1 Comment

Webmail – you’re doing it wrong.

As of July 2017, Google reported having 1.2 billion users of Gmail. As of Q2 of 2017, 87.7% of mobile OS devices were running on Android (see Statista) and you need an account with Google to set up every android device, and similarly, about nine out of every ten CVs I see from freelance translators has a gmail address as a primary email contact listing. Why is this important to note? In November 2017, Google published a year-long study (see Google) in conjunction with UC Berkley and the International Computer Science Institute where they found that hackers steal about 250,000 passwords per week (see Mashable).

So, if nine out of every ten translator email addresses listed that I come across is a gmail address, translators must not know that it puts their client’s data at risk. And like I stated in Tuesday’s intro, if someone really wanted to get into a translation company’s internal system, a translator or project manager’s email account is a very good way to start. If they hack the gmail account of a translator they know is collaborating with X LSP, they can put in the email address, click on forgot password, and reset the password for themselves; or if they have access to a project manager’s personal gmail address which so happens to be connected to their company’s internal system login, and know that person’s name, and assume that that person is like most internet users and has the same password for all online accounts, they can guess the project manager’s work e-mail address and use the same google password.

So how can we break ourselves from this Google addiction? How can we get the webmail we need to operate our businesses while at the same time, have access to security, encryption, and privacy that Google cannot, or more likely, does not provide?

There are several secure, encrypted webmail providers with varying degrees of services. I have tried out three of them which I will break down and review here.


Unseen.is

Unseen

The first secure webmail service I tried was unseen.is. Unseen is located in Iceland – a country with an established history of protecting privacy (see Iceland). Unseen’s offering is quite barebones. They offer file sharing up to 50MB, encrypted chat (text and video), and if you pay for the lifetime megapack, you can store your own private key, get file transfers up to 50 MB, 5 premium email addressed with up to 10 GB of storage, and larger group video calls.

Pros

  • The company and its servers are located in Iceland, outside of the direct reach of the largest government surveillance organizations.
  • You can test out how the email and chat functionalities work.
  • The fee that is in place is one-time only, not recurring.

Cons

  • No mobile app for mail.
  • To get the security and functionality you are looking for, you need to pay $150.00
  • The platform is closed source and emails are only encrypted end-to-end when sent from one unseen user to another unseen user.
  • You cannot send encrypted emails to people outside of the unseen.is network.
  • The chat and audio/visual call functionalities can only be made between unseen users.
  • Maximum storage ever is 2 GB
  • The @unseen.is domain can be suspicious to some, some websites do not even recognize it as a proper domain when I enter my unseen email address into a form (ex. applying to be a provider to an LSP).

While unseen’s paid service is a one-time fee, that doesn’t offset the fact that you can only send end-to-end encrypted emails to other unseen accounts. The fact that there is no mobile app for email is the biggest con for me. I may be paranoid about security, but as a freelance translator, I still need the ability to be notified when I receive email and I need to be able to check it and respond from any portable restroom I can find (don’t judge me).

ProtonMail

Protonmail

The second secure webmail service I tried was ProtonMail. ProtonMail’s servers are located in Switzerland which also has a long, if sometimes sordid, history of protecting privacy. The free version is also quite basic, allowing 1 user, 500 MB of storage (10 times more than unseen), limits on number of messages (150), etc. No encrypted chat feature, but that’s not that big of a deal for me.

Pros

  • 500 MB of storage with the free version
  • You can send end-to-end encrypted emails to people regardless of their email provider.
  • Mobile app that allows me access to read and respond to emails. It works just like I’d like it to. And if you don’t want to download a separate app, the paid version supports IMAP/SMTP so you can get your mail through the mail app on your mobile device.
  • They have an ongoing survey for users, where you can give feedback on services you would like to see from ProtonMail and you can vote on others’ suggestions to show ProtonMail that that service is also important to you.
  • The visionary paid service comes with ProtonVPN!
  • Two-factor authentication
  • You can include images and rich text formatting
  • Free version also comes with the free version of ProtonVPN
  • For the paid services, you get a 20% discount when you pay for a year as opposed to paying monthly.
  • @protonmail.com is quite a nice domain, it’s ambiguous and doesn’t lead to any suspicion.

Cons

  • With the free version, you can only send 150 messages per day – might be a con for some, but if you are sending more than 150 messages in a day, you might be able to afford their next level of service.
  • In the free version, you can only have three folders or labels. Might be a con for some, I don’t really care that much.
  • In the free version, the line, “Sent with ProtonMail Secure Email.” is added to the bottom of your signature.

ProtonMail’s pricing is pretty good as well. Upgrade to “Plus” and you get 5 GB of storage, 1000 messages per day, up to 200 folders and labels and all for $48 per year (you pay a lot more for Netflix). The shining gem of the ProtonMail offering is buying in at the “Visionary” level. For $288/year or $24 per month, you get up to 6 users, 20 GB of storage, unlimited messages per day and folders/labels, E-mail filters, autoresponder, a catch-all email, multi-user support and the best part of all: ProtonVPN Visionary plan! In my honest opinion, everything about ProtonMail’s levels of service offering is ideal, from free to the highest paid level, every level is worth the cost.

Hushmail

hushmail

The third secure webmail service I tried was hushmail. Hushmail is located in Canada and has been providing secure email service since 1999. It touts HIPAA compliance, and while there is no standalone (non-Apple) mobile app, it does have a desktop/mobile button you can use through the browser on your mobile device.

Pros

  • Like the paid version of ProtonMail, the paid version of Hushmail supports IMAP and POP.
  • It offers two-step verification
  • The free version gives you a whopping 10 GB of email storage.
  • It includes a spam filter
  • You have a choice of several different addresses (@hushmail.me, @hush.com, @hush.ai, etc.)
  • You can send encrypted emails to people outside of the hushmail network.
  • Browser mobile UI

Cons

  • When signing up, you need to provide an alternative email address in addition to your phone number for verification.
  • The mobile app is only for iPhone.
  • The @hush/@hushmail domain may be a bit suspicious to some, like the @unseen.is one.

While there may not be a mobile app for Hushmail android users, the fact that they offer a mobile version of the UI is a plus. Some may like that Hushmail can help them stay HIPAA compliant, but I know everyone can appreciate that the free version comes with 10 GB of mail storage. If you’re looking for a no-frills, secure email service, with a lot of storage that is free like Gmail, Hushmail may be the one for you.


Now, everyone has their own preferences in what they are looking for in a webmail provider. Something that appeals to me may not appeal to others (and there certainly are other secure webmail providers out there). I have tried out three options reviewed how they suited me. The only thing I can ever recommend is trying them out for yourself.

One last note regarding setting up accounts with these services, be sure to use secure, unique passwords. If you want some help creating a secure password, you can visit my webpage where I’ve made available a random password generator and a link to a website where you can see how long it would take to crack a given password.

Please look forward to my next post on secure chat and video chat and until then, stay safe.


Other secure webmail providers that I have not yet tried out:

Countermail

Mailfence

Tutanota

One comment on “Webmail – you’re doing it wrong.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: