Giving MIT access to your email
NPR reported today on Immersion, a project from MIT that shows you a graphical view of your email connections to other people.
Short version of this post: If you decide to participate, be aware that you're giving MIT access to the contents of your email as well as the metadata.
The project's main page says that it works by looking at “only the From, To, Cc and Timestamp fields of the emails in the [Gmail] account you are signing in with.” Which I agree is a cool demonstration of how much information you can get by just looking at metadata. For a similarly impressive demonstration, see Using Metadata to Find Paul Revere. See also the Guardian's guide to metadata. I'm very pleased that various projects are making clear that metadata reveals a lot more than you might expect.
However, this particular MIT project seems to me to be a little misleading. Because when you go through their signup process, you're giving them access to a lot more than just metadata.
[Above paragraph changed the next day to correct an incorrect technical statement that I accidentally left in from an earlier draft.]
They say that they only look at certain lines of your email, and I'm willing to believe that's their intent. But if they made a mistake in their coding, or if someone nefarious has access to their system, then they're not limited to retrieving metadata from your account.
Specifically, here's what you're giving them permission to do if you go through their signup process [with notes from me in square brackets]:
- View and manage your mail [not just your metadata, but your mail]
- Know who you are on Google
- View your email address
- View basic information about your account [name, public profile URL, photo, gender, birthdate, country, language, and timezone]
- Manage your contacts [presumably including adding or deleting contacts]
The most unexpected item on that list, from a casual user's point of view, is the first one. You're giving the Immersion system access to all of the mail in your Gmail account. It may choose to only look at the metadata, but after you click the Accept button, there's no technical barrier preventing Immersion from looking at the actual data, the contents of the mail. Including any private correspondence other people may have sent you, any business correspondence, any receipts from online ordering, and so on.
(Also, I believe that gives them the ability to delete your mail, mark it as spam, etc.)
You may be fine with that, in which case go ahead. And it's conceivable that I'm wrong about this, and that there's some way that they're actually prevented from reading anything other than the metadata. I don't know of such an option, and the permissions screen seems to suggest that you're granting full access to your mail, but I could be missing something.
But more generally, anytime that any system asks you to enter your username and password to give them access to anything, it's worth thinking about whether the access you're granting is the access that they told you they were asking for, and whether you're willing to grant them that access.
Tech folks who are interested in more info about access to Gmail, search for [Gmail API]. If you're interested in how the authentication and authorization process works, take a look at the Google Identity Cookbook.
Another issue is that Immersion doesn't seem to me to provide info about how to revoke its access to your data; I think it could continue to have access indefinitely. If you've granted Immersion (or anyone else) access to your account and you decide you want to revoke that access, see Google's help page about revoking third-party access.