Just found sth quite nice:
[gmail.google.com...]
linked from [gmail.google.com...]

ThomasB, looks like someone had a birthday. :)

awww ;-) now that has got to earn a lot of points

GG, yes. Congratulations from me. :)

I hope it is ok to post this (I have no affiliation with the site), it's a web page with what is supposedly what GMail will look like....

[afriguru.com...]

[heise.de...]

According to Privacy International [privacyinternational.org...] GMail doesn't fit in the European regulations for Data privacy. Especially the fact that they will display context-targetted ads is a problem according to some of their members.

Accidentally, by adding the same e-mail address to this URL:
[gmail.google.com...]
will show that it was inserted for nothing. A "sorry, but we already have your e-mail address on our files" message should appear, but it does not. I think it's just a low-level technique to shake Yahoo's e-mail service, by thinking that bigger is better. But, afterall, no one really wants to have their e-mail messages scanned by anyone.

Good find ThomasB-

GMail doesn't fit in the European regulations for Data privacy

Well, I suspect one of 2 things would happen...

1. Signup from a European IP would be blocked
2. A Euro-Gmail would be made w/o contextual ads presented

I hope for number 2 so I can sign up for the Euro model. Euro model not allow a US IP you say? Well, like any smart European would to get Gmail US, I'll proxy my way in!

A bit off topic:

I don't know why you guys are getting excited abt 1 gb web email space, I already know a website which is offering the same since quiet some time.

Good move that they invited journalists. Half of the fear is just the unknown.

[forbes.com...]

And the other half is known to be fearful. The Electronic Frontier Foundation [eff.org] sat down with Google last week, and now EFF "strongly recommends that Gmail users delete the Google cookie often."

So whom do you believe - the greedy IPO vultures at Forbes, who gleefully named Larry and Sergey billionaires, or the EFF people?

>>whom do you believe

Until I see GMail myself, I refrain from taking any stand on it :)

The CDT (Center for Democracy and Technology) also did a policy post: [cdt.org...]
I like that it gives a little more background and discusses how many of these issues apply not just to webmail providers but to ISPs as well.

By the way, I encourage everyone to join the EFF. I'm a member, with the T-shirt and hat to prove it. :)

The EFF does indeed rock. I had the pleasure of meeting some folks from the EFF at a conference; they were, of course, very, very smart... but also entertaining, down-to-earth, and just seemingly Good People.

With regards to the page you referenced, GG, I don't agree with all of it. In particularly, I am always concerned when I see advocacy groups insisting the companies should promise to "never" do this and "never" do that. Personally, I think -- for the benefit of consumers and its own bottom line -- Google should reserve the right to correlate Gmail targeting with search requests and so on with a user's explicit and unambiguous permission.

Which leads to the next point... and one in which I wholeheartedly agree with the CDT:

Google should also agree to notify users by email of any changes to its GMail policy rather than merely posting the changes to the login page.

This, IMHO, is a no-brainer, and I was shocked that Google had not adopted this stance on it own. When people have 1 gig of space, there's absolutely NO good reason why Google shouldn't send out mail to all subscribers when there's even the teeniest tiniest change to their policies, privacy or otherwise. I find Google's current stance to be really unfriendly: that they may or may not notify customers of changes, and that (worse yet) it's the customers' responsibility to regularly read the dense terms and policy pages, and (worst of all) that the customers agree to be bound by the changes even if they haven't yet seen them!

I understand that Google may not want to overwhelm or annoy users with little changes (a new comma there, a capitalization of a word here), but this could be solved by making the scope of the changes easily apparent in the subject line:

"Gmail policy change (minor): Clarification of ad delivery"
or
"Gmail policy change (MAJOR): New terms prohibiting sharing of account"

GG, I'll be making this suggestion to the Gmail team via the feedback mechanism, but I'd be especially pleased if you'd communicate personally to them how important this is from a PR and a "not evil" perspective.

Hmm... and for that matter, if you have a chance, please do make sure the Gmail folks know about the new Gmail forum on WW. Sure, there are some heated not-very-substantive conversations, but I do think they could still gain a lot from at least skimming the threads.

I strongly disagree with one statement on the CDT site, and I'm going to ask them to change it.

> "Google has also pointed out that residual copies of email
> may remain on its systems, even after the user has deleted
> them from his or her mailbox and even after a user has
> terminated the account. Again, this is true of all email
> systems, but highlights the limitations of ECPA in the
> area of third party storage."

The issue is not whether residual copies exist after deletion, but whether residual copies are accessible by anybody or anything after deletion or termination of the account. Earthlink has a 24-hour archive policy after deletion or termination, afterwhich the data is completely and utterly unrecoverable. I suspect that Yahoo email and Hotmail have some sort of retention policy too, if only because they aren't prepared to offer hardly even a fraction of the disk space that Gmail offers.

All email systems are not as scary as what Google appears to be proposing with Gmail.

I'll point the Gmail folks this way, ThatAdamGuy. Personally, I am curious why you say showing a change on the front page where you login isn't enough though? As I read the agreement, it wouldn't be buried in the TOS somewhere; it would be on the login page where anyone checking their Gmail could see it. So that aspect of it made sense to me, in that 90-95% of people wouldn't want the extra clutter in their inbox. The suggestion I'd make to the feedback address is to have a preference setting where someone can request that they get an email if the policy changes. I'll suggest the same on my end. :)

Hmm... perhaps the document had changed since I last read it, since I didn't recall such a reassurance. Okay... just checked again, and now I don't see the alarming/unfriendly language that I previously recall (something about "you are bound by these current and future terms and it is your responsibility to regularly check for updates" yadda yadda). Either I imagined this, or the G staff wisely eliminated this clause :D

Part of my confusion, though, incidentally highlights one of the problems with Google/Gmail having so many documents!
- Terms of Use
- Privacy Policy
- Program Policies
- All the help documentation

Anyway, one argument against relying upon a notice-on-login: So far, Gmail doesn't seem to have any built-in timeout (bad for people in public terminals who forget to click LOG OUT, but good for the rest of us... much more convenient than AdWords/Orkut/etc. :D). This means that those of us running stable Win XP/2000 systems -- who often leave our machines on for days at a time -- are likely not to see a Terms/Policy/Privacy update until at least several days after it's been issued.

Perhaps an e-mail is too much clutter, especially for minor changes. But Gmail would be well-served with a persistent 'alert' line or box in which both system messages (errors, notifications, etc.) would be written in, along with policy updates. And I'd like that alert box within the main interface itself, not on the login page... especially since many of us -- eager to check our mail -- are apt to quickly skim or skip by any alerts before logging in :D

Hmm, well, I'm unable to edit the above note, and I've just re-discovered the language which I seem to have admittedly at least slightly exaggerated in my head (unless it's been softened):

Although we may attempt to notify you via your Gmail address when major changes are made, you should visit this page periodically to review the terms. Google may, in its sole discretion, modify or revise these terms and conditions and policies at any time, and you agree to be bound by such modifications or revisions.

Still, this doesn't suggest to me that Google is/was committed to posting changes on the logon screen, and it indeed places the onus of awareness on the user, which I think is inappropriate. One company I'm familiar with that offers Webmail actually keeps a blog of all changes in the terms and service features, and I think that's awesome. Something for Google to consider... a good halfway point between push (email) and expecting customers to check your terms each day ;)