Will Dove 00:11
I have with me once again Oliver Ross of Liberty Lives in Part 3 of this 9 Part Series that he's very kindly given his time to educate us on our privacy, on our communications and our online activities. And he's here today to discuss the extremely important issue of email privacy. Oliver, thank you for joining us again.
Oliver Ross 00:30
Thank you for having me back.
Will Dove 00:31
I know with most of my interviews, I'm able, I know enough to start out with some sort of educated question to prompt my guest. But as you and I were discussing before the interview, I have to confess it of all the things that we're talking about in this 9 Part Series, email is the one I am most ignorant of. So I'm just going to basically ask you to start out with an overview of what are the concerns when we're using email?
Oliver Ross 00:53
Well, the biggest concern is actually something you just said in passing and it's important that people keep this in mind. It's email privacy in an extreme way, if you're really concerned about everything that you're doing in your email, is not possible. Because somebody in some place is either saving your password, or you're using Gmail, you will already have an idea when you're sending somebody an email is going to be something that nobody else can access. And I mean, easily access, not just like we're talking when we're talking about the browsers and VPN is there's a little more difficulty there with email, it can be pretty easy to access, let's say, for some reason, there was a court order out for your information. And then what would happen very easily, say you have a Gmail account, all they have to do is Gmail hack, to get your account and your password. And I'm pretty sure the way the international laws and the other collusion that goes on, it doesn't take very long, and then they've got everything. So then we could talk about, okay, if that's one issue, what can we do to answer that issue? Well, the first thing people would think about is, maybe I'm going to encrypt my email address. So I'm going to use Protonmail for everything and assume that equals privacy. Now, I use Protonmail. And other people, I know a lot of people who use it. However, I always tell people don't think of it as a private platform for communication. You don't have to provide personal information to create a more valid account. But it doesn't matter if you're using it with your name and everything. It's the same issue as with a Gmail account, if they really want you and they could pressure Protonmail to provide your password. Because it's a single password system. And you have to double check this because it may have changed in recent months, but I'm pretty sure if you bought schools. Their policy was that even if you delete an email, that email is saved on their servers for six months after that. So you're already asking for trouble if you're assuming it's going to be private. And if I Okay, if you're using if you're being dissident in what you're doing. And you're assuming, okay, I could send everything through Protonmail. And firstly, you're probably going to be sending stuff to Gmail accounts anyway, which kind of defeats the purpose in that way. But let's just assume you're thinking that Protonmail is the best thing in the world, and you're sending it all through there. And then you get called into court and they want access to it. It can be done pretty easily. It's just the encryption... it's not a bad thing that there's encryption there, on the emails, but it also doesn't encrypt everything it gets it's there's like the headings, the subject lines and everything that's not encrypted. That's just the metadata that's around that's always around with emails. There are other alternatives to emails. The best alternatives out there range from using a personal server, which it's not as hard as it sounds, but it could be costly and it could still be time consuming to set it up. But you know, who has this? Who has the server running so you have more control? Or you've done your research, and you're looking at some smaller server providers who have privacy built in from your estimations, you would, you believe that they would not sell your data. Where on top of that, you can use some bigger ones like Tutanota, I did recommend CTemplar in our first interview, they are no longer in existence, or they, they've stopped and very soon one of the two, because they could not guarantee privacy anymore, is what their reasoning was. But to notice their own existence and to know to at least, has a dual password system. So if you're trying to send an encrypted email, you, the other person needs to also have a password to access that email. So there is another layer in the bunch. But in general, it's really important to understand that your emails aren't bad for privacy. Now, that doesn't mean you can't use emails. For private matters. If you're using multiple email accounts simultaneously. And you're, you're doing a lot of compartmentalization of your data, and your knowing what accounts are going where and it can get overwhelming. But there is a use to email, if you're thinking about it as a tool that isn't by its nature private but can be used for certain accounts that you're making, that if you're if you're using an email address that doesn't require personal information, and you're using the VPN already. And all you're using it for is making an account. Now, again, theoretically, that account could be if you wanted to, through a court injunction could be provided. But you're using it with the idea that it might not be really for sending stuff out, it could be for your crypto or for whatever you want to use it for. And you have those accounts built up. And then you could use other communication platforms that are more privacy oriented.
Will Dove 07:18
Okay, I want to get into those a little bit. But there's a few questions I want to ask to clarify off the email themselves. First of all, to clarify, once again, for our viewers that most of the advice you're giving here is to protect people against algorithms. And you have made the point that while most of these steps will protect you against those algorithms, if the government or whatever really wanted your information, they could potentially subpoena one of these servers services to provide it to them. But if you're say using something like Protonmail, because it is end to end encrypted, what are the possibilities that any algorithm could intercept and read those emails?
Oliver Ross 07:56
Well, if you're the big issue would be if you're sending it out to alternative email addresses that don't do encryption.
Will Dove 08:02
Right? So from Protonmail to Protonmail, or some other encrypted email, I assume you should be fine. But if you're sending it to just a general email address, well, now it could be read on the other end.
Oliver Ross 08:15
Exactly. They're still - the AI could still capture even if you have an encrypted email address, the subject line, right. So there is potential there as well. But it's just more than with a VPN. And with the browsers, the email addresses are used. So fundamentally, to build up who you are because you don't even think about it. You get all your newsletters, you make your -- if you had a classic Gmail account, you probably had that connected to your YouTube. So they see everything there is you're getting all your newsletters about who you like, where you don't like you're making all your accounts, your banking accounts. So if you're thinking about it as a, a tool in the bunch, if you have everything in one email address now, then you're asking for problems in a place that would be the easiest to access. If, when we're referring back to the other two discussions that we've had. You have a Gmail account, okay. Doesn't matter. It's easy. Everything's easy there.
Will Dove 09:33
Now, you had mentioned on Gmail accounts that even if you say go and you delete your emails, Gmail is keeping them on their server for what you say six months?
Oliver Ross 09:42
No, that was Protonmail. Gmail, I'm pretty sure it's indefinite.
Will Dove 09:46
So just look at their policies. If you as the user, go into your Gmail account, and you delete all of your emails, they're still on the server.
Oliver Ross 09:53
They're still logged, then it doesn't matter even if they're not the Gmail account, AI - the AI associated with them. would have captured it anyway. So depending on what you mean by them being saved, enough of the information from them has already been extracted.
Will Dove 10:10
Right. So I think the important point to make there is that if you're using something like Gmail, or I would assume Hotmail would be the same thing. As you're sending these communications, it's logging that stuff is it's tracking what you're doing. So now the next step, of course, would be to go to something like Protonmail. But that only works if both people are using Protonmail and even then you have to be aware that it can probably read your subject line. So be careful what you put in it.
Oliver Ross 10:35
And you really have to think about your this isn't a communication 'Silver Bullet' situation, you're dealing with a flawed platform, when it comes to privacy, it's for ease of use, email works great. But for a privacy from a privacy perspective, you can only bandage up something so far. It's an it's not going to change what it actually is. So you have to keep that in mind, when you're using your email. In general, if you're going to be super concerned about making an event, let's say in sending an email to people, because you don't want anybody else to know about that event, don't do it through email. But like think about it, if your email, even if you're using a private email, so to speak think about it as another public place. Now, there are ways of using email addresses that are beyond where we're at, we're going to be talking about today. But if you're using it for mailing lists and such, honestly, I've told people before, if you're going to be using it for a mass email, and you're not concerned about and you know, you don't even know where everybody who's on the mass email, you can use your Gmail account. Who cares, who's gonna - you're not dealing with anything. So whatever's easy in that regard, actually, is the best answer. But it's just don't think of it as, oh, I'm going to have my big party and there's in the middle of a lockdown. And I'm gonna send it out an email, and nobody's gonna know where I am.
Will Dove 12:29
Okay, so I think what I can hopefully summarize correctly this way is to remember folks that email was originally created as a form of business communications. And yes, they've come along with things like Protonmail, that encrypted end to end. But as we've discussed today, that only works if both you and the recipient are using it, and you still have to be careful what you put in that subject line. And so I think the best guideline for people is to understand that there are better forms of private communication, and that you should not be mentioning anything sensitive in an email, because there's just too much chance that it could be read, intercepted, subpoenaed, whatever, and it could be used against you.
Oliver Ross 13:06
Exactly.
Will Dove 13:08
All right. Once again, Oliver, thank you so much for sharing your very valuable knowledge with our audience. And we're looking forward to Episode Four where we're going to talk about social media ad better forms of private communication. Thank you