This is a pretty big topic, although it may not look like it. A huge field for privacy and security is how you log into foreign servers, what accounts you own, what data is stored in them and how many there are.
I used a free email provider that was horrible for privacy, like nearly everyone does. It actually is a lot of work to change your mail, but its totally worth it and you can learn a lot.
There are many things to consider, before choosing a mail provider.
Practical aspects:
Security aspects:
Here are some Lists of private Email providers (List 1, List 2). Depending on what you like, you can choose an email provider from those lists. I chose Mailbox.org, as they:
But others may be equally good or better. Just pay for what you use and stay away from those datakrakens (gmx,web.de,gmail,outlook,…)
I had mine stored in Firefox, you may have a piece of paper or a password manager (or the very bad habits, stored in a messenger, an unencrypted file (.txt, .docx, etc.), an unencrypted notes app etc).
For the future
Store every password in a password manager like Keepass. It has apps for all platforms, and works by creating a file (.kdbx), encrypted completely (not just the password) by a master password. Create the file in a location you know, then you can sync it using Syncthing (device to device, free and private), Nextcloud, Mega-App or any other sync service, there is no danger as its encrypted.
Dont use Closed-Source applications and unpaid cloud-based ones, as they will contain tracking. Bitwarden is also Open Source, there are other services too, but these are the main ones.
This is a very important thing everyone should do once in a while, delete unused accounts. Some sites may no longer exist, you just bought something there once or used it once and forgot it… But your account data, often including an unsecure and widely used mail containing your name, and maybe other personal information, are stored on many many servers.
If now one of those dozens (if not more) of servers gets hacked, this can have serious consequences. HaveIBeenPwned shows if your mail adress was included in a data breach
Many sites dont even offer the feature to delete your account, in that case email them mentioning your “right to be forgotten” (depending on the laws of the state you live in) and it will work most of the time. Ironically, you sometimes have to proof you are the one that wants to be deleted, like “Here is all my personal data and now please forget it”.
To get important mails from one profile to the other, you can copy them between folders in Thunderbird.
If not everyone knows your new mail, you can setup forwarding of mails for nearly every provider. Just make sure to not use your main adress, best is to use a temporary mail, so that the unprivate providers (e.g. Google etc) dont know your new adress. (Google sends mails to your alias/temporary email, which sends the mail to your main one, Google doesnt know your new main email).
When everyone has been contacted and knows your new adress after like 2 months or so, you can delete the alias/ temporary email and your old mail account.
This of course builds on trust in the company which you try to get rid of, but at least you can try it. I.E. ask Google to delete everything, your location history (insane shit), metadata, targeted ads, and what you can find else.
This is just an idea: Server costs are a thing, and a company should have limits for data storage. If you now change your real Name, Adress etc to fake ones like 6 times, maybe the real ones are permanently deleted, as they would take up too much storage.
With Reddit this works, as they only store the last version before deletion (so deleting something doesnt work, you have to edit & delete)
If you need to create an account for something and you know you wont need it in the future, use a redirection service like Firefox Relay. Just create a throwaway adress, let it forward mails to your mail email-adress and delete that throwaway email when you dont need it anymore. You can still delete the account, but this will also save you from spam
If you need to provide a Telephone-number, that isnt used for 2FA (two-factor-authentification, very important for security) or validated through an SMS code etc., you can use a fake number, as in many states your number is associated to your full name and more. There are also services like “Spam Frank” (Tel: 01631737743), that will deal with spam-calls you dont need.
Some obvious things
Some advanced tips
This can be a
2FA can save you, as nobody can access your login with just password and mail, but needs to have access to the second Factor too.
A few weeks ago I didnt even know this existed, as you nearly never see it. A lot of mail providers (including mailbox.org) allow them, you use it like that:
user@mailbox.org
—> user+ACCOUNT@mailbox.org
The Extension can be the domain that you use the email for, for example “user+reddit@mailbox.org”. Advantages:
If you for example discover your reddit-login email on a completely different server, you know you cant trust that former server as it shared your data.
Note: Some sites like Aliexpress dont allow extensions in your login mail, they say “enter a valid email” if it contains a “+”
K9-Mail and FairEMail have really good privacy settings, some by default.
Thunderbird, like Firefox, has its default settings mainly for easy usability, not privacy at all. But because of its open nature and customizability, you can use a file called “user.js”, defining a lot of settings on every start of Thunderbird, overriding the old ones. There are a lot of presets to be found online, I have made my own one, combining best Privacy with needed usability and including short explanations and a guide how to add it. It is based on the Thunderbird-Addon “PrivaConf” and "Privacy-Handbuch"s user.js (Here is a link to it in my Cloud).
Hardening your Browser and Email-Program can have negative effects on the usability, thats why tested user.js like mine are a good start, some hard presets like Arkenfox cause a lot of features to break, and falling back to an unconfigured version or a different mail program is not the solution, so a less hardened version may suit your needs better (keyword: Threat model), you dont always need TOR-anonymity.
Changing your email and adapting good habits is some work, but the good thing is, that those healthy workflows will stay and get easier, and there is a ton of great software and great people out there, making it easy for anyone to be private.
Lets keep fighting against the unleashed capitalist surveillance dystopia we live in, wake people up and keep ourselves safe!
this post was mirrored from my Reddit account
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Unfortunately, the work laptops are also used for remote work.
I’m currently using Thunderbird, but when Gmail stops supporting it, that’s just another reason to replace Google services altogether.