Private user data contained within emails
Nothing. If you are under the impression that all the major governments and corporations can't get this data on anyone regardless of what they do, you aren't paranoid enough.
I know the government already has or can get any info they want/need about me. If government hired a private investigator they can find out all kinds of stuff on/about me. But that's costly. Sucking data up via an email is almost free. We have gone from investigating the FEW guilty people to investigating ALL the innocent to find a few guilty.
I have many issues with privacy but I only have two major concerns: Identify thief and Databases abuse.
It's not just gmail (or any web based email) but other web sites as well. Another example. My company doesn't do paper checks/stubs anymore. A lot of companies are moving away from paper. If I want my stub I have to log into the ADP web site. ADP = Automatic Data Processing, a company that handles paycheck/stubs for many, many companies in the USA. My login (can't be changed) is <first initial><last name> @ <company> then your password. I don't know if this is standard or just the way my "multi-billion-$$$-company" set up their account with ADP. If someone hacks my ADP account they have my REAL: name, address, email address, company name/address, gender, DOB and SSN (all digits). Not to mention the last three years worth of paycheck stubs. ID theft in the making. Or my gmail is hacked and they send ADP a "password reset" request they'll obtain my private info.
So yes. The govt has my info, but I don't want ANYBODY else from "big company" to "asshat-hacker" to obtain it.
Databases. I don't want my private info in one. Each company has me in their database. One database my be completely anonymous but by combining two or three or 8 you can find shit out. One database my be secured by a company that cares about security and knows how to implement it without allowing cluster fucks to happen. A lot don't. You'd think a big company like Target would give a shit, and/or know how to prevent data loses but apparently they don't care, don't know how, or don't care that they don't know how.
(side note/rant: Big Biz bought/paid off all the politicians to get laws passed so there are no real consequences when they screw up.)
What troubles me most, is the amount of information corporations have on the general public and how this flow of information is very typically, handled by people who should not have this information or handled without any regard to users privacy.
this. This. THIS. A THOUSAND TIMES THIS!!!
Say a company collects user info on people. They want to keep track of what I buy and how I buy it. They want to use that data in increase their sales, increase their profitability, target me with ads, etc, etc. That's not really a problem for me. It's our modern world.
The problem is this info may be stolen by outsiders or sold or given away from within. This is how the government get databases on citizens, either bought or stolen from companies. Or forced out of their servers via a National Security Letter 'cause terrrer'ists gonna git us.
Snowhiker makes the point, of how much Google actually knows about him... well, they are his mail provider, so there a level of trust that is involved. But, that's not the issue... the issue is government department and corporations are sending private information that should not be shared over unsecure communication channels that anyone could snoop on. While one could argue about postal mail being insecure, but that is typically enclosed in an envelope to safe guard against casual reading... but email, is more like sending personal information on the back of a postcard that anyone can read. SMTP traffic (like HTTP traffic is starting to), should be encrypted between each node to avoid MITM snooping...
Also for the example of his motor department sending information, why couldn't that email just be:
Dear XXXX,
We note that your registration for vehicle (registration number) is coming up for renewal. Please contact xxxx or visit
www.xxx.gov for renewal information if you have not received information in the post.
Regards, The crappy DMV.
Simple, limits the amount of information, and still offers the service...
Yes. Thanks for understanding.
It seems companies and government agencies have fully realized how useful and helpful the internet and email are, but I think their privacy procedures need major overhauls. Chewy read my post regarding the email sent to me by my MVD and two seconds later came up with a solution that would tell the user everything he needed to know without revealing any private or confidential information. Everybody who has worked from a company using computers in the past 20+ years has been told email is not private and you should never consider it private. And everything you write in an email can/will be read by the company. I think everybody know and understands this. So why are these idiots sending out private information in a email?
Do they really not understand that revealing private data is not in anybodys best interest.