Over the summer, Google abandoned a policy that had set them apart from other big sites like Facebook and Twitter. The search giant once vowed to make privacy a priority, keeping identifiable information gathered from Gmail separate from the web-browsing data used by advertisers. But as of June 28, that distinction is no longer in place by default. According to the update, user activity “on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google.”

This change was widely glossed over when it first was made, but ProPublica recently took a closer look. If you were an existing user at the time of the move, you would have received an opt-in request titled something along the lines of “Some new features for your Google account.” Anyone who has signed up for an account since then would have been opted in by default.

In the past, the customized DoubleClick ads that popped up around the web were only based on users' Google searches—but now they can reference keywords mined from Gmail as well. It’s easy to see how this might raise privacy concerns for some users, especially those who weren’t aware of the switch. To see if you’re affected, go to the Activity Controls section on Google’s My Account page. If the box that reads “Include Chrome browsing history and activity from websites and apps that use Google services” is unchecked, you’re in the clear.

Unfortunately, Google is just one of the sites doing questionable things with your personal information. To see how much Facebook knows about you, you can download this Chrome plug-in.

[h/t ProPublica]

Know of something you think we should cover? Email us at tips@mentalfloss.com.