Email Privacy
Gmail reads every email you send and receive.
That’s not an exaggeration. Google scans your emails to:
- Build advertising profiles
- Train AI models on your conversations
- Track purchase history and receipts
- Identify your contacts and relationships
- Monitor your location through confirmation emails
Google knows more about your life than your closest friends. They know when you’re job hunting (LinkedIn alerts), having health issues (doctor appointment confirmations), traveling (flight confirmations), and buying things (every receipt).
Your email is the master key to your digital life. Password resets, 2FA codes, account confirmations—everything flows through email. If your email is compromised, everything is compromised.
This week, you’ll move to encrypted email and set up email aliases to compartmentalize your identity.
The Email Privacy Problem
Gmail Is Surveillance
When you use Gmail (or Outlook, Yahoo, etc.), you’re giving a corporation complete access to your private communications.
What Gmail collects:
- Every sender and recipient
- Subject lines and full message content
- Attachments and files
- Timestamps and frequency of communication
- IP addresses and device information
- Browsing activity (if you clicked links in emails)
How they use it:
- Ad targeting across Google properties
- Building shadow profiles of non-Gmail users you email
- Training AI models (yes, GPT alternatives are trained on your Gmail)
- Selling insights to advertisers and data brokers
The Terms of Service are clear: “Our automated systems analyze your content to provide you personally relevant product features, such as customized search results, tailored advertising…”
Translation: We read everything.
Email Address as Identity
Your email address is tied to everything:
- Social media accounts
- Banking and financial services
- Shopping and subscriptions
- Work and professional contacts
- Personal relationships
When you use one email for everything, you create a unified profile. One breach links all your accounts. One leak connects your work life to your personal life to your anonymous forum activity.
We’ll fix this with aliases.
Part 1: Choosing a Private Email Provider
We’ll cover two excellent options: Proton Mail and Tutanota. Both are:
- End-to-end encrypted
- Zero-access (they can’t read your emails)
- Based in privacy-friendly countries
- Open source
Proton Mail (Recommended)
Based in: Switzerland (strong privacy laws)
Encryption:
- End-to-end encrypted by default
- Zero-access encryption (Proton can’t decrypt your emails)
- PGP-compatible for emailing other PGP users
Free tier includes:
- 1 GB storage
- 150 messages per day limit
- 1 email address
- Limited support
Paid plans ($5-24/month):
- More storage (15 GB - 500 GB)
- Custom domains
- Multiple email addresses
- ProtonVPN bundled
- Calendar and Drive included
Pros:
- ✅ Mature, well-audited service
- ✅ Large user base
- ✅ PGP interoperability
- ✅ Good mobile apps
- ✅ Integrated VPN, calendar, drive
Cons:
- ⚠️ Free tier is limited (150 emails/day)
- ⚠️ Search doesn’t work on encrypted email bodies (by design)
Best for: Most users, especially those wanting an all-in-one privacy suite
Tutanota
Based in: Germany (GDPR protection)
Encryption:
- End-to-end encrypted (including subject lines!)
- Zero-access encryption
- Custom encryption (not PGP, more modern)
Free tier includes:
- 1 GB storage
- 1 email address
- Full search (encrypted search index)
- Calendar included
Paid plans ($3-9/month):
- More storage (up to 20 GB)
- Custom domains
- Multiple addresses
- Whitelabel options
Pros:
- ✅ Encrypts subject lines (Proton doesn’t)
- ✅ Very affordable paid tiers
- ✅ Cleaner, simpler interface
- ✅ Full-text search works on encrypted emails
Cons:
- ⚠️ Not PGP-compatible (proprietary encryption)
- ⚠️ Smaller ecosystem than Proton
- ⚠️ Less name recognition
Best for: Budget-conscious users, those wanting encrypted subject lines
Decision Guide
Choose Proton Mail if:
- You want PGP compatibility
- You need VPN/Calendar/Drive integration
- You prefer a larger, more established service
- Budget isn’t a concern
Choose Tutanota if:
- You want subject lines encrypted
- Budget matters ($3/month vs $5/month)
- You prefer simplicity over features
- PGP compatibility doesn’t matter to you
For this tutorial, we’ll use Proton Mail (more widely adopted), but setup is similar for Tutanota.
Part 2: Setting Up Proton Mail
Create Your Account
- Open Firefox in your Linux Mint VM
- Go to https://proton.me/mail
- Click Get Proton Mail Free
- Choose your plan:
- Start with Free (you can upgrade later)
- Choose your username:
- Don’t use your real name (e.g., avoid
[email protected]) - Use something neutral (e.g.,
cipher_wanderer,pixel_nomad) - This is permanent, choose carefully
- Don’t use your real name (e.g., avoid
Create a strong password:
- Use your password manager (from Week 4)
- Generate a 20+ character random password
- Save it in KeePassXC or Bitwarden immediately
Select a recovery method:
- Email recovery: Use an existing email (Gmail, for now)
- Or Phone recovery: Use your phone number
- Or Skip (risky—if you forget password, you lose everything)
Complete CAPTCHA verification
Click Create Account
Initial Setup
After account creation:
Set up recovery method (if you skipped it)
- Settings → Recovery
- Add a recovery email or phone
- This is only for password reset, not for reading your emails
Enable Two-Factor Authentication
- Settings → Security
- Enable Two-factor authentication
- Use an authenticator app (Aegis on Android, Raivo OTP on iOS)
- Save backup codes in your password manager
Configure display name
- Settings → Identity and addresses
- Set your display name (the name people see when you email them)
- You can use a real name or pseudonym depending on use case
Understanding Proton Mail’s Encryption
Internal emails (Proton to Proton):
- Automatically end-to-end encrypted
- Proton cannot read them
- Subject lines visible to Proton (metadata)
External emails (Proton to Gmail):
- Not end-to-end encrypted by default
- Stored encrypted on Proton’s servers
- Recipient sees it in plain text in Gmail
- You can enable “Encrypt for outside” (password-protected message)
PGP emails (Proton to PGP user):
- Fully end-to-end encrypted
- Both parties exchange public keys
- Proton can’t read, recipient’s provider can’t read
We’ll cover PGP in detail in Week 9.
Part 3: Email Aliases for Compartmentalization
Now that you have a private email, don’t give it to everyone. Use aliases to compartmentalize your identity.
Why Aliases Matter
Problem: You give [email protected] to:
- Shopping sites
- Forums
- Work contacts
- Friends
- Banks
Now:
- Data breach at a shopping site exposes your main email
- Spammers sell your email to 50 lists
- You can’t tell who leaked your address
- All these contexts are linked together
Solution: Use a different alias for each context:
[email protected]→ Amazon[email protected]→ eBay[email protected]→ Reddit[email protected]→ LinkedIn[email protected]→ Real address for trusted contacts only
Benefits:
- If
[email protected]gets spam, you know Amazon leaked it - You can disable that alias without affecting others
- Each context is isolated
- Data breaches don’t reveal your real email
Alias Services: SimpleLogin vs AnonAddy
Both are open-source email aliasing services. Both work with Proton Mail.
SimpleLogin (Recommended)
- Now owned by Proton (integrated with Proton Mail)
- Free tier: 10 aliases
- Premium: Unlimited aliases, custom domains ($30/year)
- Browser extension for generating aliases on-the-fly
AnonAddy
- Independent, open source
- Free tier: Unlimited aliases, 10 MB bandwidth/month
- Premium: More bandwidth, custom domains ($12/year)
- More technical, more control
We’ll use SimpleLogin (better Proton integration).
Part 4: Setting Up SimpleLogin
Create SimpleLogin Account
- Go to https://simplelogin.io/
- Click Sign in with Proton
- Authorize the connection
- SimpleLogin is now linked to your Proton Mail account
All emails sent to SimpleLogin aliases forward to your Proton Mail inbox.
Create Your First Alias
In SimpleLogin dashboard, click New Alias
Two options:
- Random alias: SimpleLogin generates a random name (e.g.,
[email protected]) - Custom alias: You choose the name (e.g.,
[email protected])
- Random alias: SimpleLogin generates a random name (e.g.,
For shopping sites, use custom:
- Alias:
shop-amazon - Suffix:
@simplelogin.co(or your custom domain if you have premium) - Note: “Amazon shopping”
- Click Create
- Alias:
- The alias is created. All emails to
[email protected]now forward to your Proton Mail.
Alias Naming Strategy
Organize by category:
shop-[sitename]→ Shopping sitesforum-[sitename]→ Forums and communitiessocial-[sitename]→ Social mediawork-[company]→ Work-relatednewsletter-[name]→ Newsletters and subscriptionstemp-[purpose]→ Temporary, disposable aliases
Example aliases:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Browser Extension for Quick Aliases
Install SimpleLogin browser extension in Firefox
When signing up for a site:
- Click the extension icon in email field
- Click Generate new alias
- It auto-fills a random alias
- Save it in your password manager
Email to that alias forwards to your Proton Mail inbox
Replying Through Aliases
When someone emails your alias, you can reply through the alias:
- You receive email in Proton Mail from
[email protected] - Click Reply
- Your reply automatically goes through the alias
- Recipient sees it coming from
[email protected], not your real Proton address
Your real email stays hidden.
Disabling Aliases
If an alias gets spam:
- Go to SimpleLogin dashboard
- Find the alias
- Click Disable (or Delete)
- Emails to that alias are now blocked
The rest of your aliases keep working.
Part 5: Migrating from Gmail
You don’t need to delete Gmail immediately. Transition gradually.
Phase 1: New Accounts Use Proton + Aliases
Starting today:
- New signups → Use SimpleLogin aliases
- Existing accounts → Keep Gmail for now
Phase 2: Migrate Critical Accounts
Over the next few weeks, update your email on:
Priority 1 (do first):
- Banking and financial accounts
- Password manager account (if using Bitwarden)
- Domain registrars
- Any account with 2FA enabled
Priority 2 (next):
- Social media (but use aliases!)
- Shopping accounts (use aliases!)
- Work-related accounts
Priority 3 (low priority):
- Newsletters (use aliases, or just unsubscribe)
- Old forums you never use
Phase 3: Forward Gmail to Proton
Set up forwarding so you don’t miss anything:
- In Gmail, go to Settings → Forwarding and POP/IMAP
- Click Add a forwarding address
- Enter your Proton Mail address
- Verify the forwarding (check Proton inbox)
- Set Gmail to Forward a copy and Keep Gmail’s copy in Inbox
Now Gmail emails arrive in both Gmail and Proton. Over time, fewer emails arrive as you migrate accounts.
Phase 4: Monitor and Sunset Gmail
After 3-6 months:
- Check which accounts still email your Gmail
- Migrate any you care about
- Eventually stop checking Gmail
- Don’t delete Gmail (you might need password resets for old accounts)
Part 6: Email Best Practices
Send Encrypted Emails to Non-Proton Users
Proton lets you send password-protected emails to anyone:
- Compose email in Proton Mail
- Click the lock icon (Encrypt for outside)
- Set a password (share this password via Signal or in-person)
- Send email
- Recipient gets a link to decrypt the email using the password
The email is encrypted in transit and at rest. Only someone with the password can read it.
Avoid Email for Sensitive Communications
Email is better than Gmail, but still not ideal for highly sensitive conversations:
Use email for:
- Confirmations and receipts
- Password resets
- Account notifications
- General communication
Don’t use email for:
- Confidential documents (use encrypted file sharing instead)
- Private conversations (use Signal, covered in Week 7)
- Anything you wouldn’t want read in court
Email leaves metadata trails (who, when, subject line).
Unsubscribe from Everything
Newsletters clutter your inbox and expose your email:
- Click Unsubscribe on unwanted newsletters
- Use
newsletter-[name]@simplelogin.coaliases for newsletters you want - You can disable the alias later if it gets annoying
Check for Email in Data Breaches
Use Have I Been Pwned regularly:
https://haveibeenpwned.com/
Enter your email addresses (including aliases) to see if they appear in breaches.
If your alias appears:
- Disable it in SimpleLogin
- Create a new alias for that service
- Update your password for that account
Part 7: Mobile Email Setup
Install Proton Mail on your phone for on-the-go access.
Android
- Use F-Droid (open-source app store) if available, or Google Play Store
- Search Proton Mail
- Install and log in
- Enable notifications for important emails
iOS
- Search Proton Mail in App Store
- Install and log in
- Enable notifications
Mobile Tips
- Use Proton Mail app instead of default Mail app
- Disable Gmail app notifications
- Keep phone screen locked (emails are stored encrypted on device)
Privacy Checkpoint
Your email is now significantly more private:
What changed:
- Moved from Gmail to end-to-end encrypted email
- Set up aliases to compartmentalize identity
- Enabled 2FA on email account
- Started migrating accounts off Gmail
What you gained:
- Proton/Tutanota can’t read your emails
- Aliases prevent tracking across services
- Data breaches are contained to single aliases
- No more ad targeting based on email content
What you lost:
- Gmail’s search (less powerful on encrypted email)
- Unlimited storage (free tiers are limited)
- Convenience of one email address (aliases require management)
The trade-off is worth it.
Troubleshooting
Proton Mail isn’t receiving emails
Check:
- Spam folder in Proton
- Whether the sender is blocked
- Storage quota (free tier: 1 GB)
SimpleLogin alias not forwarding
Check:
- Alias is enabled (not disabled/deleted)
- SimpleLogin linked to correct Proton account
- No bounces (sender might be blocked by Proton)
I forgot my Proton Mail password
If you set up recovery email/phone:
- Go to https://account.proton.me/
- Click Forgot password
- Use recovery method
If no recovery method:
- Your account is gone forever
- This is by design (zero-access encryption)
- Use your password manager to avoid this
Sites reject my alias
Some sites block @simplelogin.co addresses:
- Use a custom domain (requires SimpleLogin premium)
- Or use your Proton address directly for that site
Gmail forwarding stopped working
Gmail sometimes disables forwarding:
- Check Gmail Settings → Forwarding
- Re-verify if needed
- Or manually check Gmail weekly
Going Further (Optional)
Custom Domain with Proton
With Proton Plus ($5/month), use your own domain:
- Buy a domain (e.g.,
yourname.com) - In Proton settings, add custom domain
- Configure DNS records (Proton provides instructions)
- Now you can use
[email protected]
Benefits:
- Professional appearance
- Not tied to Proton (can migrate to another provider later)
- Unlimited aliases (every address at your domain forwards)
PGP with Proton Mail
Proton supports PGP for emailing other PGP users:
- Exchange public keys with recipient
- Import their key into Proton
- Emails are automatically encrypted end-to-end
We’ll cover PGP in detail in Week 9 (GnuPG).
Self-Hosted Email (Advanced)
For maximum privacy, run your own email server:
- Complete control
- No third party
- Very technical (requires sysadmin skills)
Not recommended for beginners. Proton/Tutanota are excellent middle-grounds.
What’s Next
You now have private, encrypted email with aliasing for compartmentalization. Next week, we’ll secure your network traffic with VPNs and understand when to use Tor for maximum anonymity.
Week 6 covers VPNs and Tor—when to use each, and how to set them up.
Summary
This week you:
- Learned why Gmail is surveillance
- Chose between Proton Mail and Tutanota
- Set up encrypted email with 2FA
- Created email aliases with SimpleLogin
- Started migrating accounts off Gmail
- Learned email privacy best practices
Your email is now end-to-end encrypted, and your identity is compartmentalized across aliases. Combined with your hardened browser (Week 3) and password manager (Week 4), you’re building a solid privacy foundation.