When you compose an email to a valid gmail account, it will provide you with additional details of the account, if the user provides it, even if you have never corresponded previously via email. This works for emails with @gmail and also @somebusiness.
For example, go to gmail and compose an email to foobar@gmail.com, then hover over the address in the To: field.
You now know this is a valid email, who it belongs to, and a fairly decent amount if information about that person.
Once upon a time, Google dedicated a massive amount of resources to launch a social network to compete with Facebook, Google Plus. When G+ launched, one of the "features" was linking your GMail account with your G+ account. G+ didn't really take off (obviously), but all Google employees were "strongly encouraged" to join, and the account you're looking at (foobar@gmail.com) belongs to former Google engineer, who does have a public G+ profile. If you go to plus.google.com and search for that e-mail address, it will bring up their profile page. If you know any GMail addresses that don't have public G+ profiles, you can verify their information isn't leaked.
Aside: G+ was the reason why Google Reader was killed #NeverForget
In the good old days, there was a finger protocol you could use to find out info on the account. It was abused by owners not understanding it and sharing info inadvertently, and then behaving as if that info were secret (eg, existing, last log on, etc).
I wish we could go back to finger, rather than depending on particular services like Goog’s.
It depends on how conscious the decision was; were they explicitly aware that the information would be shared with the world at large?
They just this year stopped scanning keywords in your email body for advertising purposes.
I won't say don't use gmail,maybe the risk is acceptable to you. But I highly recommend paying for protonmail.
> When you compose an email to a valid gmail account, it will provide you with additional details of the account, if the user provides it, even if you have never corresponded previously via email. This works for emails with @gmail and also @somebusiness
This isn't surprising,google probably thinks the usefulness of such a feature is more important than privacy of the recipient. This is their M.O., what little pseudo-privacy you get with a google product is via opt-out.
My mini-rant aside,as a business owner, I suppose google auto filling your contact metadata in that scenario would not be a bad thing(but then again, just about every controversial feature of a google product benefits business owners seeking to advertise on their platform)
Not true (except maybe for the narrowest readings of the phrase “for advertising”):
https://news.ycombinator.com/item?id=17067151
That's from the google blog post announcing the change. They scanned emails and supposedly now they've stopped
At that time, Google cajoled and borderline tricked people into filling in their profile (e.g. "dark patterns): Name, a profile photo, etc.
They also made this information publicly accessible.
I recall, for a while, actively working to navigate all the Google UI dedicated to prompting me into filling out or supplying this information. (Particularly, I recall the photo part -- no thanks.)
I recall, also, a time or two following suggestions to navigate to my profile and check what was on it and whether it was public.
This all blurs together in my mind, somewhat, to similar efforts to fight the morphing Facebook UI and its attempts to gather and publicize my profile data. So, all the details are a bit vague in my memory, now.
Note, too, that you can -- or could, at times -- provide information regarding contacts that would appear in your own UI views. You could/can upload a photo for whatever contact, so that their presence in the UI is more "recognizable to you". And who knows.
Do I trust Google segregation/isolation of all these possible inputs to the profile-esque data it has on someone? Not really. Even where this isn't intent or malice, the various moving pieces of all their morphing projects seem rife for lack of knowledge as to effects, slip-ups, and neglect.
--
P.S. Reading other comments here is causing me increased concern, on multiple fronts. What Docs (or "Drive" -- whatever) may pop up for an address you start to share to. Whether bcc addresses are "hidden" but not removed from the copies going to other recipients. Etc.
P.P.S I did a quick test and am not observing the bcc leakage. As I replied elsewhere in this thread:
I just checked this and am not observing it -- at least, not between various Gmail accounts and checking/dowloading the "original message" using the Gmail web UI.
‘Cause the “B” in “BCC” doesn’t stand for “blind”. It stands for “Ha ha! You told me a secret and I blabbed and now you’re embarassed/fired! Can we still be friends?”
To test I setup a spreadsheet with randomly generated words and it does grab names for you. Personally I feel a bit annoyed Gmail would share my first/surname to people if they test a non-identifiable email address. Also I believe scams could use this to improve their success rate if they can insert peoples names to false business emails type thing.
But according to Google this is 'a feature' not a bug.
They are reading 100% of your conversations?