Protect Your Emails
Written by Pranav Chakkarwar
Published on 27 Feb 2022 & updated on 29 Jul 2022
Email is messy
Your inbox is most likely flooded with promotional emails, spam, and even emails from scammers. An email address allows you to access the majority of the internet and is essential when communicating online. It can help you get discounts or even job opportunities, but it can also be misused by scammers or sold to marketers. Email, as important as it is, is also the most vulnerable. In terms of security, data privacy, metadata, profiling, and identification, it is worse than any other communication channel.
Emails almost always contain trackers
Most email contains trackers that are used to track open rates, click rates, etc. These can then be used to determine if you will purchase or subscribe if you’re a re push a little to do so. These tracking techniques can also be used for personal emails. There are many services that allow you to track individual emails. Good email clients and providers block these trackers by default.
Your email address is on sale (Probably)
Every day, data breaches occur, and your email address is most likely available for purchase through a data broker. You might expect a rush of emails offering discounts, employment, or even frauds once your email address is offered to several marketing companies. You can check if your email is leaked at Have I been Pwned. Protecting your email address, on the other hand, is very simple. You can set up an email forwarding service and share your genuine email address only to people you trust. At other times, when you sign up for a website or shop at a store, you can easily create an email alias by using the email forwarding service. These services often have many domains to choose from. Thus protecting your real email from leaks, spam and scams.
Let’s take an example to better understand this. If you’re signing up for a social media site and also shopping at a store. You can create a two email alias like social-acc123@my-email.tld and tempuser-shop@notfakeemail.tld. One for the website and one for the store. If any of the email addresses are leaked or sold, and that email address begins to receive spam, you can disable that alias, but the other alias will still receive emails. Aliases also help safeguard your identity from being traced. As in this case, the social network would have no way of knowing that you purchased an item at the store because you saw an ad for the same. Yes, if happens because many small stores sell your data to big tech companies. The companies can then try to track you even in the physical world.
Email exposes a lot about you
If possible, I would never use email again, but I guess the freedom to communicate with anyone without an ecosystem is great. Anyway, Email exposes a lot of data. It doesn’t even matter if the email itself is encrypted. The subject line is often passed in plain text. If you look at the headers of your emails, you’ll see how much metadata is exposed with each email you send. The metadata exposes things like who is talking to whom, when, how regularly, and from where! Even your own IP Address can be leaked if you are using a sub-standard email service provider/email client. This data is frequently abused for mass surveillance. To add fuel to the fire, most people are using ad supported email providers.
To avoid spammers, most email providers require personal information such as phone numbers when signing up. You may argue that phone numbers have nothing to do with the confidentiality of our messages, and you are correct to some extent, but these identifiers can be abused for mass surveillance. It is critical to safeguard our metadata since it can be linked to data obtained elsewhere. Don’t worry if you’re new to this or don’t understand what I’m saying. I’m working on an article about metadata that will offer you a better understanding. Stay subscribed.
Overall, email is very bad for privacy
Email is insecure in terms of privacy, but because of its decentralized nature, it allows people to interact effortlessly even if they use different email providers. So it is very important to choose the right email provider and use an alias service with it. If you need help picking an email provider or other privacy services, read my post on improving your privacy online. You can self-host an email server to achieve the best privacy with email, but it’s not easy. If you are interested in a guide to do so, please let me know.
Solutions summarized
- Use a privacy respecting email service
- Deploy an alias service in front of it
- Don’t give your real email to services/people, instead give an alias
- Don’t expect privacy from email
- If possible, avoid using email and use messaging apps instead