My administation decided to drop the private mail service, giving the whole stuff to G.
From a data protection perspective, which is the best alternative (beside using this account as less as possible, of course) ?
I’d go with K9 Mail. It’s just easier to use than navigating on a Gmail site. As for data protection: your data is probably well protected (secure) but not really private. But you knew that already, didn’t you?
3 Likes
Right. I should have written " from a privacy perspective". But privacy and G in the same sentence sound harsh to me !!!
Some users have problem with Mail and Google 2FA (oAuth ?) authentication.
I still have my gmail account, since I haven’t completely switched over to my new email account yet. When I set up /e/ a few months ago, I set up Brave under Shelter, and mostly only use that instance of Brave for gmail, logging out and freezing it when not in use, and using other browsers for everything else.
Admittedly, I have no idea if this is enough to contain it. It was the best I could come up with at the time. How did I do?
Anyhow, thought an example of someone else trying to completely contain the last bit of google on their phone might be helpful.
2 Likes
your only requirement is data protection which isn’t quite clear to me. In theory , legally, your data is protected with Google… So i’ll assume having as much privacy as possible using gmail.
Let’s thing of data flow .
world to you:
someone sends you something that goes to gmail server and from that perspective privacy is gone and the only thing i can think of is to use encrypted emails as much as possible (see PGP).
From the server (gmail ) to you i suggest a secure POP3 and empty your inbox on the gmail server storing your emails somewhere else. If you have multiple devices that you want to see your emails then using a thirdparty mail service with secure pop3 grab the emails from gmail to that server and point your clients with secure imap to that server.
The email client. Definitely using an email client other than the gmail app is better. Worst case scenario in a web browser the gmail website is getting access to your browsing sessions information. Even if you sandbox it they can gather information such as behaviour on the website. If you use an email client with pop3 the only information they will have is that you connected and grabbed the emails. Potentially they can still collect stuff like ip and thus location but you can use a vpn.
You to the world:
To send out emails a similar concept can be used. Use an email client (not gmail), use secure smtp and ideally setup the mail client to use a secure 3rdparty email (smtp) server. There is a small risk that your emails end up on the receiver junk/spam folder but shouldn’t be a biggie. Again, still encrypt the emails.
1 Like
Depending on what email provider you have now, you could simply collect emails arriving at your Gmail address via POP (then you have the Gmail emails in your new inbox and you can access them easily on your mobile phone as well as from a computer). If you have the collecting feature, you can usually decide if you want to collect all emails in that account or only the new ones arriving.
In case your new email provider does not offer email collections from 3rd party accounts, you can still ask Gmail to forward newly arriving mails to your new email account. In this case I just hope your new email provider allows you to have alias addesses in order not to reveal your new email address to your old provider.
Like this you can get rid of your Shelter/Brave solution that sounds a bit bulky on a mobile phone.
@joao.matos wrote
your only requirement is data protection which isn’t quite clear to me.
Say you are in hospital for whatever reason and you MUST communicate it to your administration.
Then you will let G know some sensible health information.
Yes, I know, its perfectly legal, yet I keep to be uncomfortable with it.
I think your focus might need adjusting. Email is inherently insecure. You can of course move to fully encrypted email and for anything secret this is your only choice. Passwords etc would be better sent with signal.
Anything on Google (non paid account) is not safe from Google. The chances are they aren’t interested but they definitely are collecting. For paid accounts they claim not to collect but I assume that they are.
Your issue really is the app itself whether its a browser or an email app. Most apps are where the data leaks are. So for example WhatsApp is perfectly good at encrypting messages, but the app itself is reporting your activity to facebook. Personally I use bluemail and K9 mail.
However I secure everything by using /e/ and “tracker control” in tandem. I also use noscript on my browser. I know I’m not 100 % protected for data collection but between the 3 I’m making it harder. 
2 Likes
This topic was automatically closed after 30 days. New replies are no longer allowed.