gmail alternative

Gmail Security And Gmail Alternatives

Last updated on May 25, 2021

Your email inbox is full of your most sensitive information. This includes your contact details, who you communicate with and even your financial information. Chances are, you don’t want anyone getting their hands on this sort of information.

Unfortunately, Gmail, Google, and its affiliates all read this information. Let’s explore some of the biggest privacy issues of Gmail and look into some of the best Gmail alternatives to keep your privacy intact.

What Makes Gmail Vulnerable? Is it Better to Find a Gmail Alternative?

Gmail is a widely popular service worldwide, having around 1.5 billion monthly active users in 2019. It holds 20% of the global email market and is available in 72 languages. There are a lot of things that Gmail does right, such as alerting users to malware, watching where users are logging into their accounts from and spotting spam well.

So, what is the problem, and why are an increasing number of people looking for Gmail alternatives?

An emailing service that has once stated, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties” cannot inspire too much confidence, for starters.

It has also been known to scan emails for keywords. This was previously done to serve adverts and turn over a profit, but it claims to no longer do this.

“Google is getting rid of one of its most controversial advertising features. Ever since Google first introduced its free Gmail email service some 13 years ago, it has been analyzing the text of emails to personalize advertising displayed both within Gmail and elsewhere. Privacy advocates and concerned users alike have long criticized this as a far-reaching intrusion, but most other free email services have been doing the same — or at least reserved the rights to do so — for years.”

Even if users actively use blocking tools, there is a database that is forming regarding your information that belongs to Google. Although Google claims not to use this information about you for targeted ads, it still makes us wonder as to why they’re doing it at all.

“The Google app on your phone, for example, knows when your next flight is leaving, and whether or not it has been delayed, based on emails you get from airlines and travel booking sites. Similarly, Google Calendar has begun to automatically add restaurant reservations and similar events to your schedule based on the emails you are getting. Google also has for some time automatically scanned emails for links to potentially fraudulent sites, as well as to filter out spam.”

Users may be unaware of this, but the third-party apps that you install are also able to scan the content of your emails in order to serve adverts. Many of us don’t dwell on privacy policies within these apps, but we often permit these apps to do so. Google has been accused of allowing hundreds of firms to access email accounts.

“We make it possible for applications from other developers to integrate with Gmail – like email clients, trip planners and customer relationship management (CRM) systems – so that you have options around how you access and use your email.” Suzanne Frey, Google’s director of security, trust, and privacy explains.

Google is also a US-based company. The United States could easily enforce warrants if needed, in order to compel firms to hand over any user data they have all whilst keeping it a secret. Essentially, Google and the United States government could scan your emails in detail and you never know about it.

Furthermore, according to US law, it is possible for government agencies to seek access to data on servers all over the world. This means that the US government can monitor your data even if you’re not a United States citizen thanks to FISA, the Cloud Act, and the Patriot Act.

Thanks to Facebook’s transparency report, we can see that this is something that is happening at record levels.

“The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first half of this year compared to the second half of last year.

That’s the highest number of government demands it has received in any reporting period since it published its first transparency report in 2013.

The U.S. government led the way with the most number of requests — 50,741 demands for user data resulting in some account or user data given to authorities in 88% of cases. Facebook said two-thirds of all the U.S. government’s requests came with a gag order, preventing the company from telling the user about the request for their data.”

It is widely known that Gmail was compromised by US authorities in 2009 by the invasive PRISM program. This allowed government agencies to both intercept and read user emails. While it is unknown whether the NSA and FBI still widely collect information from emails, many people believe they do.

“NSA programs collect two kinds of data: metadata and content. Metadata is the sensitive byproduct of communications, such as phone records that reveal the participants, times, and durations of calls; the communications collected by PRISM include the contents of emails, chats, VoIP calls, cloud-stored files, and more. US officials have tried to allay fears about the NSA’s indiscriminate metadata collection by pointing out that it doesn’t reveal the contents of conversations. But metadata can be just as revealing as content — internet metadata includes information such as email logs, geolocation data (IP addresses), and web search histories. Because of a decades-old law, metadata is also far less well-protected than content in the US.”

When using a Gmail account, there is not a native way to secure end-to-end encryption. This can be achieved by using encryption extensions, which many people do not take advantage of as they are unaware it is needed. While Google is unable to scan encrypted emails, it is able to see the metadata including headers, from who the emails are sent, who they are being delivered to, and when.

Google has since introduced a confidential mode, which is now turned on by default for business users. This feature adds more control in that it allows expiration dates and revokes previously sent messages. It doesn’t allow recipients to forward, copy, print or download their content or attachments. However, this doesn’t mean your emails are encrypted at all. According to Gennie Gebhart, associate director of research at the EFF,

“Confidential mode emails are not end-to-end encrypted, for example, which means that Google can see the contents of your messages,” she says.

At the same time, Google can technically even store them indefinitely, regardless of whether you use the ‘expiration date’ feature, Gebhart points out.

“Confidential Mode provides absolutely no confidentiality from Google,” says Gebhart. “My biggest fear with confidential mode is that it will give users a false sense of security that prevents them from seeking more secure, end-to-end encrypted communication options, like Signal or WhatsApp.”

General Issues with Email Inbox Protection

With the increase of email use in the past number of decades, hackers are increasingly using email inboxes as a way to gain profit, compromising cybersecurity in various ways.

Malware Infections

This is the most common point for malware. It is projected that 2-4% of all emails have some sort of malware. The content of the message encourages people to download a malicious file and launch it.

Phishing Attacks

This form of cybercrime lures the user to voluntarily reveal their personal information. Usually, email messages are created in order to steal money by hackers that pose as legitimate companies we all know and trust.

Email Spam

Bulk emails, also known as spam, are sent in large quantities and will often display ads attempting to sell various products or services. As many as 14.5 billion spam emails are sent worldwide daily which makes up almost half of all emails sent. This large volume of junk emails usually end up using valuable server space which can essentially affect your network. It can also result in network downtime, halting important business operations.

Transit Threats

Man in the middle attacks are a popular form of eavesdropping that allows third-parties to monitor information transpiring between two parties. A hacker is able to spy on communications and then use fake accounts in order to contact the targeted user, stealing important and sensitive information.

What is the Best Gmail Alternative For You?

#1 ProtonMail

This was the first encrypted emailing service introduced to the world by scientists and cybersecurity researchers. It is based in Switzerland which has much stricter privacy policies that the United States. It is an open-source project which means that experts have the ability to look over and vet security algorithms.

ProtonMail is one of the best Gmail alternatives as it includes security features like two-factor authentication and is a fully-featured email client that fully integrates PGP encryption into the client. You can also use passwords to encrypt messages sent outside the ProtonMail network.

The cool thing about ProtonMail is that you can check out a list of all your current ProtonMail sessions. This means that you can see whether someone is messing with your account, or you can even shut down other sessions that are running with the click of a button.

More advantages of using ProtonMail:

  • Much more secure than regular email services like Gmail
  • Emails are not monitored for advertising purposes
  • Completely open source
  • Simple to use
  • It’s possible to send encrypted emails to non-ProtonMail users
  • Self-destruct emails
  • Useful premium options

#2 Tutanota

This German-based emailing service combines all the most important privacy features a user needs to remain secure when using their email. Tutanota encrypts your mailbox completely, including your contact list. This information is stored in Germany, but it will not let you import or encrypt any old emails.

Why is this one of the best Gmail alternatives? Some great features offered by Tutanota includes end-to-end encryption between Tutanota users as well as between Tutanota users and non-users. Unlike other email providers, this service doesn’t use OpenPGP encryption or support IMAP, POP, or SMTP. Basically, that means it is not compatible with other email providers and is unable to be used with third-party apps.

These guys use their own encryption, supporting forward secrecy. If someone were to get their hands on an encryption key, it would only unlock that message, and the rest will remain safe. It will not track users and it also strips your IP address from your emails.

More advantages of using Tutanota:

  • Excellent SSL encryption
  • Client and apps are open source
  • Android and iOS apps are simple to use
  • Solid privacy protection
  • Bulk contact import with vCard is possible
  • You can receive an encrypted reply from regular email users

#3 Posteo

This is another German-based emailing company that has to comply with strict European GDPR laws. Posteo was founded more than a decade ago and is entirely self-funded. This allows users to breathe a sigh of relief knowing that Posteo has no obligations to share any data with investors or partners. On the other hand, it also means the service isn’t free.

For one Euro a month, users can have access to multiple features like two alias addresses, 2GB of email storage, which can be upgraded to 20GB per month. It will allow email attachments of up to 50MB in size and upload multiple files at once.

There is cross-device compatibility which means that users are able to sync their email on smartphones, PCs, and tablets.

In terms of email to email security, Posteo offers PGP encryption as well as OpenPGP header compatibility. There are spam and virus filters that come with a whitelist ability and customizable filters, and users are able to securely migrate up to three external email accounts to Posteo. The best part is that users don’t need to provide a name, email or other email address to create an account.

More advantages of using Posteo:

  • There is an emphasis on green energy, data reduction
  • Zero tracking
  • Includes email to email encryption, calendar, and contacts
  • Subject, headers, body, metadata, and attachments are encrypted
  • Self-financed
  • IP address stripping
  • Allows anonymous cash payments
  • Supports SMTP, POP, and IMAP protocol + Two-Factor Authentication

Tips for Keeping Your Email Secure

#1 Use Two-Factor Authentication

Two-factor authentication combines something you have with something you know. This means you aren’t putting all your confidence in your password which is great considering how weak most of our passwords are. This might be as simple as clicking a button in combination with entering a code or your phone number.

#2 Curb Forwarding

Many of us click on the “forward” button when we wish to share without thinking twice about it. However, we should consider where this message is going and where it will be stored. Forwarding messages from internal corporate emails to someone outside of your company means that you are exposing that data to possibly unsecured servers.

#3 Encrypt Your Emails

One of the best ways to keep your emails from being monitored by third parties is to encrypt them. By using encryption, your email is protected as it makes your messages impossible to decipher unless you authorize someone to read that particular email. Even if your inbox is compromised, the contents of your email communications will be unreadable.

#4 Choose a Strong Security Question

There is a lot of information that can be uncovered about users online by hackers, primarily on social media. This is why you should never use partner’s names or pet names for your security questions or passwords. Think of the toughest security question you can that nobody knows the answer to, but you. Alternatively, use false answers to standard questions.

Conclusion

While Gmail is one of the most common email service providers actively used by more than a billion people each month around the world, it definitely falls short when it comes to user security. Although attempting to appear as though it has heightened security measures for email users, there is no end-to-end encryption when you send an email from your Gmail account.

In the past, Google and Gmail have scanned user emails for information that was then given to other companies as well as having US government agencies scanning the contents of emails. Whether or not some of this activity is going on, we don’t actually know, but it is a far smarter option to keep your information private by using secure Gmail alternatives.

Article comments