I'm a beginner and have a few questions I'd like to ask

Hello everyone, I’m new to privacy and have many questions about it.

I’m not sure how much I care about privacy, but I’m wondering if using Gmail is really a bad idea? I’ve done a lot of research, and it seems they stopped using Gmail content for advertising in 2017, and they’ve also stated on their Twitter account that they don’t use their inbox for AI training. I don’t know if that’s enough privacy.

Even if Google had the capability to read everyone’s emails, given the sheer number of Gmail users worldwide, reading everyone’s emails sounds extremely impractical.

The only private email service provider I’m familiar with is ProtonMail, but after researching a bit more, I discovered that it seems many websites don’t accept ProtonMail because it’s anonymous. Also, ProtonMail doesn’t support automatic categorization, a feature that’s quite important to me because I receive a lot of promotional emails, and putting them all in my inbox would create chaos.

So I’m hoping someone can tell me why I should forgo the convenience and opt for the relatively difficult and expensive ProtonMail (or a similar service), or that Gmail is sufficient for me?

That depends on your threat model.

ProtonMail has a free tier:

  • https://account.proton.me/mail/signup?plan=free

If you are referring to expense as friction cost, that is the price for any migration, not just between Gmail and ProtonMail.

It’s not impractical at all. It’s not a person that would be analyzing them.

Could you link to a source? You might be thinking of email aliasing. Proton should be accepted most places and if not, I wouldn’t want to use that service.

It’s not anonymous.

Websites most likely reject based on fraud likelihood, not privacy providers. Additionally, many proton users might be using a privacy vpn and browser, making it harder to sign up.

Well you are here so that’s a first step :slight_smile:

There is also TutaMail https://tuta.com/

I can’t tell you if you should or shouldn’t continue using Gmail vs Switching to something like Proton or Tuta. That comes down to a personal choice, but there are important privacy improvements in those services over Gmail (in my opinion anyway).

As @Expert4870 pointed out regular Proton Mail addresses are not “anonymous” but may still not be accepted due to perceived fraud risks, among other external factors.

I would generally recommend Proton or Tuta, but using encrypted email (E2EE and stored encrypted) can lead to a false sense of security.

Even when someone’s email inbox is encrypted, if their contacts don’t use encrypted email compatible with them (for instance, Tuta to Gmail, Proton to Tuta), every email sent from them to their contacts will be sent/received unencrypted (not E2EE) and stored unencrypted (readable by the contact’s email provider). Replies from their contacts to them will also be unencrypted.

The problem lies in the insecurity of the email protocol, not in the choice of email provider. The protocol permits messages to be sent/received unencrypted, encryption is not mandatory unlike in encrypted communication protocols like Signal. Further, the protocol requires the sender and recipients (the From and To headers) be unencrypted (for delivery purposes), thereby leaking who is talking with who.

People who need privacy should avoid using email. People who use email should assume all their email communications will be stored permanently and read by third parties or leaked as a result of data breaches.

Hello,

I just want to write that’s the best way to learn more about privacy is to read blogs of companies/institutions who work hard on it. The more you learn about privacy, the less likely you will use google. It’s is why it’s hard to tell someone whether they should use google/bigtech or not. It’s a personal preference but to make a good decision you have to learn about the topic and stay informed.

Follow proton/Tuta mail on mastedon and read what they have to say. They try to explain everything. You can even get a rss reader and get their blogs automatically. Follow the matrix or any decentralised platform, or any privacy advocate and see what the movement is really about.

your data belongs to you and you should protect it

It depends on your threat model and if you trust Google’s statements about their email scanning practices. But there is still something you’re missing:

Google could read your emails even if they don’t need to scan all of them manually. But what really matters here is metadata. It tells more than content anyway. Google cares more about who you talk to, when and how often. That’s how profiles get built, not necessarily from email body text.

The main point and advantage of privacy email providers are metadata retention and how they use your data. A privacy email provider won’t profit from you nor share your data with third parties for advertising.

Instead of switching your entire email provider, consider using email aliases like Addy.io or SimpleLogin. These let you hide your real address, avoid spam, prevent tracking and isolate data breaches without losing Gmail’s convenient features.

For example, you can generate a unique alias for every website. If one gets spammed, just disable it. Your main email stays hidden. Some alias providers, like Addy, also offer PGP encryption before forwarding to your inbox, and you can even hide or encrypt subject lines (often the biggest metadata leak). You might need to use a suggested email client for that. Learn more about how Addy handles encryption here.

I use Addy because I find its privacy policy better than SimpleLogin’s. Their Lite plan runs around $12/year, which I think gives more privacy gains per dollar than paying for an encrypted email provider. And unlike many services, they don’t store your emails except briefly during failed delivery attempts (which you can disable too).

You can learn more about email aliasing strategies here.

My final advice for you is to read both the email provider’s and alias provider’s policies carefully, then build your own threat model. If you’re going for Addy, I suggest reading their FAQ and help pages to fully understand how to manage your aliases. There’s no perfect solution, only what fits your needs.

Hope this helps you figure out the best path forward!

I don’t trust Google not to read my mail, so I run my own email server. I don’t believe my domain was ever refused anywhere, and if this was the case, the company would simply lose my custom. I don’t really use Google or any other big tech service for anything these days, but it isn’t something you can really achieve overnight, especially if you are unable or unwilling to self-host. I am also the kind of person who does not consider being excluded from Reddit/Facebook/Instagram/or some other invasive platform a big loss.

I would say everyone should move away from gmail. The big tech firms have all been shown to ban users at the drop of a hat effectively cutting them off from significant parts of their digital lives.
That said, I would also argue that you should pay attention to where they provide value and where they extract it. I have a lot of concerns with Google and how they do business, but it’s hard to argue that they don’t offer useful services for “free”, even if it is in the “you don’t pay, with money” sense.

I use both Proton and Tuta for different things and I would recommend either. But I would also recommend transitioning yourself as opposed to trying to jump ship.

Both have categorisation, but they don’t have smart categorisation.
Tuta requires a paid plan for Inbox rules. Proton does appear to allow filters on the free plan, although I assume there’s a hard limit on the number of filters you can add.

Gmail does state that they do not use message content for advertising. But I’d argue that is in part a result of the value of metadata analysis, not out of respect for privacy.
Sender and subject aren’t traditionally considered part of the message content, even attachment names might be argued as separate.
Google has such a large data trove that for example, if you use email to correspond with your doctor, Google might be able to figure out what medical stuff you’re dealing with purely as a result of which doctors are included in email correspondence.
They’re analytics is trying to beat blind guessing. They don’t need to be accurate, they just need to beat the odds. Who you talk to and when is worth more than the subject (especially if Google also knows something about them). The subject and correspondent list is worth more than the content, and are less prone to manipulation. Public backlash did probably play some part in changing their policy, but I wouldn’t be surprised if was changed mainly as a result of content driven ad targeting being costly and ineffective in comparison to scanning email headers.

Honestly, there’s no shame in sticking with Gmail for now; it’s free and convenient. But if you want to start moving away from Big Tech, check out Fastmail. It’s a great middle ground it feels just as smooth as Gmail, but it doesn’t scan your emails for ads, and the filtering tools are, honestly, a game changer.

Don’t feel like you have to switch everything overnight, though. Privacy is a marathon, not a sprint; just start small and build up as you get more comfortable.