Igor Bubelov
About Blog Notes Photos

Improving Email Privacy

Privacy · Security · Aug 29, 2019

I’m happy to see that privacy have become a hot topic recently. More and more people want to know who holds their data and what kind of data is it. I don’t think this trend will stop any time soon because most people don’t seem to like the answers to all those questions when they find them. Many email providers use the data they hold to maximize their profits at their users' expense.

Illustration by CMDR Shane
Illustration by CMDR Shane

It’s hard to get some privacy in the world dominated by a bunch of tech companies making money by following your every step online and offline. It’s not an exaggeration, Google has its trackers installed in more than 50% of popular web pages and that fact alone should make many people uncomfortable. Google and Apple also collect your location data via their smartphones. Nowadays, you can’t own a smartphone, without it acting in the interests of a big corporation, not yours, even if you paid a lot of money for it.

The situation with email services is rather bleak. Various data sources estimate that Google Gmail controls about 30 to 35 percent of the global email market, and they’re known for constantly reading user emails and selling all the information they can find to the highest bidder.

Table of Contents

Why Email Should be Private?

Making your email communications private is a good starting point for someone who wants to take back his or her data and make sure that no third party has access to it. Just a few decades ago, people didn’t have email accounts, they used paper mail instead. It was slow and expensive but I wonder how would our grandparents react if someone told them that their mail has been intercepted and examined by various third parties. This is some kind of scenario you would see in movies about totalitarian governments or other kinds of dystopias, but that’s exactly what happens with many emails now.

It’s almost impossible to use Internet if you don’t have an email. We type our email addresses in our CVs, we use email to create and manage bank accounts and we use it to discuss our most important private matters. This information shouldn’t be accessible to anyone except the people who participate in our conversations.

Hard Solution: Self Hosted Email Servers

Technically, you can set up your own email server. The problem is: it’s not easy, even for a person with a computer science degree. I’m not discouraging anyone from trying to set up their own email service but let’s say it’s not for everyone, and it would be nice to have a solution that is accessible to a broader audience.

Email servers are no different from the other servers when it comes to maintenance. You can rent your own server for few bucks a month, but it would likely be less stable and secure than a hosted email service. It would also burn tens or even hundreds of hours of your time for initial setup and maintenance. Self-hosting isn’t easy nor cheap, I doubt it will ever be a viable option when it comes to solving email privacy problem.

Easier Solution: Email Services With Zero Access Policies

There are a few email providers who offer to store your emails in an encrypted form. ProtonMail is one example, but there are many others. Using those services is not different from using a Gmail account, but they won’t sell your data to anyone, they don’t even have it in an unencrypted form. The added benefit of not storing unencrypted emails is the fact that it makes such services more hacker-proof. Let’s say a group of hackers managed to steal a bunch of emails from an encrypted email service. They wouldn’t be able to read them without your password, and you’re the only one who knows it.

Switching to an email provider that has a zero access policy is the easiest and most effective way to make your email communications more private. Just don’t forget that more privacy comes with more responsibility, so you have to pick a good password and make sure you don’t lose it. Zero access policy means that your password is the only key to your data, and your email provider wouldn’t be able to restore your emails if you lose or forget your password.

We Need a Better Protocol

The reality is, no matter how hard we try, email will never be private enough. You might use a fancy privacy respecting email service or even host your own server, but it still exposes your data if you communicate with people who use a shitty email service such as Gmail.

We spend a lot of time in instant messaging apps, and those apps have become huge platforms for pretty much everything. Maybe the best way forward is to gradually move away from email and move our communications to instant messaging apps built upon a single universal protocol, such as Matrix.

Conclusion

Email is an essential tool that most of us use every day. Unfortunately, many people are unwillingly and unknowingly exposed to a constant surveillance, but there are ways to opt out and take back control of our data. Cryptography is a wonderful thing and it can and should be used to fix many privacy and security issues of Internet services such as email.