5 Reasons for Everyone to Use a Secure Email Provider

Secure email providers provide enhanced security and privacy over more common, not-so-privacy friendly email providers. Secure email providers are also just as user friendly as their non-privacy-friendly counterparts.

Given the decentralized nature of email, users are highly encouraged trying secure email providers for themselves and, where possible, migrate most (if not all) of their email activity to truly secure and private email.

What makes secure, private email providers so great? The privacy and enhanced security that come with secure email providers stems from encryption – and their user privacy-first implementation of it into their service(s).

If you are looking for recommendations instead, refer to the
avoidthehack recommended secure email providers page.

1. Secure (and private) end-to-end encrypted inboxes

Truly secure email providers provide inboxes encrypted with zero-access encryption.

Zero-access encryption means no one without the proper private keys has access to a given user’s inbox. If we assume that secure email providers do not store your private keys on their servers (which reputable providers should not), they do not have access to your inbox or messages. The servers of the email provider are blind to what’s in a user’s inbox and to the contents of users’ messages.

blue email envelope

This is in stark contrast to other email providers, who may engage in active inbox scanning or metadata harvesting for any number of reasons which may include spam-fighting or sharing data with third parties.

Many free and popular email services have direct access to your inbox. While it’s highly doubtful any provider actively reads the contents of messages despite having the capability to do so, many privacy-unfriendly email services do scan users’ inboxes. Often times an action such as scanning is done under the guise of security – such as phishing prevention or spam prevention. However, even if the security is indeed provided, the data is often collected and stored for an often undisclosed amount of time.

Data collected in such a way can be used without expressed user notice or consent (outside of “agreeing” to the privacy policy or terms of service); for example, in many cases, metadata associated with a message is used to generate or update user profiles for sharing/selling to third parties.

Additionally, data collected from a user’s inbox may be used to perform other actions, such as adding a concert event to your web calendar from a ticket receipt or suggesting locations for visiting from a flight confirmation email.

Selling isn’t necessarily the utmost end goal of this data collection – email providers may also use this data to “improve their services,” or train their spam-fighting AI or surrender the data to governments and law enforcement. The point is that once the email provider collects this data, it can do any number of things ranging from selling to training AI all without directly acquiring consent from or informing the user outside of the initial agreement to the terms of service and/or privacy policy.

Zero-access encryption naturally lends itself to preserving and promoting the privacy of the end user. Since no one without the appropriate means of access can access…

*** This is a Security Bloggers Network syndicated blog from Avoidthehack! RSS authored by Avoidthehack! RSS. Read the original post at:

Secure Coding Practices