Secure Email

Secure Email Recommendations

Key reads...

Many free and popular email services collect vast amounts of user data

The most popular and free email services do not provide encryption, engage in an immense amount of data collection, and often display ads in your inbox.

The lack of inbox and message encryption existing in these free and popular leaves users’ messages and inboxes open for potential sharing with third parties. Ads displayed in the inbox are often targeted and re-targeted ads, simultaneously collecting and using user data.

These services also engage in their own data collection, which includes:

  • Personal Identifiable Information (PII) such as legal name, phone number for establishing an account
  • Assigning an advertising ID to users (for targeted and re-targeted advertising)
  • Collecting metadata associated with outgoing and sent messages (who received a message and at what time)
    • This can include collecting information in email headers
  • Usage information tied to user identity such as setting preferences and interaction with service
  • “Automatically captured information” such as user IP address, location information, access to calendars, access to contacts

Reasons to use encrypted, secure, and private email providers

1. Secure end-to-end encrypted inboxes

Secure email providers provide inboxes encrypted with zero-access encryption, where the service is “blind” to the contents of messages and inboxes as they do not have the proper private keys.

Without access to your messages or inboxes by design, secure email providers do not have access to scan, read, or share user emails themselves or with third parties.

Some providers extend this zero-access encryption to other information contained within an email account, such as a calendar (if applicable) and

2. Limited data collection

Most secure email providers engage in minimal data collection when establishing an account on the service.

Most secure email providers effectively have an anonymous sign-up process that does not require a user to share PII, such as a mobile phone number, to establish an account.

Zero-access encryption greatly reduces the avenues for data collection by the provider post account creation. Most secure email services do not store or use metadata information associated with outgoing and incoming messages.

3. Better tracking protections

Secure email providers generally provide users with tracking protections and unintended information sharing. Most popular, free, and not-so-privacy-friendly email providers do not provide much, if any tracking protections.

For example, many secure email providers will not load images in opened messages by default - automatic image loading can accidentally leak user IP address information.