After Hillary Clinton was accused of using a “homebrew mail server” (as the Associated Press dubbed it), a lot of people became interested in reclaiming the privacy of their email. With all the leaks and hacks, as well as incredible amounts of personal information saved and shared via email, it makes sense.
The Clinton email debacle spread quickly, especially after she tweeted that she was happy to let the public read her emails. It doesn’t matter who you are, what’s in the emails, or how transparent you’re trying to be: nobody wants to have their emails read. The Clinton team runs their own email server, which gives them total control over which emails are “leaked” or shared, but is that the best approach?
According to tech experts, the Clinton server has subpar security. It leaked some embarrassing details, some of which the press says showcase when her political judgment was clouded. When it comes down to it, hosting your own email can be a great way to increase security, but only if you know what you’re doing. In 2013, the Snowden whistleblowing controversy opened up tech discussions on hosting your own email, and it became clear: you need to be extremely skilled as a systems administrator in order to even consider managing your own email.
The reality is that encryption and other privacy tactics aren’t innate in email systems. Even after these leaks it hasn’t become a priority for anyone making these programs or devices since, for the most part and for most people, email is secure enough.
Reading Between the Lines
There are many emails that make their round without encryption. According to a recent Google report, 86% of outbound mail from Gmail is encrypted and 94% of inbound messages are. That’s a step up from the earlier days, since in the first year that Google tracked incoming mail from Comcast, only one% of it was encrypted! Encryption is a must if you want private emails, but it needs to be with trusted keys. Pretty Good Privacy (PGP) is a good choice, but it’s difficult to set up and use. Plus, PGP only plays well with PGP — and that’s a big problem.
Where we are right now, there aren’t any simple ways to keep your email secure from even hobby hackers. Mix government hackers into the cocktail, and you don’t stand a chance.
These concerns are what led many people to host their own email, but that’s not the answer. Let’s say you want to host your email on a shared server. That’s great, but you’re only as safeguarded as your hosting company is. You’ll also be the one in charge of staying on top of the latest hacks. If you’re in flight while a server goes down, a break-in occurs, or your home Wi-Fi isn’t secure enough, then what?
Running a server at home comes with actual security risks too. There are reliability issues, like when the power goes out. Plus, remember that sysadmin jobs can be very complex. Even installing programs can be tricky and you should be well-versed in SSL certificates before you even try.
It’s your best bet not to host your own email server, instead use Gmail, Exchange Online (Microsoft) or Workspace (Google). What you should also do is keep work and personal emails separate. Choose a web host that prioritizes security. There’s never any guarantee that you won’t be spied on, but there are choices that you can make to optimize your safety and privacy.