In both cases exactly the same entities read your email: you, the sender, and Gmail.
I don't see how you could go "yeah, this is a privacy improvement" if your information is still visible to exactly the same entities, but one of them isn't really mentioning it.
The difference is that protonmail, again, doesn't scan any data in my emails. Google does, then stores and tailors and sells ads. My privacy is violated when google scans my mail, and not when protonmail doesn't.
I'm not sure what you're trying to get at with the word "scan" here, so hopefully this abstraction will be useful.
Imagine you have a message written on a piece of paper. You intentionally show this message to two people, Alice and Bob, and are fully aware that they have both read and can perfectly remember the entire contents of the message.
Now imagine that Alice thought about the message independently (not recalling it, but actually thinking new thoughts), and that Bob did not do this.
Are you claiming that Alice violated your privacy by thinking about something you showed her and asked her to remember? Or perhaps would it only be a violation of privacy if she then subsequently told you one of those thoughts?
I don’t understand what you’re attempting to achieve with this. You’re weirdly abstracting about something that doesn’t need to be. People want to be able to have a private email correspondence about, for instance, dildos, and then not have to be served dildo ads outside of that context.
> I don’t understand what you’re attempting to achieve with this.
I was hoping to achieve a "yes" or "no", to at least one of the two questions. I don't know what GP thinks "scan" means when describing how a computer processes text, and was hoping that an analogy to a more natural concept would allow for that to be made clear. What's the actual action being taken that's the violation? It's clearly not simply being able to read the message, but is it "thinking" about it (for lack of a better word)? That's how I interpreted the initial comment, but it seems very reactionary, so I wanted to make sure I understood it.
> People want to be able to have a private email correspondence about, for instance, dildos, and then not have to be served dildo ads outside of that context.
Totally fair, but that's no longer about privacy (unless your concern is someone else watching your monitor over your shoulder, in which case that person is the one breaking your privacy).
So if I tell a friend a secret, and they plaster it on my wallpaper, and then I have a different friend over for dinner, my different friend is the one violating my privacy?
In that case no-one has violated your privacy - your wallpaper is private, so friend A didn't, and you invited friend B over, so they definitely didn't.
I would entertain the idea that friend A is being a bit of a douchebag by painting stuff all over your house without you asking them to, but if you subscribe to that thought process you'd already be running an ad-blocker and this scenario wouldn't ever occur in the first place.
Having to use an ad-blocker for this purpose is a band-aid for a much deeper problem. Running a website isn't free and I want to support them by not blocking their ads. But when the ads are part of a scheme that targets my private and personal information, I'm no longer willing to hold up my end of that contract.
The act of analyzing my data is what is the violation. The act of telling me is simply revealing that violation. This is why, when the US intelligence agencies were scanning and analyzing everyone in America's cell phone history and social graph, without interaction or active intervention, it was a privacy violation even when it wasn't being used. It doesn't matter who sees it. The fact that it is being scanned and analyzed for possible future use and abuse is the problem. Yes, this means that a computer in the middle of the rainforest analyzing my mail offline and nothing else is a violation of my privacy. And no, I do not believe that the two, Alice and Bob, can be equated.
> The act of analyzing my data is what is the violation.
So to be 100% clear on this: if you tell someone information, and they think about that information, that's a violation of your privacy?
I've definitely always assumed that the right to think about information is intrinsically coupled with the right to know about that information. I wouldn't give someone data that I didn't want them to think about.
> for possible future use and abuse
This is a completely reasonable concern to hold, but surely "they could possibly do something bad later" applies to every email provider in existence.
>So to be 100% clear on this: if you tell someone information, and they think about that information, that's a violation of your privacy?
If your phone began analyzing your local photos for child porn, you'd probably be upset, no?
>This is a completely reasonable concern to hold, but surely "they could possibly do something bad later" applies to every email provider in existence.
True, but google is CURRENTLY abusing it by selling ads to me based on it.
> If your phone began analyzing your local photos for child porn, you'd probably be upset, no?
Yep. "local" here is the key word, though. If a service I uploaded photos to began doing that, I would not be upset. And indeed, just about every image-hosting website in existence already does this, because they're legally required to.
Gmail is markedly not a local service.
> True, but google is CURRENTLY abusing it by selling ads to me based on it.
This makes it seem like your concern is with the advertisement funding model, not with privacy.
You don’t see the difference between “seeing an email” en transit vs training a ML algorithm on it and extracting values like when will your airplane depart, when is your vacation, etc and automatically propagating that to other google products? I mean, it sure is comfortable, but you can sure as hell know that they build an extensive profile out of your private emails and your ads are targeted based on that..
> You don’t see the difference between “seeing an email” en transit vs [...] extracting values like when will your airplane depart, when is your vacation, etc
I do not see any difference between these parts, no. If a human read my email I would expect them to be completely incapable of not working these things out, so I'm not really too concerned if a computer does it either.
> training a ML algorithm on it
Also not really. If it were a machine learning algorithm that was trying to write realistic emails there'd be a reasonable concern of it revealing things about the training data, but when it's just generating ad recommendations based on only your data that only you see, I'm not too sure there's a serious privacy concern there. I'm unaware of any allegations that you could uncover private details about someone else's life by looking at an advertisement you received on your own email inbox.
> and automatically propagating that to other google products?
I would definitely perceive this differently depending on the product, as Google products are usually distinct enough that you can functionally treat them as if they were different companies (and often they either used to be, or eventually become so). So in this case there are now four entities that know the contents of the email: the sender, the recipient, Gmail, and e.g., YouTube.
But again, I've not heard any claims that Google are using the contents of your emails to decide what YouTube videos to recommend you. It's certainly not outside the realms of plausibility, but that seems like the kind of thing people wouldn't ever shut up about, so I'm surprised that I haven't heard about it if it is in fact happening.
> you can sure as hell know that they build an extensive profile out of your private emails
Oh absolutely, but I don't see how that's a privacy violation when you gave them your private emails. How much thinking does someone have to do about a message you gave them before it becomes a privacy violation?
> and your ads are targeted based on that..
This is the main reason I'm okay with it. Google's entire business model relies on them preventing anyone else from seeing that data, so that they're the only ones who can target ads that effectively. If there was a significant risk of data leaks then I can absolutely see why people would be concerned, but Google has some absolutely gargantuan incentives to avoid that.
I don't see how you could go "yeah, this is a privacy improvement" if your information is still visible to exactly the same entities, but one of them isn't really mentioning it.