# Securing Mail: GMAIL, Hushmail, manage it all. (questions)

## john745

I have some questions, but firstly let me comment the context:

I bough some articles in Amazon. The confirmation of the buying was sent to my gmail mail. I started to notice that after my buying the "google ads" in my gmail, which appear in the blue frame on the right of "compose mail", had publicity according to the products I bought. So, gmail -google?- is gathering information about my interest. I`m not agree with this attitude -thou gmail is really good, and friendly!-. If in the future something happens, and this info split over the internet!!! If I bough a plastic doll, a living pig, a book, a severed hand of saint, etc. that´s MY PROBLEM and nobody has the right to know it.

Well, now the questions -for possible solutions?-:

1)I open a mail at Hushmail -not very friendly, as gmail-, which, for i know, is one the most confidence mail in the net -somebody? any recommendation?-. Thou, if i want to send an encrypted mail, the recipient must had allowed the encryption modality, if not, i must put a question and a answer for the recipient to see it: he must write down the answer. This can slow the process of mail reading, and is fatiguing. If i want a way to avoid that anybody, just the mail recipient, to see the mail, what can i do? This is: google does not need to know about our purchase habits, or does it?

2)There ia a way that google could use an encrypting method. If yes, how.

3)Enigmail can be used with all possible mail accounts?

Well, that all. Is not that I´m paranoiac about my personal information: I do not buy anything that i must be ashamed. Never the less, i feel vulnerable at some point, and i would like to take care about this situation.Last edited by john745 on Fri Apr 10, 2015 10:09 pm; edited 1 time in total

----------

## Mad Merlin

The only way to keep your emails secure is to encrypt them before they're sent, which also means that everybody you talk to needs to do the same. You can achieve this with GPG/PGP, but everybody else you talk to needs to do the same. Basically, unless you have a very small number of people you talk to via email, it's not feasible. Even if you do this, Amazon still won't send you encrypted emails, so those can still be read in transit, even if you yourself never send an unencrypted email. Furthermore, even if Amazon had the option to send encrypted emails (unlikely), Amazon would still know about everything you've purchased.

----------

## b3cks

Funny shit. You care about your privacy but are using the services of the biggest data miner company on earth. And then you are wondering Google displays ads fitting to your interests?

Maybe you should read the TOS. It is well known that Google scans your e-mail (if you are using Gmail) to update your personal ad profile. And now, after buying Doubleclick, Google starts the next big thing: Behavioral Targeting

----------

## john745

 *Quote:*   

> To develop interest categories, we'll recognize the types of webpages users visit across the AdSense network. As an example, if they visit a number of sports pages, we'll add them to the "sports enthusiast" interest category.

 

This is absolutely dreadful.

So, whats the solution? been a caveman, without internet?.........Maybe we should pay the price of using the technology......which is intolerable, bus the reality.

Well, thank you. I guess this thread is unsatisfactory solved.

Greetings

----------

## vaguy02

How do you think google makes it's money to support these huge server farms and 8 gigs of email space per user. If you want free = no privacy, if you want privacy = gonna have to pay big (time/effort/money/all of the above).

But off my soapbox....

1.) Encryption of course only works if both of you are using it, not pratical unless you control both ends of the email. The only way you can prevent other people from reading the email without encryption is by controlling all nodes that the email goes through to reach it's destination, again, by controlling both eneds, this is possible, else not possible.

2.) Even if google provided an encryption service, the point is still mute. Because google would have to read the email to encrypt it, and you don't want google to read it. Therefore defeating the encryption.

3.) I've never used Enigmail, so I can't comment on that, but I would recommend GPG/PGP if possible, but with amazon, this of course is not possible. So you are kinda stuck. 

In closing, my recommendations is as follows. Use Gmail for the random purchases on amazon and free offers etc. Basically stuff that you don't care about. Then use another email account for personal email so you keep your personal correspondence and your public email purchases separate. It really only hampers things, but it's better than nothing.

Robert

----------

## djinnZ

 *vaguy02 wrote:*   

> but I would recommend GPG/PGP if possible

 enigmail act as a frontend to gnupg, you can easy configure it. If is better use aes in front of pgp is another question.

----------

## john745

Well, what tips could you give me?

1) Which free-mail do you use?

2)What protections methods.

3)How do you surf

I mean, we can not be at the mercy of google, yahoo, amazon, etc. do we?

:S

Greetings

----------

## yther

I use several mail services, including Gmail.  Of course I skimmed the service agreement (won't pretend to have read the whole thing) and observed that Google will scan my messages and chats in order to target me with ads.  Personally, that's fine with me.  I use AdBlock Plus in my browser, which gets rid of the obnoxious picture ads on almost every site I visit, and the little one-line text ads at the top of my Inbox are easily ignored.  I also use NoScript in FireFox, which allows me to whitelist certain sites and block scripts from all others.  It may not be iron-clad protection, but it's about as safe as I can be without using some kind of hardened browser in a sandbox.   :Wink: 

If I had any extremely sensitive stuff coming through my e-mail, I would demand that the person sending it to me use encryption, which isn't nearly as difficult these days as it was when PGP first came out.  Even Outlook has security options these days!   :Shocked: 

To be really secure in your browsers, a couple of things I have done in the past (and I'm no expert) include using a personal web proxy that eats all incoming cookies (says they have been stored but puts them into a black hole), and running a browser inside a virtual machine that gets reset to a snapshot with every start-up.  If you want to go to those lengths, have fun!  (The VM was mostly to visit questionable or known dangerous web sites, without fear of damaging my system.)

----------

## b3cks

 *Gromlok wrote:*   

> 3)How do you surf

 

Using Firefox with following Add-ons amongst others: CookieSafe, Flashblock, NoScript and RefControl

For risky sites also some kind of anonymous service, like an Elite-Proxy, TOR or JonDo.

----------

## RaceTM

Why don't you buy a domain with a cheap hosting plan for like $20 / year and use your own domain's email directly via pop3/smtp?

----------

## djinnZ

I must use different mail services due to a stupid law obbligation, contract obbligation for the adsl (I must have an email on the ISP's server), denial of service wars between the various ISP and obliviously the high idiocy level of the customers of mine.

Really is impossible escape from the scan of the emails, we have loss our privacy.

enigmail (as simple frontend to gpg) is not a complete solution because there is ever the idiots than will never use the encripion (due to the limits of its client or web interface).

In fact I have blacklisted the mails from facebook and similar also (but i do not care of "friends" so dumb) and use the addons for firefox and the proxy but:

I must have a "[url=http://www.cnipa.gov.it/site/it-it/Attivit%C3%A0/Posta_Elettronica_Certificata__(PEC)/]P.E.C.[/url]" and in fact all the authorized provviders are not "sure"(example) and in most cases the use of thunderbird is not possible (the only supported interface require MS-IE), so the use of the encription in this environment is not possible.

The problem is limited because the only content admitted is strictly related to tax advices and notification.

I  must communicate with the customers of mine but some isp will reject all the mail from the others so I need to use a free account (i have 5 mail for this) with the web interface (the pop or imap run only with the same isp in my country). Similar problems are reported everywere. You can encrypt the attachements before sending but it require work and time, is not so pratical. Obliviously the conditions offered by google are better versus the others. I have verified than the encripted contents are rejected easier than the clear text and for one accaount i am not able to send encripted or compressed attachements.

But at end the most powerful obstacle to the use of the encription are the users, in the measure of the 90% of all the contacs of mine there are idiots than will only use outlook express (in an old unupdated version of course), with the most intrusive ISP and no encription module ("you are paranoid, i do nothing illegal so i have nothing to fear" is the most used answer).

For this problem nobody has supplied any solution than the extermination of the stupids (in fact there is too much people in this world, time to clean it?  :Twisted Evil: ).

----------

