Potential Risks of Major AI Developers Relying on Google's Email Services

Community
1

An email code verification issue prompted me to check the MX records of major AI developers. It is worrisome that major AI developers are all using Google’s email services, potentially granting Google significant control over their email communications.

PowerShell Log:

C:\>nslookup -type=mx openai.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
openai.com    MX preference = 1, mail exchanger = aspmx.l.google.com
openai.com    MX preference = 5, mail exchanger = alt1.aspmx.l.google.com
openai.com    MX preference = 10, mail exchanger = alt3.aspmx.l.google.com
openai.com    MX preference = 5, mail exchanger = alt2.aspmx.l.google.com
openai.com    MX preference = 10, mail exchanger = alt4.aspmx.l.google.com

C:\>nslookup -type=mx gemini.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
gemini.com    MX preference = 10, mail exchanger = aspmx.l.google.com
gemini.com    MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
gemini.com    MX preference = 20, mail exchanger = alt2.aspmx.l.google.com
gemini.com    MX preference = 30, mail exchanger = aspmx2.googlemail.com
gemini.com    MX preference = 30, mail exchanger = aspmx3.googlemail.com

C:\>nslookup -type=mx anthropic.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
anthropic.com    MX preference = 1, mail exchanger = aspmx.l.google.com
anthropic.com    MX preference = 10, mail exchanger = alt3.aspmx.l.google.com
anthropic.com    MX preference = 10, mail exchanger = alt4.aspmx.l.google.com
anthropic.com    MX preference = 5, mail exchanger = alt1.aspmx.l.google.com
anthropic.com    MX preference = 5, mail exchanger = alt2.aspmx.l.google.com

C:\>nslookup -type=mx x.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
x.com    MX preference = 1, mail exchanger = aspmx.l.google.com
x.com    MX preference = 10, mail exchanger = alt3.aspmx.l.google.com
x.com    MX preference = 10, mail exchanger = alt4.aspmx.l.google.com
x.com    MX preference = 5, mail exchanger = alt1.aspmx.l.google.com
x.com    MX preference = 5, mail exchanger = alt2.aspmx.l.google.com

Possible Consequences and Potential Censorship by Google via Their Email Services:

  • Email Filtering and Blocking: Google could filter or block incoming and outgoing emails, impacting communication flow.
  • Access to Sensitive Information: Centralized email hosting may grant Google access to confidential company communications.
  • Service Outages Affect Multiple Companies: Any disruption in Google’s email service could simultaneously affect all these AI developers.
  • Dependence on a Single Provider: Relying on one provider increases vulnerability to policy changes or agreements that may not align with each company’s interests.
  • Potential for Data Monitoring: There is a risk that email metadata and content could be monitored, leading to privacy concerns.

Decentralizing power is one of the best ways to make a dictatorship takeover more difficult. AI companies are talking about safety, but they are putting all their eggs into one basket, which seems risky.

Additional Consideration:

Technically, as an email service provider, Google has the ability to filter, delay, or block email delivery to recipients. This means there is potential for practices like shadow banning, influencing communication or social engineering through email management. While Google has the technical capability to affect email delivery, we can surely rely on a multinational corporation’s moral compass to ensure they wouldn’t engage in such activities.

1 Like
2

Try Proton mail. I am not affiliated with them, I signed up when I was in the middle of a lawsuit and was worried about email communications being compromised. It’s an end-to-end encrypted email service that uses client-side encryption. Plus they are located in Switzerland.

3

I have my own mail server, which means emails sent to me could be delivered directly and are stored directly on my server - without reliance on third-party providers. Self-hosted encrypted mail servers can offer better theoretical security compared to third-party services like ProtonMail because eliminating additional parties reduces potential weak links in data access and storage.

The original post is about the issue that all major AI developers are using a single third-party provider for their email - a provider that is in direct competition with these AI developers - and this could lead to multiple potential issues.

I would like AI developers to apply the concept of separation of powers and avoid putting all their eggs in one basket.

4

OIC – I am far from being a major AI developer, so self-hosting a mail server is not a hill I’m willing to die on. I know enough about security to realize that it is an oxymoron when it comes to the Internet. Back when I was teaching database developers, one of the students learning SQL Server confided that the nuclear launch codes were stored in a Microsoft Access database disconnected from the Internet and under armed guard 24/7. That has likely changed by now, but “Internet Security” remains an oxymoron.

5

I agree that, for most users, using trusted third-party mail servers is safer than hosting their own. However, for companies with qualified IT professionals, there are plenty of secure in-house solutions that eliminate the need for external providers - especially if those providers also develop products that directly compete with yours. When products can determine not only the future and survival of your company but also shift the balance of power between countries and affect humanity’s future, they can create a strong motive for third parties to bend the rules or engage in practices that border on immorality.

If I had trade secrets, I would definitely be concerned about routing all my emails through Google’s services, which can store them indefinitely for future decryption—especially when reading sensational headlines like, “Google’s quantum computer performs a calculation in 5 minutes that would take longer than the universe’s existence for a supercomputer.” While such headlines are indeed exaggerated, the underlying security concerns are valid, given how quickly technology is advancing. As a bonus all these supposedly “safe” encrypted cloud password databases containing billions of passwords suddenly becomes unencrypted in under three minutes.