A large part of your online life revolves around your email address. It acts as a central hub for almost everything you do: Travel documents and itineraries arrive there, it’s home to receipts for all your Amazon purchases, it acts as a recovery mechanism for the sites and apps you sign up for and then forget your login details. And, of course, there are all the emails you send.
This story originally appeared on WIRED UK.
Your inbox holds plenty of private information—and in many cases secrets—that when pieced together can build up a profile of your interests, movements, and social connections. But email privacy can often be neglected. The threats faced depend on who you are. For businesses, phishing attacks launched through emails can lead to entire corporate networks being compromised. But for individuals there are privacy concerns beyond working out if your account has been hacked.
First, data collection. While Gmail doesn’t scan the content of your emails to collect information for its advertising machines, data from your Google account is used to serve ads in your Gmail inbox. (Most recently Google started putting shopping ads in your inbox.)
Google can also use some information received in your inbox to help with other services it provides. For instance, flight bookings can automatically be added to your calendar; local maps for areas you’re traveling to, based on hotel bookings, can be downloaded to your phone. They’re potentially timesaving and useful tools, but some people may not be comfortable with how data from your email is used for other purposes. Aside from Google’s data collection, you may not want to give out your email to each app or service that you sign up for, especially those that may be for one-time use.
The other issue individuals should think about is how secure email is—and whether it is strong enough for their needs. For most people, security protections provided by the big email providers—Gmail, Outlook, Yahoo Mail—should protect emails more than sufficiently. Account access can be further protected with two-factor authentication, including security keys.
Alternatively, you might want to think about a totally different email account that puts privacy first and uses end-to-end encryption wherever possible. This is particularly prevalent if you’re sending confidential information or want to send emails that cannot be linked to your identity.
If you want to move all of your emails to a more private service, then you have a few options. The biggest thing to consider before deciding is that there will be ramifications—and digital admin will be required.
For your most sensitive online accounts—from banking and shopping to social media—you will want to log in and change the email address associated with your account. Identify the most important accounts to you before switching and weigh all your options. But it is best not to delete your old account. For the online accounts that don’t contain so much sensitive information, you may be able to set up forwarding from your old email to your new one. When it comes to opening a new account, there are privacy- and security-focused email providers out there. We’ve picked two here that are worth considering.
Based in Switzerland, ProtonMail is protected by some of the world’s strictest privacy laws. On top of this, it has a bunch of security features that are designed to keep your email and identity private. The company says its emails are end-to-end encrypted, with the firm not being able to access any user data. “Data is encrypted on the client side using an encryption key that we do not have access to,” it says on its website.
In addition to end-to-end encryption, ProtonMail doesn’t require any personal information to create a new account, including IP logs. It has also made all of its code open source, so anyone on the web can inspect it for coding flaws or vulnerabilities. There’s a free option, which only comes with 500 MB of storage, but also paid options that include more features and start at €4 per month.