Quick Links

There’s a story spreading in the news today that Google is letting companies scan through your email and sell the data, but this is really misleading. So what's actually going on?

The way the story is framed makes it sound like something very nefarious is being allowed. Google is letting companies scan my Gmail account? What?

Google Inc. told lawmakers it continues to allow other companies to scan and share data from Gmail accounts, responding to questions raised on Capitol Hill about privacy and potential misuse of the information contained in users’ emails.

As usual, the reality is a lot different than the headlines, and Google isn’t doing anything wrong here.

What’s Actually Happening?

There are tons of services that you sign up for, give them access to your email account, and they will scan through and find your receipts and bills and help save you money, or find tracking numbers and help you track incoming shipments.

And there are other plugins for Gmail that provide all sorts of different services, from helping with reminders to unsubscribing you from unwanted email.

Because you are giving access to your email account, these services can read, scan, and otherwise go through your email to provide their service. They are even allowed to bundle up data on everybody and sell that data, as long as they remove all personally identifiable information, like your name, street address, IP, and other similar data.

But... this is all your choice. If you want to give something access to your email, that’s your choice.

In the real world, imagine renting an apartment from a company that has a digital lock on the door and then giving the unlock code to a cleaning service, or Amazon, or a salesperson. Does that mean that the apartment complex is illegally letting a salesperson into your apartment? Of course not, because you’re the one that gave out the code.

To Be Clear: You Should NOT Give Anybody Access to Your Email, Ever

Yes, it’s your choice to give some company access to your email when signing up for a service or app.

It’s also a really dumb choice. Don’t do it.

There’s an obvious problem of having your personal data swept up into a massive database somewhere that is being “scrubbed” of personal data, but still probably has way too much information included. It’s increasingly becoming difficult to retain our privacy in this digital world, and willingly handing off your data to somebody isn’t a great idea.

But the much bigger problem is that once you give somebody access to your email, now they have the “unlock code” to your email’s front door. And since our email addresses are the master key for our entire digital life, you’re now placing that unlock code in the hands of a third-party company that will most likely be hacked at some point, giving hackers access to your email. It's like telling somebody a secret: the more people you tell, the less likely that it'll remain a secret because somebody can't keep their mouth shut.

Related: Don’t Give Apps Access to Your Email (Even to Save Money)

This Isn’t Just Google Either, It’s Any Service with an API

This story is screaming about Google, but the reality is that these third-party services operate off any of the major email providers like Yahoo, Outlook, AOL, and others, because they simply use an API to access your email account. But the headline says Google, so that's what everybody is going to worry about, despite the fact that this is so much bigger than Google---it's just how things work on the internet.

The modern web is built on services that are able to connect to each other, because way back when, any time a popular service was in a silo that couldn’t be accessed by other apps and services, everybody freaked out and said that company was being anticompetitive and wasn’t supporting “open standards”.  Eventually, companies got smart and started embracing open standards and interoperability (seriously, even Microsoft did), and everything had to have an API even if it didn’t really need one. Web services were able to build on each other and create really amazing new mashups that we take for granted today.

But as soon as you open up access to your platform to third-party companies... they now have access to your platform. And then, of course, the security and privacy problems start, and companies are now having to limit and control how all of these things work.

All of this whining is just part of the natural growth cycle of the internet, where amazing new things are created, and then abused, and then controlled, and then more new things come along. It won't be long until people start complaining again about the web giants keeping everything in silos to prevent competition.

How to Check What Has Access to Your Email (And Remove Access)

As we stated earlier, we absolutely think it’s silly to give anything access to your email account. But what if you aren’t sure if you gave anything access before? Or maybe you know you did and now you realize that was a mistake.

Luckily it’s pretty easy to revoke access to your email. If you’re using GmailOutlook.com, or Yahoo! Mail, just click the links to go to the panel and find the third-party apps you don’t trust and remove them.

Related: Secure Your Online Accounts By Removing Third-Party App Access

If you’re using a different account, go into your account settings page and look for a panel that says something about apps or services that you’ve given access to.

But at the end of the day, it’s your decision.

Image Credit: Shutterstock