PDA

View Full Version : Watch out for Google Mail!


Ed Plowman
December 12th, 2005, 07:28 PM
UPDATE: The Tapcis-related issue I raised in the initial post here has been resolved (see my note to Heinz in this thread). Although Google Mail has switched to UTF-8 Base64 encoding as its default for transmitting most email (causing Tap to toss gmail msgs directly into the TAPCIS\DL *.BIN dumpster), the user can go into setup and change UTF-8 to the default ASCII character set. When this is done, Tapcis happily works properly.

If you have similar trouble receiving gmail msgs, tell the sender to (1) change the UTF-8 spec to the "default" ASCII, and (2) be sure to tell the sender to click on the Send as Plain Text button when sending.

I have retained a section of the initial msg that deals with security issues, so as to keep replies intact.

Ed Plowman

--------------------------
...

One of our publication's editors uses gmail. I forwarded to her a copy of a recent Washington Post article by the author of a new book on Google; the author strongly recommended that email users NOT use gmail if they use Google for searches. I also underscored its warning about Google saving all the email on its servers to mine personal info, ostensibly for advertising purposes. Google explains this is the cost of getting to use gmail for free. (Can you believe: I'm now starting to see email msgs arriving with ads supplied by a third party!!!)

Security should be a HUGE concern. Most people routinely include confidential or sensitive info in email. Third parties from government snoops to disgruntled/opportunistic employees have/will have access to it.

ed p.

ndebord
December 12th, 2005, 10:33 PM
Ed,

It was bad enough to realize that Google Email was using your not-so-private email for advertising purposes, but when I learned that Google places the "eternal" cookie on your hard drive which was synched with its dBase, I dumped it altogether. The idea that Google is the repository of all my searches (all my emails) and could, conceivably, give say the FBI a complete file on my surfing history, makes me shiver with fear. I still believe in the 1st Amendment, although that is becoming increasingly an archaic proposition.

My new backup email is Yahoo (despite its craven behavior with China). Still looking for something more permanent, although since I do do dial-up, ISP COM is my current flavor of the month.

Jeff
December 13th, 2005, 01:26 PM
Ed,

It was bad enough to realize that Google Email was using your not-so-private email for advertising purposes, but when I learned that Google places the "eternal" cookie on your hard drive which was synched with its dBase, I dumped it altogether. The idea that Google is the repository of all my searches (all my emails) and could, conceivably, give say the FBI a complete file on my surfing history, makes me shiver with fear. I still believe in the 1st Amendment, although that is becoming increasingly an archaic proposition.



"eternal cookie", Nick? And it's a result of simple searches? How do I nuke it?

- Jeff

Ed Plowman
December 13th, 2005, 04:13 PM
Jeff,

I =think= the "eternal cookie" refers to something Google included in its Google Desktop (with its Google toolbar). A cookie that is set to expire in 2038 or so, that tracks all your searches. Ostensibly to help Google target the "right" selection of ads at you.

However, Google reportedly has a number of government contracts for its data, and I doubt whether the feds are interested in serving up appropriate ads to you! Google isn't saying what use the gov't may have for knowing your search results.

Google hopes to make Google Desktop into what amounts to an "operating system" (in appearance) on top of Microsoft Windows. It's all about money and advertising. Microsoft is nervously pacing the floor.

Maybe someone else has more specific info. I'd like to know more, too.

ed p.

Ed Plowman
December 13th, 2005, 04:20 PM
Jeff,

...and by the way, FWIW, SpySweeper and other anti-spyware programs can identify and remove, at your option, SOME known spyware cookies, but leave most cookies in place.

I regularly do Start |Find | c:\windows\cookies | all files containing the text "Google" | Select (highlight) | Delete. And I do this with other product cookies as well (Real, etc.).

I don't know why, though. I really don't care who knows my search words, what products I consider, which news sites I visit, etc.

ed p.

Jeff
December 14th, 2005, 01:51 PM
Ah, I don't have Google's 'desktop' and no way in hell would I ever install such an invitation to invasion. And I wipe all cookies once a week. It just sounded like 'eternal' meant a cookie hidden in the root or something.

- Jeff

heinz57g
December 15th, 2005, 04:16 PM
ed, its me again (sorry!). just had test mails sent from 3 diff Gmail accounts to my classic CIS account, all received well and perfectly readable. could it be that your TAPCIS uses a diff language/country/character code?

since i have no way telling people i dont even know what system to use if they want to write to me, and a rather increasing number uses Gmail day by day, it would have rather upset me if it was any different.

when was the last time you checked?

the person who knows all about character codes used to be marijke. hey dutchy, are you hiding somewhere?

greetings - heinz -

Ed Plowman
December 15th, 2005, 09:08 PM
Heinz,

I'm =glad= you are receiving gmail. You can be a ready tester!

Are you using Tapcis to receive your gmail? This is where we see the problem.

If you ARE receiving gmail normally when using Tapcis, that would be of great interest to me. Pls send me a copy of the Internet mail "routing slip" also known as the Internet header for one. Do not FWD: as this can add an extra tier of confusion to the process. (Just block and paste that section of the Tap msg into your Reply to me; be sure to mark Tap to retain the format.)

With standard HTML mail, which has two parts, Tapcis pulls out the plain text (ASCII) header and enters it as the msg for its MAIL.MSG file. It dumps the HTML formatting into \tapcis\DL as a .BIN file.

With gmail, Tapcis sees =three= parts. For example, MAIL001.BIN is the plain text header we see in other HTML mail. MAIL002.BIN is a hybrid: it contains both the text AND a few HTML codes. MAIL003.BIN is the HTML format codes.

For months, the gmail msgs acted like normal HTML ones received by Tap; the text was distilled into MAIL.MSG, the .BIN junk could be tossed out. My editor would specify send as Plain Text in posting her msgs. She still does. But in October, I learned, Google changed to sending in 6-bit and Base64 encoding. She still specifies to send as Plain Text, but gmail =appears= to ignore that request. What really is happening, I =think=, is that Tap (Compuserve) sees the [unrecognizable] 6-bit designation and automatically consigns the post to .BIN status -- BEFORE gmail uncompresses the file during transmission and translates it into standard text. But I don't really know.

Dismayed Listserv users report the same problem. (Listserv downloads use ASCII and work on the same principle as MAIL.MSG; incoming msgs are appended to the same file. However, since October, gmail posts won't go there.) If you do a search for: Google mail Base64 "plain text", you'll probably see similar complaints about the problem.

Thanks for your interest and help.

ed p.

p.s. Are you in the Stuttgart area? Years ago, we had some Tapcis forum members and volunteer tech ass'ts who lived in the area.

heinz57g
December 15th, 2005, 10:13 PM
sure, ed, i was talking about TAPCIS and TAPCIS use only. thats all i use, if i can avoid the others, and with some 200 mssg/day it is still going strong.

if i look thru the mails of the past few days, there have been some 20 from GMAIL users, all came in fine.

if it helps, here one of the headers:

*******************************************

Sender: xxxxx@gmail.com
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.204])
by liaag2ab.mx.compuserve.com (8.13.4/8.13.4/g1.1) with ESMTP id jBFBbVCJ011070
for <100022.102@compuserve.com>; Thu, 15 Dec 2005 06:37:31 -0500
Received: by zproxy.gmail.com with SMTP id m22so373871nzf
for <100022.102@compuserve.com>; Thu, 15 Dec 2005 03:37:20 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;
h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
b=HSSTxLnRA9p/KERGsZncHjzGhxMlRHAGMmFmt19wMi1F3/amfTZ7YpBuDcO1pomim8xXqETV8hcYBuRik+WgTxtZtW6q25vl LpLwkBFwxH/S3LmCUcqmv5I1Fezo3E7JCyRNYJBkW6oh+at3wenERms1AYf9T BItPj1zSEuPOxY=
Received: by 10.65.222.3 with SMTP id z3mr964017qbq;
Thu, 15 Dec 2005 03:37:19 -0800 (PST)
Received: by 10.65.95.6 with HTTP; Thu, 15 Dec 2005 03:37:19 -0800 (PST)
Message-ID: <1c9baade0512150337m364c5c8au18ee0fc4ab929852@mail. gmail.com>
Date: Thu, 15 Dec 2005 12:37:19 +0100
From: XXXX <xxxxxxx@gmail.com>
To: heinz <100022.102@compuserve.com>
Subject: trial for coding
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Virus-Scanned: ClamAV version 0.87, clamav-milter version 0.87 on liaag2ab.mx.compuserve.com
X-Virus-Status: Clean

mike, we finally got all the accounting ...

********************************************

stuttgart, yes. theoretically at least. at the moment more in eastern europe and the far east, the perpetual gipsy.

greetings - heinz -

Ed Plowman
December 16th, 2005, 11:39 AM
Heinz,

Thank you much for posting this header.

I'll have to study some, but not much looks different. We do know that in Oct. Google mail servers switched to a 6-bit transmission spec, with a different compression scheme. Since other U.S. Listserv users are reporting the same problem, I'm now wondering if Google's European servers are still sending 7-/8-bit. If so, this could explain the differing results.

I'm going to bug the Google techs some more. And push harder to get my editor to switch to a different email program.

ed p.

Ed Plowman
December 16th, 2005, 07:28 PM
Heinz,

Mystery solved. Thank you. These lines were the answer to the problem:

>>Content-Type: text/plain; charset=ISO-8859-1
>>Content-Transfer-Encoding: quoted-printable
>>Content-Disposition: inline

Although Google switched to sending all mail under UTF-8 character code and Base64 encoding for its default, it's still possible for users to go into setup to change the defaults. I walked my editor through it, she made the change, and it worked.

It's something to remember if any of your correspondents run into the same problem.

Thank you for your time and input. I'll retreat back into the shadows.

ed p.

Peter Creasey
December 17th, 2005, 09:25 AM
the author strongly recommended that email users NOT use gmail if they use Google for searches. I also underscored its warning about Google saving all the email on its servers to mine personal info, ostensibly for advertising purposes. Google explains this is the cost of getting to use gmail for free. (Can you believe: I'm now starting to see email msgs arriving with ads supplied by a third party!!!)

Security should be a HUGE concern. Most people routinely include confidential or sensitive info in email. Third parties from government snoops to disgruntled/opportunistic employees have/will have access to it.


Ed etal, For some reason, I can't get exercised about Google being a security risk. I use gmail as a backup email...mainly to give to vendors and the like.

What is the consensus here? Are gmail accounts risky? Should they really be avoided?

Ed Plowman
December 17th, 2005, 10:11 PM
Pete,

I sent the following to a friend in November:

You'll be interested in a couple of excerpts here re. Google Mail. The author, David Vise, is a Pulitzer Prize winning Washington Post business reporter whose co-authored book on Google was released this month. The first excerpt is from a Wash Post online Q&A. The second is from his recent article in the Post.

You'll recall my passing along the info that all your gmail incoming and outgoing posts are stored on Google's servers, and your personal info is mined for Google's own purposes. Google is expanding rapidly and, some would warn, ruthlessly. Worth exercising a little caution.

Here's Excerpt #1, suggesting why you probably shouldn't use
gmail if you use Google to search:

------------------------------

Wash. Post 11-15-05

David Vise answers on-line questions re. Google:

Washington, D.C.:

READER:

Thanks for taking on this interesting and relevant topic. We've already seen that Google's goal of organizing the world's information has run into staunch opposition by a number of groups concerned about privacy issues--e.g. gmail's ability to place advertisements based on keywords in emails. It seems that as Google becomes more efficient, these concerns are only going to grow louder and become more important. Is there a middle ground that will allow us to get information quicker, faster and more efficiently while satisfying privacy concerns? If yes, do you think Google is on that track?

DAVID VISE: Privacy advocates suggest that you would be wise to do Internet searches in one place, say Google, and have your email acounts someplace else. This is to safeguard privacy since having Google searches and a Gmail account would put a lot of information about you in one database. Google, as a for-profit enterprise that is very data-driven, knows a lot more about you then you know about Google.

-----------------------

And here's Excerpt #2, from Vise's much-talked-about WP article (see URL below), based on info taken from his book:

[Note espec. my four marked ***'s. Imagine that: mining your email content to insert targeted ads into your msgs!!! - e.p.]

...Consider the wide-ranging implications of the activities now under way at the Googleplex, the company's campuslike headquarters in California's Silicon Valley. Google is compiling a genetic and biological database using the vast power of its search engines; scanning millions of books without traditional regard for copyright laws; ***tracing online searches to individual Internet users and storing them indefinitely; ***demanding cell phone numbers in exchange for free e-mail accounts (known as Gmail) as it begins to build the first global cell phone directory;***saving Gmails forever on its own servers, making them a tempting target for law enforcement abuse; ***inserting ads for the first time in e-mails; making hundreds of thousands of cheap personal computers to serve as cogs in powerful global networks....

The excerpt is from:

The Washington Post, November 13, 2005 Sunday
November 13, 2005 Sunday

WHAT LURKS IN THE SOUL OF GOOGLE?

BY David A. Vise

NOTES: David A. Vise is a Washington Post business reporter and the co-author with Mark Malseed of "The Google Story," published this month by Random House (vised@washpost.com).

Vise, a Pulitzer Prize-winning journalist, writes about Google in Sunday's Outlook section -- " What Lurks in Its Soul? ."

---------------
Wash. Post, David Vise's article on Google:

http://www.washingtonpost.com/wp-dyn/content/article/2005/11/11/AR2005111101644.html

----------------

Wash. Post, David Vise discusses his new book on Google with readers online.

http://www.washingtonpost.com/wp-dyn/content/discussion/2005/11/09/DI2005110901098.html

---------------
ed p.

Peter Creasey
December 18th, 2005, 09:10 AM
Pete, I sent the following to a friend in November:
You'll be interested in a couple of excerpts here

Ed, thanks for providing the additional food for thought.

davidh
January 7th, 2006, 03:48 PM
UPDATE: ...
If you have similar trouble receiving gmail msgs, tell the sender to (1) change the UTF-8 spec to the "default" ASCII, and (2) be sure to tell the sender to click on the Send as Plain Text button when sending.

I gather from reading parts of this thread that the problem has to do with Compuserve mail server (Classic protocols as opposed to RFC pop3 protocol) splitting HTML part(s) of a message off into separate messages and that the choice of gmail/sender/whoever to use UNICODE/UTF-8 causes the generation of the sent message text into HTML because many email clients would not render UNICODE correctly as plain text. (However, I think I recall being able to corrcectly display Vietnamese UNICODE/UTF-8 in notepad and/or wordpad on Win XP, so it is possible that some "plain text" apps could do the job.)

TAPCIS then sees these extra message parts (which are not identified as plain text) and assumes that they are therefore binary and plops them into DL folder, for example.

As you say, one way to solve the problem is to have the sender force the sent message into plain text. This could be a problem if one has to deal with the problem with many such correspondents. Or if the correspondent is hesitant to make the required setting changes, etc.

There are a couple of other ways to solve the problem which I made macros in TAPCIS for. Unfortunately, I don't use TAPCIS now.

One way is to download all the message parts with TAPCIS using the Classic protocol and then have a macro that converts (to ASCII) the HTML message part out of the DL folder and puts it as plain text into the regular TAPCIS message file.

The other way is to have a TAPCIS macro that invokes a POP3 Mail Transport Agent (MTA) to download the message in one single chunk (may not be desireable if it contains images or HTML).

I wrote macros for TAPCIS for both methods, and might still have them somewhere if somebody is really interested. However, the documentation would be either pitiful or non-existent.

I miss TAPCIS a lot, but it was just too much work for me to make all the modifications that would make it convenient to keep using. Esp. when I have no idea how much longer Classic Compuserve protocols would continue to be supported.

David H.

davidh
January 7th, 2006, 04:10 PM
I use gmail for most of my email, but I do NOT use the web interface. Instead I either pop it with POP3 and SSL directly from gmail or forward to a mail server that uses regular POP3 instead of SSL POP3. Furthermore, I configure gmail to put all the messages into gmail trash as opposed to leaving them in the inbox or archiving them.

I realize that this defeats the main purpose (searching) of gmail, but my main motives are 1. keep the same email address when I change ISP's 2. access both by POP3 *and* web.

I try to avoid any extra toolbars such as google toolbar, but I wonder if google still keeps information about the contents of my email even after it's erased from the gmail trash folder (after 30 days)? I mean besides the archives that they would have to keep anyway to comply with whatever gov't regs, etc. e.g. for "homeland security".

David H.

BTW
Yahoo allows EXE files in attachments or in archives (e.g. ZIP) inside attachments. But gmail does not. I assume this might be because Yahoo has a virus filter and gmail does not, yet. I like the yahoo web interface better too.

I just don't like the slowness of web interface, even with DSL on a 2Ghz+ PC. Thunderbird doesn't load that fast either, so I prefer Foxmail (my main email program) or Pegasus. Of course TAPCIS would probably make all of them look slow if it could have worked on POP3/SMTP.

David H.

davidh
January 7th, 2006, 04:48 PM
but I wonder if google still keeps information about the contents of my email even after it's erased from the gmail trash folder (after 30 days)?

It appears that the gmail ads are based on the single individual message that one is reading (at a particular moment) via web interface. Furthermore it appears that backup data (data retention) is naturally off-line as would always be expected.

To me it only makes sense that the ads be based only on the message that one is currently reading. For example, what if one receives a spam message for porn that does not get caught by the gmail spam filters. And then suppose that gmail "remembered" that one had received a porn message 3 weeks ago and on that basis decided that it should today display a link to a porn service while one is reading a message on "Winnie the Pooh". How well do you guess that the gmail business model would fare if that kind of thing happened on a regular basis?

I have not looked into Google toolbar at all, so have nothing to say on the subject.

I don't own any Google stock and don't necessarily believe that Google is any more or less beneficent than any other company. However, I suspect that a lot of the reason why suspicion about gmail might be popular is because people like to gossip and people like to draw attention to the sensational and to themselves. Not to mention ignorance and laziness e.g. to read and understand the privacy statement. (I'm guilty too, I almost always install software without reading the license.)

Below are some excerpts based on their (gmail) more detailed privacy statement:

"More on Gmail and privacy"
http://mail.google.com/mail/help/more.html

"Targeted ads in Gmail
... ads are never inserted into the body text of either incoming or outgoing Gmail messages."

"Scanning email content
... It is important to note that the ads generated by this matching process are *dynamically* generated each time a message is opened by the user--in other words, Google does not attach particular ads to individual messages or to users' accounts."

"Data retention
Some news stories have suggested that Google intends to keep copies of users' email messages even after they've deleted them, or closed their accounts. This is simply not true. Google keeps multiple backup copies of users' emails so that we can recover messages and restore accounts in case of errors or system failure. Even if a message has been deleted or an account is no longer active, messages may remain on our backup systems for some period of time. This is standard practice in the email industry, which Gmail and other major webmail services follow in order to provide a reliable service for users. We will make reasonable efforts to remove deleted information from our systems as quickly as is practical."

Ed Plowman
January 10th, 2006, 11:15 AM
David,

Good stuff. Thanks.

Yes, I got my editor to switch off the UTF-8 setting, and now the msgs arrive in Plain Text (plus the useless HTML .bin file).

As for ads and the gmail privacy statement, a little bit of double talk going on there. First, Google says, no "targeted" ads are inserted into "body text." Then, it goes on to explain that "the ads" readers see "are generated...."

I and others HAVE seen ads in emails. Whether they are embedded in the body text or in some sort of Google-generated "border" or box accompanying the mail msg makes little difference. The ads are there "somewhere."

>>"Targeted ads in Gmail
... ads are never inserted into the body text of either incoming or outgoing Gmail messages."<<

>>"Scanning email content
... It is important to note that the ads generated by this matching process are *dynamically* generated each time a message is opened by the user--in other words, Google does not attach particular ads to individual messages or to users' accounts."<<

------------------

ed p.

davidh
January 10th, 2006, 05:35 PM
As for ads and the gmail privacy statement, a little bit of double talk going on there. First, Google says, no "targeted" ads are inserted into "body text." Then, it goes on to explain that "the ads" readers see "are generated...."

I and others HAVE seen ads in emails. Whether they are embedded in the body text or in some sort of Google-generated "border" or box accompanying the mail msg makes little difference. The ads are there "somewhere."

Ed,
I NEVER see any generated ads in my GMAIL at all. That's because I only read GMAIL with my regular email programs (e.g. Foxmail and Thunderbird). That is, I never use my browser to read my GMAIL, except when I am checking the spam folder to see if some mail from some company whose legit mailing list I'm on accidentally got routed to the junk/spam folder. That's one of the coolest things about GMAIL, you can totally bypass using a browser.

Furthermore, GMAIL supports a optional pure HTML browser interface so you can do email with obsolete browsers [,probably even with text based (non graphical) browsers such as LYNX].

Based on a CAREFUL reading of their statements I don't see any reason to think that they are more or less dangerous to security and privacy than other web mail such as yahoo, msn hotmail, aol, netscape web mails, etc. I know hotmail had some security problems in past and apparently something at msn is having problems currently (from gossip i heard).

The only problem I have with GMAIL is that the web view THREADS messages with the same subject (e.g. Merry Christmas becomes a thread for everybody who sent that exact greeting to me).

If I was going to use web mail exclusively and never use regular email programs maybe I would use Yahoo mail instead of GMAIL, because the Yahoo web interface is more advanced than GMAIL (still in beta, I guess). But for total overall flexibility with regular email programs (e.g. TAPCIS) it's hard to beat GMAIL. You could even read your GMAIL with TAPCIS (by forwarding from google to compuserve). The only problem with forwarding that I have had is that sometimes some ISP mail servers don't like messages to be forwarded in too many hops and jumps. E.g from a msg poster, to a mailing list server(e.g. yahoo group), to gmail, to earthlink POP3. The mail server thinks it might be spam because it hopped too many times.

TAPCIS is still pretty cool since it's invulnerable to email worms (no HTML, no javascript, etc.).

David H.

davidh
January 10th, 2006, 05:52 PM
I think that if the google mail business model (targeted ads) proves successful, then other like aol, msn, yahoo will follow suit.

I really don't like the large graphic Macromedia Flash Player ads in Yahoo mail. They expand and contract covering up parts of the user interface or message. And the images dance around making me dizzy. I also consider Flash Player itself to be somewhat of a security risk. Furthermore I don't like the ads for dating services and diets appearing with women in bikinis, in case my wife happens to walk by the computer and might get the wrong idea. Google so far only has text based ads, TGIF or whatever.

David H.

Lindsey
January 10th, 2006, 05:57 PM
The only problem I have with GMAIL is that the web view THREADS messages with the same subject (e.g. Merry Christmas becomes a thread for everybody who sent that exact greeting to me).

I thought there was a setting that would tell GMail not to display messages in threads, but I'm not absolutely certain about that, or whether it is sticky if it's there.

The first time I ran into that, I at first thought my messages had disappeared somehow, and it took a couple of minutes before I realized what was going on. (I mostly just use my GMail box as a registration address.)

--Lindsey

davidh
January 10th, 2006, 07:54 PM
I thought there was a setting that would tell GMail not to display messages in threads, but I'm not absolutely certain about that, or whether it is sticky if it's there. I tried once to find a setting, but no luck. Maybe it's there somewhere, but I couldn't find it.

It doesn't bother me anyway since I don't use web view to read my gmail.

David H.

Lindsey
January 10th, 2006, 10:39 PM
I tried once to find a setting, but no luck. Maybe it's there somewhere, but I couldn't find it.
Looks like you're right. But I did find this:


How do I separate messages from my conversations?

Messages grouped together in a conversation can't be ungrouped.

If you find that unrelated messages are grouped together into a conversation, please let us know.

When you email us, please include the full message headers for each of the messages.

To find your message headers:

1. Click More options next to the recipient name(s).
2. Click Show original.
* A new browser window will open. That window includes the full message header. Message headers contain the address of the sender, the address of the recipient, the subject of the email, and the date the email was sent.
3. Copy the header information and paste it in the contact form.



As you said: It's still in beta.

--Lindsey