Image by bloggingberlin
Your e-mail account is probably the most valuable online account you control.
The security of most of your other accounts depends on the security of your
e-mail account. (Think I’m wrong? Have you ever recovered a lost password?)
For this reason, it is worth considering how best to protect it.
I use Gmail for my personal e-mail. In this article, I’m going to discuss the
benefits and costs of letting Google manage my e-mail. Then I will focus on
how those benefits and costs affect the security of my personal communications.
Giving Up Control
Before I dive into the ups and downs of using Gmail, I should make it clear
that using hosted services (also called Software-as-a-Service or SaaS) is about
giving up control. (Those who offer SaaS may down-play this aspect of their
offerings.) Running a service, whether a web site, e-mail hosting, mapping, or
identity verification, has ongoing costs and (hopefully) benefits. When you
use a service provided by outside party, you’re letting the outside party
shoulder the burdens of offering the service. You are also letting the outside
party control the quality and cost of the service.
Most businesses accept that they cannot do everything in-house. Instead, they
pay service-providers for everything from human resources and background checks
to information infrastructure and hold music. Most people accept the same, so
we use Gmail or Yahoo Mail instead of running our own mail server.
It just works. Usually, Gmail just works. In the last 5 years, I can recall
two instances of not being able to access my e-mail. Once I was locked out for
“unusual activity”. The other instance was a general Gmail outage. That’s
pretty good in my book.
Gmail generally has good security. Google got the two-factor ball rolling with
Google 2-Step Verification and Google Authenticator. Gmail also has good spam
and phishing protection. It is not perfect, but it’s better than I can do by
running my own MTA. (Yes, I can do some research and deploy a good open-source
solution. I haven’t done the research necessary for that yet.)
Using Gmail gives me more time to spend on other things. If I were running my
own MTA, I would have to worry about security of the host, spam filters, free
disk space, DOS attacks and other things that waste my time.
Gmail is just another Google service from a cost perspective. Instead of being
the customer, you are the product. You pay for the service by viewing
advertisments and by letting Google access your personal information. As the
years roll on, this has become more disconcerting to me. It doesn’t help that
the US government’s TLAs (three-letter agencies) have a healthy interest in the
information Gmail keeps for me.
There are a few other costs, like lock-in (moving from one e-mail provider to
another is not trivial) and having your data stored in proprietary ways. Gmail
is not terrible in this regard, but it is still one of the worst in the
Personally, these costs have not been too high, but my attitude is changing.
I’d prefer that my contacts and messages are not processed and adding to my
Google profile. I can enhance my privacy by using a different e-mail service
provider and I’ve started that process by acquiring my own domain name.
There is one other cost that I’d like to discuss in a future article—the cost
of the unknown. Specifically, I’d like to know whether Google is the only
other party reading my e-mail (once it is in Google’s possession.)