Search engine privacy policies are improving, but e-mail contains far more sensitive and personal information than searches do.
To find which free service does the best job of protecting your Web mail privacy, I dug into the policies of the big three--Google, Microsoft, and Yahoo--to see what information each company collects, how it uses that information for things like targeted ads, and how long deleting an e-mail really takes.
In terms of what gets saved when you use the service, Microsoft came out on top. It typically doesn't record IP address, log-in time, or other user-specific information in its logs, says Brendon Lynch, its director of privacy strategy. Both Yahoo and Google collect that type of data, along with your browser and what you clicked on the page.
However, Google asks for the least amount of personal information when you sign up: just your name and the country you live in. Yahoo and Microsoft ask for your name, gender, birthday, and zip code. (Of course, you could say that you're 107 and live in Mongolia.)
Yahoo and Microsoft use some of that data to display targeted ads. According to Lynch, Microsoft masks personal information such as your name and e-mail address, and then combines demographic data like your zip code with data from third parties.
Google approaches ad selection differently: When you read e-mail, Gmail scans for keywords in the message and displays ads based on those keywords. The one-time scan is automated, and nothing is saved, says Peter Fleischer, global privacy counsel for Google.
But Google may take up to 60 days to completely remove that "Vegas was great" e-mail from its servers after you delete it. In contrast, Microsoft takes three days or less; and Yahoo says that, though removing the actual e-mail content may take a short while, the information becomes dissociated from your account almost as soon as you delete it, such that not even Yahoo could retrieve it.
The time-to-delete can be a factor with subpoenas, for instance. Procedures vary in criminal cases, but all three companies say that they notify customers anytime a civil subpoena (in a divorce case, for example) requests copies of e-mail, and give the user time to respond before handing over the data. For Hotmail, the grace period is two weeks. Google waits 20 days, and Yahoo waits 15.