Emails are part of our daily routine and for many of us is the main tool of communication either for business, personal stuff, or both. Moreover, our email is our online identity, which is based on what we are and what we do on the web.
A couple of months ago, my memory, which as every human memory is said to be able to fail in storage, codification, or retrieval, failed to retrieve my Gmail password. Of course, I hadn’t update my recovery information for a long time. As a free user of Gmail, I did not have any actual help from Google to recover my account.
Obviously, I was locked out of my emails!
Needless to say that this triggered a small existential crisis: “If I do not have access to my email, which I use for almost everything, who am I? How will I connect and communicate? How am I gonna connect to all the services that I use daily?”. This crisis evolved to dissatisfaction with Google, although I am not paying with money for the email service, I for sure pay with my data and personal information. I end up being a second-class customer for Google, although the revenue I generate is probably more than 6$/month, the price of Gmail for a single account.
Thankfully, the next day my memory managed to retrieve the password and I successfully reclaimed my online identity.
Almost at the same time Basecamp and @DHH announced their new product: HEY: A new email service built for people who both love and hate email. My dissatisfaction and the strong advocacy of HEY made me start thinking to quit Gmail. The two features I liked in HEY were:
- Their strong advocacy of regaining control of your email, meaning who is able to email and which of these emails will reach your mailbox,
- Their serious security, meaning encrypted data and access to data limited and audited.
However, the invitation-only strategy and the pricing kept me back on using it at the time and made me think more about what I need from an email and how to choose an alternative provider other than Google, Microsoft, etc.
What do I need from an email provider?
In order to get out in the market and search for a new email provider, I had first to define what where my needs, aka requirements. The outcome was the following requirements: Decent amount of storage, Calendar, Custom domain, Privacy, Decent Spam detection, and Europe based
The email providers out there are more than I expected to be frank. An indicative but not limited list is Tutanota, Protonmail, Fastmail, Hey mail, and the list goes on. The first three of my requirements are supported almost by all providers, if not all. The points that mainly defined my choice were privacy and the location of the respective company, which excluded Hey mail and brought my choices down to Tutanota and Protonmail. My understanding was that Tutanota is focused more on anonymous and encrypted while Protonmail on encrypted email for the masses. Protonmail is a bit more expensive than Tutanota but provides 5GB storage while Tutanota only 1GB. Both provide custom domains as well as Calendars, although Tutanota’s offering is better. Because the comparison could go into every small detail and make my long search longer, I chose to go with Protonmail.
Is it really private?
Protonmail works like any other decent email service. It has a simple and functional interface. Is my information really private? In my opinion, I get enough privacy and safety from being profiled for advertisements or for third parties to have access to my data. Protonmail utilizes PGP encryption standards, end-to-end and zero-knowledge encryption, which subsequently means no data mining.
How does the encryption work ?
Protonmail uses a combination of asymmetric (RSA) and symmetric (AES) encryption. For emails between Protonmail users, implementation of PGP is being used, where Protonmail handles the key exchange. Protonmail servers have all the public keys. As for the private key, when a user creates an account, it is generated on their browser, then encrypted with their mailbox password and pushed back to the server. Whenever the user logins, the private key is sent back to the user’s browser. For email exchanges with users outside Protonmail, encryption is optional. If it is selected, symmetric encryption is used with a password specific to the message, which somehow should be communicated to the recipient.
Benefits from all this fuzz of quitting Gmail ?
Moving out of Gmail surprisingly forced me on some more changes. I bought a custom domain name to base my email. Since the Chrome browser is strongly connected with the Gmail account, I started using Bitwardern as a password manager. Similarly, I moved my bookmarks to Tefter.io, and finally, I was able to set free from the Chrome browser as well.