Anyone who is interested in internet privacy has probably come to the realization by now that email is not inherently secure. It is sent through untrusted points on the internet, in plain readable text, and arrives at a questionably secure server to finally be read. Because email has evolved to be used for information we’d rather keep private, there’s a growing interest in the extent to which email services will protect our data. In this article, we delve into the privacy policies and privacy factors of some of the most popular email services.
See also: How to encrypt email
Which are the best emails for privacy & security?
For those of you who just want the final scores, here they are. The scores and the methodology we used will make more sense if you read the entire article.
Email has multiple privacy attack vectors
In order to understand how emails can be made private, it is important to understand how email works to begin with. When you write or reply to an email, you do so on some kind of email client that can sometimes be referred to as a mail user agent (MUA). When you click the send button, that email leaves your client and is sent to your email service’s mail transfer agent (MTA). From there the email is sent through the internet to your recipient’s MTA, which places it in her inbox. She can then read it at some later date using her MUA of choice.
In practice, your email client can be a program installed locally on your computer or phone such as Outlook, Thunderbird, or Apple Mail. Many of us also use Webmail now as well, which is the practice of accessing your email through a web browser. In all situations, the email client still has to connect to an MTA in order to send your email on its way.
The privacy of your email in transit
The part of the journey between MTAs has no security and no encryption built in – your email is sent in plain text across the hostile internet unless you take precautions. Your email service can implement some of those precautions on your behalf, such as using support for TLS encryption on their MTAs to send and receive email. However, since not all email services support TLS, every mail server will gracefully discard TLS encryption and deliver your email in plain text if the receiving side cannot use encryption. Therefore, you have no real control over whether your email is sent over the internet encrypted or not. Even worse, you usually have no easy way to tell in advance if encryption will be used in transport. Therefore, counting on TLS encryption between MTAs is not a reliable method of securing your email in transit.
The only reliable way of protecting your email in transit is to encrypt it before sending. This process used to be so complicated that only the nerds of the web and professors could figure it out. Today, a growing number of secure email services offer very simple ways to encrypt your emails, and we’ve included that capability in our audit.
The privacy of your email at rest
Regardless of how your email is transmitted to your recipient, once it arrives it will sit on the recipient’s email service’s servers for some period of time. Whenever email is not in transit, it is considered at rest. Earlier email protocols such as POP (Post Office Protocol) required email clients to pull emails off the server onto the recipient’s local computer periodically. This meant that emails were only on the server temporarily and were removed once the recipient checked their email. This was good for email services because they did not have to provide massive amounts of storage to hold their customers’ emails indefinitely. However, it was bad for customers because their email only existed on the last computer that checked their email, making it hard to reference an email at the office if you downloaded it at your house. To fix this, the IMAP (Internet Messaging Access Protocol) was born.
IMAP is an email retrieval method that does not automatically remove the email from the server when it is retrieved. Email clients using IMAP send commands to the server so that emails can be marked as read, deleted, or moved to another folder on the mail server itself. This means we can see all our emails in the same state on all our devices — emails are no longer downloaded to the last computer that checked in. This is now the expected state of email and is of great convenience to email users, but it has an ominous downside: your emails can live forever on your email provider’s servers.
Email at rest on your email provider’s servers is a great privacy risk. Bad guys that gain access to your email account now have an incredibly rich trove of information about you dating back possibly a decade or more. Law enforcement agencies with warrants (or no warrants, depending on your country) can compel email services to turn over all that data as well. Discarded hard drives and other computing equipment are sometimes wiped incompletely and can contain troves of email. Therefore, a second consideration of any email privacy assessment has to include how the email service handles your email at rest. We include that factor in our audit, as well as noting whether the email provider has the ability to decrypt your email at rest if asked.
What privacy factors did we look at?
Obviously, email security at rest and in transit are two factors we looked at. In addition, we looked at the commitments that the email provider makes in its privacy policy and other documents. The first two factors are technical in nature and any email service can offer those if they choose. The purpose of digging through the privacy policies, terms of service, and other documents is to try and characterize a provider’s behavior. Do they read your email? Do they share it with others?
The final list looks like this:
We looked at some secure email services such as Proton Mail, Tutanota, Hush Mail, and Start Mail, as well as the popular mainstream email services. Those include Gmail, Fast Mail, Yahoo, Outlook.com, AOL, and Yandex.
The scoring system we used is based on the points listed above. Each service starts with zero points and has points added or deducted based on the features they provide. If a feature is not stated by the service, then it scores 0 points which means it does not affect the score in either direction. A perfect score is 5 points and negative scores are possible.
Links to documents used in the assessment
In the table above are footnoted numbers correlating to the list below. Note that over time, these documents may change.
Sources:
1.ProtonMail: https://protonmail.com/privacy-policy 2.Tutanota: https://tutanota.com/terms 3.Tutanota: https://tutanota.com/howto/#email-encryption 4.Tutanota: https://tutanota.com/faq/ 5.Hushmail: https://www.hushmail.com/privacy/ 6.StartMail: https://www.startmail.com/en/terms-of-service/ 7.StartMail: https://www.startmail.com/en/privacy/ 8.GMail: https://policies.google.com/privacy 9.Fastmail: https://www.fastmail.com/about/privacy.html 10.Yahoo Mail (Oath): https://policies.yahoo.com/us/en/yahoo/privacy/products/mail/ 11.Yahoo: https://policies.yahoo.com/us/en/yahoo/privacy/topics/thirdparties/index.htm 12.Outlook: https://privacy.microsoft.com/en-ca/privacystatement 13.AOL (Oath): http://privacy.aol.com/privacy-policy/ 14.Yandex: https://yandex.com/legal/privacy/
See also:
Best VPNs for Tor to maximize privacy Email providers can do more to protect their users. Here’s how How to encrypt email How to use Hushmail to encrypt your email
