- Is secure email like
ProtonMail really more secure than regular old Gmail? I mean, worth paying for kind of secure. If you're skeptical,
curious, or just fed up with companies like
Google that survive off collecting your personal data, this is what you need to know
about end-to-end encryption and how it affects your
daily email communication. Hey there, welcome to All Things Secure. My name's Josh, if you're
a first time viewer here and let me start by telling
you what this video is not. This video is not my attempt to get you to abandon your Gmail address and open a secure email account. I still use Gmail everyday, and frankly it would be almost impossible for me to delete it at this point. I would bet that you're
probably in about the same boat. Also this video is not just
for those conspiracy theories to wear tinfoil hats. Encrypted communication is
a basic tenet of privacy that I believe everybody
should take seriously and take advantage of including you. So what I am going to do here is explain how Gmail's current
encryption just doesn't cut it and how secure email
compares as an alternative. There are a number of
secure emails services that you could use, very good ones, but I'm gonna use ProtonMail
as the example here for three reasons. First, that's what I've been
using for the past few years. Second, they have a good free option that you could use to give it a try. And third, well they're
sponsoring this video, and as a creator, I
just have to step back. (claps loudly) Okay, let's start off
with an important lesson on email encryption. Most email providers including
Gmail use what's known as TLS or Transport Layer
Security to encrypt emails as they're being sent across the internet. It's the standard and it works but it falls short
because it gets decrypted once it reaches the target mail server. Gee whiz, I hate using technical jargon. So let me put it this way. Imagine that I'm sending
you a top secret message. It gets placed in a lockbox
and delivered to your door, but once it arrives at the
house, the box is unlocked and that message can be
read by anyone in the house. It's been securely delivered, sure but once it arrives at your
house, that security is gone. End-to-end encryption works differently. Using this method, I placed
my top secret message in a locked box and send it to your house, but I also send you a private
key to that box separately. The box arrives at your
home, but it remains locked until you personally use that private key I gave you to unlock it. Let me give you a more practical example for my everyday life. A few weeks ago, a family member asked me to send my social security number that was needed to open a certain account. Using Gmail, I can send
this sensitive information and be confident that
it will arrive securely. That's TLS encryption at work. However, once it arrives
at the destination, I have no guarantee
that the message I sent will remain private or available
only to my family member. Your email provider can see the message even if they've promised
not to scan it for ads, and the account were somehow
hacked or compromised so would my ID number,
since I can't be sure that my family member deleted my message. So what I did instead was I sent an end-to-end encrypted
message using ProtonMail to my family member. I sent them the private key, basically just a short
passphrase that I made up in a separate text message. They received the email
and used the private key in order to unlock the email and see my social security number. Even if they never deleted that message off the email servers, my
ID will never be readable by the email service provider and it isn't at risk even in the event of a hack because it requires
that private key to open. Does that make sense? As many of you know, I've
had my email hacked before and my identity stolen and this wasn't Google's fault per se, but it opened my eyes to the
value of end-to -end encryption for certain kinds of communication. And thus, I began using Gmail
for my general communication and I opened a secure email account for any sensitive information
and for all of my finances. And that's an important
use that I wanna unpack, but we'll get to that in just a moment. For me, there were two primary reasons I was reluctant to open
a secure email account. First, I didn't wanna pay for something I could get for free, you know, and second, I didn't want to
downgrade my email experience. So let me give you a peek
inside my secure email inbox, so you can see what it looks like. This is my ProtonMail inbox,
which is laid out very much like you'll see with
every other email account you've probably used. I have all the folders for
organization on the left what the actual emails
and all nested replies taking up the majority of the screen. I have the same ability to
label organize mark as spam, archive, and delete
emails as I do in Gmail. So far there's not much difference between Gmail and ProtonMail until we clicked create a new message. The differences found in
these two icons on the bottom that look like an hourglass and a lock. These allow you to set an email expiration and end-to-end encryption respectively. Remember that private
key I was talking about, this is where I create that passphrase that I'll give to my recipient in order for them to open the email. So let's say I send an
end-to-end encrypted email from ProtonMail to a Gmail user. What they receive is
an email alerting them of the new message and
a button to view it. This brings them away from Gmail where they have to input the
passcode to reveal a message. The data is never stored on Google servers and my recipient doesn't have to open a ProtonMail account to view it. Now, although this feels similar to Google's confidential mode, you have to remember
that we're still dealing with two different types of encryption and there is a difference
like I explained earlier. Even with confidential mode, Google isn't providing
stronger encryption, they're just really putting
lipstick on a pig so to speak. ProtonMail gives me access
to encrypted cloud storage called Proton Drive kind
of like Google Drive, and that allows me cloud storage for larger email attachments. There's also an online calendar feature. Both of these are still in
beta as I record this video but I've been using them
for a couple of months without any problems. The calendar feature extends
my privacy to my calendar which many of us don't realize
we give up that privacy when we tell Google everything we're doing and everywhere that we're gonna be. Using the ProtonMail calendar,
I can still create meetings invite outside users, set reminders and work with different time zones. Unfortunately, it hasn't
replaced my Google calendar yet mostly because there isn't
a mobile app available but I'm still attracted to the idea of more private personal calendar. Last but not least, it
wouldn't even be worth talking about secure email like ProtonMail if there wasn't a dedicated
app to access your messages on mobile devices. The ProtonMail app is fast, it's clean, and it's familiar to use. The biggest difference between
this and Gmail is again, those two icons that offer full encryption and expiration of the message. My only complaint is that so far I'm unable to access Proton Drive files from the ProtonMail mobile
app if I wanna, you know, attach those to the email. Okay. So the big question is, is it worth paying for
a secure email provider like ProtonMail when you
can get Gmail for free? I mean, we're talking about $50 a year. But if you're looking for ways
to create stronger privacy and anonymity for your online life, this is one really easy way to do that. For me, I use secure email
address as the primary contact for all my bank and investment accounts, and I don't publish this
email address anywhere. This minimizes the risk
of anybody gaining access to my finances through an email breach. I also use the secure email
address whenever I'm sending let's say tax documents to my CPA or sending sensitive data anywhere like my social security number. It's your choice and ProtonMail
has a limited free option that you can easily set up and try. On the surface, Gmail and ProtonMail look and feel mostly the same, but the foundation of
encryption and privacy is very different. And that's what makes this
such an important thing to consider. If this video has been
educational and helpful, please give it a thumbs up
and you can leave a comment with any questions you might have.
