Table of Contents
- Privacy Concerns with Email
- Solution: Use a Privacy Respecting Email Service
Privacy Concerns with Email
Emails are Sent Unencrypted
In its original form, email was like a postcard. As an email traveled from server to server en route to its destination, anyone could potentially intercept and read the email. These days most email providers use TLS (Transport Layer Security) to encrypted email messages in transit. Google’s Gmail – which handles a large amount of email – estimated that around 90% of email is encrypted.
Email is Often Stored Unencrypted
Most email providers store your email archive in plain text. This means that if there was a data breach, the contents of your emails could theoretically be read.
Depending on the provider, the content of your email may be scanned in order to show you more relevant ads. This was the case for years with Gmail, although Google no longer does this. AOL and Yahoo! are among the providers that still scan your emails for this purpose.
Email May Reveal your Location
Many popular email providers reveal the IP address of the sender. This is often included in the header as X-Originating-IP or Original-IP. Someone could theoretically use this to determine your approximate location. Providers that include the sender IP in the header include Outlook, Yahoo, and Zoho.
In the event that someone gained access to your email, what would they find? For most of us, our email is a glimpse into our lives. Chances are that your email account is storing large amounts of email you will never need to access again. Additionally, under United States law, emails older than 180 days can be accessed by the government without a warrant.
Solution: Use a Privacy Respecting Email Service
In order to boost your privacy with email, you should select an email that emphasizes privacy. Two excellent providers include ProtonMail and Tutanota.
ProtonMail is a private email service based in Switzerland.
Messages between ProtonMail users are encrypted by default. For users outside of ProtonMail, there is support for encrypted emails to non-ProtonMail users. ProtonMail has a proprietary system for sending password protected emails. Additionally, emails can be sent using PGP. As a final fallback, ProtonMail sends messages via TLS to providers that support it.
With ProtonMail, all of your emails are encrypted on their servers.
ProtonMail has a free version as well as paid plans. Paid versions include more storage, filtering capability, and the ability to use custom domains.
ProtonMail is accessible via a web-based client. It also has mobile apps for Android and iOS. For desktop users, ProtonMail has a feature called Bridge that allows it to work with a variety of email clients. To use Bridge, you must have a paid ProtonMail plan.
Moving from Other Providers to Protonmail
Tutanota is a privacy-centered email service based in Germany.
Emails between Tutanota users are always sent end-to-end encrypted. For users outside of Tutanota, you can password protect emails which the receiver can open via a link. Additionally, emails are sent using TLS to servers that support it.
Emails are encrypted at rest and cannot be read by Tutanota.
Tutanota has a free version as well paid versions. Paid versions include more storage and support for custom domains.
Tutanota can be accessed via its website or via apps for Android, iOS, Windows, macOS, and Linux.
Tutanota is open source.