I'm also a Googler these days (via Fitbit). The assumption being made in this entire discussion is that the purchases are mined from Gmail, but that doesn't appear to be correct.
From the screenshot, the items are part of the "Purchases and Reservations" activity category that the parent points to. According to to the help documentation of the category, it specifically refers to purchases made directly within Google Search, Maps, or Assistant. I personally have precious few (4) items in this category, particularly when compared to the large number of purchase confirmation emails sitting in my Gmail account. And there is a UI for deleting the purchase records from my history.
Meta-comment, I find discussions of this type tend to elide the distinction between data used for personalization with data used for advertising. Say what you will about the very fact that the same organization has both, but I do think the distinction is both important, and communicated well neither by Google nor by anyone else writing on the topic.
If I send an email to someone appearing to expect a reply, and I don't get a reply within X days (I think X=5), Gmail surfaces the email with a chip saying "Sent 5 days ago. Follow up?"
If I receive a travel reservation confirmation email, I receive a calendar reminder on my phone a few days before the trip.
This is personalization. But years ago Google made a commitment not to use Gmail data to customize ads (after initially doing so). So there's a real difference between personalization data and ads data.
Closer to home for me, we are legally barred from using Fitbit data for ads or allowing any system (or person!) in the Ads organization to access it in any way. But nobody said we can't personalize your Fitbit experience based on data derived from, say, your Fitbit exercise history.
I was spooked enough yesterday by newsweek offering to take my money and showing my gmail user details! Why do third party sites have access to my full name? I'm running an adblocker, a DNS block list, disabled third party cookies etc. Anyway I think my gmail account's days are numbered. Maybe I am willing to trust Google or at least compromise but not newsweek.
Yeah, it happens in Firefox for me too. If I'm signed in to Gmail in Firefox and visit, say, Kayak or Priceline, I get the same popup. Safari seems to block it though.
There's a particular type of "login/signup to this site with your google account" popup that only happens in chrome. From the comment posted, that appeared to be what they meant.
>> This is personalization. But years ago Google made a commitment not to use Gmail data to customize ads (after initially doing so).
Oh! Well, I actually did not know this. You are saying they realized they shouldn't use my Gmail to customize what ads they show me; how can I verify you are right to say so?
>> So there's a real difference between personalization data and ads data.
Googler here, who worked on Workspace (which gmail is a part of). Anyone who works in workspace could confirm that, it's something that is taken very seriously. On the personalization side - smart compose in gmail, where there's typing recommendations, that's personalization, where a machine learning model looks at your email and generated a specific model for you that suggests text. The data never leaves gmail, and it's not used for any other purpose, and no one has access to it. That's different than, "let's use your email to generally learn about you and recommend ads or content to you".
Google processes your data to fulfill our contractual obligation to deliver our services. Google’s customers own their data, not Google. The data that companies, schools, and students put into our systems is theirs. Google does not sell your data to third parties. Google offers our customers a detailed Data Processing Amendment that describes our commitment to protecting your data.EY, an independent auditor, has verified that our privacy practices and contractual commitments for Google Workspace and Google Workspace for Education comply with ISO/IEC 27018:2014. For example:
We do not use your data for advertising
The data that you entrust with us remains yours
We provide you with tools to delete and export your data
We are transparent about where your data is stored
You can get even more detailed in the DPA:
Customer instructs Google to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services and TSS; (b) as further specified via Customer’s and End Users’ use of the Services (including the Admin Console and other functionality of the Services) and TSS; (c) as documented in the form of the applicable Agreement, including this Data Processing Amendment; and (d) as further documented in any other written instructions given by Customer and acknowledged by Google as constituting instructions for purposes of this Data Processing Amendment.
If I'm using a free personal account, where is the contractual relationship? My understanding is the terms are "take it or leave it, G can do anything permitted by law, and the user has no standing in court for any harm related to G's services". Is it possible for an individual to pay a token amount to get a real contract? Not intended personally, just trying to understand
There is no free account. You pay with your data. Recent right to repair legislation in Germany makes the concept of "paying with your data" explicit for the first time even in law text. So courts can no longer doubt that it is paying. But of course it has existed implicitly for years in many contexts. Not sure whether there have been high profile cases whether giving data is "paying" or not. A contract does not require payment by money.
Whether a contract is formed when you register and agree to their terms would depend on locally applicable law. I don't recall stories that courts would have deemed registrations on the internet invalid in general. Certain terms in the aggreement definitely.
The terms of service and privacy policy (https://policies.google.com/privacy) are the contract. And my rough understanding (not based on reading the contract, something said internally at Google a while ago about what is in them) is:
- Your "content" (data in Gmail, Docs, Photos, etc) won't be used for advertising. (Only for personalization, like the Gmail smart compose, asking Assistant about the status of your order, etc.)
- Your "activity" (your searches, etc -- what you can see at https://myactivity.google.com/item roughly) can be used for advertising, though you can turn it off (see https://adssettings.google.com) or delete it. (IIUC, you have more granular privacy controls as a logged-in user as you can delete individual items….)
This is how it should work. But there is no way to verify if that is also how it actually works. So it amounts to a pinky promise and from any large company that to me is not enough, so while I appreciate your candor and your belief in that your employer is abiding by this I hope you will forgive me from having a lot of lingering skepticism.
Fundamentally it’s impossible to prove a negative, so agreed that it’s a pinky promise. I would say that I am a little closer to the problem space than just ”believing” from my time working in this area and dealing with these issues.
I routinely dealt with situations where connecting workspace data with other teams, even with explicit opt-in from users, at best required building incredibly detailed data scrubbing and log redaction to ensure no user data persisted outside of the workspace systems, in case it might accidentally end up used for some non-workspace purpose. At worst it was simply not possible, or not worth the other teams time to build things to a standard that would satisfy legal and privacy.
For sure, it’s possible there is some secret system or accidental data exposure, as I said, can’t prove a negative. But I will freely confess that I was someone who was generally skeptical of Google’s approach to data handling and always believed Gmail data and everything else was mined for every purpose until I joined Workspace. Once I was inside and saw how carefully it was treated and how many rules there were around anything you do with user data even within the Workspace teams, I was honestly nonplussed. It made product development harder.
Yeah, that statement is an oversimplification of an oversimplification. The idea behind it philosophically is that it is far easier to prove that something exists/is happening than to prove that it is not. Essentially that if someone is going to make the claim that google is doing X, the proof is easy: a single instance of it happening. To prove google is not doing X requires you to create a collection of all of googles actions, prove that it is a full collection of their actions, and then prove that within that collection exists what the topic of debate is. Therefore, while it is not technically impossible to prove that google is not doing X, for the purposes of debate we should treat it as if it is and the burden or proof should rely on the person claiming that google is doing X.
Of course, as people living in the world we don’t necessarily need full proof to try and protect ourselves from the actions of an entity we don’t have full knowledge of. But saying “I don’t want to give google X data because of what they theoretically could do with it” is different rhetorically from saying “I believe that google is doing X with the data, and if you don’t prove otherwise it’s probably true.”
I just grabbed that from the support article because it was first in my search history - that's the support article related to @domain.com workspace users, so it's framed in that context. For the purely consumer use case (it's the same):
> When you open Gmail, you'll see ads that were selected to show you the most useful and relevant ads. The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you're signed into Google. We will not scan or read your Gmail messages to show you ads.
The way you state this is as if Google is absolutely transparant about the data they're gathering and processing. Yet in practice it's nearly undoable for even experienced readers.i get emailed on a regular basis that Data processing agreement X of Google Service Y has been changed. Than there's is also the plethora of dark patterns within Google, for example the location functionality on Android. I get prompted that my location functionality is not working and that I must enable wifi tracking as well. Location is just working fine, be it on a worse resolution. Now if you'd be honest in the prompt, you wouldn't suggest the service is broken, but gave it less attention. If Google were really honest and transparant on all the data they're using, and making it easy for users to make a choice in how and what, than my take is that most users would opt-out.
But luckily google provides us with a completely gdpr compliant opt-out for Google Analytics.
To be 100% clear, I'm only talking about gmail, and by extension, Workspace, because I until recently worked there and saw firsthand how data was treated.
"Oh! Well, I actually did not know this. You are saying they realized they shouldn't use my Gmail to customize what ads they show me; how can I verify you are right to say so?"
and then my response:
"Googler here, who worked on Workspace (which gmail is a part of). Anyone who works in workspace could confirm that, it's something that is taken very seriously."
It's a cut and paste from the linked support article, hardly my preferred mode of communication. Elsewhere in the thread I cut and paste from other content that's a little bit more plainspoken.
My comment was directly in reference to this thread's topic, which is the use of gmail data for ads vs. the use of gmail data for the personalization of gmail. Your comment isn't germane to that topic.
True, but the "no one has access to it" part is an unequivocal statement that happens to be false. We should keep in mind at all times who has access to all of Google's data whenever they wish.
You can't do threat modeling if you don't accurately model the various threats. Everyone at Google could be completely trustworthy but there's still huge insider risk thanks to US spying.
Again, my comment about "no one" was in the context of ads personalization, as in "no other part of google that might want to consume the model for broader use".
If we are going to do "threat modeling", we should also talk about the risk of nation state actors penetrating Google, or compromising your browser and getting access to your gmail that way. Or an accidental bug that changes everyone's password to be 12345. Yes, or the federal government could subpoena it.
Lots of things could be true and possible, but none of them are relevant in a discussion that's about the _internally permitted use of data within google_.
They are relevant in a discussion that's about the data flow from when Google gets data. As a Googler, the distinction between the two might feel very different, but as a user, I don't care whose fault it is, or what's technically going on in the legal description of Google's corporate structure; I didn't even notice the distinction between the two conversations (and assumed you were having the one I mentioned) until you pointed it out.
The message doesn't really land with me because it's so specific. Not using collected data for "ad targeting" leaves a LOT of room for uses of the data that I object to, including marketing purposes that don't happen to be ad targeting.
That's good because my mailbox is filled with mail from other people. I signed up to gmail on day one using the x.lastname(at)gmail.com address format. Before dot meant "alias".
However I now get email from various people around the world with xlastname(at)gmail.com addresses. Apparently your email is not unique in the world, but only in your region, kind of (?!).
I get important emails (hotel bookings, insurance mails, trip reservations, orders, lawyer documents) from people which use xlastname(at)gmail.com in the USA, Canada, Australia, and Europe. All with similar names to me, obviously the surname is the same, but first name is different, just the same initial.
I've confirmed (by contacting some of them) that they are not missing out on any important documents. For some reason Google's system is duplicating emails meant for other people into my mailbox.
Only mails using x.lastname reaches MY inbox. If I tell someone I know to send a mail to xlastname I wont receive it, making the statement here...
> However I now get email from various people around the world with xlastname(at)gmail.com addresses. Apparently your email is not unique in the world, but only in your region, kind of (?!).
No, it's globally unique. I worked on this system for years. When it looks up an email address, it first looks in a globally consistent database [1] for an email record keyed by "canonicalized" address, with dots stripped out, everything in lowercase, and certain letter/number combinations replaced that are too similar like '1'->'l'. So if you sign up with x.lastname(at)gmail.com, no one else in the world can have xlastname(at)gmail.com, x1astname(at)gmail.com, xl.astname(at)gmail.com, etc. Part of this record's value is the original email address with the 'l's and '1's how you chose them. If those don't match the query, the system returns not found, just as it would if there were no record for the canonicalized form.
> I've confirmed (by contacting some of them) that they are not missing out on any important documents. For some reason Google's system is duplicating emails meant for other people into my mailbox.
I'd be _shocked_ if that were true. It'd be a very serious privacy incident and is contrary to my understanding of the system. Far more likely it's what I've seen with my own email addresses. Someone else incorrectly writes your email address instead of theirs into some system. Usually you're the only person who gets the email, but they might send something to two addresses, or they could even set up a forwarding rule from an address they have to an address they incorrectly think they have. They may say they're not missing any important documents, but maybe they have the documents in another system and don't know they're supposed to have gotten an email copy also. Or maybe they don't know what they're missing and don't understand what you're saying. This group of people was not selected for tech savviness. They might have just made a typo once, or they might keep doing this because they don't understand email at all.
> Only mails using x.lastname reaches MY inbox. If I tell someone I know to send a mail to xlastname I wont receive it, making the statement here... https://support.google.com/mail/answer/10313 ...false (for me).
That's odd. You can write to support if this is a problem. Support tickets actually reach engineers when necessary (yes, even for free gmail.com users).
It seems vaguely possible given the age of your account that your email record state and the current code are inconsistent in some way, like the field that stores your email address with the 'l's and '1's in your preferred form actually having the dot when it's not supposed to or some such. If there is such an inconsistency, one of my former teammates will fix the code or the database state (running a cleanup that finds all affected records) so they're consistent.
Or maybe the xlastname ones are just ending up in your spam folder. /shruggie
I have fullname@gmail.com, and I routinely get full.name@gmail.com mail intended for what is obviously two different people. I have no idea what their real email addresses are of course, but I've contacted both of them on Facebook and tried to explain that full.name@gmail.com is my email address, not theirs - neither replied, both continue to use it for tons of sensitive stuff. I don't understand why they haven't noticed the lack of critical, sometimes personal, email. It's bizarre.
I have a first-initial-lastname gmail address and receive more email for people with same-first-initial-lastname than I do actually for myself. One of them likes to go to expensive hotels somewhat often. I get the receipts. It's weird.
Trust once broken is next to impossible to restore. Besides that there is no way to verify this for outsiders, so you may as well assume that it is done because there is money in it. Google lost the moral high ground in these discussions long ago.
If Google personalizes your data, but doesn't pipe it into ads.google.com, then it's not ads data.
> how can I verify you are right to say so?
I mean, you could say "how can I verify Google isn't using my Google password to decrypt my Chrome data and pipe it into Google Ads", but you'd have no way of verifying that, besides taking their word for it. https://variety.com/2017/digital/news/google-gmail-ads-email...
That’s the crux with tech these days. Many companies took advantage of people’s data when they shouldn’t have. If they want to walk that back and behave in a good way, how can anyone prove it.. taking their word for it isn’t good enough.
For example, data on which videos on YouTube I watch are used to personalise my recommendations. My feed becomes subjectively more interesting to me. The ads aren’t personalised because I don’t see any ads. So my data is being used, just for my benefit. Does that make sense?
I see ads on my Apple TV but they're not personalized, just random food delivery, lots if ads for chips, shampoo and meds, or the usual junk that you see on cable TV. I fail to see how this brings me any benefit.
> If you're watching YT and think you are not seeing ads, then you're being foiled.
Actually running an ad blocker/paying for Premium means you aren't seeing ads, pushed by Google. Any creator might be showing you sponsorships/product placements of course, and Google has no say in that.
When I say "you're being foiled" I'm not talking about product placements. I'm talking about how Google designs its sorting algorithm for me, on my personalized YT front page and how that assortment challenges me to become involved, enticed even, to view/buy certain things.
So you think google is guiding you, based on your profile based on all the data they have collected on you, to (for example) specific tech product reviews in order to entice you to consume goods at retailer walmart/dell/apple/samsung etc?
Exactly. The more data, the more control over interactions the other party has to extract maximum value. I’m always surprised when people don’t understand this. They get it if you talk about the real world, but don’t if suddenly the information is exchanged over computers.
From the screenshot, the items are part of the "Purchases and Reservations" activity category that the parent points to. According to to the help documentation of the category, it specifically refers to purchases made directly within Google Search, Maps, or Assistant. I personally have precious few (4) items in this category, particularly when compared to the large number of purchase confirmation emails sitting in my Gmail account. And there is a UI for deleting the purchase records from my history.
Meta-comment, I find discussions of this type tend to elide the distinction between data used for personalization with data used for advertising. Say what you will about the very fact that the same organization has both, but I do think the distinction is both important, and communicated well neither by Google nor by anyone else writing on the topic.