End-to-end encryption and burner emails can help keep your communications private
Getty Images / WIRED
A large part of your online life revolves around your email address. It acts as a central hub for almost everything you do: travel documents and itineraries arrive there, it’s home to receipts for all your Amazon purchases, it acts as a recovery mechanism for the sites and apps you sign-up for then forget your login details. And, of course, there are all the emails you send.
Your inbox holds plenty of private information – and in many cases secrets – that when pieced together can build up a profile of your interests, movements and social connections. But email privacy can often be neglected. The threats faced depend on who you are. For businesses, phishing attacks launched through emails can lead to entire corporate networks being compromised. But for individuals there are privacy concerns beyond working out if your account has been hacked.
First, data collection. While Gmail doesn’t scan the content of your emails to collect information for its advertising machines, data from your Google account is used to serve ads in your Gmail inbox. (Most recently Google started putting shopping ads in your inbox).
Google can also use some information received in your inbox to help with other services it provides. For instance, flight bookings can automatically be added to your calendar; local maps for areas you’re travelling to, based on hotel bookings, can be downloaded to your phone. They’re potentially timesaving and useful tools but some people may not be comfortable with how data from your email is used for other purposes. Aside from Google’s data collection, you may not want to give out your email to each app or service that you sign up for, especially those that may be for one-time use.
The other issue individuals should think about is how secure email is – and whether it is strong enough for their needs. For most people, security protections provided by the big emails providers – Gmail, Outlook, Yahoo Mail – should protect emails more than sufficiently. Account access can be further protected with two-factor authentication, including security keys.
Alternatively, you might want to think about a totally different email account that puts privacy first and uses end-to-end encryption wherever possible. This is particularly prevalent if you’re sending confidential information or want to send emails that cannot be linked to your identity.
If you want to move all of your emails to a more private service then you have a few options. The biggest thing to consider before deciding is that there will be ramifications – and digital admin will be required. For your most sensitive online accounts – from banking and shopping to social media – you will want to log in and change the email address associated with your account. Identify the most important accounts to you before switching and weigh-up all your options. But it is best not to delete your old account. For the online accounts that don’t contain so much sensitive information, you may be able to set up forwarding from your old email to your new one. When it comes to opening a new account, there are privacy and security focussed email providers out there. We’ve picked two here that are worth considering.
Based in Switzerland, ProtonMail is protected by some of the world’s strictest privacy laws. On top of this, it has a bunch of security features that are designed to keep your email and identity private. The company says its emails are end-to-end encrypted, with the firm not being able to access any user data. “Data is encrypted on the client side using an encryption key that we do not have access to,” it says on its website.
In addition to end-to-end encryption, ProtonMail doesn’t require any personal information to create a new account, including IP logs. It has also made all of its code open-source so anyone on the web can inspect it for coding flaws or vulnerabilities. There’s a free option, which only comes with 500mb of storage but also paid-for options that include more features and starts at €4 per month.
LavaBit has had a turbulent history. The once pick of surveillance whistleblower Edward Snowden abruptly shut down in August 2013 after US authorities attempted to get it to comply with government surveillance. However, it was relaunched in 2017 by the same team behind the original service, citing a need for more secure email options.
Lavabit takes a bit more setting up than ProtonMail – you will need to configure its settings to work with an external email client – but once you’ve done so the body, metadata and transport layer of your messages will be end-to-end encrypted. There are three levels of security protection provided by the service, ranging from a ‘trustful mode’ to ‘paranoid mode’. The basic service costs $30 per year, with a premium tier offering more storage and bigger message sizes.
Create burner email accounts
There are reasons why Gmail and Outlook have billions of users. They’re both free and relatively easy to use and come with beefed-up commercial services through their cloud platforms. Both these reasons may make it impossible to totally ditch your current provider. Where that’s the case, there’s another option for some scenarios: burner email accounts.
Email accounts set up for a specific one-time use can stop you from receiving advertising or marketing spam. But increasingly, companies are starting to build the principles of burner accounts into their services to stop other firms collecting excessive data about users. Primarily this is achieved through creating a throwaway email address – a mix of random numbers and letters – that can be used to sign-up to a service and then forward emails onto your daily email account, if you want them to be passed on.
Burner Mail is perhaps the most polished burner email service out there. “Burner Mail generates a unique and anonymous email for every service you sign up with, making it really hard for companies and advertisers to track you online,” the company says on its website. Once you have signed-up to Burner Mail you can set which account the service forwards your messages to and whether you want messages to be forwarded on from everywhere you sign-up to. It also allows you to reply to messages with a burner – there’s a free and a premium plan.
Apple and Firefox are both moving into the use of burner-style emails to help people protect their privacy. The iPhone giant has introduced Sign In with Apple to let people join new services and this includes the option to ‘hide my email’. If selected, Apple creates a disposable email that is associated with your iCloud login details and then forwards messages onto your regular address. Mozilla, the creator or Firefox, is also developing a similar email cloaking service called Firefox Relay, which is in a private beta and has a waitlist for new registrants.
If you want to sign-up for something and forget all about it entirely, there’s 10 Minute Mail. As you might be able to guess from the name, the service deletes the email address within ten minutes and gives you the option to access any incoming messages during that time. The big drawback, is the email account won’t be there in the future, meaning you can’t reset any passwords if required.
Not everything has to be an email. Depending on what you want to message someone about, there’s also the option not to email and use an encrypted messaging service or file transfer instead. Both end-to-end encrypted Signal and WhatsApp messengers allow people to send files, photos, and videos. If you’re looking to pass on bigger files then a WeTransfer Pro account and SendAnywhere offer password-protected options for sharing files with your family, friends or colleagues.