What you need to know about privacy, email, and particularly Gmail

Pritesh Singh asked if anyone other than the intended recipient can view files attached to a Gmail message.

Pritesh Singh asked whether anyone other than the intended recipient can view files attached to a Gmail message.

Unless you take special precautions, nothing you send by email is secure. That's doubly true with Gmail, since Google uses the content of your messages to target advertising.

I very much doubt that Google employees are reading your mail; there are cheaper ways to get the job done. But the potential of abuse is always there. And let's not forget the NSA's enthusiasm for sticking its nose into everything we do online.

[Email your tech questions to answer@pcworld.com.]

Giving up Gmail won't help much. All email, by its nature, is insecure. Your unencrypted message will go through several servers between you and the recipient. Even if the message leaves your PC encrypted with SSL (as happens with Gmail), that only protects it for the first leg of its journey.

There's no technical reason why we can't all have full, end-to-end encryption built into our email systems. A free, open-source standard already exists: OpenPGP. All it needs is universal acceptance by the major email clients and providers.

But that's not going to happen. While it would be wonderful for most of us, such acceptance would not be in the interests of Google, Microsoft, or the U.S. government.

So what can you do?

The most obvious tactic is to keep sensitive stuff out of email. You can send most messages without privacy worries. But when you want to make sure that the cops, the crooks, or the corporations can't read it, use encryption.

That's not as easy as it sounds. Your recipient will need compatible software and possibly your password. And they may not be as tech-savvy as you.

In my experience, the best method is to skip email altogether and use a service called Sendinc. Both you and your recipient will need your own accounts (free ones are sufficient for most people). You don't need to know each other's passwords; although both of you should have strong ones.

For more on how the service works and how it secures your information, see its How Sendinc works page.

Join the CSO newsletter!

Error: Please check your email address.

Tags emailGmailGoogleMicrosoftsecuritynsaprivacy

More about GoogleMicrosoftNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lincoln Spector

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts