Web-based e-mail is booming. Services such as Gmail, Yahoo Mail and Hotmail are convenient, accessible and, best of all, free. Many of us have come to rely on them without giving it a second thought.
But second thoughts may be in order, according to security experts, privacy advocates and some Webmail users. Few consider the fact that Webmail is inherently different than POP3 e-mail. It differs in who administers it and how, in the ways it may be vulnerable to hacking, and in the type of help you can expect when you have a problem.
You may not think these differences matter. And they don't -- unless they end up biting you in the backside. For example, the most popular Webmail services are prime targets of malicious hackers. Some Webmail users run into mysterious technical problems that are never explained or solved. And most Webmail users never really know where their data is being stored or for how long -- or how well it is being safeguarded.
How private is Webmail, really?
Although Webmail is often billed as a free service, the old adage "you can't get something for nothing" definitely applies here. While you're not giving the Webmail provider any of your cash, you are making a trade: Your personal information in exchange for the service.
"It's all about accumulating information about the user," notes Rob Douglas, a privacy and security consultant who edits InsideIDTheft.info. "Sure these services are 'free,' but the trade-off is that they are obtaining information about you that has value in the world of advertising and marketing." (Admittedly, most of the time this information is collected in the aggregate, so that no individuals are actually picked out.)
Not too worried about that? Maybe you should be. "I believe individuals tend to forget that much of what they do online is being recorded," says Douglas. "This collection of information is all done behind the scenes; it's not visualized when individuals are using their computers."
It can be shocking to realize how much about yourself you reveal on the Web, particularly when vendors combine information from your Webmail account with other Web 2.0 sites, such as online social networking platforms. "You start to leave a trail of information about yourself on the Internet," says Stephen Northcutt, president of the SANS Technology Institute. "Do you really want to get ads on burial plots because you drink, smoke and engage in unprotected sex?"
Showing others your e-mail
It's fairly easy (if you know how) to gain access to and read others' Webmail without permission, either legally or not, notes Jeremiah Grossman, founder and chief technology officer at WhiteHat Security Inc., which tests Web sites for vulnerabilities. "Webmail should never be considered private, ever," he says. "It can be read in many, many different ways," including rogue customer service reps at the e-mail provider, law enforcement with a subpoena or a national security letter, or a curious hacker sniffing packets on the Internet.
It was simple for the SANS Technology Institute to get a subpoena when it noticed a Gmail user was stealing its exam questions and posting them on the Internet, says Northcutt. People think that just because they don't use their real name or identifiable information in their e-mail sign-on -- using some obscure jumble of numbers and letters instead -- that no one can tie it back to them. "Of course, we can," says Northcutt. For example, an ISP can be subpoenaed to reveal the contact information that a person used when signing up for the account.