Contributed article in our business series. Enjoy! – Kimberly
Email – you can’t really live without it anymore since that’s how you keep in touch with people, network, and apply to jobs nowadays.
And while it is appealing to just use the most popular email service (Gmail, Yahoo!, or AOL), it’s better to switch to a safer option.
Because the popular services simply aren’t secure enough.
What Risks Do Unsecured Email Services Expose You to?
You’d think popular email services have got your back, but the reality is completely different.
Here are the kinds of privacy threats you have to deal with if you use them:
1. Advertisers Breaching Your Privacy
Here’s the harsh truth – if you use a service like AOL, Yahoo!, or Gmail, you’re pretty much giving advertisers and third party apps access to your email contents.
Sounds like fantasy?
Well, check this out – apparently, AOL and Yahoo! have already been found to scan user emails for any kind of content they can share with advertisers.
What kind of info are they scanning exactly?
Stuff like department store and automotive loan company receipts. Of course, that’s what they made public. Who knows what other info they secretly scan?
As for Gmail, well it’s not really a secret that Google lets third party apps scan your Gmail contents. They even defended that policy, and the fact that they allow third-party apps to share your Gmail data.
True, it does say that:
“Developers may share data with third-parties so long as they are transparent with the users about how they are using the data.”
But let’s be honest here – we all know just how vague and complicated advertisers and other online services make their Privacy Policies.
2. Leaked Passwords
Yep, if you’re unlucky enough, one of your email accounts might end up compromised because the provider was the victim of a data leak.
Such was the case with Google back in 2014. Around five million Google account passwords were leaked.
And Google account passwords double as Gmail passwords.
So yeah, you do the math.
Let’s face it – with almost five million passwords leaked, at least one hacker managed to hijack someone’s account and use it to impersonate them or steal sensitive info.
3. Breached Accounts
Sometimes, passwords don’t even have to be leaked – cybercriminals manage to breach the email accounts directly because the provider doesn’t enforce strong security procedures.
That’s exactly what happened to AOL users in 2014. The provider didn’t make it clear how many accounts were breached, but it was estimated that around 2% (almost 500,000) accounts were in danger.
Yahoo! had the same issue a few years ago – with nearly 500 million user accounts being compromised. Things were so bad that Yahoo! users can now claim $300+ in damages from the company.
4. Lack of Decent Encryption
You’d think services like Gmail and Yahoo! Mail are relatively secure since they at least offer encryption.
Yeah, about that…They do provide encryption, but not end-to-end encryption.
What does that mean?
Basically, the services only encrypt the data between your device and the server. Anyone on the other side (employees from Google and Yahoo!) can plainly read your data.
So yeah, that pretty much means trusting that Google or Yahoo! will respect your privacy.
Both providers said they will implement end-to-end encryption, but that’s unlikely to happen any time soon. They’ve been saying that for years, with no actual release date in sight.
You can’t even say that it’s due to lack of resources since there are much smaller email providers on the market that actually offer end-to-end encryption.
What Exactly Is a “Secure Email Service”?
Alright, so it’s clear you should ditch the popular services for a more secure solution.
But what exactly do you define such an email service?
Well, here’s a quick list of the kinds of features a secure email provider would offer:
- End-to-end encryption – Not much else to add here since I already mentioned why this is so important.
- PGP encryption – A type of encryption that protects your emails with a public and private encryption key pair. An email service with built-in PGP encryption is a great catch since – normally – PGP is hard to use.
- Two-factor authentication – Adding an extra step to the login process which only you can complete with your mobile device is a nice way to further protect your emails.
- Server locations – If the provider has servers in countries that collaborate with the US or the US itself, it means US government agencies like the NSA can access server data. Usually, servers in places like Norway, Switzerland, and Germany are preferred.
- Open-source code – Code that is available for anyone to inspect and audit is much more trustworthy than closed-source code that a single, multi-national company owns.
- Metadata handling – Metadata includes info like the time you sent an email, the Subject, Recipient, and Sender, and also data about your device and network. An email service that doesn’t log any metadata and/or strips it completely is always a good sign.
What Are the Best Secure Email Options?
I can’t go into too much detail since that warrants its own separate article. If you want a more in-depth comparison of the most secure and private email services out there, check out the link I left. It’s a great guide with extremely useful info, easy-to-scan content, and helpful recommendations.
With that out of the way, here are my personal recommendations:
Based in Switzerland, ProtonMail offers peak privacy. It has end-to-end encryption, fully integrated PGP, self-destructing emails, is open-source, and the provider has absolutely no access to your data. It doesn’t even log your metadata or IP address.
Also, Forbes once called ProtonMail the only email system the NSA can’t access.
An open-source solution that also offers end-to-end encryption, two-factor authentication, and uses DANE (DNS-based Authentication of Name Entities) to protect users from hackers trying to impersonate them.
Also, you don’t need a phone number to create an account and Tutanota is based in Germany.by