PGP lets you “lock” the contents of a message so that it can only be read by someone with the correct private key. Some secure email providers also integrate tools like Pretty Good Privacy (or PGP for short) into their interfaces. ProtonMail, for example, is located in Switzerland, where privacy laws are notoriously strict. As is the case with VPNs, the most secure email services are usually located in remote or historically neutral countries. Where those servers are located could also impact how that data is treated. How else will Google’s assistant be able to remind you about the trip you’ve got coming up? The company continued scanning email to power services like (the now-defunct) Google Now.
Google previously scanned the contents of Gmail messages for advertising purposes but stopped the practice in 2017. The lack of end-to-end encryption means that email providers can access the contents of your messages, and they’ve used this access in the past. A secure provider will encrypt data on the server, making it useless to any third parties. If that data is stolen, for example, in a data leak, it doesn’t need to be decrypted before it can be read. While services like Gmail encrypt the connection between your computer and the server, any information you send to the server (including the contents of your messages) is not encrypted when it gets there.Īny private conversations (or state secrets) you’re discussing will sit on Google’s servers in an unencrypted format. How Do Secure Email Providers Protect You?Įnd-to-end encryption is essential in building a truly secure email system. Let your priorities decide which is the better option. A secure email provider is “better” than Gmail in terms of data security, but you will miss out on Google’s features and deep integrations. This is why Gmail, Outlook, Yahoo, and most other free, mainstream email providers are not regarded as being truly secure. The service shouldn’t profile you, serve personalized ads, or log metadata.
The technology itself would ideally be built on open standards for a “crowdsourced” approach to security. They should ideally be located in a jurisdiction that’s not subject to data sharing between intelligence agencies. Security, in this sense, isn’t only about stopping someone from gaining access to your account, it’s also about keeping your data and identity safe.Ī truly secure email provider is unable to read your email conversations.
Most providers who use the term to describe their service go much further than requiring a strong password or using two-factor authentication. There’s no dictionary definition, and most major email providers like Gmail and Outlook would also consider themselves “secure” despite falling short of the mark. For that reason, anyone can call themselves a secure email provider.