The privacy community and legislators continue to miss two basic design flaws in Gmail: It doesn't have a session timeout, and it does not detect it when you log in from more than one computer.
Scenario one: you log into a public terminal -- say in a public library or a cybercafe. You forget to click the Sign Out button, and you get up and leave.
The next person who walks up to that terminal now has your entire life at her fingertips -- years of e-mail, efficiently searchable. Your life history remains exposed as long as that computer is turned on and the Web browser remains open. The session never expires.
Scenario two: you visit your boss or a colleague and quickly check your Gmail for that report you mailed last week. You forget to sign out. When you go back into your own office, you sign back into Gmail. Everything seems perfectly fine. But the other Gmail session is still active. In fact, it's automatically updating your Inbox listing. Your boss can read your new mail, search your old mail, or even send new messages from your mailbox -- indefinitely. You have no way to close his view into your life, and, if he doesn't send or delete, you have no way to detect it.
Gmail's rivals figured these exposures out eons ago, and implemented session timeouts and multiple login detections as remedies. While the privacy community wails over a robot serving up relevant ads, they're missing the entire point.
As a Gmail beta tester, I dutifully reported these flaws to Google. They haven't responded. These flaws shouldn't be hard to fix. Because Gmail can expose years of your life, Gmail should "time out" aggressively -- maybe after only 15 minutes of inactivity. If you time out, Gmail should prompt for your ID and password, and resume your session. (It should not log you out and send you back to a fresh login.
It should be easy for Gmail to detect when you log into a second session. How should the Gmail system react? At a minimum, it should log out the first session -- the one you left logged in for the boss to read.