This is a multiple-part series – go here for the full list]
I’ve already tackled getting rid of Google Chrome, Google Search and Android, so now we move to Gmail, Gcal and Contacts. I’ve had my Gmail address for 18 years now. I thought it was so cool when it came out in 2004 that I set up Gmail accounts for my two toddler daughters, to lock in their user names before they were taken. Like most Google services, it’s very easy to use and packed with great features. But Google is an ad company and that means my data ripe for abuse. Several years back, I decided to find an email service that would respect my privacy. Here’s what I found.
I researched a LOT of email providers trying to find one that could replace Gmail, but would be secure and private. Like probably a couple dozen at least. There are many to choose from these days. I quickly realized that email is really old and it simply was not built to be private. This is what led Phil Zimmermann to create PGP back in the 90’s. To get true privacy (i.e., end-to-end encryption), you have to jump through a lot of hoops or get all your friends to use the same email service you are. But I also realized that there’s a perfectly viable middle ground solution: use an email provider whose business model doesn’t depend on monetizing your data. So I replaced Gmail with two services, not one.
De-Google, Step 4: Gmail
For most people, I think the best option is Fastmail, by far. Their email service is every bit as good as Google’s, but they don’t mine your data and they don’t track you. They also have some really neat privacy features like Masked Email and email aliases. The web interface is great, but you can use your own email client, too (mobile or desktop). They don’t have a free tier, but they do have a free trial for 30 days. You can get basic service for $30/year, but if you like it, you’ll probably end up with the $50/year plan. That’s well worth it, and you can then bring your own custom domain (I need to do a whole article on this). They have a nice comparison chart to Gmail here that also lists their many features.
If you want the full monty – true end-to-end encryption (E2EE) – then I think the best option today is ProtonMail. I’ve tried several other encrypted services like Tutanota and Mailbox.org, but their web apps just feel really clunky to me. For frictionless E2EE, you’ll need to email someone else who also has a ProtonMail account. It just works. But ProtonMail also has the option to send encrypted email to anyone. They’ll get an email with a special link, which will allow them to read and reply to the message securely. You’ll have to securely share a password with your recipient somehow (hint: not via email). They have a very limited free account, but I use the “Plus” account which is €48/year (currently about $54 US).
De-Google, Step 5: Gcal & Contacts
I’m not even going to bother splitting these into two steps because it turns out that the solution for replacing Google’s calendar and contacts services is trivial once you’ve replaced Gmail. Both Fastmail and ProtonMail come with really nice calendar and contacts features. They’re built in and seamlessly integrated already, and they’re both very functional.
Now, if you’re like me, you probably share calendars with other people – family members and maybe close friends. Both ProtonMail and Fastmail have the ability to do this.
You may want to migrate or import your Google contacts, email and calendar events to Fastmail or ProtonMail. It’s actually not that hard. As you might imagine, both companies realize this is an issue for most people and they’ve gone to great lengths to make it as painless as possible.
Note that ProtonMail also offers a VPN service, ProtonVPN.
A Couple More Things
Because ProtonMail is so focused on security, ProtonMail will require you to use their mail app on your smartphone. You can’t just set up an account with the default iOS Mail app. You can, however, make it your default email client, if you want. For your computer, ProtonMail has a nifty bridge app that will let you use a regular email client like Outlook or Mail.
Note that there are always degrees of security and we all have slightly different threat models. If your physical well being depends on absolute secrecy, ProtonMail may not be sufficient for you. For example, ProtonMail does not encrypt the subject line of your emails. Also, ProtonMail does log IP addresses in some circumstances and will turn over that info if required by law. There was a high-profile case in 2021 about this. This review discusses both issues. But ProtonMail fights hard for their users’ privacy. I’ve personally interviewed the CEO of ProtonMail and I believe ProtonMail is deeply committed to privacy. But if you’re concerned, see these articles (or this video) to research other options that may suit you better.
The next article covers Google Meet/Hangouts, Waze/Maps, Authenticator and YouTube.
I’ve created a nice summary page for all of these articles, including links to more resources.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!