The darker side of Web mail

Web-based e-mail may be exposing you to privacy and security problems you didn’t expect

Web mail is a class of web applications that allow users to read and write e-mail using a web browser, or in a more general sense, an e-mail account accessed through such an application. The Giant web mail services providers such as Gmail, Yahoo Mail and Hotmail are providing free mail services and are supposed to be very convenient, and accessible. Millions of people use them without giving it a second thought.

But second thoughts may be in order, according to security experts, privacy advocates and some Web mail users. Few consider the fact that Web mail is inherently different than POP3 e-mail. It differs in who administers it and how, in the ways it may be vulnerable to hacking, and in the type of help you can expect when you have a problem.

You may not think these differences matter. And they don’t — unless they end up biting you in the backside. For example, the most popular Web mail services are prime targets of malicious hackers. Some Web mail users run into mysterious technical problems that are never explained or solved. And most Web mail users never really know where their data is being stored or for how long — or how well it is being safeguarded.

How private is Webmail, really?

Although Webmail is often billed as a free service, the old adage “you can’t get something for nothing” definitely applies here. While you’re not giving the Webmail provider any of your cash, you are making a trade: Your personal information in exchange for the service.

When you click that box on the licensing agreement — you know, the one you didn’t read — you’re probably giving permission to use the personal information you entered when you signed up. For example, Google Inc.’s Privacy Policy specifically states that it collects personal information such as your name and e-mail address; it also collects information collected through your browser (such as which sites you visit) and from the text of your e-mails, which the provider uses to customize ads and conduct research.

It can be shocking to realize how much about yourself you reveal on the Web, particularly when vendors combine information from your Webmail account with other Web 2.0 sites, such as online social networking platforms. “You start to leave a trail of information about yourself on the Internet,” says Stephen Northcutt, president of the SANS Technology Institute. “Do you really want to get ads on burial plots because you drink, smoke and engage in unprotected sex?”

Showing others your e-mail

It’s fairly easy (if you know how) to gain access to and read others’ Webmail without permission, either legally or not, notes Jeremiah Grossman, founder and chief technology officer at WhiteHat Security Inc., which tests Web sites for vulnerabilities. “Webmail should never be considered private, ever,” he says. “It can be read in many, many different ways,” including rogue customer service reps at the e-mail provider, law enforcement with a subpoena or a national security letter, or a curious hacker sniffing packets on the Internet.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s