November 21, 2025
Episode summary
Privacy is a popular buzzword these days, but not one you have heard a ton about from me. Especially with email. Mostly because the email system we all depend on was not built for strong privacy.
Some companies, like Proton and Tuta, provide encrypted email services. I trust, respect, and am in fact, extremely grateful for their efforts to compensate for such a huge failing in our email system. But when I want true privacy, I don’t count on email - I use tools built for it, like Signal.
Life is full of tradeoffs, and choosing an email provider is no different. In the workshop, we’ll dig into those privacy tradeoffs and help you find the option that best fits your needs.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome to Super Simple Security Principles, where you learn how to think, not just what to do.
Again, I'm Nick Jackson, and I'm here to learn along with you from my good buddy and master guardian, Makani Mason.
Let's go. This is episode 90. That's right, episode 90.
(00:24):
We're continuing on with our email workshop. This week's priority is going to be protect privacy.
Makani, I know you know me well, and so I know you probably wrote that out and you were thinking of me, right?
Because I am a very private person, so yeah, I'm all in.
(00:46):
Let's hear, man. How do we get to start protecting our privacy?
Yeah, well, this one's an interesting one. So we're on priority number five, and this is one that's a lot more nuanced.
And, you know, in our space, people talk about privacy a lot.
It's a very, very common word, but you won't hear it coming from me a lot, honestly.
(01:10):
Privacy is not my top focus. Primarily because, not because I don't value it, but because it's a lot more nuanced.
Okay.
And there are a lot of trade-offs involved with different kinds of privacy.
And so...
Essentially, there's going to be some pros and cons.
(01:31):
Yeah.
Some takeaways that if we set certain things up, maybe not be available to us. Is that what I'm understanding?
Well, we'll get into the one main specific that applies as far as email and the email workshop goes that I hear and see the most.
Depending on how much time we have, we may dive into a second one.
So I have one major one and one minor one.
(01:54):
Excellent. Excellent.
So, from my perspective, depending on how you, you know, terminology-wise, but I look at the main privacy problem with email as the fact that it is not entirely, but mostly missing encryption.
Okay.
(02:14):
Okay.
So, which means the contents of your email are readable.
Hmm.
Hmm.
Right?
Now, in the early days, you know, email is very, very old and email started entirely without encryption.
And, yeah, I mean, it was just, it was long before that was a concern.
(02:36):
I mean, we were just trying to figure out how to, you know...
Send a message.
Yeah, get messages.
Like, that was the exciting part, right?
It was just to get messages going to a distributed system.
Now, we take it for granted, right?
Right.
But back then, it was super exciting and super new.
And so, over the years, some layers of encryption, and I won't get into all the technical details, but have been added on.
(03:00):
So, it's not like there's absolutely zero encryption involved with email.
But the main point to understand in terms of where encryption is missing is this, I think, that most email providers can read your email.
Okay.
All the big ones, Google, Microsoft, Yahoo, Apple, even my favorite one, Fastmail, can read your email.
(03:26):
And it's because that's just...
It's a challenging problem to solve to make it so they can't because of the nature of the email system.
So, right, people, obviously, right, like, they don't want that.
I mean, there's a reason why we like Signal and things like that, where the makers of Signal can't read our chats, right?
(03:52):
Obviously, we would love to have that from email.
I would love to have that from email.
But it's a hard problem to solve when the email system itself doesn't provide that functionality.
It's hard for the providers to add that on.
In essence, it was built without it.
And now it's incredibly hard to rebuild it and add it.
(04:14):
Yeah.
It's one of my dreams, right?
That's what I want to do.
But it's a hard problem.
And so what it's given rise to, though, is because there is demand for it, there are a couple, I mean, there's multiple, but there's two at least big ones that have risen in popularity of what are called, you know, encrypted email providers.
(04:35):
Okay.
Namely ProtonMail and Tuta, T-U-T-A.
Okay.
So, you might wonder, though, why they aren't my favorite providers.
Right.
You're still using FastMail.
I am.
Exactly.
I'm still using FastMail.
I have not switched to ProtonMail or Tuta, although I do have an account with both of them so I can play with them and test them out and stuff.
(04:58):
And that's why I haven't switched is because of my playing with them and deciding, nope, there are some trade-offs that aren't worth it, in my opinion.
Gotcha.
So, but before I get into the shortcomings, I just, I want to say, like, I am a big believer, I mean, it's one of our main things, in trying to compensate for the flaws, you know, system flaws in email, in any of our technology systems.
(05:22):
I'm grateful for their efforts.
For some people, it might be a higher priority, right?
Like, this is one where, if encrypted email, you know, like I know for journalists or things like that, there might be some places.
Although, my general take is, I still don't think that relying on email encryption is the best strategy.
(05:44):
If you want encrypted communication, don't use email.
Use Sigma.
Or other, even more techier ones.
Other messaging apps.
Yeah, but not email, because it's just, even with the encrypted email providers, I just, anyway.
So, here's the main shortcomings from my perspective.
(06:07):
First of all, unless you're emailing someone using the same provider, it doesn't stay encrypted.
In essence, if they're both not on Proton, let me see if I get this correct, because Proton provides encrypted emails, right?
(06:29):
Yeah.
They don't both have a Proton account.
The sender might send it encrypted, but the receiver, it wouldn't come through encrypted?
Well, you know, actually, I'm guessing a little bit now as I say that, because I think, I know some of them, and I'm not sure on Proton, actually, if you send, because I know you can just send regular emails and they'll just work.
(06:52):
And so, I'm sure on the other end, like, if somebody receives one, it can't be encrypted, because they might have a way to say encrypt or whatever, but then you would have to, like, log in somewhere and enter a password or something.
And you'd have to jump through hoops, because the nature of the system is such that if I'm receiving it through a regular non-Proton account, and I don't have to do anything extra to read the email, then there's no question it can't be encrypted.
(07:18):
Gotcha.
Does that make sense?
Makes total sense.
So, there's kind of this add-on thing called PGP that you can use to encrypt that will work across any email system, but it requires some extra steps.
Yeah, anyway, it's not just seamless and, like, you know, the main thing is, like, they can encrypt it from themselves, so you can encrypt it on your side, and then Proton themselves can't read it.
(07:49):
And that's one of the big things that they sell, which, I mean, has some value, right?
Right.
I definitely wouldn't prefer my email provider couldn't read my emails.
But, anyway, the next one is you have to use their email client.
(08:11):
So, you know how...
Their email client.
Yeah, so, and we haven't talked about this, we'll be talking about more, but so, for example,
if you use, you know, an iPhone, and there's the Apple Mail app...
Yeah, yeah, yeah, yeah.
You can't use the Apple Mail app with ProtonMail.
You have to use the ProtonMail app because...
(08:34):
Oh, okay.
...of the special stuff that they have to do to do this encryption.
That makes sense.
So, and then the biggest one, actually, really, to me is, I mean, and this doesn't have to be the case, I think, in theory, but so far, at least, the encrypted email providers, Proton and Tuda, they're just not very powerful in terms of email functionality, comparatively, and especially user-friendly.
(09:04):
In terms of, like, non-security features I'm talking about, like, the aliases that we talked about in a previous episode, and auto-deleting old emails, and just having a smooth and, you know, feature-rich experience in terms of just email functionality.
(09:26):
They're just, it's, I find, as much as I, I mean, I like Proton and Tuda, I like what they're doing, so I don't, I don't want to speak bad about them because I wish them well.
I hope they'll keep pushing forward, but where they are right now, I just feel like they're very clunky, comparatively.
Gotcha.
Compared to FastMail, specifically, that I use, I just couldn't bring myself to, I felt like I was going to be going light years backward in productivity and email frustration.
(09:59):
So, for somebody starting out, might not be a problem, different situations, I'm not saying that has to be a real breaker for everybody, but that's one of the big trade-offs, I think,
because they put, there's so much time and effort into the encrypted part.
Yeah.
Yeah.
(10:19):
So.
Yeah, so my take on encrypted email providers is, yeah, there's the trade-offs, and until, and even encrypted, like, there is some degree of trust in Proton.
Right.
And in Tuda, right?
Like, even with the extra layers of the approach they have.
(10:43):
And so, in a perfect email system, you wouldn't even have to trust the provider.
Right.
That makes total sense.
And, but there's just no way to do that currently.
The whole email system itself has to change.
And so, for me at least, I'm still, for now, choosing FastMail and calling it good enough.
(11:06):
You know, they make a promise not to read it.
They have reasons not to.
They're incentivized not to.
So, anyway, that's where I, where I stand on that.
But, yeah.
Anyway, we'll leave it there.
I think, I'll think we'll leave it there today.
(11:26):
I'm not going to cover the minor issue.
We may end up covering that in the, in the email workshop.
There are some other things.
But, yeah.
I just, I get the, I guess my, my takeaway would be is, you know, sometimes I talk to people
and they, they, it seems like based on who I am, what I do, that Proton and Tuda should
be like absolute no brainers for me.
(11:48):
They should be my, they should be my go-to.
And I, and I get why that is.
And I agree, uh, theoretically, just not in practice.
Gotcha.
So, I don't know.
What, what's your thoughts, takeaways?
That was kind of my, my thoughts is I, I wanted to reach out to those two companies and say,
(12:11):
hey, thanks, get somebody like me, who's not super familiar and uses email all the time
to work out some of the kinks, go find a Nick Jackson that, uh, isn't a computer geek.
And, yeah, it's my hope that someday we can, we can fix this issue and have encrypted email
(12:33):
because I certainly think we should.
Yeah.
Yeah.
And, yeah, and I'm, again, I'm, I'm not convinced that there's ever going to happen until we
replace the system as a whole that this, that like there's, I think we want to compensate
as much as possible, but this is just a really hard problem to compensate for, in my opinion,
(12:56):
uh, in a way that, in a way that's going to get adopted widely and that's always the
key.
So, okay.
Awesome.
Good episode.
Are you ready to take action and wondering where to start?
(13:16):
Get my Bulletproof My Identity Starter Kit for free.
The seven most vital layers of protection everyone needs.
I'll send you one step at a time and help you if you get stuck.
Just go to bulletproofmyid.com and enter your name and email and I will send you the first
(13:36):
step.
Again, that's bulletproofmyid.com.
Welcome to Super Simple Security Principles, where you learn how to think, not just what to do.
Again, I'm Nick Jackson, and I'm here to learn along with you from my good buddy and master guardian, Makani Mason.
Let's go. This is episode 90. That's right, episode 90.
(00:24):
We're continuing on with our email workshop. This week's priority is going to be protect privacy.
Makani, I know you know me well, and so I know you probably wrote that out and you were thinking of me, right?
Because I am a very private person, so yeah, I'm all in.
(00:46):
Let's hear, man. How do we get to start protecting our privacy?
Yeah, well, this one's an interesting one. So we're on priority number five, and this is one that's a lot more nuanced.
And, you know, in our space, people talk about privacy a lot.
It's a very, very common word, but you won't hear it coming from me a lot, honestly.
(01:10):
Privacy is not my top focus. Primarily because, not because I don't value it, but because it's a lot more nuanced.
Okay.
And there are a lot of trade-offs involved with different kinds of privacy.
And so...
Essentially, there's going to be some pros and cons.
(01:31):
Yeah.
Some takeaways that if we set certain things up, maybe not be available to us. Is that what I'm understanding?
Well, we'll get into the one main specific that applies as far as email and the email workshop goes that I hear and see the most.
Depending on how much time we have, we may dive into a second one.
So I have one major one and one minor one.
(01:54):
Excellent. Excellent.
So, from my perspective, depending on how you, you know, terminology-wise, but I look at the main privacy problem with email as the fact that it is not entirely, but mostly missing encryption.
Okay.
(02:14):
Okay.
So, which means the contents of your email are readable.
Hmm.
Hmm.
Right?
Now, in the early days, you know, email is very, very old and email started entirely without encryption.
And, yeah, I mean, it was just, it was long before that was a concern.
(02:36):
I mean, we were just trying to figure out how to, you know...
Send a message.
Yeah, get messages.
Like, that was the exciting part, right?
It was just to get messages going to a distributed system.
Now, we take it for granted, right?
Right.
But back then, it was super exciting and super new.
And so, over the years, some layers of encryption, and I won't get into all the technical details, but have been added on.
(03:00):
So, it's not like there's absolutely zero encryption involved with email.
But the main point to understand in terms of where encryption is missing is this, I think, that most email providers can read your email.
Okay.
All the big ones, Google, Microsoft, Yahoo, Apple, even my favorite one, Fastmail, can read your email.
(03:26):
And it's because that's just...
It's a challenging problem to solve to make it so they can't because of the nature of the email system.
So, right, people, obviously, right, like, they don't want that.
I mean, there's a reason why we like Signal and things like that, where the makers of Signal can't read our chats, right?
(03:52):
Obviously, we would love to have that from email.
I would love to have that from email.
But it's a hard problem to solve when the email system itself doesn't provide that functionality.
It's hard for the providers to add that on.
In essence, it was built without it.
And now it's incredibly hard to rebuild it and add it.
(04:14):
Yeah.
It's one of my dreams, right?
That's what I want to do.
But it's a hard problem.
And so what it's given rise to, though, is because there is demand for it, there are a couple, I mean, there's multiple, but there's two at least big ones that have risen in popularity of what are called, you know, encrypted email providers.
(04:35):
Okay.
Namely ProtonMail and Tuta, T-U-T-A.
Okay.
So, you might wonder, though, why they aren't my favorite providers.
Right.
You're still using FastMail.
I am.
Exactly.
I'm still using FastMail.
I have not switched to ProtonMail or Tuta, although I do have an account with both of them so I can play with them and test them out and stuff.
(04:58):
And that's why I haven't switched is because of my playing with them and deciding, nope, there are some trade-offs that aren't worth it, in my opinion.
Gotcha.
So, but before I get into the shortcomings, I just, I want to say, like, I am a big believer, I mean, it's one of our main things, in trying to compensate for the flaws, you know, system flaws in email, in any of our technology systems.
(05:22):
I'm grateful for their efforts.
For some people, it might be a higher priority, right?
Like, this is one where, if encrypted email, you know, like I know for journalists or things like that, there might be some places.
Although, my general take is, I still don't think that relying on email encryption is the best strategy.
(05:44):
If you want encrypted communication, don't use email.
Use Sigma.
Or other, even more techier ones.
Other messaging apps.
Yeah, but not email, because it's just, even with the encrypted email providers, I just, anyway.
So, here's the main shortcomings from my perspective.
(06:07):
First of all, unless you're emailing someone using the same provider, it doesn't stay encrypted.
In essence, if they're both not on Proton, let me see if I get this correct, because Proton provides encrypted emails, right?
(06:29):
Yeah.
They don't both have a Proton account.
The sender might send it encrypted, but the receiver, it wouldn't come through encrypted?
Well, you know, actually, I'm guessing a little bit now as I say that, because I think, I know some of them, and I'm not sure on Proton, actually, if you send, because I know you can just send regular emails and they'll just work.
(06:52):
And so, I'm sure on the other end, like, if somebody receives one, it can't be encrypted, because they might have a way to say encrypt or whatever, but then you would have to, like, log in somewhere and enter a password or something.
And you'd have to jump through hoops, because the nature of the system is such that if I'm receiving it through a regular non-Proton account, and I don't have to do anything extra to read the email, then there's no question it can't be encrypted.
(07:18):
Gotcha.
Does that make sense?
Makes total sense.
So, there's kind of this add-on thing called PGP that you can use to encrypt that will work across any email system, but it requires some extra steps.
Yeah, anyway, it's not just seamless and, like, you know, the main thing is, like, they can encrypt it from themselves, so you can encrypt it on your side, and then Proton themselves can't read it.
(07:49):
And that's one of the big things that they sell, which, I mean, has some value, right?
Right.
I definitely wouldn't prefer my email provider couldn't read my emails.
But, anyway, the next one is you have to use their email client.
(08:11):
So, you know how...
Their email client.
Yeah, so, and we haven't talked about this, we'll be talking about more, but so, for example,
if you use, you know, an iPhone, and there's the Apple Mail app...
Yeah, yeah, yeah, yeah.
You can't use the Apple Mail app with ProtonMail.
You have to use the ProtonMail app because...
(08:34):
Oh, okay.
...of the special stuff that they have to do to do this encryption.
That makes sense.
So, and then the biggest one, actually, really, to me is, I mean, and this doesn't have to be the case, I think, in theory, but so far, at least, the encrypted email providers, Proton and Tuda, they're just not very powerful in terms of email functionality, comparatively, and especially user-friendly.
(09:04):
In terms of, like, non-security features I'm talking about, like, the aliases that we talked about in a previous episode, and auto-deleting old emails, and just having a smooth and, you know, feature-rich experience in terms of just email functionality.
(09:26):
They're just, it's, I find, as much as I, I mean, I like Proton and Tuda, I like what they're doing, so I don't, I don't want to speak bad about them because I wish them well.
I hope they'll keep pushing forward, but where they are right now, I just feel like they're very clunky, comparatively.
Gotcha.
Compared to FastMail, specifically, that I use, I just couldn't bring myself to, I felt like I was going to be going light years backward in productivity and email frustration.
(09:59):
So, for somebody starting out, might not be a problem, different situations, I'm not saying that has to be a real breaker for everybody, but that's one of the big trade-offs, I think,
because they put, there's so much time and effort into the encrypted part.
Yeah.
Yeah.
(10:19):
So.
Yeah, so my take on encrypted email providers is, yeah, there's the trade-offs, and until, and even encrypted, like, there is some degree of trust in Proton.
Right.
And in Tuda, right?
Like, even with the extra layers of the approach they have.
(10:43):
And so, in a perfect email system, you wouldn't even have to trust the provider.
Right.
That makes total sense.
And, but there's just no way to do that currently.
The whole email system itself has to change.
And so, for me at least, I'm still, for now, choosing FastMail and calling it good enough.
(11:06):
You know, they make a promise not to read it.
They have reasons not to.
They're incentivized not to.
So, anyway, that's where I, where I stand on that.
But, yeah.
Anyway, we'll leave it there.
I think, I'll think we'll leave it there today.
(11:26):
I'm not going to cover the minor issue.
We may end up covering that in the, in the email workshop.
There are some other things.
But, yeah.
I just, I get the, I guess my, my takeaway would be is, you know, sometimes I talk to people
and they, they, it seems like based on who I am, what I do, that Proton and Tuda should
be like absolute no brainers for me.
(11:48):
They should be my, they should be my go-to.
And I, and I get why that is.
And I agree, uh, theoretically, just not in practice.
Gotcha.
So, I don't know.
What, what's your thoughts, takeaways?
That was kind of my, my thoughts is I, I wanted to reach out to those two companies and say,
(12:11):
hey, thanks, get somebody like me, who's not super familiar and uses email all the time
to work out some of the kinks, go find a Nick Jackson that, uh, isn't a computer geek.
And, yeah, it's my hope that someday we can, we can fix this issue and have encrypted email
(12:33):
because I certainly think we should.
Yeah.
Yeah.
And, yeah, and I'm, again, I'm, I'm not convinced that there's ever going to happen until we
replace the system as a whole that this, that like there's, I think we want to compensate
as much as possible, but this is just a really hard problem to compensate for, in my opinion,
(12:56):
uh, in a way that, in a way that's going to get adopted widely and that's always the
key.
So, okay.
Awesome.
Good episode.
Are you ready to take action and wondering where to start?
(13:16):
Get my Bulletproof My Identity Starter Kit for free.
The seven most vital layers of protection everyone needs.
I'll send you one step at a time and help you if you get stuck.
Just go to bulletproofmyid.com and enter your name and email and I will send you the first
(13:36):
step.
Again, that's bulletproofmyid.com.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by Audiochuck Media Company.
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.