Privacy has been a
hot issue in recent years partially due to recent revelations with the NSA and spying
concerns. A common question I get asked since I’m working on an e-mail startup
myself is, “How private are my emails?” and “Can others read my emails?”
The short answer: Your emails aren’t really that private
and yes, technically people are able to read your emails.
Gmail
analyzes your emails
For the average
user on Gmail, your emails are generally pretty secure but not very private. If
you use the Gmail app you may actually notice inline ads like this one from my
own email below.
But wait, how does Google know I’m
in tech? Some may be surprised to find that Google actually automatically scans
the content in your emails to provide targeting for their ads. Here’s a quote
from Google themselves:
“Our automated systems analyse your content (including
emails) to
provide you personally relevant product features, such as customised search
results, tailored advertising, and spam and malware detection. This analysis
occurs as the content is sent, received, and when it is stored.”
It’s not entirely clear if this only applies to the free
Gmail offering or also the Google Business App offering. I have not seen
an ad using my Google business account, but that doesn’t mean I can’t be sure
they aren’t “automatically analyzing” my email there as well.
What can I do about this?
I’ve tried out many other free email providers out there
including from Microsoft, Yahoo, Mail.ru and I’ve seen ads displayed in all of
them.
A good rule of
thumb is that if a service is not charging you for usage, it’s a good bet
they’re making money from your data. Other than rolling our own email server,
another solution is to use paid email alternatives which claim to
offer a more secure email experience, but I can’t personally vouch for them.
Email
clients store your emails on their own server
Which desktop /
mobile client you use to read and send emails can also have a huge impact on
your security and privacy.
Nowadays, in
order to improve email sync speed and performance, many clients will
actually process your emails on a separate server before delivering it to your
client. What this means for you is that these companies will actually
store a separate copy of your email on their own
databases in addition to your email provider’s servers. For example, both
Mailbox (Dropbox) and Microsoft Outlook (was Acompli) sync your emails this
way.
Although it’s
doubtful that these companies will have anything to gain from
personally reading your emails, the fact that it’s stored on a 3rd party
server is still a scary thought as it leaves additional vulnerabilities
to hacking. Another concern is that on the off chance that a company were
to be subpoenaed for digital information, they will have these emails on
record and must provide them.
Even if a
service does not store your physical mail, they still may store your Oauth
tokens or email and password on their server (although most likely encrypted).
Double check if this is the case and it’s always a good idea to make sure
you can revoke access when needed.
What
can I do about this?
If you’re
looking to use an email client and privacy is a concern for you, I
would recommend reading the company’s privacy policies or even directly
sending them an email asking exactly how they process your emails and if they
store a copy of your email on their servers.
For example, at
SlideMail, we handle nearly all of your emails locally and don’t rely on a
server side to sync or store any of your emails on our own servers. The
only reason we need any processing on the backend is to deliver push
notifications, which is the case for all other email client out
there. If privacy is a big concern, I would advise that you deny push
notifications to all your email clients altogether.
Source: slidemailapp.com
No comments:
Post a Comment