Everyone has a particular threat model. A threat model is basically who they are afraid of and want to keep their data away from.
The privacy community will tell you that using an Encrypted Email Provider such as ProtonMail or Tutanota will protect your privacy, but this is usually because they do not understand how email technically works.
Ask yourself who your email contacts are. Do they use the same email service as you do? If you use ProtonMail, but the majority of your emails are from/to Gmail or Yahoo (or basically a non-PM address), then your email will be stored on your account Encrypted, but the copy that goes to your contact will be sent UNENCRYPTED!
This means that the server has access to the email at some point while it is unencrypted. As soon as the email arrives from your contact to you, PM servers see it in plain text before they encrypt it. Same goes for you sending to a contact, the server needs to see it in plain text so your non-PM contact can read it. PM may indeed not do anything other than what you expect them to, but there is no way to send or receive emails outside without the server accessing it. That is the bit they do not tell you!
It would be pretty trivial for your provider to capture an email on its way out or on its way in and do further processing on it. Gmail already does this to serve you with Targeted Ads. ProtonMail and Tutanota can do this too.
Regardless of what email provider you use, and whether they are encrypted or not, will be of little importance if your emails go outside of that provider to get to your contact.
When sending an email, Gmail to Yahoo, Yahoo to Outlook, Outlook to Who Knows Where etc, your email gets sent using the Simple Mail Transfer Protocol (SMTP) on Port 25 which is open and unencrypted.
A lot of email providers now use SMTP with SSL/TLS, but this must be supported by both providers before it will work. If the sending or receiving server does not support this, then it will be sent unencrypted.
Emails sent over SMTP on PORT 25 are POSTCARDS!!!
Anyone watching over this port, anywhere between you and your recipient, WILL SEE EVERY EMAIL sent and/or received over this port. THEY CAN SEE THE ENTIRE EMAIL, including headers containing IP addresses, names and email addresses, as well as sometimes the machine name it was sent from, the subject of the message, the body and all attachments. Just look at the headers of any email you have, yes they CAN see all that.
The best email provider to use is the same one that the majority of your contacts use. If most of them use Outlook then you use Outlook. Emails sent between you are INTRA-DOMAIN = OUTLOOK to OUTLOOK = NOT SENT OVER THE INTERNET!
Some people with a high threat model may want to use Gmail with Pseudo-Anonymity. It is much easier to hide in plain sight, since Gmail will have many more users than ProtonMail will. Pseudo-Anonymity means you can communicate privately with your contacts without any ties back to you. Only your provider (in this case Gmail) will know who you are.
Another reason against using ProtonMail is they have a reputation of being for people who have something to hide, which could raise red flags to potential contacts, and they will think twice before sending you an email. Using Gmail with @gmail.com at the end of an email address will not cause this reaction.
For improved privacy, where you do not wish people to know where your emails are hosted, I would recommend using your own domain. I use @DaveComputerGeek.com at the end of my email address. This says nothing about what provider I use for emails. They would have to lookup the Domain Name System for the MX (Mail eXchange) records to find that out.
In conclusion, ProtonMail is only good for PM to PM emails, and this goes for all email providers. Any email that is sent/received to/from a contact using an external provider will be at risk of being read by Hackers, Governments, anyone with the ability to do so.
Choose a provider that matches the majority of your contacts to ensure most communication stays within the one provider and therefore does not get sent over the internet.
Use an email address that doesn’t end in something with a bad reputation, or use your own domain.
Gmail can be used for Pseudo-Anonymity where you can hide in plain sight and make it harder for people to find out your real identity.
DO NOT USE EMAIL FOR IMPORTANT COMMUNICATION even if you know the person at the other end!
My recommendation for an email provider, which works for Pseudo-Anonymity, protects your privacy, and allows you to use your own domain should you wish to, is Fastmail. They cost money, but this is because they keep your data private, and make money directly from you, not your data. If you would like a discount of 10% for your first year, please sign up using this special link.
The email service will cost your provider money to run, and they need to make that money somehow in order to pay for the service. When you pay for your email account, you are directly paying for your use of that service with money.
There is no such thing as a free lunch – someone somewhere pays for it!
Free email providers pay for the service using your private data by selling it on to the highest bidder, and to advertisers who serve you targeted ads based on your email content.
Fastmail mentioned above is a good recommendation because they are cheap and offer their service in exchange for your money. They don’t have any need to access your private data for their own gain like other providers do. Fastmail have a rock solid infrastructure and replication, which helps ensure your emails arrive safely and are available when you need them.
Using encryption will help protect your private data, but it can be a massive security flaw if not done right.
The best way to do encryption is where you do the process manually using a separate app, and never let the app or service have access to the keys. As long as the app handles the keys at all, then it would be trivial to have it breach your privacy by sending the decrypted data to the provider, or by leaking the keys to the provider.
Let’s say you are secretly under investigation. Your email provider is ProtonMail. The encryption is handled for you on your device. If PM wanted to, they could add code to their software to send the data once decrypted with your key back to them for review or even hand it over to law enforcers. As long as the encryption/decryption process is done using their software, they have the ability to see your data if they really wanted.
Doing the encryption/decryption process in separate dedicated software, and preferably on a device with no access to the internet, is the only way to reduce the chance of your unencrypted data ending up in the wrong hands.
It is important to note that if you do the encryption/decryption process away from your provider, then you can use absolutely any email provider you want, including Gmail and Fastmail. They would end up becoming a dumb blob store, and features such as search would not work, but you could keep your own index of data offline to search through so you know what emails contain what content.
Something else you should do is remember that PGP does not encrypt the subject line, so you should use vague or misleading subject lines and put the real subject in the message itself and therefore it will be encrypted along with the actual content.
I do hope this blog post has helped you have a better understanding of things and can now make a more informed decision. Your comments and feedback are very appreciated, please reach out: [email protected]