5 tips to keeping your email private
Email was one of the first modes of online communication, and arguably, the most successful. Even with the introduction of other messaging applications such as WhatsApp or Signal, the number of global email users has continued to steadily increase. In 2020, there were four billion users, and this is expected to grow to 4.6 billion by 2025.
One of the reasons for the popularity of email is its decentralized nature. You can send to and receive emails from anyone, regardless of which email provider is being used. To communicate with someone via WhatsApp or Signal, both users need to have an account with the messaging provider. The user friendliness created by the interoperable nature of email has made it an excellent communication tool. But there has been a serious cost – our privacy.
Are my emails being monitored?
The answer that applies to most email providers: yes.
Do I need any technical skills to protect my emails?
Definitely not! To safeguard your emails and privacy, you don't need to be tech-savvy. All you need to do is create an email account with a trusted private email provider, like StartMail. In general, it’s useful to understand the basics of email communications.
Let’s use an example: you want to email me. You compose your email in your email client (on a website or via an app), add my email address, and hit send. That’s the part that everyone knows. But how did your email actually reach me? Your email client connects to your email provider's SMTP (Simple Mail Transfer Protocol) server, which will locate and connect to my email provider's server to deliver your message to my inbox. These connections are most likely encrypted with TLS (Transport Layer Security), which means the email is private between you, both our email providers, and me. Doesn’t sound too bad, right?
Here’s the “but”. TLS is used to prevent third parties from snooping in our conversation by encrypting the message when it is transferred between our providers. However, there is nothing that prevents our email providers from accessing our emails. So, your private email to me, and the information it contains, could be shared with others.
Don’t worry, keeping your emails private is easier than you might believe!
Protecting your email communications is subjective because it depends on your ‘threat model’, or in other words, your security needs. Threat modelling is defined by Wikipedia as “a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker."
So how do we protect ourselves and our email?
1. Pick an email provider that respects your data privacy and security
Our use of email generates a lot of data, and all this information is incredibly valuable to advertisers. ‘Free’ email providers such as Google, Yahoo, and Microsoft, show advertisements in users’ inboxes. These ads are based on your personal information and online behavior, gathered from various sources on the internet. For an explanation about how and where Google collects your data, go to https://policies.google.com/privacy. So ‘free’ is not really free - in this case as you are paying these email providers with your private information. By picking an email provider that is truly secure and private, your data remains yours, and an added bonus – no ads!
Moreover, consider which country it is operating in, since the rules and regulations differ greatly. StartMail is based in The Netherlands, where privacy laws are among the strongest in the world! In the EU, General Data Protection Regulation (GDPR) imposes many pro-privacy regulations on individuals, companies and other organizations that handle personal data, ensuring that their users' privacy is protected by default. You should also learn to "read between the lines" of privacy policies.
2. Encrypt your messages using PGP
PGP (Pretty Good Privacy) encryption works with a pair of keys: a public and a private key. A public key is used to encrypt messages, and a private key is used to decrypt them. As the name implies, you should not disclose your private key to anyone. It is for your own personal use. Your public key, on the other hand, can and should be disclosed openly so that messages sent to you can be encrypted. Similarly, you can encrypt messages you send to someone else by using their public key.
Although this method may seem complicated, many privacy-conscious email providers such as StartMail have made it simple to use. With a single click of the button, PGP encrypts your messages from start to finish, ensuring that they are only seen by you and the intended recipient. It's worth noting that PGP doesn't encrypt the subject line of your emails.
3. Protect your PGP keys by replacing them regularly
If your PGP private key is stolen or gets into the wrong hands, it can be dangerous and may expose all the information you were trying to keep private in the first place. To avoid this security breach, you should replace your keys on a regular basis. Create a reminder to replace them after a few months, or if possible, set an expiration date on them. If one of your private keys is compromised, only the messages encrypted with that key are at risk. The rest of the encrypted messages remain unreadable.
4. Protect the emails you send to people that don't use PGP
Not everyone has the time, money, or resources to assess the privacy risks of using email. For users who don't have a PGP key, a service like StartMail can encrypt your emails using a password. You can give them the password over a secure channel or offer them a hint that only they know. It's not only simple and effective, but it also increases awareness about privacy.
5. Use an alias to protect your email address from scammers/data leaks
There are countless services that request your email address for you to place an order or to send a free e-book or a coupon for online shopping. When you do this, your email address could be sold or exposed in a data breach. You can avoid these issues by using an alias - an alternate email address that is linked to your main email address.
StartMail’s unlimited alias feature allows you to create a new email alias every time you need to share your email address somewhere. For example, you can create an alias like email@example.com for a shopping website or firstname.lastname@example.org for a blog subscription. If an alias is exposed to spam or phishing, you can simply delete or disable it, and the spammer will no longer be able to send emails addressed to that alias.
The undiminishing popularity of email combined with the continued advances in AI and analytics mean that keeping your emails and your personal information protected is becoming more and more important. Thankfully, it doesn’t have to be difficult if you follow these five tips.
Start protecting your online privacy with a free 7-day StartMail Trial today!