No, Your Gmail Isn’t Truly Private—2 Ways To Fix That

Google’s free Gmail service has been a complete revolution as far as email ease of use and popularity is concerned. With more than 2.5 billion active accounts, according to Google’s own figures, that’s almost a third of the world’s population. One area where Gmail has not been quite so revolutionary, though, is when it comes to email privacy, specifically end-to-end encryption that ensures messages are only read by the intended recipient. While Google has made a big effort to ensure that Gmail is secure and email messages as private as possible, including the use of encryption in transit to stop eavesdropping during the delivery process, end-to-end encryption appears to be a step too far. Here’s why that matters and two things you can do to fix it.

Round One—The Great Gmail Privacy Debate

OK, let’s make this as clear as possible from the get-go: Google does a great job when it comes to Gmail security and privacy protections for the most part. Gmail data is used in providing features such as smart inbox categorization, smart message compose and for spam detection, but you stay in control of whether these are enabled or not. Similarly, Gmail performance data and crash analytics usage is used to help troubleshoot problems and improve performance, as well as “to help prevent abuse of our services and for analysis,” but you have choices here as well. Then there’s the big issue of serving up relevant adverts in the promotions or social tabs of Gmail, for example, which uses an automated process based on online activity. However, Google makes it quite clear that “we do not process email content to serve ads.”

So, where’s the Gmail privacy beef then? Ah, well, that sits with the not so small matter of email message encryption. Or, more to the point, what is encrypted and when.

Round Two—The Gmail Message Encryption Debate

For the longest time, people have been asking me whether Google encrypts Gmail or not. And the answer remains the same: it’s complicated. By which I don’t mean the encryption process itself, although that necessarily is seeing as it’s a math thing, but rather the what, when and how explanation of Gmail encryption. Once again, Google is very upfront about just how Gmail messages are encrypted. Indeed, it has a support page dedicated to a Gmail encryption FAQ. Here, Google explains how transport layer security is used to encrypt email in transit so it’s protected against eavesdropping by anyone with sufficient access to the networks through which that message travels to its destination. “You can think of it as a temporary envelope of security that is wrapped around your email to keep it private while it is being transmitted to its intended recipient,” Google said.

MORE FOR YOU
iOS 18.1.1—Update Now Warning Issued To All iPhone Users
Leak Reveals Trump Crypto Bombshell As Bitcoin Suddenly Surges Toward $100,000 Price
Matt Gaetz Controversy Explained: Sexual Misconduct Allegations Sink Trump’s Attorney General Nominee

That envelope, however, is opened once the email arrives at its destination and that means anyone with access to that inbox then also has access to the message itself. With your mail being a prime target for hackers, it’s important, therefore, to consider how your Gmail messages could be encrypted end-to-end, even though Google doesn’t provide this additional security measure.

What Google does provide, though, is a Gmail confidential mode that adds some additional access controls such as an expiration date for messages and controls over forwarding, copying, printing and downloading. Certain paid Google Workspace accounts can also make use of Secure/Multipurpose Internet Mail Extensions and client-side encryption. However, when it comes to end-to-end encryption for the masses, those using the free Gmail platform, you’ll need to look elsewhere to increase the privacy threshold of your email. I have approached Google for a statement.

Round Three—Two Ways To Lockdown Email Privacy Outside Of Gmail Defaults

Use a Gmail add-in such as SendSafely which adds end-to-end encryption of Gmail using the OpenPGP standard. “With the SendSafely Chrome Extension, you can send encrypted files and messages directly from Gmail or using our Chrome pop-out menu,” the developers said. Another example of such an encryption add-on is Mailvelope and works in a similar way.

Use a dedicated email platform complete with end-to-end encryption built in, like Proton Mail, for example. Disclaimer: I have no ties to Proton Mail but I do use it as my day-to-day email client and have been doing so for quite some time now. Although there are paid-for versions of Proton Mail, the free to use version comes with end-to-end encryption and zero-access encryption which means nobody, not even Proton, can see the content of your emails. Proton Mail claims to be “the world’s largest end-to-end encrypted email service,” and whatever the legitimacy of that claim, I can testify to the fact that it’s among the easiest encrypted email platforms I have used. Which is why it makes the perfect alternative to Gmail for anyone looking to move to an end-to-end encryption-supporting platform.