When someone uses your information for their own benign purposes, is that a security breach? By benign I mean without intent to harm you. The answer is clearly: yes. It is a security breach even if benign.
Think of your email traffic as one chunk of information on your email server (owned and operated by your email service provider). Your chunk (incoming email messages) resides on your email server temporarily (until you retrieve it) together with all the email of your email service provider’s other customers. The server has a database full of email messages.
Databases
Hacking into databases, of course, is one of the major goals of hackers, because databases often contain very valuable information. For instance, if one can hack into Yahoo’s user database, one can get usernames, passwords, credit card information, and all sorts of other information about users. One can then use that information to defraud Yahoo users, such as going on a shopping spree online with a user’s credit card. That’s obvious. But there are other databases besides user databases.
For instance, Google takes all your Gmail email and processes it for keywords. It uses those keywords to deliver advertising to you that’s relevant to the keywords. For example, suppose you use Gmail to discuss going bowling with a friend. You’re likely to find that website ads and other ads are suddenly offering to sell you bowling balls, bowling apparel, bowling shoes, and the like.
That’s a pretty tame use of your private information, but some people are horrified by it. The question you have to ask yourself, is what happens if the Gmail system gets hacked?
A hacker can use the same information that Google does for advertising but in a way that singles out users as targets for high-value fraudulent practices. In other words, if you’re hacker, would you rather hack someone who you know has substantial assets than someone who barely has enough money to buy a cappuccino at Starbucks? By hacking a database of email messages, a hacker may be able to find more valuable information than from a user database and thereby use the information to pick and choose hacking targets.
Finding people with large bank accounts might be one search. The difficult problem is hacking into the database in the first place. Once a hacker hacks into a database, the rest is easy.
Your Database You have a database (the information on your computer is considered to be a database), and you can do searches to find all sorts of things that might be of value to a hacker. And if a hacker gets into your computer, he will find them too.
That brings to mind data mining: the effort to extract certain specific information out of a database. Google does a type of data mining. It searches through its database of email messages to find specific data: keywords that support relevant advertising. This is a common practice among free email service providers.
Data Mining
In March 2017, Congress enacted a new law that permits the telecoms (AT&T, Verizon, etc.) to exploit their databases of user information for their own purposes. Their purposes are simply to make money by doing something with your data.
Gmail, Yahoo!, Outlook.com, Hotmail, and certain other email service providers use your data for various commercial purposes. But because these companies are not telecoms, they have not been subject to Federal Communication Commission (FCC) regulations against using such data.
The telecoms were prohibited by the FCC to use such data. By passing the new law, Congress overruled the FCC, and the information in your email messages is now subject to use for commercial purposes by ISPs everywhere.
In prior times you could avoid such exposure by not using Gmail and other such free email services and sticking with the email service provided by your ISP. That’s no longer the case. Today in order to protect your email, you have to find an email service provider that does not use your email information for commercial purposes; that is, it does not data mine its database of user email messages on its email server.
You’re in luck reading this book, because the RMail email services, such as RMail Inbox and RMail Web, do not use your information for commercial purposes. RMail does not data mine. In addition, the RMail email server is in Germany. That in itself does not make it anymore immune to hacking, but it does put it potentially beyond the easy reach of the US judicial system. It’s going to be more difficult for government agencies or people who sue you to subpoena your email records (assuming you’re American).
The prevention of data mining by itself is not a foolproof defense against prying eyes, but it’s another security measure that helps protect your email information against access by others. And each security measure you take reduces the risk of hacking.
Today the main commercial use of your email message traffic (by those other than RMail) is primarily targeted marketing (relevant advertising). Visible ads are delivered to your webpages, email messages, phones, and other interfaces for things in which you have expressed an interest.
This kind of advertising is much better for you, theoretically, than generic advertising in which you have no interest, whatsoever. Nonetheless, this kind of advertising can be pesky, if not downright irritating.
There are other ways, too, for companies to accumulate your personal information that supports these ads, such as data mining your cloud storage and tracking your web visits. But the information in your email messages remains a major source of personal information about you.
Purchasing
Unfortunately, that’s not the end of this disheartening tale. Indeed, such personal information can be used for almost any purpose. It doesn’t have to be advertising. It could be something much more nefarious. In fact, there’s plenty of discussions on the internet about how this information is being used for purposes other than advertising; and that should be alarming to you.
This practice by Gmail and others and now the ISPs, is a significant threat to your online security! Why? Read Chapter 16 on social engineering. Chapter 16 explains that social engineering is the primary method that hackers use gain access to your network, your computer, and even to the software on your computer.
The amount of information that can be accumulated about you from email messages makes social engineering all the easier for those hackers who can acquire such information from the likes of Gmail and the telecoms.
How hard is it for hackers to get this information? It may be easy in some cases. They just pay for it. Why go to all the trouble to hack into a database when they can potentially just purchase the data for commercial use? Whether such data is available to hackers in a form they can use is an interesting question. But we don’t know the answer and will probably never have an answer on which we can rely. Accordingly, I believe this answers the question at the beginning of the chapter: Is this practice a security breach? Indeed, it seems to be.
Free Clouds Note that the risk may be the same for any free cloud storage that you use. Some free cloud providers are using the data you store in the cloud for commercial purposes. This book is not about security outside of email, however, so I won’t say any more about the use of clouds. But you can see there’s a theme running through the use of freebies on the internet. And that theme is: if anything you use is free, you may be paying price for it that you do not understand. Hopefully this book will bring you an understanding.
Free RMail
We know what free email means to Google (Gmail). Likewise, each provider of free email has their own economic agenda. Aside from data mining customer email for whatever purposes, a common scenario is to provide a free email account leading one into a more robust email service that cost money. Another common scheme is to provide a free email account that leads to the purchase of other services or software products.
That brings up the question of what’s the incentive for providing free email via RMail Inbox or RMail Web and occasional free use of other RMail services? After all, RMail does not data mine.
RMail’s incentive is quite simple. It provides free services in order to make its fee services very convenient for people to use. In other words, RMail expects to make money by charging you for the RMail services you use each month above and beyond the services it provides free. RMail expects that you will find its services such as Registered Email (legal proof of delivery), Message-Level encryption, E-sign and others quite useful and that you will use them often. By making its offer, RMail places a bet. It bets that as you use the services it provides free, you will use such services more often. If so, RMail will earn money by charging you a fee based on the amount of your use each month.
Summary
Although this chapter concerns itself primarily with the providers of free email such as Gmail, the practices outlined may apply to some other email service providers and cloud providers that are not free. For example, the telecoms are not free. Just remember: beware of email and cloud services. Inquire about their practices. RMail services are the exceptions. Your email is always kept secure with RMail.
