Update, Nov. 23, 2024: This story, originally published Nov. 21, now includes details of new privacy measures that Google is bringing to Gmail users, such as shielded email addresses, as well as those of other Google products and services, including Android privacy sandbox, plus a more in-depth look at what Proton Mail offers as a privacy-focused and secure alternative.
Google's free Gmail service has been a complete revolution as far as email ease of use and popularity is concerned. With more than 2.5 billion active accounts, according to Google's own figures, that's almost a third of the world's population. One area where Gmail has not been quite so revolutionary, though, is when it comes to email privacy, specifically end-to-end encryption that ensures messages are only read by the intended recipient. While Google has made a big effort to ensure that Gmail is secure and email messages as private as possible, including the use of encryption in transit to stop eavesdropping during the delivery process, end-to-end encryption appears to be a step too far. Here's why that matters and two things you can do to fix it.
OK, let's make this as clear as possible from the get-go: Google does a great job when it comes to Gmail security and privacy protections for the most part. Gmail data is used in providing features such as smart inbox categorization, smart message compose and for spam detection, but you stay in control of whether these are enabled or not. Similarly, Gmail performance data and crash analytics usage is used to help troubleshoot problems and improve performance, as well as "to help prevent abuse of our services and for analysis," but you have choices here as well. Then there's the big issue of serving up relevant adverts in the promotions or social tabs of Gmail, for example, which uses an automated process based on online activity. However, Google makes it quite clear that "we do not process email content to serve ads."
So, where's the Gmail privacy beef then? Ah, well, that sits with the not so small matter of email message encryption. Or, more to the point, what is encrypted and when.
For the longest time, people have been asking me whether Google encrypts Gmail or not. And the answer remains the same: it's complicated. By which I don't mean the encryption process itself, although that necessarily is seeing as it's a math thing, but rather the what, when and how explanation of Gmail encryption. Once again, Google is very upfront about just how Gmail messages are encrypted. Indeed, it has a support page dedicated to a Gmail encryption FAQ. Here, Google explains how transport layer security is used to encrypt email in transit so it's protected against eavesdropping by anyone with sufficient access to the networks through which that message travels to its destination. "You can think of it as a temporary envelope of security that is wrapped around your email to keep it private while it is being transmitted to its intended recipient," Google said. Google also pointed out that no single internet security solution is perfect, but unencrypted email remains a major vulnerability -- which is why encrypting email between email providers "is a big improvement that can be implemented fairly easily without any inconvenience to users."
That envelope, however, is opened once the email arrives at its destination and that means anyone with access to that inbox then also has access to the message itself. With your mail being a prime target for hackers, it's important, therefore, to consider how your Gmail messages could be encrypted end-to-end, even though Google doesn't provide this additional security measure.
What Google does provide, though, is a Gmail confidential mode that adds some additional access controls such as an expiration date for messages and controls over forwarding, copying, printing and downloading. Certain paid Google Workspace accounts can also make use of Secure/Multipurpose Internet Mail Extensions and client-side encryption. However, when it comes to end-to-end encryption for the masses, those using the free Gmail platform, you'll need to look elsewhere to increase the privacy threshold of your email. I have approached Google for a statement but a Google spokesperson told me that it has nothing to add at this point in time.
Use a Gmail add-in such as SendSafely which adds end-to-end encryption of Gmail using the OpenPGP standard. "With the SendSafely Chrome Extension, you can send encrypted files and messages directly from Gmail or using our Chrome pop-out menu," the developers said. Another example of such an encryption add-on is Mailvelope and works in a similar way. Google itself said the following when it comes to PGP encrypted email:
"PGP encrypts the content of your email in such a way that, if you do everything perfectly, nobody but you and the intended recipient will ever be able to see it. When a Gmail user receives a PGP-encrypted email, for example, Gmail is unable to index the content of the email for later searching, because Gmail cannot see the content. This trade-off of convenience for additional security is especially appropriate for people who are at risk, and adds an additional layer of security not provided by encryption in transit." That's why the use of a PGP-wrapper add-on is recommended if you are sticking with Gmail, especially for your most sensitive of messages. When a PGP-encrypted message is also encrypted by TLS while in transit, the sender and receiver of the message will not be visible to an eavesdropper.
Use a dedicated email platform complete with end-to-end encryption built in, like Proton Mail, for example. Disclaimer: I have no ties to Proton Mail but I do use it as my day-to-day email client and have been doing so for quite some time now. Although there are paid-for versions of Proton Mail, the free to use version comes with end-to-end encryption and zero-access encryption which means nobody, not even Proton, can see the content of your emails. Proton Mail claims to be "the world's largest end-to-end encrypted email service," and whatever the legitimacy of that claim, I can testify to the fact that it's among the easiest encrypted email platforms I have used. Which is why it makes the perfect alternative to Gmail for anyone looking to move to an end-to-end encryption-supporting platform.
As a convert to Proton Mail myself, after decades of sticking with Gmail as my webmail platform of choice, I'm in a good position to relate what the challenger product does well, and not so well, when compared to Gmail itself. Ease of use and a no-cost email solution are the main reasons why people turn to Gmail, let's face it, so it's as good a place to start as any. There is a free version of Proton Mail which is acceptable and up to the job, but the restrictions are such that I can't see many people being able to use it as their primary email client. You get 1GB of mail storage, but that starts at 500MB by default and increases as you use different things. You can only have one email address and, the killer for me, only send 150 messages a day. You would have to pay $12.99 a month for the unlimited plan. There is, of course, a Black Friday deal on at the moment which cuts the cost of Proton Mail Unlimited by 50%, so if you are thinking of changing now is a good time to do it. The unlimited plan gets you 15 addresses, unlimited hide-my-email addresses, unlimited messages, support for up to three custom email domain and 500GB of storage shared with the calendar, drive, vpn and password manager that come along for the ride -- these also come with the free plan but are limited in use. Which brings us to use, ease of use iOS excellent: if you can master Gmail you can master Proton Mail. There's even an easy switch feature to set up forwarding from your old accounts, such as Gmail.
So, a bit of a mixed bag. However, if you want top-notch privacy and are prepared to pay for it, then Proton Mail is the way to go. Here are the bullet points:
There is also a dedicated Proton for business solution, which includes Proton Mail, for those looking to switch away from the paid-for Google Workspace platforms. Although I do not use the business option, Proton said that the easy switch tool I mentioned earlier is available for data migration for users of Google Workspace, Microsoft 365 and other providers. "Our dedicated support team is available to help you with the process step-by-step," Proton said, "at no extra cost." Given that many data breaches involve some combination of password compromise, phishing and a lack of robust data encryption, the notion of moving to a suite of productivity tools that are guided by privacy and security principles isn't to be overlooked. I've already addressed the end-to-end encryption issue, but would assume that any organization worth it's salt is already using some kind of holistic in-transit and at rest encryption solution, so this might not be a compelling enough argument to move to Proton Mail when you consider the resource cost of training people to use the new platform.
"Building products that are secure by default, private by design, and put users in control: everything we make at Google is underpinned by these principles, and we're proud to be an industry leader in developing, deploying, and scaling new privacy-preserving technologies that make it possible to unlock valuable insights and create helpful experiences while protecting our users' privacy," Miguel Guevara, product manager for privacy, safety and security at Google, recently told Help Net Security, As I've already mentioned, Google is a high-profile target when it comes to accusations of privacy violations, but that doesn't mean the company isn't actually doing a lot of good work in this area. Let's start with Gmail, as that's what we have focused on so far, and the introduction of shielded email.
A painstaking analysis of the application package "APK" code for a new Google Play Services release has recently revealed what could be something of a revolutionary privacy move for Gmail: the availability of automated, random, email addresses using a private email forwarding system. If this sounds kind of familiar, that's because it is. What we think is going to be called Shielded Email for users of the Gmail Android app, is much the same thing that Apple provides iPhone users with in the form of the Hide My Email feature. his notion of having multiple, unique and essentially anonymous email addresses to use with your existing Gmail account is a massive step forward for Gmail users. Although such services exist as add-ins from third parties, to have them bundled into the Gmail app and officially supported is a welcome move towards more privacy.
Sticking with Android, but moving out of the purely Gmail domain, there's the latest Android 16 developer preview which now features Google's privacy sandbox. This is part of the privacy-focused developments Guevara referred to earlier. "In order to ensure a healthy app ecosystem, benefiting users, developers and businesses, the industry must continue to evolve how digital advertising works to improve user privacy," Google said. And that's where the privacy sandbox comes in. It is being developed to improve user privacy but not at the cost of access to free content and services. "The Privacy Sandbox on Android proposes a set of application programming interfaces that enable ads personalization and measurement in a more private way," Google said.