Last updated on April 21st, 2020
I’m sure most of us have a Gmail account. And, unquestionably, Gmail is indeed a reliable email service that also aims to provide a personalized experience.
However, as we know – “All that glitters is not gold“.
Similarly, Gmail also has its fair share of issues. Especially, for privacy-focused users.
So, in this article, I’m going to highlight a few reasons for users concerned about their privacy as to why I quit using Gmail for personal email communication and I’ll also mention some alternatives to Gmail at the bottom of this article.
Note: This article does not cover GSuite (which is a paid email service by Google for businesses).
Here’s Why Gmail Isn’t Privacy-Friendly
1. No End-to-End Encryption By Default
In 2014, Gmail was working on an experimental tool to make end-to-end encryption easier to use and potentially introduce it for Gmail users later.
But, back in 2017, they announced to make it a community-driven open source project which you can find it on GitHub with no progress since 2017.
Very promising, isn’t it?
In case you didn’t know, end-to-end encryption (E2EE) ensures that no middleman (Government, Email service provider or Hackers) can access your email except you and the receiver (you both should be using the same platform). And, E2EE is necessary if you need to ensure complete security in case of a data breach.
And, Gmail does not offer end-to-end encryption by default. So, most of the communication that happens among Gmail users aren’t end-to-end encrypted, which is a problem.
While you do have the option to use a 3rd party browser extension like FlowCrypt to enforce end-to-end encryption using PGP, it’s still not something “officially” offered by Google.
Shockingly, not just the lack of support out-of-the-box, but Google has no plans to introduce end-to-end encryption as of now.
2. Google Reads Your Emails
Did you ever wonder how you get reminders for your bills? A relevant advertisement in the promotion category of Inbox? That’s because Google knows a lot about you through your email activities as well.
Basically, Google uses your data to provide you a personalized experience and display advertisements. Unless you didn’t know.
In case you didn’t know, when you’re signing up for Google services or Gmail, you are giving them the right to read the contents of your email.
In case you can’t read the text properly in the image above, here’s what it says:
We also collect the content you create, upload, or receive from others when using our services. This includes things like email you write and receive, photos and videos you save, docs and spreadsheets you create, and comments you make on YouTube videos.
Yes, you can opt-out of personalized advertisements and disable the promotions inbox category – but even then, Google will still use your data to improve its service for you in one way or the other. Not just limited to that, Gmail’s smart-reply feature also needs to access the content of your email to suggest personalized and relevant replies.
Of course, if you have no issues sharing your private data with Google and want a personalized experience, you can still continue using Gmail.
But, if you are a privacy-concerned user just like me, you should choose the trade-off of having a non-personalized experience and have control over your data than giving it up.
Recommended Read: Here’s Why You Should Stop Using WhatsApp
3. Gmail Does Not Offer Zero-Access Encryption
Zero-Access encryption simply refers that your email cannot be accessed by your email service provider (like Gmail).
Zero-access encryption comes in handy even if there’s no end-to-end encryption. Obviously, E2EE coupled with zero-access encryption should be ideal.
However, Gmail does not implement it. And, if it does – Google can no longer read your emails or use your data to display advertisements.
So, it may not be viable for Google who relies on users’ data to make money.
But for a privacy-focused user, this is yet another reason why one should steer clear from using Gmail if you want the benefits of zero-access encryption.
4. Larger Attack Surface
Google offers a bunch of services that are often closely knitted to each other. So, if there’s a breach on any of their platforms – it puts your data at risk.
So, Gmail has a large attack surface. If you’re curious about what an attack surface is – read this article.
In other words, Gmail is a big target with a network of apps and services for potential scam campaigns, cyber attacks, phishing, and similar malicious threats.
But, if you utilize a more-secure, less popular, and a privacy-friendly alternative, they will have a small attack surface (it’s less prone to malicious attacks) and would be a very small target for malicious campaigns targeting emails.
For an average user, the concept of an attack surface might be a little hard to grasp. But, let me give an analogy if you’re still confused:
Suppose, you have a precious item stored in a locker at your home. If that’s a single-room home with a single door, it just takes one-way to break in, which is potentially easier to defend. But, if you have a big hotel with multiple entry points, the attackers can try a variety of routes to reach the locker.
That’s what the attack surface means. Considering that you have the best security standards, a small focused network is less-prone to a data breach than a large network of services.
Privacy-Focused Alternatives To Gmail
Even though you will find a lot of secure email services to replace Gmail on my article at It’s FOSS. Here’s a list of what I’d suggest you to try:
100% security and anonymity is definitely a myth for netizens. But, that does not mean you should potentially expose your private information to the services that you use.
If you want to prevent services like Gmail from collecting data from your email conversation, I’d recommend you to switch to privacy-focused alternatives, if not, just give them a try.
The rest depends on what you prefer and what you choose to do with the available options out there.
So, if you found this article useful, please share it across social media platforms to spread the word!
Gmail is everything you mentioned. But the alternatives aren’t any better. All email must be plain text in order to be received by other domains. All the encrypted alternatives you mentioned are only encrypted internally – eg protonmail to protonmail. But an email from protonmail to any other domain is sent in plain text. Signal messenger is the only trusted standard. Keep searching you’re on the right track… but email protocol is outdated and insecure by nature, every email is a postcard.
I’d agree with that. Still, having the features that ProtonMail and others offer is way better than using Gmail imo.
Criptext is really not secure and aren’t all that honest about their claims. We discussed this in a Reddit AMA (we being PrivacyTools).
Thanks for the heads up! I’ll update it.
Gmail is free to the user, but it still costs money to host email. So they use ads, and using targeted ads increases the chance you’ll click on something. You can’t have it both ways, getting something for free but not having the host try to at least target ads or something. I don’t mind them skimming my data, because things like targeted recommendations and other suggestions personalizes my experience. It’s what helps Google Assistant beat the completion by miles. If you really want privacy, PAY for your email with a reputable host that will guarantee your privacy. And maybe get an iPhone or an Android with an aftermarket ROM like Lineage OS that doesn’t connect directly to Google’s services for further privacy.
Thanks for sharing your thoughts! Yes, you’re right!
Will I be able to use on android phone, tablet, laptop in my home or anywhere without a flying chance in hell of being broken into? And do I need to download another program on each to keep privacy?