With regards to the data collection, the thing to realize (which I did so myself) is that email truly is the glue that ties together most internet services.
Take facebook for example. By default, almost any and all activity on the site is catalogued for you by email -- for your convenience. Someone mentioned you in an update, you get a notification. A friend sent you a private FB message, you can an email notification with the content in line (even with the support of replying to message via email as well).
Now, because email traffic on the internet is not encrypted by default, one is able to piece together the contents of communications just by looking at the email.
Essentially anything that you receive via email (e.g. password reset links; credit card statement summaries etc) is subject to capture and analysis. Given this, it may make sense to perhaps disable (potentially sensitive) email notifications as a workaround around this particular collection method.
Take facebook for example. By default, almost any and all activity on the site is catalogued for you by email -- for your convenience. Someone mentioned you in an update, you get a notification. A friend sent you a private FB message, you can an email notification with the content in line (even with the support of replying to message via email as well).
Now, because email traffic on the internet is not encrypted by default, one is able to piece together the contents of communications just by looking at the email.
Essentially anything that you receive via email (e.g. password reset links; credit card statement summaries etc) is subject to capture and analysis. Given this, it may make sense to perhaps disable (potentially sensitive) email notifications as a workaround around this particular collection method.