Google has most of my email because it has all of yours (2014)

Original Article ↗ Hacker News Discussion ↗

What It Means for Google to “Have” Your Email

  • Some argue Google only “has” non-Gmail users’ mail in a weak sense: messages sit on its servers but aren’t tied to a Google account, so subpoenas are harder.
  • Others say this is outdated semantics: large-scale programs and today’s legal environment mean Google effectively does have and can expose that data.
  • Even if you avoid Gmail yourself, corresponding with Gmail/Outlook users still puts much of your traffic on big-provider infrastructure.

Government Access and Surveillance

  • One camp is relaxed: lawful subpoenas used for malware, child abuse, or national security are seen as a necessary abuse-mitigation tradeoff.
  • Another sees this as naïve, citing rising request volumes and the potential for mass surveillance and political control once everything is stored and searchable.
  • There’s tension between targeted investigations and “fishing expeditions,” and disagreement over how often abuse actually happens.

End-to-End Encryption: Theory vs Practice

  • S/MIME and PGP are cited as technical answers, but most agree they’re unusable for normal people: key management, interoperability, and onboarding are too painful.
  • Some note S/MIME has better client support and may improve with ACME-style provisioning; skeptics point out PGP has had decades and still failed to go mainstream.
  • Critics warn that if e2e became common, providers would just host users’ private keys to preserve webmail convenience, undermining the core privacy benefit.
  • Many suggest using dedicated secure messengers (Signal, etc.) instead of trying to make email a secure channel.

Self-Hosting vs Big Providers

  • One side calls self-hosting or “de-googling” irrational paranoia that reduces security, wastes time, and rarely changes outcomes.
  • Others cite surprise bans, lockouts, and principle: they don’t want critical communications and identity controlled by advertising companies.
  • A middle ground: don’t self-host, but pay smaller providers (Fastmail, Proton, etc.) and/or use your own domain to retain portability.

Email as Identity and Lock-In

  • Email has become a core identity and recovery mechanism; losing an account (especially at Google) can mean losing access to “half the internet.”
  • Owning a domain gives control but introduces risks (domain expiry, takeover); using @gmail avoids that but deepens dependency on one company.
  • Aliasing services can help decouple identity from a single address, but create new single points of failure.

Monopoly Dynamics and Deliverability

  • Big providers’ spam policies and reputation systems make it hard for small/self-hosted servers to reliably reach users; businesses often get blamed and pushed into corporate email bundles.
  • Many apps and integrations only support Gmail/Outlook, implicitly equating “email” with those platforms and sidelining alternative providers.
  • Some see this as a byproduct of anti-spam pragmatism; others see deliberate or at least convenient entrenchment of monopolies.

How Email Is Actually Used

  • Several argue email should be treated like a postcard: assume anything might become public, and don’t use it for truly sensitive content.
  • Others counter that, for normal people, email now carries receipts, personal data, and acts as auth; users absolutely expect privacy.
  • Younger users reportedly use email mostly for business and official interactions, relying on chat apps for personal communication, though experiences vary by demographic and “bubble.”

Privacy Attitudes and Data Value

  • Some shrug: they “have nothing of value,” trust big firms more than random hackers, and accept commodification of their data as long as it doesn’t visibly hurt them.
  • Opponents emphasize that aggregated behavioral data is highly valuable and can enable subtle manipulation, discrimination, or political targeting at population scale.
  • There’s a recurring sense of fatalism: individual action (self-hosting, quitting Gmail) barely moves the needle without coordinated, regulatory, or structural change.