Is Your Email Secure?
Every day over 200 billion emails are sent, people use email to conduct business and to communicate with family and friends. But the question not many people think about; Is your email secure?
The truth is, emails are no more private than a plain old postcard.
Who have you given access to?
Recently the service Unroll.me came under a lot of attention and some well-deserved flack over the recent article dropped by the New York Times look at Uber, which detailed Unroll.me selling inbox data of their users. Unroll.me helps users manage their email subscriptions, which for a lot of people is something that sounds really useful to help manage their inbox. However, Unroll.me has been found to be selling data to Uber, particularly anonymised data detailing ride receipts from Uber and Lyft.
However, Unroll.me is far from the only service to scan inbox data. Google is known for monitoring Gmail inboxes to tailor ads displayed via AdSense. There are also many other services that work on the same business model. The word of thumb is: If it’s free, you’re the product.
What about paid email services?
Services such as Office 365 or even a private mail server are much more secure compared to free email providers. Office 365 works on being tailored highly towards businesses, meaning privacy is highly respected and they are highly committed to protecting your data. Private mail servers are the most secure if you setup and maintain your own server for handling emails only you are in control of the data on that server.
Emails are still plain text!
The above highly helps towards securing your inbox and protecting your privacy on the mail platform. However, it’s worth noting that emails are still sent in plain text in most cases, opening them to being intercepted by hackers and other parties. There are ways to try and secure emails, services such as Gmail and Office are a good example of offering email transmission over TLS where possible. Meaning the connection between the two mail servers would be encrypted, similar to the SSL with your browser. This, however, does require both the sending and receiving mail server to support TLS, otherwise, emails would still be sent over basic protocols.
What if I encrypt the email itself?
The best method to keep your emails private is to encrypt the email itself however, this has drawbacks and is not really suitable for most communications. You can encrypt your emails by using PGP encryption. This would require you to use the recipients private key to encrypt your emails and therefore would require your recipient to have encryption setup themselves. To get this all setup would also need to have an email client like Outlook or Thunderbird, your very own private & public PGP key (unless you don’t plan on receiving emails) and anyone who you want to send to will need the same. If your tech savvy this may be something you could do but realistically this is not a viable solution for most.