Privacy Conscious Approach to E-mail


I’ve been using GMail for many years for both my personal and part of business communication. I am extremely happy with its useful features and efficient workflows that I was able to develop. But at some point it just struck me how much information Google is collecting about me by scraping my emails. I decided to do something about it and I want to share that story, since I’m really satisfied with the setup.

No free lunch

There ain’t no such thing as a free lunch - says a popular adage. We live in capitalistic world where every gain has its price. It not always has to be paid with money, though, and it’s sometimes hard to assess the actual profit and loss when the value transfer is concealed in a form that is harder to grasp than direct monetary value.

Public companies like Google have to serve the best interests of their shareholders. Building and maintaining such a massive service like Gmail comes at a very real and extensive cost, which simply has to be balanced with adequate income. It brings value that has to be paid for and even if the money doesn’t flow directly from users’ pockets, it has to come via other avenues.

The solution is to monetize data that users leave in the system, including their content and traces of activity. It can be analyzed and results used to advance own research or traded to whoever is willing to pay. And out of a sudden users turn into a crowd of agents whose primary sense of existence is to generate income for their commander.

History likes to repeat itself and this kind of imbalanced relationship is not something unseen:

In the high days of European imperialism, conquistadors and merchants bought entire islands and countries in exchange for coloured beads. In the twenty-first century our personal data is probably the most valuable resource most humans still have to offer, and we are giving it to the tech giants in exchange for email services and funny cat videos.

— Yuval Noah Harari, Homo Deus: A Brief History of Tomorrow

…and it brings even more interesting analogies:

The companies are analogous to feudal lords, and we are their vassals, peasants, and - on a bad day - serfs. We are tenant farmers for these companies, working on their land by producing data that they in turn sell for profit.

— Bruce Schneier, Data and Goliath

What your e-mail reveals about you

In case of an e-mail service a clear way to generate profit is to exercise its advertising and marketing potential in user profiling. If you just think about it, your inbox contains a real trove of data revealing invaluable bits of information on a great variety of your activities.

Purchase confirmations coming from online retail services tell what you buy and how much you’re willing to pay for certain goods. Bank statements can disclose your income and list of card transactions in brick-and-mortar stores (fortunately, for a couple of years now, all bank statements that I get are encrypted).

Messages from ridesharing services reveal your whereabouts and where you like to party at night. Confirmations of meal orders show your culinary taste and how many people typically stay at your house. The same goes for electricity and water supply bills, not to mention telephone billing statements that sometimes contain full call logs.

It’s relatively easy to collect even more sensitive information too. Tracking appointment confirmations at various doctors’ offices should be enough to get a general idea about your health. One can get an even more granular view if they cross-reference names of practitioners with branches of medicine in which they specialize.

End-to-end encrypted e-mail service

Fortunately, there are alternative e-mail services that by design prevent anyone, including the service owner, from peeking into users’ messages. They achieve that by securing the content with end-to-end encryption. Some of the most popular solutions of this kind include ProtonMail and Tutanota.

Messages stored in the account are encrypted at rest. Those that are sent between users of the service are encrypted end-to-end. Truth be told, those exchanged with users of external services are not encrypted in transit, but this comes as a general limitation of e-mail technology. Nevertheless, end-to-end encryption brings the best protection possible in this space and this is why I decided to use ProtonMail in my setup.

Non-identifiable own domain name

As a next step, I decided to hook up my e-mail account to my own domain. It has some considerable benefits which I’ll discuss in a moment in more details, but first it’s important to note that I chose to register a domain that has no apparent connection to me personally.

The use case that fueled this decision was related to shipping of my online purchases with Polish InPost postal service, operating a big network of parcel lockers. When you choose delivery at a locker the only PII (personally identifiable information) on the shipping label are your e-mail address and phone number. When I dispose received packages I always tear off those to not include trackable information in my trash. With non-identifiable own domain name the e-mail address is no longer an issue in this kind of circumstances.

Leveraging catch-all function

As I mentioned above, using your own domain name brings some benefits. For example, you can leverage the catch-all function to easily create service-specific addresses.

In principle, the role of catch-all feature is to make sure messages sent to misspelled addresses actually reach someone’s inbox and can be handled somehow. You can make a creative use of that by setting your primary account as the catch-all destination. This in turn lets you put the service name in the local part of the address when registering with them and any message they send will reach you anyway.

But more importantly, when you get spam you can easily tell which service to blame, since you provided this particular address only to them. Address like [email protected] is unequivocally associated with some service and leaves little doubt about circumstances of potential leak.

Registering for breach notifications

Have I Been Pwned is a breach notification service founded and run by an Australian independent security researcher Troy Hunt. It lets you check if your e-mail address and account information were leaked in any of the hundreds of breaches registered in the service. You can also subscribe to notifications to get an alert in case your address is found in any breach in the future.

The service also offers one more brilliant feature: domain search. For any domain that you control you can check all the addresses at once and subscribe the whole domain to notifications too. Together with the above mentioned catch-all function, it makes a really neat combo: not only you’ll get notified anytime your address is leaked, but you’ll know exactly what was the original source. It makes yet another great reason to use your own domain for e-mail.

Paying the price for privacy

Since we already know there ain’t no such thing as a free lunch, then what is the price for the value those solutions bring? Well… monetary. ProtonMail with custom domain and catch-all support requires the Professional option for 75 euro per user per year. The price for your own domain can vary greatly, but it’s not something that you typically get for free either. Nevertheless, after summing up the costs, I came to a conclusion that I can afford it, for the sake of running a more private life.

Cons

I’ve been using this setup for almost six months now and the only drawback that I noticed is that you can’t send back an e-mail from arbitrary address in your domain. This means that even if you register a catch-all address with some service, you are not able to send a message using it.

This hit me when I wanted to follow up on a ticket that I submitted with Yubico and the system was not able to associate my reply with the original submission as the addresses didn’t match. This also prevented me from sending a message to a seller on Polish online marketplace Allegro in reply to purchase confirmation as their system filtered out the mail as not coming from the address that was associated with my account.

But those are relatively minor issues and I strongly believe that overall benefits surpass such inconveniences by a considerably large margin.