Privacy @lemmy.dbzer0.com shaytan @lemmy.dbzer0.com 2mo ago

Simple guide towards mail privacy

It's hard to make the full switch towards a more private life, but switching your mail already fixes a big underlying issue: that being, Google or other companies having access to all your emails. So, I'll cover the basics of making your online mailing more private.

Switching Mail Providers:

Your email is a big part of your online footprint and helps you keep track of your online identity. So, in order to keep that to yourself, I encourage leaving services like:

"Gmail" or "Outlook",

for others like:

"ProtonMail" or "Tutanota".

This is already a big step towards keeping all your emails private and safe. Both of these are free and respect your privacy on their free tier, but expand in features with paid plans. This takes time, as you have to switch your email on most accounts to this new email.

For the best privacy, you should delete most accounts and create new ones with this new email or with aliases. Some people, like myself, prefer to have multiple emails over aliases. For example:

"something.banking11231@provider.me" -> For banking and finance
"something.social12312@provider.me" -> For social media
"general.use@provider.me" -> For casual and responsible internet use
"something.trash21412@provider.me" -> For crappy websites or similar uses

(Self-hosting your own mail domain is possible, but it’s a harder process, and custom domains are not always accepted or reliable.)

(You should keep your old email for a year or so to make sure no important service was left behind locked to that email. Once that's done, you can delete the account.)

Tips:

If you can, you should try expanding your protocol with this:

Adding 2FA to any online website, especially email. I use ~~"Authy" ~~for this. -> Better use Aegis, good app!
Switching your browser to something like "Librewolf".
Switching to a password manager like "Proton Pass" or "1Password".
Encourage your close family to do the same once you're comfortable with the process.
Switch social media to private alternatives.
If you take any efforts to switch browser or install Aegis, try to use "F-droid", or even better, "Droidify". These being a FOSS app store, and a good Material alternative frontend. For apps not in here, consider "Aurora store", a more private **"Play store" **alternative

This is about it for me, quick posts from class, feel free to add into this topic bellow.

Edit:

Important additions after reading the comments:

Proton is a bit disencouraged by some for some political views published by the CEO under proton's account and image. They backed down, and I believe it isn't something too bad as for users to leave such a good privacy oriented suite of apps. I encourage anyone who cares about this topic to research before making the switch.
Mail is not 100% private with any option, and shouldn't be used for highly sensitive information. For that use end to end encrypted apps well respected, like "signal". Still is best to just don't send very sensitive information online.
As a comment pointed, for a mail to be as private as possible, both the sender and reciever should have a private mail, otherwise you can be private but the other person would still be having your mail conversations stored under "gmail" or similar.

Sorry if this post didn't give the best newbie advice, I tried to track back some of my old knowledge, but I'll take more time to research the next time. Take care and stay private!

10 comments

Very good guide!

Concise, simple language, and not a billion options.

You are missing this:

Gmail and Outlook fails to include a libre software license text file, like AGPL. We do not control it, anti-libre software.

Without this, we never defend against new scammers!

Without this, Gmail and Outlook can rebrand to scam again.
Proton lol. Also the only privacy is achieved with OpenPGP but no one uses it.
- Nobody uses PGP because it's annoying, the tooling is not user friendly, it requires a lot of manual efforr for multi-device access and most people simply don't have the ability to manage keys safely. And that is why offloading all this effort to Proton (or similar providers like tuta) who does all the PGP stuff transparently is the only viable solution.
- https://www.privacyguides.org/en/email/#openpgp-compatible-services
It’s hard to make the full switch towards a more private life, but switching your mail already fixes a big underlying issue: that being, Google or other companies having access to all your emails. So, I’ll cover the basics of making your online mailing more private.

The issue is that the moment you send a mail to someone or receive an email from someone that is using Gmail (or whatever provider that don't care about privacy), your own email is not private anymore: it's read by that other company. So, unless everyone was to start using encrypted emails and I should say compatible encrypted emails, real email privacy will be little more than a wish.

It's a good move to ditch companies like Google, obviously, but one should not let potential switcher believe that it's a magical wand that will make their emails private. It is not.

As a side note, I would also suggest for a much better privacy: use emails aliases so you never share your real email with any company or service provider.
Bitwarden is a good option for password manager.

I would discourage anyone from moving to Proton. I know people are quick dismiss the CEOs political views as fluff but here's a evidenced account of what unfolded:

This is what the CEO posting as u/Proton_Team stated in a response on r/ProtonMail:

Here is our official response, also available on the Mastodon post in the screenshot:

Corporate capture of Dems is real. In 2022, we campaigned extensively in the US for anti-trust legislation.

Two bills were ready, with bipartisan support. Chuck Schumer (who coincidently has two daughters working as big tech lobbyists) refused to bring the bills for a vote.

At a 2024 event covering antitrust remedies, out of all the invited senators, just a single one showed up - JD Vance.

By working on the front lines of many policy issues, we have seen the shift between Dems and Republicans over the past decade first hand.

Dems had a choice between the progressive wing (Bernie Sanders, etc), versus corporate Dems, but in the end money won and constituents lost.

Until corporate Dems are thrown out, the reality is that Republicans remain more likely to tackle Big Tech abuses.

Source: https://archive.ph/quYyb

To call out the important bits:

He refers to it as the "official response"

Indicates that JD Vance is on their side just because he attended an event that other invited senators didn't

Rattles on about "corporate Dems" with incredible bias

States "Republicans remain more likely to tackle Big Tech abuses" which is immediately refuted by every response

That was posted in ther/ProtonMail sub where the majority of the event took place: https://old.reddit.com/r/ProtonMail/comments/1i1zjgn/so_that_happened/m7ahrlm/

However be aware that the CEO posting as u/Proton_Team kept editing his comments so I wouldn't trust the current state of it. Plus the proton team/subreddit mods deleted a ton of discussion they didn't like. Therefore this archive link captured the day after might show more but not all: https://web.archive.org/web/20250116060727/https://old.reddit.com/r/ProtonMail/comments/1i1zjgn/so_that_happened/m7ahrlm/

Some statements were made on Mastodon but these are subsequently deleted, but they're capture by an archive link: https://web.archive.org/web/20250115165213/https://mastodon.social/@protonprivacy/113833073219145503

I learned about it from an r/privacy thread but true to their reputation the mods there also went on a deletion spree and removed the entire post: https://www.reddit.com/r/privacy/comments/1i210jg/protonmail_supporting_the_party_that_killed/

This archive link might show more but I've not checked: https://web.archive.org/web/20250115193443/https://old.reddit.com/r/privacy/comments/1i210jg/protonmail_supporting_the_party_that_killed/

There's also this lemmy discussion from the day after but by that point the Proton team had fully kicked in their censorship so I don't know how much people were aware of (apologies I don't know how to make a generic lemmy link) https://feddit.uk/post/22741653
Hi! I’m looking to migrate from Outlook to Posteo. I don’t like that I can’t stay logged in on psykos web interface therefore I’m using apple mail app as a gateway. Can some one enlighten me if that is a nonsensical idea knowing that my intent is to stay off of big tech. Does using posteos no-tracking mail defeats the purpose when using apple mail to access posteo?

10 comments