Home

ProtonMail vs Gmail 2021...is secure email worth the extra $$$?

- Is secure email like ProtonMail really more secure than regular old Gmail? I mean, worth paying for kind of secure. If you're skeptical, curious, or just fed up with companies like Google that survive off collecting your personal data, this is what you need to know about end-to-end encryption and how it affects your daily email communication. Hey there, welcome to All Things Secure. My name's Josh, if you're a first time viewer here and let me start by telling you what this video is not. This video is not my attempt to get you to abandon your Gmail address and open a secure email account.

I still use Gmail everyday, and frankly it would be almost impossible for me to delete it at this point. I would bet that you're probably in about the same boat. Also this video is not just for those conspiracy theories to wear tinfoil hats. Encrypted communication is a basic tenet of privacy that I believe everybody should take seriously and take advantage of including you. So what I am going to do here is explain how Gmail's current encryption just doesn't cut it and how secure email compares as an alternative. There are a number of secure emails services that you could use, very good ones, but I am going to use ProtonMail as the example here for three reasons.

First, that's what I've been using for the past few years. Second, they have a good free option that you could use to give it a try. And third, well they're sponsoring this video, and as a creator, I just have to step back. (claps loudly) Okay, let's start off with an important lesson on email encryption. Most email providers including Gmail use what's known as TLS or Transport Layer Security to encrypt emails as they're being sent across the internet. It's the standard and it works but it falls short because it gets decrypted once it reaches the target mail server.

Gee whiz, I hate using technical jargon. So let me put it this way. Imagine that I am sending you a top secret message. It gets placed in a lockbox and delivered to your door, but once it arrives at the house, the box is unlocked and that message can be read by anyone in the house. It's been securely delivered, sure but once it arrives at your house, that security is gone. End-to-end encryption works differently. Using this method, I placed my top secret message in a locked box and send it to your house, but I also send you a private key to that box separately.

The box arrives at your home, but it remains locked until you personally use that private key I gave you to unlock it. Let me give you a more practical example for my everyday life. A few weeks ago, a family member asked me to send my social security number that was needed to open a certain account. Using Gmail, I can send this sensitive information and be confident that it will arrive securely. That's TLS encryption at work. However, once it arrives at the destination, I have no guarantee that the message I sent will remain private or available only to my family member.

Your email provider can see the message even if they've promised not to scan it for ads, and the account were somehow hacked or compromised so would my ID number, since I can't be sure that my family member deleted my message. So what I did instead was I sent an end-to-end encrypted message using ProtonMail to my family member. I sent them the private key, basically just a short passphrase that I made up in a separate text message. They received the email and used the private key in order to unlock the email and see my social security number.

Even if they never deleted that message off the email servers, my ID will never be readable by the email service provider and it isn't at risk even in the event of a hack because it requires that private key to open. Does that make sense? As many of you know, I've had my email hacked before and my identity stolen and this wasn't Google's fault per se, but it opened my eyes to the value of end-to -end encryption for certain kinds of communication. And thus, I began using Gmail for my general communication and I opened a secure email account for any sensitive information and for all of my finances.

And that's an important use that I want to unpack, but we'll get to that in just a moment. For me, there were two primary reasons I was reluctant to open a secure email account. First, I didn't want to pay for something I could get for free, you know, and second, I didn't want to downgrade my email experience. So let me give you a peek inside my secure email inbox, so you can see what it looks like. This is my ProtonMail inbox, which is laid out very much like you'll see with every other email account you've probably used.

I have all the folders for organization on the left what the actual emails and all nested replies taking up the majority of the screen. I have the same ability to label organize mark as spam, archive, and delete emails as I do in Gmail. So far there's not much difference between Gmail and ProtonMail until we clicked create a new message. The differences found in these two icons on the bottom that look like an hourglass and a lock. These allow you to set an email expiration and end-to-end encryption respectively. Remember that private key I was talking about, this is where I create that passphrase that I'll give to my recipient in order for them to open the email.

So let's say I send an end-to-end encrypted email from ProtonMail to a Gmail user. What they receive is an email alerting them of the new message and a button to view it. This brings them away from Gmail where they have to input the passcode to reveal a message. The data is never stored on Google servers and my recipient doesn't have to open a ProtonMail account to view it. Now, although this feels similar to Google's confidential mode, you have to remember that we're still dealing with two different types of encryption and there is a difference like I explained earlier.

Even with confidential mode, Google isn't providing stronger encryption, they're just really putting lipstick on a pig so to speak. ProtonMail gives me access to encrypted cloud storage called Proton Drive kind of like Google Drive, and that allows me cloud storage for larger email attachments. There's also an online calendar feature. Both of these are still in beta as I record this video but I've been using them for a couple of months without any problems. The calendar feature extends my privacy to my calendar which many of us don't realize we give up that privacy when we tell Google everything we're doing and everywhere that we're going to be.

Using the ProtonMail calendar, I can still create meetings invite outside users, set reminders and work with different time zones. Unfortunately, it hasn't replaced my Google calendar yet mostly because there isn't a mobile app available but I am still attracted to the idea of more private personal calendar. Last but not least, it wouldn't even be worth talking about secure email like ProtonMail if there wasn't a dedicated app to access your messages on mobile devices. The ProtonMail app is fast, it's clean, and it's familiar to use. The biggest difference between this and Gmail is again, those two icons that offer full encryption and expiration of the message.

My only complaint is that so far I am unable to access Proton Drive files from the ProtonMail mobile app if I want to, you know, attach those to the email. Okay. So the big question is, is it worth paying for a secure email provider like ProtonMail when you can get Gmail for free? I mean, we're talking about a year. But if you're looking for ways to create stronger privacy and anonymity for your online life, this is one really easy way to do that. For me, I use secure email address as the primary contact for all my bank and investment accounts, and I don't publish this email address anywhere.

This minimizes the risk of anybody gaining access to my finances through an email breach. I also use the secure email address whenever I am sending let's say tax documents to my CPA or sending sensitive data anywhere like my social security number. It's your choice and ProtonMail has a limited free option that you can easily set up and try. On the surface, Gmail and ProtonMail look and feel mostly the same, but the foundation of encryption and privacy is very different. And that's what makes this such an important thing to consider. If this video has been educational and helpful, please give it a thumbs up and you can leave a comment with any questions you might have.