Do I step back from email privacy?

Privacy is important everywhere. However, based on my current situation, I’m feeling like I should give up on email privacy.

Let me explain my situation: I come from a country where less than 1% of email users are actually using private mail providers with their personal informations. As for my email usage, I mostly receive mails from various businesses, and I rarely send any. I’m quite sure these senders are using either Google Workspace or Microsoft Business for their communications.

Email privacy can only be maintained if both the sender and receiver prioritize it. However, businesses generally prioritize stability over privacy. While privacy respecting services (e.g., password managers, cloud services, etc.) may use private mail services, those that cater to the general public tend to opt for mainstream services rather than privacy-focused options.

I started using privacy-focused mail providers with the idea that Google can’t scan my emails and profile my data. But in reality, nearly all emails I receive are already being scanned, and any personal information they contain is known by those big tech giants.

At this point, I’m considering giving up my email privacy journey. Honestly, spending on a privacy mail service no longer seems justified to me. I’m thinking of switching to a free Proton or Tuta account for managing my everyday privacy services, and for all other communications—like banks, offices, medical institutions, IDs, etc.—I’ll revert to Gmail.

What do you think? Please share your thoughts below.

It’s all true, of course, but that doesn’t preclude you from using a more privacy-preserving provider yourself for other reasons such as zero-access encryption or not being profiled based on your email contents, although none of the big providers even scan your emails for advertising purposes AFAIK, if you’re worried about that.

It might be controversial, but most people strictly don’t need to worry about email very much these days. It’s a futile exercise for the most part, but it doesn’t hurt to at least use something reputable and secure. Get a Premium SimpleLogin subscription and use it with your Gmail if you want. It’s what will make the most impact.

There are plenty of reasons to use different email hosting, but increased privacy is typically not one of them, at least when average threat models are considered.

Curious, what does gmail give you that proton doesn’t?

Fwiw, gmail don’t block image trackers that let the sender know whether you opened the email or not. It’s the little things like this, plus the fact that your entire digital life is not bound to google services. It helps with compartmentalising of services if you use google photos or drive.

If it feels heavy on the wallet, your best bet would be to at least have gmail used separately, with google photos and drive on separate emails if you use those.

Yes, the fact that you can have your emails stored with zero-access encryption from the service provider is more important for most people than encrypted email in transit

It can though.

I don’t know what emails you’re receiving but I don’t think this is generally true, especially for people who are more privacy conscious of their online interactions. Think of every email you receive, this may contain info about your travel, things you buy, the many services you’re signed up for online, communities you’re a part of. This builds an in depth profile about you. If you use Gmail you’re handing all that info straight to Google. Sure some of that info might get shared around to some extent (depending on the companies you interact with, their privacy policies, your settings, etc) but thats completely different from serving a detailed live profile of yourself straight to Google. Privacy is a spectrum, not an on/off switch.

Also Google recently started integrating Gemini (AI) with gmail. I imagine you can probably opt out of that.

But routing online communications through a notorious privacy abuser doesn’t make sense to me. Especially when there’s not any downside to using a free ProtonMail (or tuta or otherwise) email. Is there some issue you’ve had with Proton?

Edit: I see now you did mention using free Proton and only gmail for gov/health/official stuff. That’s a fine compromise but I still wonder what the benefit is of gmail? Have you had issues with Proton?

You can

It completely turns off images; yes you can load it but it’s not practical plus inconvenient.

Same here. You can technically disable it but you’re gonna lose QOL features which Google now bundles with AI features.

Gmail has been proxying all images through their own proxy servers for a decade, but what Proton does is more elaborate

Thanks, I just disabled that on my account.

True, I notice disabling it turned off inbox categories and spellchecking. Doesn’t bother me since I don’t really use Gmail but this is unfortunate for people who want those basic QOL features without Gemini getting involved.

Well, you can’t have your cake and eat it too, but I’m not too familiar with what supposed basics they now bundle with Gemini

there is also the undoubtable moral benefit of giving money to Proton instead of Google

It’s been around even longer, has plenty of bells and whistles, and is free to use.

Also top‑notch security via APD with no human factor involved

If only it was that simple. But yes, most people who switch to Proton or Tuta won’t see much privacy benefit since only your inbox is encrypted with zero-knowledge. I would say that’s still pretty good, and much better than Gmail for “banks, offices, medical institutions, IDs, etc.” Is there a reason why you would switch back to Gmail? It doesn’t sound like you would be using e-mails differently.

The long-term goal is to get more users to adopt Proton or Tuta (not so much businesses, although that would be great as well). If you need privacy, both parties will have PGP by default. And the benefit of paying for e-mail is to add a custom domain (unless you can do it on Gmail for free?). But if you don’t benefit from a subscription, the free option is still great.

IMO it is crucial to utilise both email alias features and encrypted email service.

Even the other parties don’t use privacy friendly email services, if they communicate with you via email alias, it would still be much more difficult for third parties to build a profile around you.

Of course it would be equally important avoid sharing your personal details via emails.

Where I live a Proton Unlimited subscription for 1 month costs around the same as a large meal for one person at McDonalds. Going back to Gmail would make me feel ill. Converting all of those aliases to another provider would take more energy than it is worth.

What about Microsoft Hotmail/Outlook?

Having a zero-access encrypted mailbox and not being profiled based on my email contents are the only advantages of using privacy-friendly mail providers. However, the struggle associated with this choice is significant.

First of all, I always need to keep a Gmail account because most officials don’t accept email addresses from lesser-known providers like Proton and Tuta even when the system accepts these domains. If I write down my email address on any form, they ask for a Gmail address instead. I don’t want to teach them about the values of privacy in today’s world because they think that keeping their social media accounts private is a great step toward achieving privacy. I know I can’t change their mindset.

Even if I skip these situations and add my Proton or Tutanota address online, during KYC verification or any account verification, they strictly ask me to share my Gmail address.

Even if I overcome these issues, the battle isn’t over yet. Some systems don’t accept any domains other than Gmail, Hotmail, and Yahoo.

You might suggest using a Gmail address where absolutely necessary and forwarding the incoming emails to my privacy mail address. However, doing this means I would just receive all the emails in one mailbox, and my privacy would still be compromised.

In the past years, I’ve tested both AnonAddy and SimpleLogin, and I found that most sites don’t accept these domains here. I tested every single domain available in the paid plans of both services. Currently, majority services accept popular privacy mail domains, while most of them do not accept alias services.

Additionally, my friend and I conducted an experiment where we set up our email addresses in the same services— I used ProtonMail, and he used Gmail. The purpose of the test was to see if there was any time difference in receiving OTPs. Surprisingly, Gmail won the game; in some services, OTPs arrived at the same time in both mail addresses, while in others, the OTP was delivered to the Gmail address earlier than the ProtonMail address.

In my country, emails and mobile numbers are the only ways to verify our online accounts (no TOTP or passkey support till now), and there’s always a risk - if there’s any delay in receiving the OTP, it can lead to inconveniences, as the usual time frame to enter the OTP is 30 to 60 seconds.