In case you never thought about it, companies that offer “free” email services are not charities. Everything they do is designed with one primary objective in mind: make a profit for the company that offers the service.
Yes, this applies to Google Gmail, Yahoo, AOL Mail, Mail.com (owned by the 1&1 web hosting service), Yandex.Mail (a Russian company), iCloud.com (owned by Apple), and Outlook.com (previously called HotMail and some other names, all owned by Microsoft).
Many of these services also offer additional so-called “free” services, such as storing your address book or your personal appointment calendar.
Why would a for-profit company offer free email services? For one simple reason: to make a profit.
At first glance, that appears to be contradictory statements. However, the companies offering these free services all know how to convert the expense of adding servers, routers, and more hardware, software, and support personnel into profits for the company. In short, they spy on you and all the email messages you send as well as messages received from friends, relatives, companies, and more. Yes, they read your email messages and look at your address book and appointment calendars. Does that make you feel uncomfortable? It should.
In most cases, it is not a human being who is reading your messages and other information. However, human employees can also read your email messages, if they are so inclined. Instead, software reads every message and then feeds the email addresses and message contents into artificial intelligence (A.I.) software in order to learn more about you. This software then extracts enough information about you and your correspondents to learn your approximate age, your approximate family income, where you live, your political beliefs, your sexual preferences, your hobbies and personal interests, whether or not you use tobacco products or alcohol, your level of education, your friends, your relatives, your ethnic heritage, the language(s) you speak, and much, much more.
Also, government spies can read any email message they want by simply asking the email provider for a copy. In some cases, a court order is required. However, NSA, the FBI, and other spy agencies regularly obtain thousands of such court orders every year.
Yes, if you frequently place online orders on Amazon, these email spies will soon learn the size of your boxer shorts and they will save that information. Why would they care about clothing sizes? That information becomes valuable when selling your personal info to drug companies, health care organizations, companies that sell diet services, and even to your insurance company. Do you think your insurance company wants to know if you are an overweight smoker in his or her sixties? You bet they do! The price of your insurance policy is often based on such information.
Next, there are companies such as the now-defunct Cambridge Analytica that help foreign governments in their efforts to subvert democracy. Cambridge Analytica isn’t (or wasn’t) the only such company, just the most publicized one. There are a number of other companies here and overseas that are collecting data about you today and selling it to various special-interest groups and foreign governments.
So what do these companies do with all this information? They can give or sell the information to advertisers, political organizations (remember Cambridge Analytica?), or government spy agencies, including your government and foreign governments.
Selling your personal information is a multi-billion dollar business!
“If you’re not paying for the product, you are the product!” – a quote about television advertising from the 1970s.
Even worse, when your email account is compromised, a hacker can easily take over your other online accounts by requesting password resets.
How can you prevent all this spying? Actually, there are several methods. You can use an encrypted mail service such as TutaNota.com, Proton Mail, HushMail, TorGuard Email, or others. I have written about encrypted email services a number of times. Start at https://duckduckgo.com/?q=site%3Aprivacyblog.com+encrypted+email&t=h_&ia=web to find my past articles.
Perhaps the Best Solution of All
While encrypted email is a huge improvement over the so-called “free” email services, there still is one better bullet-proof solution: run your own email server.
Running your own email server has long been a recognized method of improving your online privacy. Once installed and operational, you control who reads your messages.
In the past, the big problems with installing your own email server in your home were the complexity involved and the required expertise to install it, configure it, and keep it in operation. Luckily, several companies have now created “canned” email server products that install in your home quickly, require very little configuration, and run more or less forever with minimal human intervention. If you possess enough technical knowledge to install an email program, you probably can install and configure one of these easy-to-use email servers.
One of the new wave of easy-to-install email server is produced by Helm, a company in Bellevue, Washington. The company claims you can install the Helm mail server in five minutes or less. It is an excellent replacement for Gmail, Yahoo Mail, Outlook.com and the other spying email services. With the Helm mail server, the only person who can spy on your email is you.
You can read more about the security of the Helm mail server at https://thehelm.com/pages/technology.
The Helm server not only stores your email messages but also (optionally) stores your appointments calendar and your address book. It can even do this for all your family members or anyone else you add to the list of users of the email service. The Helm email server supports unlimited users, constrained only by the amount of disk space available. You could set up email accounts for your family members, friends, and others.
Helm Email Server
The Helm email server is a small (4.375″ x 7.125″ x 5.125″) piece of hardware sits on a desk or shelf, probably in your home or perhaps at your office. Actually, it can be placed anywhere, so long as it has an always-on Internet connection. You connect it to your in-home router via a cable or by wi-fi wireless networking. The Helm server connects securely to a unique gateway owned and operated by Helm, which is assigned a static IP address so Helm is reachable by other mail servers and secure TLS sessions* can be established. Only securely-encrypted data passes through the gateway. It never processes email messages in plain text. As a result, not even the Helm employees can read your email messages. Neither can anyone else.
*NOTE: TLS, or Transport Layer Security, is designed to provide communications security over a computer network. It means that hackers cannot tap into a network someplace else and read your email messages as they flow through the Internet. You can read more about TLS in Wikipedia at: https://en.wikipedia.org/wiki/Transport_Layer_Security.
You and other registered users of your Helm server can connect to the in-home email server from anyplace in the world that has an Internet connection. You could be using a laptop or an iPhone or Android phone in a coffee shop in Bangkok, Thailand and still connect to the mail server in your home or office to read and write email messages, check the appointments calendar, and to access your address book. (Don’t forget to leave the email server and internet router powered on when you leave home!)
Security is top-notch all along the path to and from other email servers. Quoting the Helm web site:
“When you use an email provider like Google, Microsoft, or Yahoo!, your personal emails are stored on their servers, making them a target for hackers and phishing. Helm provides protection for the massive amount of sensitive and personal information in your email.
“Your device includes full-disk encryption, secure boot, and encrypted backups. Each Helm uses certificates from the Let’s Encrypt Project to secure connections to and from your custom domain.”
The Helm email server runs a hardened version of Linux as its operating system. Everything is internal. Should the server need to be re-booted (which should be rare), all software is stored on an internal (encrypted) solid-state disk drive (SSD). Helm comes with 120 gigabytes of storage for your mailbox—enough for a family’s worth of emails for years to come. That’s more than what the most of the so-called “free” email services provide. However, some of the “free” services do offer additional storage space if you pay for it.
If 120 gigabytes of storage space isn’t enough for your needs, you can easily expand storage capacity by using a slide-in drive.
Calendar and contacts syncing is also available with industry-standard CalDAV, iCal, and CardDAV file transfers.
You can read and write email messages by using any modern web browser on any computer that has an internet connection. That obviously includes Windows, Macintosh, Linux, Chromebook, and probably other operating systems as well. In addition, free Helm apps are available for Android and Apple iOS (iPhone, iPad, and iPod touch) systems. You can read and write email messages, check your calendar, or access your address book from anyplace in the world as long as you have an internet connection. All they need to do is open a web browser (or an Android or Apple iOS app) and connect to the custom domain name you created for your Helm email server during installation. After that, everything operates in a somewhat similar manner as using other email services: Gmail, Yahoo, Mail, Hotmail, and all the others.
The Helm email server costs $299 (US). A subscription to Helms’ secure gateway is also required. The subscription is free for the first year, then costs $99 (US) per year in later years. Subscriptions can be canceled at any time; there are no contracts involved.
The subscription includes:
- Email, calendar, and contacts.
- Custom domain registration with DNS records management – You can register any domain name that isn’t already registered, such as jones-family-email.com or JohnDoeUS.email. The cost of the domain registration is included in the annual subscription.
- Unlimited email accounts and aliases.
- Feature and security updates.
You can also import your present email messages that have been stored on other services (e.g. Gmail, Hotmail, Yahoo mail).
You can read more about the Helm email server at: https://thehelm.com.
The FAQs (Frequently-Asked Questions) may be found at: https://thehelm.com/pages/shop while the Helm Blog may be found at: https://thehelm.com/blogs/news.
Delivery of the servers is promised for “late February” although I wouldn’t be surprised if it is delayed a bit. Delays in the planned shipment dates of new products from many companies often are delayed.
Does the Helm email server sound good? I think so. I ordered one this morning!
P.S. I am not compensated in any manner for describing the Helm email server or any other device. I simply believe that encryption and privacy are amongst the biggest needs of our time. The use of a private email server that is not accessible to worldwide hackers or advertisers or spies strikes me as a good idea. I have already ordered mine.
- Roughly 17,000 Android Apps Collect Identifying Information from Your Device
- India Proposes Chinese-Style Internet Censorship
Categories: Email Security, Online Privacy & Security
10 replies ›
Leave a reply to Kunal Desai Cancel reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Privacy Blog 
Thanks for sharing.
LikeLike
Years ago I ran an email program, Eudora (Is it still in existence?), on my computer. Google, et al did not see my email. My ISP did, but presumably did not keep copies, just forwarded them. Is something like that a useful compromise between Trusting Our Masters or having to operate a private server with the attendant cost and complexity?
I know that using an email program precludes sharing messages between two or more computers, but maybe that’s not disadvantage.
🙂 Doesn’t a server on the bookcase violate your “everything in the cloud” rule?
LikeLike
If you trust your ISP not to read your messages, you could easily use the ISP’s mail server. Personally, I do not trust any ISP. However, if you do trust your ISP, using Eudora or any other email program connecting to an ISP’s mail server certainly will work and will be easier and probably cheaper than using your own mail server.
—> I know that using an email program precludes sharing messages between two or more computers, but maybe that’s not disadvantage.
I believe you can use the Helm email server (or most any privately-owned mail server) to share messages between two or more computers. I’ll verify that once I receive and install the Helm server. However, I believe you can share messages amongst two or more computers on any privately-owned email server as long as you don’t check the box that says “Delete messages after being read” or similar words.
—> Doesn’t a server on the bookcase violate your “everything in the cloud” rule?
I suppose so. Of course, I could call my in-home network “my personal cloud” or something similar. There is some truth to that although it might be stretching things a bit. I don’t have redundant servers located in multiple locations around the world so it is a rather poor imitation of a cloud. In any case, I can access the home server from any location in the world as long as I have a working Internet connection so, in my eyes, it is the equivalent of a mail server in the cloud.
However, I believe that an in-home server that uses modern encryption will be more secure than any server in the cloud with the possible exception of the few encrypted email services that are in the cloud.
I already can access my computers and external disk drives remotely from anywhere in the world as long as I have an Internet connection and can remember the required user names and passwords. I use encrypted connections to access my in-home devices. Hackers would need to know the encryption keys to even get to the log-in screens plus any hacker would also need to know my user names and passwords to access the various devices.
Is this foolproof? No, there are some fools everywhere. But I think it is at least as secure as a mail server in the cloud where many of the mail servers have previously been hacked.
A few years ago, I did run my own email server on a web hosting service in the cloud for a while. I was the only user on that server. I gave up on it after a while because (1.) it was expensive and (2.) it needed a lot of maintenance to keep it running and to block spam mail and things like that. I had to be a Linux guru to keep it running. (I am comfortable with Linux but don’t consider myself to be a guru.)
Admittedly, that was 8 or 10 years ago and today’s email servers should be easier to maintain. Repeat: SHOULD be easier. I haven’t tested that myself in many years.
So is this a perfect solution? No, I don’t consider anything to be perfect. However, this device looks attractive to me.
By the way, Eudora is still available but no longer is being maintained by the developers. See https://en.wikipedia.org/wiki/Eudora_(email_client) for the details.
LikeLike
I didn’t know about the (flimsy, maybe) legal distinction where the gov’t is, marginally, more restricted from reading your unopened email vs the open, stored copy in the Cloud.
From this:
http://reason.com/volokh/2019/03/21/fourth-circuit-deepens-the-split-on-civi
it looks like downloading the email from the ISP to your own POP, like Eudora, is slightly more protected. Your personal server is best, of course.
LikeLike
—> I didn’t know about the (flimsy, maybe) legal distinction where the gov’t is, marginally, more restricted from reading your unopened email vs the open, stored copy in the Cloud.
Because my unopened and opened mail alike is stored ONLY on a mail server that is in my home and (hopefully) cannot be viewed by government spies, corporate spies, or by independent hackers. Whether opened or unopened, the email messages all end up on my own mail server that is only available to me. My received email messages will not be stored on normal (plain text) email servers in the cloud. The various spies cannot access the messages on my own mail server and therefore will not be able to read them. If a governmental agency sends me a court order demanding a copy of my email messages, I can “accidentally” erase them. Since I am the only person with access to system administrator rights to that mail server, I can control who can receive copies.
If the email messages were sent by by my correspondents as ENCRYPTED email, even those messages can not be intercepted en route, before being stored on my own email server. Admittedly, only a tiny percentage of the email messages I receive these days have been encrypted but, then again, those probably are the ones that I most want to protect.
I hope that encrypted email will become more and more popular but I don’t see much of an effort going on to educate the public about the advantages of encryption. I am rather pessimistic about the general public. However, I have already “converted ” a few friends and relatives into using encrypted email whenever they send messages to me.
LikeLike
Hello,
what do you say running your own email, contacts, calendar on Synology.com NAS? It is safe?
LikeLike
I haven’t tested the email server on Synology. Can someone else jump in here with an answer?
LikeLike
Even if I used this, most of those I sent email to would have free services that read their messages. So wouldn’t my messages be read anyway, just through others’ accounts?
LikeLike
The primary purposes of having your own mail server, regardless of where it is located, is:
1. A secure place to store your OWN INCOMING MAIL, a place that is not visible to online spies, be they corporate snoops (such as Gmail) or government snoops or hackers around the world. Obviously, anyone can read the mail being sent to you (if it is not encrypted) if they can capture it while it is being sent. However, most spies prefer to simply get a dump of all your incoming email that is stored in one place on a publicly-accessible email server. The governmental agencies simply get a court order (from a secret court) and ask Google or Yahoo or wherever your email is stored today asking for copies of all your stored email messages plus all messages that were deleted in the past six months or 12 months or whatever they wish for. If your email server is under your control and you are the only administrator of the server, then you obviously know who is checking up on you when you receive the court order. The you can make a decision of whether or not you wish to comply with it.
2. Your incoming email will not be scanned and then have advertising displayed beside it that relates to the contents of the message. That can only occur on hosted email services, such as Gmail, Yahoo Mail, AOL Mail, and most ISP (Internet Service Provider) email services. If you control your own email server, the only one profiting from your email is you. It’s what email should be. Companies similar to Cambridge Analytica won’t be able to read your stored mail and use it for nefarious purposes.
3. If you control your own email server, you can create as many email addresses and accounts as you wish. You might have one “secret” email address you only give to family members, another that you use when corresponding with companies that probably will then flood your in-box with advertising, and a general-purpose email address for everything else. For instance, I have a “secret” email address that only my family members know. When any message is received at that address, the message is instantly forwarded to my cell phone. This capability is very appealing for some people while others might not care about it at all.
As for OUTGOING email messages, the only significant advantage I can think of is the same as #2 above.
LikeLike
Thank you for the insight on email privacy. You may wish to post an update to your article: as of 14 May 2019, the Helm server is now priced at $499 and is currently out of stock. The company is accepting backorders.
LikeLike