Time to leave Gmail, iCloud mail, Yahoo, Mailchimp and other mail providers?

In this article I will guide / encourage you to good privacy email solutions, and explain why it is about time.

1. How to export content, exit and delete your Gmail (as an example).
2. Suggestions and what to look for choosing a new email solution within EU legislation.
3. Finally, a few links about the issues of unlawful transfer of personal EU data to US, while using email solutions under US legislation.

We are talking about how Big Tech companies gets bigger, they harvest our data through our mail, through our login, through our Gmail-account or AppleID that we are forced to have when buying a mobile phone while providing us with platforms to communicate, but it doesn't have to work like that. If we continue to put all our eggs in one basket, we won't have choices in a few years. We are the data, we are customers and we are citizens, and we are the ones that create the market. With wise choices we can move data to platforms that serve our interests. So stop worrying and complaining, move your data!

Some email vendors even have free accounts or 50% off the price for NGO's, you need not to be depending of Apple, Google or Microsoft for that.

Have you ever read the Privacy Policy and Terms of Use? Yes difficult and long read, but basics are, business model reading your mails, utilising different analytics/insight to profile us ('to serve us better'), and share data with business partners. Article: Your mail, their ads. Your rights? By @Andrea Belu / EDRI

Allthough it seems that Apple will concentrate their power and be the gateway to our data, if we let them. Don't expect more privacy with Apple.

I can tell you right now that they are also not GDPR compliant, as many others aren't. In fact I cannot mention a US mail provider that is providing privacy. In any case, there is another issue of unlawfull transfer of personal data to the US; the EU- General Data Protection Regulation, so plenty of reasons to continue reading.

Data moving to US cloud the past 15 years (graphic with the courtesy of Daniel Solove).

YOUR GMAIL CONTENT

The hurdles, if you like to change your mail provider. Its not made easy for you to leave. We might have thousands of mails, in folders, and all in a format that cannot just be exported to another email provider.

This is one reason that keeps us from changing mail provider. Another more obvious reason is a new email address that has to be communicated to all our contacts, private, businesses and public. Allthough GDPR speaks of portability format.

How to export your Gmail content

Original link Download your Gmail data

"you can export and download your data from the Google products you use, like your email, calendar, and photos.

In a few easy steps, create an archive to keep for your records or use the data in another service. 

Note: Downloading your data does not delete it from Google’s servers. Learn how to delete your account or how to delete your activity later in this article.

Step 1: Select data to include in your archive Go to the 'Download your data' page.

Google Products that have your data are automatically selected.

If you don’t want to download data from a Google product, uncheck the box beside it.

If you only want to download some of your data from a product, you may have the option to select a button like List All data included.

Then, you can uncheck the box next to data you don’t want to include. Select Next step. 

Step 2: Customize your archive format Delivery method Send download link via email. We'll email you a link to download your archive. (You need a new email provider, more info below).

For "Delivery method," select Send download link via email. Select Create archive. In the email that arrives, select Download archive.

To download your data, follow the steps on the screen. Export type One-time archive File type Zip files 

Step 3: Get your archive. When your archive is created by using one of these options, we'll email you a link to its location. Depending on the amount of information in your account, this process could take from a few minutes to a few days."

Most people get the link to their archive the same day that they request it. 

I cannot recommend that you download to the alternatives listed, so-

• No to Add to Drive (US law) not GDPR compliant & not secure
• No to Add to Dropbox (US law) not GDPR compliant
• No to Add to Microsoft OneDrive (US law) not GDPR compliant & not secure
• No to add to BOX (US law) not GDPR compliant

If you ask, what about MS Outlook/ O365, I dare say no, not GDPR compliant.

Data minimisation Prioritize! May I recommend that you start by deleting all the mails you can do without. Also remember in Send, Drafts, Deleted, Spam, etc. Empty that bucket!

Create a new email account with a new provider, and then send the most important emails to it, both from Received Mail and Sent Mail, Drafts etc.

Download an archive to your PC/MAC in Zip format before deleting your Gmail!

Remember for businesses and organisations, no matter the size, and with all mail systems; mail is NOT a place to keep/archive data, informations, documents, image files, etc. Especially NOT if mail contains personal sensitive data or sensitive business confidentialities!

Establish categories in your new email, perhaps even mirroring existing file folders in your storage.

Convert important content from mail format to pure .txt file or/and PDF for archiving. Zip files are not searchable, so I suggest you also choose important mails and convert them to PDFs ... (done in Gmail), which you then save on your PC/MAC. Just a suggestion. How to Convert Email to PDF with Google Chrome 2020 including bulk conversions. Via Chrome browser extention Save Emails to PDF by cloudHQ

Finally, you can only delete your Gmail account once you have created a new email, as Google will send you confirmation of new email. Now Google have your new email. You could create a temporary dummi email just for that purpose.

Your choice of future email options?

Take a look at

• RESTORE PRIVACY by Sven Taylor's 12 Best Secure Email Services That Respect Your Privacy
• PRO PRIVACY's Secure Privacy Email Options 2020 by Douglas Crawford The mail providers are all compliant to most operating systems.

-Perhaps You have also heard that EU-US Privacy Shield is still not/no longer valid, which is another good reasons you don't want to recieve/keep EU personal data in a company from a country with inadequacy laws to GDPR.

 Jurisdiction. Choose a mail provider under European legislation, and storage in EU cloud with compliance in import and export of EU personal data, under GDPR.

There is no such thing as a GDPR compliant mail, or GDPR compliant storage, as it depends of how YOU or/and the organisation utilises the system. For example; retention period can be supported by functionality, or administrative rights, but its all depending of how it is used. If you keep mails with personal data in the mail system, it is your fault, and no system can guarentee GDPR compliance of Article 25 – Data protection by design and by default, or Article 32 – Security of processing. Or the other way around you spam the public with marketing emails or surveys....

There are many good reasons to use an email provider respecting your privacy, and there are other important reasons, like technical standards that makes your email safer beside DMARC, SPF, DKIM which Gmail also support.

What is secure mail, basic considerations.

If you and your business consider GDPR compliance like Privacy by design/by default, data protection by design and security of processing data, there are several specs to look for.

• The Privacy/confidentiality of your personal data (no snooping, sharing or selling of e.g. payment info, analytics, searches, IP addresses etc etc).
• Details in headers. Being able to see the details of the sender address is important for verification. If the technical sender is different from the header info, the email provider should warn you about this.

• Format. Writing mails in pure text (.txt) as opposed to formatted rich text (.rtf), or even worse .html where you cannot be sure what is hiding inside a link or text.
• Encryption. It is easy to find an email provider with end to end encryption. Not only is your emails send E2E and stored/at premise encrypted, but you can easily send encrypted email to anybody. Lets say the recieving part does not have a safe email or connection. No problem, as the email you send either from your mobile device or PC/MAC will be encrypted (with a password). Then your obligation is fulfilled. And, the reciever can actually send it back to you, still encrypted. Win win.
• Email backup stored in a EU country/cloud.
• Access. Mobile and desktop email client (app), as well as access via browsers.
• 2FA. Security keys (U2F), e.g. Yubikey. U2F is currently supported by Firefox and Chrome. TOTP with an authenticator app such as FreeOTP+, andOTP, Authenticator, Authy etc.
• Password/code when sending/recieving mails.
• Size of attachment is relevant, approximately 25 MB is normal today.
• Linux, Windows, MAC/iOS platform and integrations.

-Some email providers even have different levels of security in paid and unpaid versions.

Examples listed of other features of a safe email provider you might consider

• Create Domain names
• Create Alias email adresses if needed
• Create Customised email domains
• Share calenders with co-workers or family
• Consider to have one dedicated account to tickets, conferences and alikes, and have one dedicated account to private email to reciee from the public sector and private emails. I even have a third, just for business.
• More advices and technical stuff on encryption etc. in articles reviewing the mail providers (your choce of future email providers).

Take a first step, choose a new email provider, and there is no reason why is should be with Microsoft. In fact there are reasons why it shouldn't. Keep in mind, US legislation could also ban encryption of emails, files and storage in the future. And in any case CLOUD Act has proven to be a very real topic (read articles below on surveillance). One relevant reason to encrypt sensitive business informations, not just personal data! We must expect several actors to 'tap the wires' for valuable data.

Perhaps you will also consider to send documents by other means than email, in that case there are very good easy to use communication platforms for sending messages, documents/files, video chats, talks, working in groups etc., but that is another story.

LINKS FOR MORE INFO:

Gmail, Google Drive, Google Docs Suffer Widespread Failures, Forbes, Aug 20, 2020

Users Hit By Widespread Gmail Spam Filter Failure, Forbes, July 2020

Review of Tutanota vs ProtonMail: A Secure Email Battle for 2020 (Also, read the comments!). July 2020, by Jacob Roach at Cloudwards.net

Credit eDRI / The animation workshop (DK)

ISSUES OF SENSITIVE BUSSINESS AND PERSONAL DATA - US legislation 2020 : EU-US Privacy Shield - Intelligence and surveillance issues, a couple of links.

Watch the Intrusive Mailman video by eDRI

Decoding 702: What is Section 702? Why can the U.S. government collect my emails? By EFF

Report Discloses Unlawful “Backdoor Searches” of FISA Database, Cato Institute, May 2020, By Julian Sanchez "But §702 loosened the rules: Now instead of individualized warrants, the government asks the FISA Court to sign off on general “targeting procedures” used to select foreign targets located abroad. The communications of those targets can then be intercepted as they pass through American networks, including their communications with American citizens protected by the Fourth Amendment."

Clarifying Lawful Overseas Use of Data (CLOUD)

H.R.4943 - CLOUD Act - 'to improve law enforcement access to data stored across borders, and for other purposes.'

The CLOUD Act. Electronic Privacy Information Center, EPIC

EU_US data transfers, NOYB.eu

#eMail #Infosecurity #Dataprivacy #Risks #Dataprotection #HumanRights #Democracy #SoMe #PaaS #Antitrust