Email

Why I left Gmail for ProtonMail; and my wife followed

Though this article focuses on Gmail, one could easily make the same arguments as a current Hotmail, iCloud, Yahoo!, or other free email provider user. Nothing comes without a price. In this case you are paying for these "free" services in exchange for your private data.

Every search that you have ever conducted through Google, every email you've ever sent or received through Gmail, every website you've ever surfed to using Google Chrome, everything you touch, type, or swipe on an Android phone, every YouTube video you've ever watched, commented on, or liked, every location you've ever navigated to on Google Maps... all of this data is compiled to create a complete picture of you and your life.

Former Google CEO and Executive Chairman Eric Schmidt once stated, "We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."^[1] He also said, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."^[2] And lastly, "The power of individual targeting - the technology will be so good it will be very hard for people to watch or consume something that has not in some sense been tailored for them."^[3]

In recent years, concerns about data privacy have only grown. For example, phishing attacks targeting Gmail users have surged, with over 3.4 billion phishing emails sent daily worldwide. Additionally, Google's continued reliance on user data for targeted advertising has faced increasing scrutiny under global privacy laws like GDPR and CCPA, further highlighting the importance of switching to privacy-focused alternatives.

The 2018 Cambridge Analytica/Facebook scandal^[4] highlighted the fact that online manipulation is a very real, very powerful problem. But targeted ads and political messages are only one (creepy) concern. The larger concern lies with Google and firms like them who have total control over content filtering and the order in which search results are displayed. They, or the third-party developers that work with them, can scan your emails for whatever information they deem relevant and useful for their purposes. "In one instance, two engineers read through 8,000 personal emails in order to calibrate their algorithms. The users were never informed about this."^[5]

All of your data is compiled to create a complete picture of you and your life. From that picture, companies can send targeted ads across their platforms. Google is a company built on advertising. In 2017, 86% of their revenue came directly from ads.^[6] However, it's not just about advertising. Or about "... strangers having access to your love letters, intimate photos and online purchases. It's also about the kind of society we want to live in. Gmail is designed for mass surveillance, and such a powerful tool could be easily misused."^[7]

"Since Google data is with a high likelihood stored in the USA, and Google is a US company, the likelihood that Google would have to submit to any US judiciary order to disclose data or to participate in mass surveillance agreements with US intelligence agencies is very high."^[8]]

Rather than entrust our private data to a company that fundamentally does not have my family's best interests at its core, I decided to find one that does.

ProtonMail states that "... our interests are aligned with those of our users, most of whom believe paying money is preferable to paying with their data, given the privacy and security risks. When you pay for the services you use, you can be sure you are the customer and not the product being sold to advertisers."^[9]

Geek Tip: Some of the reasons I chose ProtonMail:[10] End-to-end encryption, which means "nobody but you can read the messages in your mailbox." (including ProtonMail itself) Additionally, "no third party which transmits or intercepts the email between the sender and recipient (i.e. internet service providers, the NSA, or even ProtonMail as the mail server operator) can decrypt and view the message." Zero-access encryption, which means "it is technically impossible for us to decrypt user messages." In other words, "if an attacker steals emails from ProtonMail, the attacker would not have the ability to decrypt them, as even ProtonMail cannot decrypt them." ProtonMail "does not monitor or record user activity." "There is no such thing as 100% security and history has shown that any system can be breached. ProtonMail's unique ability to protect user data even in the event of a breach is a valuable benefit." ProtonMail uses strong two factor authentication (2FA) methods, and disallows weaker methods such as 2FA over SMS. ProtonMail now supports WebAuthn-compatible security keys for even stronger authentication, providing an additional layer of protection against unauthorized access. Additionally, tools like ProtonMail Bridge allow you to integrate your encrypted email with desktop clients like Outlook or Thunderbird, making it easier to use while maintaining privacy. ProtonMail, "stores user data exclusively in European countries with strong privacy protections such as Switzerland." As a Swiss company, "ProtonMail cannot be forced to hand over data in cases of US or EU civil litigation."

While free email services may seem convenient, they often come at the cost of your privacy. By paying for a service like ProtonMail, you ensure that your data remains yours—not a product sold to advertisers. Paid accounts also come with additional benefits like more storage space, custom domains, and priority support. As Johan Berg aptly put it, "Some of my friends say I’m crazy paying for an email account. I respond that they are crazy giving away their privacy for free."^[11]

Yogi Tip: 1. Signup for a ProtonMail email address at protonmail.com/signup. 2. Inform your closest contacts of your address change. 3. Figure out the rest as you go.

1. Signup for a ProtonMail email address at protonmail.com/signup.
   • Decide if you want a free Basic account with limited features or a more robust paid account (Plus, Visionary, or Business). Given that my family wanted custom domain email addresses and some extra storage space, we opted for Plus. At the time of this posting, Plus costs approximately $4 per month.
   • Set up Two Factor Authentication (2FA), one of the most effective ways to secure your email account. It ensures that even if someone guesses your password, they cannot access your account without a second form of verification. Use an app like Authy for added security.
2. Consider whether you want a custom domain address (e.g., [email protected]) or to stick with the default ProtonMail addresses (e.g., [email protected]; [email protected]). If you opt to go the custom route, here's some information for the more advanced users:
   • Create an account with GoDaddy (or the domain registrar of your choosing) and purchase a domain name. Set up 2FA!
   • If you think you'll create a website to go along with the domain name, I recommend also creating an account with Cloudflare (it protects and accelerates websites for free). Set up 2FA!
   • Update your domain DNS (MX) records at Cloudflare (or GoDaddy, if you didn't bother with Cloudflare) and then connect with ProtonMail.
   • Add additional domain (TXT) entries to protect against email spoofing. Details here.
   • SPF (strongly recommended)
   • DKIM (recommended)
   • DMARC (optional)
3. Inform your closest contacts of your address change through your Gmail account with your new email address included as a CC.
4. Export contacts from your Gmail account.
5. Import contacts into your ProtonMail account. When exporting and importing contacts, ensure they are handled securely to avoid exposing sensitive information. ProtonMail encrypts imported contacts by default, adding an extra layer of protection.
6. Set up Gmail to forward new messages (scroll down to the Setting up your Gmail to forward you your Gmail messages section). Consider using tools like SimpleLogin or AnonAddy to create unique email aliases for different purposes (e.g., shopping or subscriptions). This adds another layer of privacy by keeping your primary email address private.
7. For those with a paid ProtonMail account (Plus or above), set up a label and filter to highlight when emails are being forwarded from Gmail versus being sent directly to your new address. This will allow you to identify which contacts and vendors still need to update your details.
• Go to Folders / Labels and click the ADD LABEL button.
• Name it GMAIL and select a bold color. Click SAVE.
• Go to Filters and click the ADD FILTER button.
• Name it GMAIL and create the following condition and action:
• If the recipient is exactly [email protected]
• Apply labels GMAIL.
• Click SAVE.
8. Download the ProtonMail smart phone app and login (iOS | Android).
9. Delete the Gmail app from your smart phone. If you previously set up mail access to Gmail from the standard Mail app, delete the Gmail account in your mail settings. Keep in mind that for security reasons your ProtonMail contacts do not sync with your native smart phone Contacts app. Therefore, when deleting your Gmail account if it prompts you on whether or not to retain the contacts locally, I suggest saying yes (at least until you come up with an alternate process for managing your contacts which you're comfortable with).
10. Update your various online accounts as needed to reflect your new email address. Once you feel comfortable that you no longer need to access your Gmail account or have emails forwarded from it, delete it.
11. If you don't need any of the ancillary Google services (e.g., Google Drive, Google Calendar, Google Photos, YouTube subscriptions), or you've already done the work of migrating those services to other non-Google products, then delete your Google Account.

• Julia Angwin, "Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking," ProPublica, October 21, 2016.
• Andy Yen, "Why ProtonMail Is More Secure Than Gmail," ProtonMail Blog, October 22, 2017.
• Matt Burgess, "How to Stop Google from Tracking You and Delete Your Personal Data," Wired UK, August 17, 2018.
• Hoxhunt Team, "9 Email Security Best Practices," Hoxhunt Blog, January 2025.
• PCMag Editors, "The Best Email Encryption Services for Privacy," PCMag, December 2024.
• Proton Team, "Proton’s Suite of Privacy Tools: More Than Just Email," Proton Blog, November 2024.

Footnotes

^[1] Derek Thompson, "Google's CEO: 'The Laws Are Written by Lobbyists'," The Atlantic, October 1, 2010.
^[2] "Google CEO On Privacy (VIDEO): 'If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It'," HuffPost News, March 18, 2010.
^[3] Holman W. Jenkins Jr., "Google and the Search for the Future," The Wall Street Journal, August 14, 2010.
^[4] Matthew Rosenberg and Gabriel J.X. Dance, "'You Are the Product': Targeted by Cambridge Analytica on Facebook," The New York Times, April 8, 2018.
^[5] Douglas MacMillan, "Tech's 'Dirty Secret': The App Developers Sifting Through Your Gmail," The wall Street Journal, July 2, 2018.
^[6] "Google's ad revenue from 2001 to 2017 (in billion U.S. dollars)," Statista, 2018.
^[7] Ben Wolford, "Gmail's privacy problem and why it matters," ProtonMail, July 5, 2018.
^[8] Massimiliano Mortillaro, "My move from Gmail to ProtonMail: a comprehensive report on gaining back my privacy," Kamshin, February 6, 2017.
^[9] See footnote 7.
^[10] Andy Yen, "Why ProtonMail Is More Secure Than Gmail," ProtonMail, October 22, 2017.
^[11] Johan Berg, "@johanbrg_," Twitter, May 16, 2017.