiction, if that wasn’t the SOP for the entire country I live in.
Given the context though, I’m curious if one of you privacy experts can change my mind on how I approach email.
I don’t use email for any meaningful communication where I expect privacy. It is essentially the way for companies and a few other organizations to send me low priority information and/or confirm my identity to reset a password or whatever. Because of that, the only attributes of an email service I really care about are reliability and availability, including not having emails silently blocked for not coming from a “trusted” provider.
So what is the practical risk of just using a Gmail address for that stuff, equivalent to hiding in plain sight? Yeah it helps Google fine tune their advertising model for me, while I’m running Linux on all my machines and blocking ads on any device I touch. My social media is Lemmy and my streaming service is Jellyfin.
Am I risking too much if I use it as the corporate contact point that it is? Am I just letting my white/straight/cis/male privilege show through?
I don’t use email for any meaningful communication where I expect privacy. It is essentially the way for companies and a few other organizations to send me low priority information and/or confirm my identity to reset a password or whatever.
As a privacy enthusiast (expert seems too much), this immediately stood out. Privacy is the context of emails means that all my data which includes the content of the messages but also the metadata (who I talk to, which services I use - like in your example -, when I communicate, how often, etc.) is kept private, meaning not used for anything else than providing me the service (i.e., let me send and receive emails).
From this point of view, even if you consider the content of your emails not sensitive, already the fact that you do use company X (because they sent you a password reset email) is data about you, and as such can and will be mined by Google to profile you or to sell it.
Am I risking too much if I use it as the corporate contact point that it is? Am I just letting my white/straight/cis/male privilege show through?
Nobody can tell you this, because risk in this context is purely a subjective estimation, and you are free to do what you please.
However, I do care about my privacy, which means that I want to minimize the amount of data about me available for sale or to others in general. For me the motivation is quite simple, while I do block ads everywhere too and I generally don’t have an impact in terms of getting personalized ads, once the data is collected I have no idea what will be used for, by whom and for what purpose. It doesn’t even matter if the data actually allows to infer accurate things about me, it’s enough that someone (e.g., insurance company, employer, bank, government, etc.) is gullible enough to believe that inference is correct. In the book “Privacy is power” (written by Carissa Veliz) she also develops a very interesting argument about the fact that violating your privacy usually means also violating the privacy of the people near you (the people with whom you share demographic, the people you communicate with etc.). This could be another point of view to consider.
Anyway, if for you the above is fine, there is no other significant risk you are taking, and you should keep using Gmail if that suits you.
A technical note. Secure email providers generally can have technical controls (i.e., encryption) to protect the body (content) of the email, and in some cases some small amount of metadata (e.g., Tuta encrypts also the subject). Generally though, you are still trusting the provider to perform that encryption (especially because a mail from Gmail -> Proton/Tuta would be encrypted by Proton/Tuta) and to not use metadata for any purpose besides delivering the emails. So privacy here doesn’t mean absolutely removing the data from a third party, but it means giving it to a third party who uses it (due to contractual obligation, business incentives etc.) only for the intended purpose in a privacy-preserving way.
Good stuff to think about. Thanks! I think I’ll keep the email issue on my mental list of things to address as I keep FOSSifying and self hosting things.
I mean yeah I think the main problem is just Google having all that data about you and potentially selling it to others whether that be for advertising, robocalling, or other things. So it really just comes down to how comfortable you are allowing Google to be able to use your emails and communications from corporations to see what things you like. Only time it really matters more is if you are using email for more personal or secure communications which yeah I would always prefer using better encrypted more messaging focused apps like signal for or just talking in person when possible.
I’d say this move seems too dumb even for fiction, if that wasn’t the SOP for the entire country I live in.
Given the context though, I’m curious if one of you privacy experts can change my mind on how I approach email.
I don’t use email for any meaningful communication where I expect privacy. It is essentially the way for companies and a few other organizations to send me low priority information and/or confirm my identity to reset a password or whatever. Because of that, the only attributes of an email service I really care about are reliability and availability, including not having emails silently blocked for not coming from a “trusted” provider.
So what is the practical risk of just using a Gmail address for that stuff, equivalent to hiding in plain sight? Yeah it helps Google fine tune their advertising model for me, while I’m running Linux on all my machines and blocking ads on any device I touch. My social media is Lemmy and my streaming service is Jellyfin.
Am I risking too much if I use it as the corporate contact point that it is? Am I just letting my white/straight/cis/male privilege show through?
As a privacy enthusiast (expert seems too much), this immediately stood out. Privacy is the context of emails means that all my data which includes the content of the messages but also the metadata (who I talk to, which services I use - like in your example -, when I communicate, how often, etc.) is kept private, meaning not used for anything else than providing me the service (i.e., let me send and receive emails). From this point of view, even if you consider the content of your emails not sensitive, already the fact that you do use company X (because they sent you a password reset email) is data about you, and as such can and will be mined by Google to profile you or to sell it.
Nobody can tell you this, because risk in this context is purely a subjective estimation, and you are free to do what you please. However, I do care about my privacy, which means that I want to minimize the amount of data about me available for sale or to others in general. For me the motivation is quite simple, while I do block ads everywhere too and I generally don’t have an impact in terms of getting personalized ads, once the data is collected I have no idea what will be used for, by whom and for what purpose. It doesn’t even matter if the data actually allows to infer accurate things about me, it’s enough that someone (e.g., insurance company, employer, bank, government, etc.) is gullible enough to believe that inference is correct. In the book “Privacy is power” (written by Carissa Veliz) she also develops a very interesting argument about the fact that violating your privacy usually means also violating the privacy of the people near you (the people with whom you share demographic, the people you communicate with etc.). This could be another point of view to consider.
Anyway, if for you the above is fine, there is no other significant risk you are taking, and you should keep using Gmail if that suits you.
A technical note. Secure email providers generally can have technical controls (i.e., encryption) to protect the body (content) of the email, and in some cases some small amount of metadata (e.g., Tuta encrypts also the subject). Generally though, you are still trusting the provider to perform that encryption (especially because a mail from Gmail -> Proton/Tuta would be encrypted by Proton/Tuta) and to not use metadata for any purpose besides delivering the emails. So privacy here doesn’t mean absolutely removing the data from a third party, but it means giving it to a third party who uses it (due to contractual obligation, business incentives etc.) only for the intended purpose in a privacy-preserving way.
Good stuff to think about. Thanks! I think I’ll keep the email issue on my mental list of things to address as I keep FOSSifying and self hosting things.
I mean yeah I think the main problem is just Google having all that data about you and potentially selling it to others whether that be for advertising, robocalling, or other things. So it really just comes down to how comfortable you are allowing Google to be able to use your emails and communications from corporations to see what things you like. Only time it really matters more is if you are using email for more personal or secure communications which yeah I would always prefer using better encrypted more messaging focused apps like signal for or just talking in person when possible.