Disclaimer: this is a somewhat technical article and has nothing to do with mountains.
I’ve started and stopped several posts about why security is important. I won’t try to make that argument here but I’ll drop some terrifying notes like the Yahoo! admin that grabbed 2TB worth of attachments from women’s email accounts he wanted for his personal creeper collection. Or the more recent Twitter admin that was spearfished and lead to a scam which could have started WW3. Even Google, the benevolent dictator of our online world, had a whoopsie moment back in 2018 with 50+ million accounts.
Coming from Jewish heritage, it’s not lost on me that the first thing the Third Reich did was to grab all the data it could in order to help speed along the final solution. If you’ve ever thought our government could turn tyrannical, maybe it’s best they weren’t the ones deciding who can have your data (and that of your friends and family). Mind you, it’s not just your government that can collect your data either.
The world has changed. At 17 you could eat Big Macs for dinner every night without issue but try that in your 40s and you’ll be a wrecked pile of garbage a few days in. Much is the same if you think the security landscape hasn’t fundamentally changed much in the last 10 years.
And while I get that moving email accounts is cumbersome, it’s not that bad. It’s honestly as hard as changing the oil in your car and you can take your time doing it. Free email providers have a vested interest in keeping you around because you are the product. Your data and your eyeballs are the product that they sell to others.
Step 1: Proton Mail
If I put a gun to your head and said “Solve for pi, you have one day”, come 24 hours things wouldn’t end up working out so well. It is simply mathematically impossible and no court or angry dictator can make it any less the case. What we’re looking for here is a zero knowledge provider. Your data is one-way encrypted. If you lose your password, that’s it, everything is forever gone and there’s no going back. There’s no backdoor, no manager to speak with, no special verification process.
Proton Mail has a free version which you can get today and start playing with. I’m on the “Plus” version which is $4/month. With that I get the “bridge” (discussed below), support for a custom domain, a discount on their vpn service, up to 5 addresses, beta features, and a @pm.me address.
And as a note for ProtonMail their user interface for mobile is actually pretty good (as is their web ui). They don’t have thousands of Google employees hammering away at making the slickest app ever, but really, it’s not that bad.
Step 2: Anonaddy
Think of all the things you sign up for that need an email address. Now think of all of those that if they went away tomorrow, or you lost access to your account, you wouldn’t really care that much. The summer camps that Mammoth offers. The $60 part I bought for my truck. A set of pants I’m going to get notification on when they come into stock.
Anonaddy is a service that, for $12/year, gives you an infinite amount of unique email addresses. As a button on your browser, you click it and get a new email. Paste the email into whoever is asking for it, and it will get forwarded to you. When you start getting spam, or you just don’t want to deal with it anymore, just shut that anonaddy alias down. Poof.
A major security advantage here is that when one of those databases gets breached and leaked, which is just a matter of time, the email address leaked out isn’t used anywhere else. You’re using unique passwords (you better be), so now you’re using unique emails too. Have fun with that, hacker douchebags.
Step 3: Custom Domain
A custom domain might sound really advanced, but bear with me, it’s not that bad.
I opted for something quite like ericmail.org. It’s hooked up to Proton Mail, and with my $4/month account I get five email addresses. I use (something like) email@example.com for all of the stuff that I really would be hosed if I lost access to. Credit cards. My mortgage. My hospital patient portal. Stuff like that.
The real benefit to a custom domain is that I own it. If I decide that email privacy is a joke and that Google really does know what’s best for me, I can swivel my domain to work with Gmail. If Proton Mail tells me that I suck or goes out of business, I can switch to another email provider. Unless you own the domain, you don’t own your email address: you are simply leasing it with a contract that can be terminated at any time.
You may think that last line is a bit dramatic, so go ahead and email me at my juno or bigfoot account and discuss it. Oh that’s right, you can’t, because those providers (that I really did have addresses with) folded. So ask yourself this: is the pace of change and disruption slowing down in technology, staying the same, or increasing? And even if you do believe that Google (or Yahoo!) or whomever will be existence until the end of time go read up on people who’ve had their accounts deleted with little to no explanation.
Note: I don’t use godaddy, but it’s popular.
Step 4: Thunderbird
Lastly, I wanted to make sure that the actual contents of my email is mine. You don’t own your email anymore than you own your email address: you’re renting it. And unlike tenant rights, Google can terminate your access and delete your data whenever it likes.
With Thunderbird as an email client I have all of my email being backed up to a local folder which is then sent off to my zero-knowledge cloud storage provider (Tresorit, although I’ll be looking at Proton Drive when that comes out) with no effort on my part. With a custom domain you can keep your email address, and with Thunderbird backing it up locally to disk you can keep your email contents.
I don’t even use the Thunderbird email client to send and receive: normally that’s just the Proton Mail web or mobile client.
I get it, it’s never a convenient time to switch email. But maybe consider just using anonaddy to give it a go. It’s free to get started and you can get 20 unique email addresses for the next 20 goofy things that ask for your email. I just checked my own anonaddy and I found 84 emails that I’ve created since the first of the year. That’s 84 sites that, when eventually breached, will that much less information about me.
With ProtonMail and Thunderbird, my email is secure and belongs to me. For about $6 a month I’m happy with this. From a security prospective, I’m a very hardened target. You can be too and it’s really not that hard.
Doing the research into this article actually showed me a few additional features that I’m paying for that I didn’t even realize. With anonaddy’s paid accounts, including even just the $1/month version, you can have a custom domain. Eventually anonaddy.com will get blacklisted, but the ability to use mytrashemaildomain.com, that I register, will be terrific.