

How private is your email? Not very - vu0tran
http://blog.slidemailapp.com/how-private-is-your-email/

======
raldu
> Other than rolling our own email server, another solution is to use paid
> email alternatives ...

Actually there are a lot of very strong free alternatives which seeks to
protect privacy and security of the users.

ProtonMail [1] is a very promising one, for example. The entire mailboxes of
the users are encrypted so that even the sysadmins cannot read them.

And there are the likes of Riseup [2] and autistici [3], providing e-mail and
other web services for activists, they intentionally refuse to provide data
about the users when requested.

And there is Mailpile [4] project as a client.

All of them run on donations.

It also is good to observe after Snowden that it progressively becomes a
common knowledge that "if a product is free, _you_ are the product".

\---

[1]: [https://protonmail.ch](https://protonmail.ch)

[2]: [https://riseup.net](https://riseup.net)

[3]:
[http://www.autistici.org/en/index.html](http://www.autistici.org/en/index.html)

[4]: [https://www.mailpile.is](https://www.mailpile.is)

~~~
pkorzeniewski
The main problem I find with these smaller email providers is the uncertainty
of their future - they can easily disappear the next day, because they ran out
of money or simply lost interest, and then you're f.cked. With Google, Yahoo!
and Microsoft you can be at least sure they'll provide their email service as
long as possible.

~~~
raldu
Which is exactly the reason that I have provided rather well-established
examples.

Protonmail is developed by a group of people from MIT and CERN, and they
raised more than half a million in their crowdfunding campaign [1]. They take
the matter so seriously that its co-founder has talked about privacy at TED
Global [2]. And riseup has been providing e-mail and VPN services for
activists since around 1999.

Just check the links for more information.

The point is that if you take privacy and security _really_ seriously, it is
not very hard to find people just as serious as you.

\---

[1]:
[https://www.indiegogo.com/projects/protonmail#/story](https://www.indiegogo.com/projects/protonmail#/story)

[2]:
[http://www.ted.com/talks/andy_yen_think_your_email_s_private...](http://www.ted.com/talks/andy_yen_think_your_email_s_private_think_again)

------
danieldk
_It’s not entirely clear if this only applies to the free Gmail offering or
also the Google Business App offering._

This is entirely clear:

 _No. There are no ads in Google Apps Services or Google Cloud Platform, and
we have no plans to change this in the future. We do not scan for advertising
purposes in Gmail or other Google Apps services. Google does not collect or
use data in Google Apps services for advertising purposes. The situation is
different for our free offerings and the consumer space._

Source:
[https://support.google.com/work/answer/6056650?hl=en](https://support.google.com/work/answer/6056650?hl=en)

~~~
egwynn
So they do read it… just not for advertising?

~~~
icebraining
Yes, of course they read it, they must get it into your screen, that counts as
"using data."

------
josefresco
Uhg. It's 2015 and there are _still_ blog articles (honestly) asking this?

"It’s not entirely clear if this only applies to the free Gmail offering or
also the Google Business App offering."

[https://support.google.com/work/answer/6056650?hl=en](https://support.google.com/work/answer/6056650?hl=en)

There is absolutely no value in this article, other than self-promotion.

------
th0br0
Do iPhone/US Gmail users really see ads in Gmail on their mobile devices? Not
sure whether it's because of our privacy laws here in Germany, but I've only
ever seen the (quite general) ads on the webinterface where I've opted out of
profiled ads I guess.

~~~
DanBC
UK, iPhone 4s, GMail app.

You have to go to the promotions tab to see the ads. Ads don't appear in the
other tabs.

[http://imgur.com/FtxsmhA](http://imgur.com/FtxsmhA)

~~~
th0br0
Ah! Guess this is due to me not using the "multiple email tabs" feature of
Gmail then. Thanks.

------
cromwellian
The issue of ads are a red herring, if you don't control the server, and
aren't using end to end mail encryption, your emails aren't private in the
sense the author intends: someone else's server is parsing your emails and has
accesss to the plaintext. If it's not parsing them for ad keywords it's
parsing them for spam filtering or for IMAP search indexing or it's a service
that supports web mail and so it has to sanitize the messages to prevent XSS.

Honestly this blog post reads like an ad for SlideMail disguised as community
PSA. People interested in mail security should choose more secure options than
just avoiding server side processing.

End to end is the only real way to go for personal 1:1 messages you need kept
private.

------
mmrasheed
To summarize the blog post- The solution to free email is paid email. And
solution to email clients is to read privacy policy.

It would be a cool post in 2007 when Google described their ad policy for
gmail, and we gladly accepted that. As of 2014, in post-Snowden era, the
simplest solution to security and privacy is- end to end encryption. Or, if
you have something better in your bag...

------
dijit
email is still federated, I can start my own email system.. my friends can
start their own.

assuming we have a good chain of trust between us, all communications are
secure.

You know what you're signing up for with google, the services they provide are
not the product.. you are..

everyone on hackernews knows this, surely?

~~~
nadams
> assuming we have a good chain of trust between us, all communications are
> secure.

That is not correct - an SMTP server will deliver email to another SMTP server
in the clear [1]. Your ISP or the ISP that the remote SMTP server is using can
read it. Even then - running an email server from home has certain issues such
as port 25 inbound blocked, or most email servers will drop email from
residential IPs.

The only way to make sure communication is secure is to use an email
certificate with encryption or GPG. These would have 2 benefits: the email
would verify who it came from (email can be easily forged) and the contents
would be encrypted.

[1] [http://security.stackexchange.com/questions/12087/if-i-
send-...](http://security.stackexchange.com/questions/12087/if-i-send-an-
email-over-ssl-will-it-always-be-transmitted-over-ssl)

~~~
dijit
Well, I'm actually a big advocate of PGP and encryption.

however, I know that SMTPd's (notably: postfix) will negotiate TLS where
available, and you can configure it to fail if speaking plaintext.

