About That Time Google Spied On My Gmail

I’m reading about how Microsoft read a blogger’s Hotmail (or other Microsoft hosted email) to determine who leaked Microsoft information to that blogger. Microsoft’s response is pathetic, stating that “the privacy of our customers is incredibly important to us” in the same post that explains that they’ll keep doing it.

While I think that doing this is both evil and shortsighted (they lose trust and users), the only thing that surprised me was that they admitted it.

As the Guardian points out, other email providers also reserve the right to do this in their terms of service.

I have first hand knowledge of this. A few years ago, I’m nearly certain that Google accessed my Gmail account after I broke a major story about Google.

A couple of weeks after the story broke my source, a Google employee, approached me at a party in person in a very inebriated state and said that they (I’m being gender neutral here) had been asked by Google if they were the source. The source denied it, but was then shown an email that proved that they were the source.

The source had corresponded with me from a non Google email account, so the only way Google saw it was by accessing my Gmail account.

A little while after that my source was no longer employed by Google.

I certainly freaked out when this happened, but I never said anything about it because I didn’t want people to be afraid to share information with TechCrunch. But I became much more careful to make sure that communications with sources never occurred over services owned by the companies involved in the story.

So, yeah, the Guardian story is accurate.

Update: Google says this never happened (also in a comment below that I just approved). Some of the wording is (just slightly) odd (“opened” denial v. “accessed” accusation) but I assume that was inadvertent and they’re flatly denying this whole story.

33 thoughts on “About That Time Google Spied On My Gmail

  1. Are you nearly certain:
    “I’m nearly certain that Google accessed my Gmail account ”


    100% certain:
    “So, yeah, the Guardian story is accurate.”

    There is a major informative (as well as liable) difference between your two statements here.

    • Michael Arrington says:

      I can’t be 100% certain…the source could have lied to me, for example. But I’m nearly certain.

  2. C J B says:

    Pedestrian question: Could Google have accessed your source’s non-Gmail account through your source’s work computer?

  3. Victor Sletten says:

    It wasn’t just a case of “leaked information” in the Microsoft case. There was outright theft of Microsoft intellectual property (including Activation Server source code) by an employee, who passed it along to the blogger. There was a criminal investigation involving the FBI and foreign law enforcement. Somehow you kind of left all that out in your attempt to equate criminal activity with normal (if somewhat lame) journalism.

    • focher says:

      Except what you said isn’t accurate. MS suspected and the law enforcement activity wasn’t started yet when the Hotmail account was accessed. You seem to remove the logic step going from “suspicion” to “knowing”. The idea that an email provider should be going into accounts they host simply because they suspect nefarious behavior against them is a terrible one to promote.

  4. Citizen says:

    I would think a journalist would be better off not using the cloud for email storage at all, call me crazy, but, just because the story is not about your cloud provider doesn’t mean your cloud provider has no incentive to help the companies you do write about. Think of all the companies that share board members… Let’s say you write a story about compromized Cisco routing equipment, are you sure the board member Google and Cisco share won’t be discussing the leak?

  5. What’s the logical extension of this type of clause?

    If you apply for a job at Google or Microsoft, would it be in their interest to scan your box for information about your health or personal life before they hire you?

    Sure, for the vast majority of hires, that is overkill. But senior hires?

    I’d really like to know how often the tech companies use that sort of clause. CEOs have been asking the government for permission to publish the numbers and situations in which they look at user’s data when the government requests.

    Why not start the discussion by telling us when they look at our information for their own purposes?

  6. Well, this pretty much sealed the deal for me. I’m getting out of the “free to use” email services. I’ve been taking the past few months to wind down my social networks and I’m almost nearing completion to deletion! Now having proof that Microsoft & Google and probably Yahoo all feel it’s their right to look through your accounts info if they think it concerns them, or at least that’s what they say. What’s stopping them from reading everyone’s emails at anytime? We now know… Nothing is stopping them. Maybe a few thousand/millions of cancelled accounts? I now am sure there’s no other way. It’s time to tell these companies that it’s not okay to be the CIA’s & NSA’s stooge and it’s not okay to act like the CIA & NSA and do whatever you want, whenever you want and call it legal… Thoughts of starting a boycott of these things is playing heavily on my mind. Hopefully, it won’t come to that but I really do feel it’s time for all of us to start sending REAL messages that these types of practices aren’t okay and if legal, shouldn’t be…

  7. Gaith says:

    Google also spied on my email, it even deleted emails sent to me from people working from the US government meaning google was collaborating with them in deleting some evidence

  8. Well who’s ever running the Algos has the control. Last year Google Plus didn’t like my “real name” that works everywhere else and suspended me out of the blue…for being a “Duck” my real last name. Machines had not learned enough yet:) The story rolled all through MIT and Engadaget on that one.


  9. William Le says:

    Are you admitting that you completely screwed this person by using Gmail, and that you’re going to try to make amends?

    Probably not, but hey good game, right?

  10. Philip says:

    You can use secure email and private cloud Storage on your own appliance which you own and control.

    The best option option is Starkit, a fanless, miniature high performance server appliance with a secure built-in Mail Server and Cloud storage software.

    -It is bundled with Web Based interface for anywhere access and can be utilized for encrypted private email communication and secure storage.
    -All your data is fully encrypted at rest and in transit (email and documents).
    -Using Starkit you eliminate the need of any email provider (like Gmail, Outlook or Office365) or any cloud storage provider (like Dropbox).
    -Your email and cloud service provider is your Starkit appliance which you own and control.
    -True Plug’n’Play solution. No technical skills required to set it up.

  11. Daniel Su says:

    Michael I don’t think you understand companies at all. Or even law itself. MS,has the right to check that persons email because of the fact that person stole code and keygens from the company. Even if he signed the agreement to work at MS. He can’t leak confidential info. Which is why MS checked.

    study Law Michael please. For your own sake

  12. Vijay says:

    I think if you would have deleted that correspondence from your google mailbox, then also google would not be able to spy on it as it may be deleted (not sure) from their servers

  13. Wintch says:

    Incredible story! You should always use PGP at least,
    but the fact is that these things can make you paranoid

  14. Jeffrey Martin says:

    This is a bit silly, no? Of course Google is allowed to read the emails of its own employees, which is the most likely what happened. Google read the email that this person sent to you. This doesn’t mean they broke into *your* inbox. No?

  15. G says:

    I am probably THE LAST person to support Micro$oft on anything, but I have to admit their new process is certainly one that covers a lot of points that people are making on /. and other areas: transparency, getting others involved.

    Of course, these “external” parties could be in the back-pocket of MSFT, but at the end of the day, if you believe in conspiracy theories, then you believe in all of them.

  16. Kent Walker says:

    I am Google’s General Counsel. Mike makes a serious allegation here–that Google opened email messages in his Gmail account to investigate a leak. While our terms of service might legally permit such access, we have never done this and it’s hard for me to imagine circumstances where we would investigate a leak in that way.

    • dnl says:

      This is very good to hear. But if it’s hard to imagine circumstances in which you would do something like this — if you don’t think it would ever be necessary — perhaps you should consider changing your terms of service to make it legally impossible. That would send a strong signal.

    • Scott Lewis says:

      Any comfort gained by Google’s lawyer stating they haven’t done this … yet … is so far outweighed by your terms of service permitting the activity. But then, I switched away from Gmail about a year ago out of concern for my privacy.

  17. Sumit says:

    Actually ALL companies (small and large) have various ways of tracking content transmitted over their network and their machines. This has mostly to do with security and compliance. For example watching illegal video over company network will put company in trouble, if they are not preventing your via firewall, they are definitely tracking the fact that ‘you’ watched ‘that’ video. When at work assume your every keystroke is ‘watched’. So at work, just work.

    To goof off, do it in your own time using your own resources…

  18. plop says:

    As a computer scientist we are screaming to “journalist” they are not protecting they source by using “gmail” “microsoft” “yahoo” etc… email services. Those were not even 1 years ago cyphered… and yet not enough protected against these same company that holds the privates keys !!

  19. ALee says:

    All spouses of Google employees should be aware that they too are also under constant surveillance. Once my wife had started at Google I had the constant feeling that I was being observed and that strange coincidences were occurring. My wife became secretive. She would be aware of places I had been and people I had spoken to without any real ability to have known this unless she’d been provided this info by Google. My advice de-Google your life ASAP.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: