Gmail has 1.8 billion users. Google doesn’t charge them a cent. The reason is obvious: your email is a goldmine of personal data. Purchase receipts, flight confirmations, bank statements, medical appointments, subscription renewals, and every conversation you’ve ever had — all indexed, analyzed, and fed into Google’s advertising profile of you. Google officially stopped scanning email content for ad targeting in 2017, but they still collect metadata (who you email, when, how often) and use it across their services. Your inbox is not private. It never was.
This isn’t unique to Google. Microsoft’s Outlook.com and Yahoo Mail operate similarly. Free email exists because you’re paying with your data. The alternative isn’t complicated or expensive — it just requires deciding that email privacy matters to you.
Key Takeaways
- Gmail, Outlook, and Yahoo read, index, and profile your email activity — even if they don’t scan content for ads specifically, metadata and scanning for other purposes is extensive
- ProtonMail and Tuta (formerly Tutanota) offer genuine end-to-end encryption — but only when both sender and recipient use the same service or exchange keys
- Email aliases hide your real address and reduce spam — SimpleLogin and addy.io let you create unlimited forwarding addresses
- The biggest privacy gain comes from reducing what you send via email — encrypted messaging (Signal) is better for sensitive conversations
- Switching email providers is annoying but not as hard as you think — the gradual migration approach takes a few weeks with minimal disruption
What Gmail Actually Knows About You
Google’s transparency reports and privacy policies are dense, so here’s the practical summary of what Google does with your Gmail data.
Content scanning is active for spam filtering, malware detection, Smart Reply suggestions, and “smart” features like package tracking, flight updates, and calendar event creation. Google says this scanning is automated and no human reads your email. That’s almost certainly true — the scale makes human review impossible for most accounts. But automated scanning by its nature means Google’s systems parse and understand the content of every email.
Metadata collection includes who you email, how often, what time of day, which devices you use, your IP address when accessing Gmail, and how you interact with emails (open rates, click-through if using Google’s link proxy). This metadata alone reveals an astonishing amount about your life — your social network, your daily routine, your financial institutions, your medical providers, your shopping habits.
Cross-service integration means Gmail data informs other Google products. Your travel emails appear in Google Maps. Your shopping emails influence Google Shopping ads. Your calendar events get automatically created from flight confirmations. This is convenient, and many people appreciate it. But convenience and privacy are opposite ends of a seesaw.
Third-party access is the wildcard. If you’ve ever used “Sign in with Google” on a website or granted an app access to your Gmail, that third party may have read access to your inbox. Check myaccount.google.com/permissions — you might be surprised how many apps have access.
Privacy-Focused Email Providers
ProtonMail
ProtonMail (now just “Proton Mail” — they rebranded) is the most established privacy email provider. Based in Switzerland, end-to-end encrypted, open-source clients, and zero-access encryption (Proton can’t read your email even if served a warrant because they don’t have the decryption keys).
Free tier: 1 GB storage, 1 email address, 150 messages/day. Usable for a personal account but tight.
Plus plan: $4/month (billed annually) — 15 GB storage, 10 addresses, custom domain support, unlimited messages. This is the sweet spot for most individuals.
Family plan: $30/month — 6 users, 3 TB total storage. Worth it if your whole household is switching.
The critical caveat: encryption only works when both ends are encrypted. When you email another Proton Mail user, messages are end-to-end encrypted automatically. When you email someone on Gmail, the email is encrypted at rest on Proton’s servers, but it travels in plain text to Google’s servers and Google can read it. You can send password-protected emails to non-Proton users (the recipient gets a link to decrypt the message in their browser), but this is clunky and most people won’t bother.
Proton Mail’s web and mobile apps are polished. The calendar, drive, VPN, and password manager (Proton Pass) are included in paid plans, creating a reasonably complete alternative to the Google ecosystem. The honest downside: search is slower than Gmail (encrypted content can’t be server-side indexed the way Gmail does it), and some power-user features (filters, advanced search operators) are less capable.
Tuta (formerly Tutanota)
Tuta is Proton’s main competitor, based in Germany with end-to-end encryption for email, calendar, and contacts. The encryption extends to subject lines — Proton Mail encrypts the body but not the subject. Tuta encrypts everything.
Free tier: 1 GB storage, 1 address. Limited but functional.
Revolutionary plan: €3/month — 20 GB storage, custom domains, unlimited aliases. Slightly cheaper than Proton.
Tuta uses its own encryption protocol rather than PGP (which Proton uses). This means Tuta can’t interoperate with PGP users, which matters if you’re in the PGP ecosystem. For most people, it doesn’t matter at all.
The interface is clean but more basic than Proton Mail. Desktop apps exist for Windows, macOS, and Linux (Proton relies on a web app plus the bridge for desktop mail clients). The ecosystem is smaller — no VPN, no cloud drive, no password manager included.
Fastmail
Fastmail is the odd one out here — it’s not end-to-end encrypted. It’s a privacy-respecting paid email service ($5/month for 30 GB) that doesn’t scan your email for advertising, doesn’t profile you, and is funded entirely by subscriptions. Based in Australia, it’s a Fastmail/JMAP pioneer with excellent CalDAV and CardDAV support for calendar and contacts.
If your threat model is “I don’t want my email provider mining my data for ads” rather than “I need protection against government surveillance,” Fastmail is an excellent choice. It’s faster, has better search, and integrates more smoothly with standard email clients than Proton or Tuta. It’s also transparent: their privacy policy is remarkably short and clear.
Email Aliases: The Underrated Privacy Tool
An email alias is a forwarding address that delivers to your real inbox. Instead of giving every website and service your real email address, you give each one a unique alias. If one of them starts getting spam, you know exactly which company leaked or sold your address, and you disable that specific alias.
SimpleLogin (now owned by Proton, free tier available, unlimited aliases on Proton paid plans) and addy.io (formerly AnonAddy, free tier with 10 aliases, unlimited for $1/month) are the leading options.
Here’s how this works in practice: you sign up for an online store using store-shopping@yourdomain.simplelogin.com. Emails sent to that address are forwarded to your real inbox. If that store gets breached or sells your email to spammers, only that alias gets spam. You disable it with one click. Your real address stays clean.
You can also reply through aliases — the recipient sees the alias address, not your real one. This works seamlessly in practice.
When combined with a password manager generating unique passwords for each site, you end up with a setup where every service has a unique email address and a unique password. A breach at any single service has zero impact on your other accounts.
This is honestly the single most practical email privacy improvement you can make. You don’t have to change email providers, you don’t have to learn encryption, and it works today with whatever email you already use.
Encryption Basics for Normal People
End-to-end encryption means only the sender and recipient can read the message. The email provider, ISPs, and anyone intercepting the message in transit see only encrypted gibberish.
PGP (Pretty Good Privacy) is the traditional approach to email encryption. It works with any email provider — you generate a key pair, share your public key, and anyone who has it can send you encrypted messages. In theory, this is great. In practice, PGP is a usability disaster. Key management is confusing, most email clients don’t support it natively, and persuading your contacts to set up PGP is a losing battle. After 30+ years, PGP email encryption has failed to achieve mainstream adoption, and there’s no reason to think that will change.
S/MIME is PGP’s corporate cousin — similar concept, but using certificates instead of key pairs. It’s built into Outlook and Apple Mail. The catch: you need a certificate from a certificate authority, and the free options (like Actalis) are limited. S/MIME is marginally more user-friendly than PGP but still requires both parties to set it up.
Provider-level encryption (Proton Mail, Tuta) is encryption that happens automatically when both users are on the same service. This is the only approach that has actually achieved usable encrypted email for normal people. The trade-off: it only works within the same ecosystem.
The pragmatic conclusion: for sensitive conversations, use Signal (or another encrypted messaging app) instead of email. Email was never designed for privacy, and bolting encryption onto it has been a 30-year exercise in frustration. Use a privacy-respecting email provider to protect your inbox from data mining, use aliases to protect your address, and use Signal when the content of a conversation is genuinely sensitive.
Migrating from Gmail: A Practical Plan
Switching email providers cold turkey is a mistake. You’ll miss important emails, forget which services still use your old address, and probably give up. Instead, migrate gradually:
Week 1: Set up your new email. Create a Proton Mail, Tuta, or Fastmail account. Get comfortable with the interface. Set up the mobile app.
Week 2: Start giving out your new address. Update your email on the services you interact with most: banking, utilities, subscriptions, social media. Use email aliases (SimpleLogin/addy.io) for new signups going forward.
Week 3-4: Set up forwarding from Gmail. In Gmail settings, forward all incoming mail to your new address. This ensures you don’t miss anything during the transition. Keep Gmail active but stop using it as your primary.
Month 2-3: Keep updating. Every time an email arrives at your Gmail (forwarded to your new inbox), update that service with your new address. After a few weeks, the forwarded emails slow to a trickle.
Month 3+: Reduce Gmail usage. Don’t delete your Gmail account — you may still need it for Google services. But stop using it for communication. Check it monthly for any stragglers.
The hardest part isn’t technical — it’s inertia. Your Gmail address is embedded in hundreds of accounts accumulated over a decade or more. There’s no shortcut; you just update them one by one. The alias approach (using SimpleLogin/addy.io on top of your new provider) means you only have to do this transition once. Future services get aliases, and if you ever switch providers again, you just change where aliases forward to.
What About Apple’s iCloud Mail?
iCloud Mail (me.com, icloud.com) occupies a middle ground. Apple’s business model is hardware, not advertising, so they don’t mine your email for ad targeting. iCloud Mail supports standard encryption in transit (TLS) and Apple’s Advanced Data Protection option encrypts iCloud data at rest with keys only you control.
However, iCloud Mail is not end-to-end encrypted between users the way Proton is. Apple can technically access your email content (unless Advanced Data Protection is enabled for applicable data). It’s more private than Gmail but less private than Proton or Tuta.
If you’re already in Apple’s ecosystem and don’t want to switch to a dedicated privacy provider, iCloud Mail with Advanced Data Protection enabled is a reasonable compromise. Add aliases via Hide My Email (Apple’s built-in alias service, included with iCloud+) for additional privacy.
For a broader look at how your browser choice affects privacy, including how email-related tracking works through tracking pixels and link proxies, see our browser privacy comparison.
Frequently Asked Questions
Is it illegal for Gmail to read my email?
No. Google’s terms of service, which you agreed to when creating the account, grant them the right to scan email content for the purposes described in their privacy policy (spam filtering, smart features, etc.). They stopped scanning for ad personalization in 2017 for Gmail specifically, but other forms of scanning continue. It’s legal, disclosed, and accepted by the overwhelming majority of users who never read the terms of service.
Can I use Proton Mail with Outlook or Apple Mail?
Yes, via the Proton Mail Bridge application (available on paid plans). The Bridge runs locally on your computer and creates a local IMAP/SMTP connection that desktop email clients can use. It handles encryption and decryption transparently. On mobile, you use the Proton Mail app directly — there’s no Bridge equivalent for iOS or Android.
Do email aliases affect deliverability?
Rarely. Legitimate services send to whatever address you provide. Occasionally, a service will reject an address with an unusual domain (like a SimpleLogin subdomain), but this is uncommon. If it happens, you can use your own custom domain with SimpleLogin or addy.io, which looks like a regular email address and has no deliverability issues.
Is ProtonMail really private if I email someone on Gmail?
Partially. The email is encrypted at rest on Proton’s servers with zero-access encryption (Proton can’t read it). But once the email is sent to a Gmail recipient, Google has it in plain text. Metadata (sender, recipient, subject line, timestamps) is visible to both providers regardless. For true end-to-end encryption, both parties need to be on Proton, or the sender needs to use Proton’s password-protected message feature.
What about work email — can I use a privacy provider for that?
If you’re self-employed or run a small business, absolutely. Proton Mail’s business plans ($8/user/month) include custom domain support, admin console, and multi-user management. If you work for a company and they provide your email, you’re bound by their policies and IT infrastructure. You can still use aliases to keep your personal email separate from work signups and subscriptions, which is a good practice regardless of privacy concerns.
