life after digital

a post-digital worldview

Responsible Email

12 min read

, , ,

tl;dr – I want to have a more private, responsible, and resilient email solution, so I started investigating.

Services I’m Currently Testing

No, I’m not looking at the major players like Gmail and the like. The reasons why should become painfully obvious after reading what I’m looking for in an email provider.

Issues to Address

Hosted Solution

I enjoy self-hosting a lot of my services, but email isn’t going to be one of them. I’m not afraid of downtime (I’m not so anxious that I need a 99.9999% uptime rate). However, in the effort to fight spam not all email servers are listened to equally. Many email hosts out there (email addresses I would be sending an email to) may reject my email since my self-hosted server could be considered unknown and untrustworthy.

Not having to deal with deliverability issues and having the confidence that when I send an email it will always be received is worth paying a small fee for.

Privacy & Security

Email is insecure. This needs to be acknowledged if any pragmatic discussion is going to take place. Yes, PGP exists and can be used to encrypt emails so only the recipient can decrypt and read them but let’s face it, most people don’t use (or even understand PGP) which is a requirement for me to send them a PGP-encrypted email. For truly secure communications I can either negotiate using PGP with another person (which can be used with any email provider) or just use an encrypted messaging platform like Signal.

What I’m focused on relating to Privacy & Security is more about who has direct access to my information. This mainly refers to the email host, but can indirectly mean any government agency that wishes to compel the host to hand over my data (often times, along with a gag order that prevents them from telling me they did that).

Companies like Google like to make claims about how secure they are, but don’t confuse that with privacy. They may be good at keeping bad actors out, but they have 100% full access to all of your data stored on their servers and regularly use that. They regularly have to comply with requests for information, and scan every single email automatically generate recommended responses, calendar invites and other unnecessary features.

The main point here is not that companies are evil, it’s that they are companies. They can be compelled by governments who may or may not respect your personal rights. They can be pressured by their Board of Directors to take steps to increase profits (don’t hate them for that, that is literally the main purpose of every business … to make money). They can be broken in to by hackers and crooks. They can also have bugs in their software. All it takes is one small bug to expose your data.

No solution is absolutely perfect, but the best available solution is to make sure you are the only person who has access to your data. That’s where encryption comes in. It allows you to put a padlock on your data, and refuse to give anyone else the key.

Bloat

I just want to send and receive emails. I don’t need calendaring, GenAI bullshit, or who-knows-what-else could get crammed into an email account. Let me pick best-of-breed for any additional services I may want.

Pro-tip: If you want to be more efficient at email, just follow the http://three.sentenc.es/ principle. You’ll have less text to evaluate mediocre suggestions for and your recipient will appreciate an easy to read email …. all without using GenAI to create fluffy spin or to digest that fluffy spin and spit out the poor approximation of the three sentences as a summary that probably represented all that was needed anyway.

Long-term Consistency

To ease my burden in the long term, and since so many services and businesses require an email address, I don’t want to be saddled with updating my email address across hundreds of accounts if the ever changing future has me moving to a different email service. In order to achieve this level autonomy I need to be able to add my own custom domain (@domain.com) to the email service. This way I own it, I control it, and if I ever need to move to another service I can without needing to change my email address; I simply point my existing domain at the new service.

This aspect will probably kick Posteo out of the running since they don’t support adding custom domains at this point. I found this disappointing since otherwise I was very excited about Posteo (note the Sustainability section below).

Trust

Trust is huge. At the end of the day even encryption isn’t enough. I need to be able to trust that the provider I’m using has implemented encryption properly, hasn’t created undocumented back doors, and will consistently prioritize their expressed core values. Equality as important to understand is how quickly trust can be lost.

This is the big place Proton collapsed for me. Over the course of 10 days there were 3 incidents that eroded my trust with Proton.

1. Proton posted an article entitled How to build privacy-protecting AI

Their introduction on Mastodon stated: “Is it possible to build AI in a #privacy-first way? Here’s a look at how it could be done”.

Note, they didn’t say “here’s what we are releasing” or “announcing privacy-protecting AI today!” They said here’s how it could be done … at some indeterminate time in the future. They even wrap up their post with a concerning statement about privacy in the near term:

“Until then, server-side models running on high-performance GPUs will remain the fastest way to generate content under these adverse conditions, but at the possible cost of some levels of privacy.”

2. Proton Support wanted access to my private data

I ran into a bug with their calendar export. I’m testing things out and discover that their ICS calendar export functionality exports invalid ICS files, at least in some scenarios (namely, the one I’m apparently experiencing). I file a support ticket and am asked to share my private data with them. I ignore this request, and instead provide detailed instructions on exactly what steps I took to export the file. I’m requested again to share my private data with support.

This is quite disappointing. For a company claiming “Privacy by default” it’s jarring to have the first question from support be can you send us your data” No, I don’t have anything so sensitive that I can’t share it; it’s the principle. You built your business around privacy by default, I expect you to keep true to that. I know enough to reject a request like this but most people are trusting, especially when you’re non-technical and feel as if you have no choice but to trust the-person-who-knows-tech-things. I also have no idea if they outsource their support, what other systems may be storing my data while they pass it around, etc. All I know is that they had my data in a safe encrypted place and their support staff were asking that I remove that protection, the very thing I’m paying them for.

This was upsetting to me, and meant I’d think long and hard about recommending them to non-technical people as a privacy-respecting option.

3. The release of Proton’s GenAI

10 days after their hypothetical post about GenAI, they announce Proton Scribe, “a private writing assistant that writes and proofreads emails for you”. I had so many issues when I saw this.

When the original post was made, they knew a Scribe launch was coming. You don’t conceive, investigate, implement, test, create marketing materials for, and launch a new feature like this in 10 days. They just demonstrated how disingenuous they can be, with back to back posts giving such different (deceptive?) messaging.

Their justification for adding this functionality was “In our recent survey, 75% of business users have tried generative AI or would like to.” Wrong wrong wrong. That survey results tells me that 75% of business users have tried GenAI or would like to. No where does it say anything about non-business users. No where does it say that those users liked it, or needed it, or wanted it. Just that 1 subset of their audience thought “maybe I should try it” … or simply that they had tried it at some point. This is terrible survey design who’s only takeaway is confirmation bias.

Proton’s core focus claimed to be on privacy, not chasing the latest hype-bubble. I lose trust when I see a company distracting themselves with shiny toys. They tried to defend this stance by stating:

“we realised that irrespective of whether or not Proton builds AI tools, users are going to use AI, often with significant privacy consequences. Rather than have users copying their sensitive communications into third-party AI tools that often have appalling privacy practices, it would be better to instead build privacy-protecting AI tools directly into Proton Mail.”

My only response to this logically-flawed excuse is: so when will you be releasing an plain-text unencrypted sticky note feature to your password manager, users like to use that too!

Proton Scribe does not address the major ethical issues with GenAI. The energy required by GenAI is massive. In the midst of a growing climate crisis when we should be improving efficiency and reducing consumption, GenAI is causing companies to blow past their climate commitments. Additionally, most (if not all) GenAI has been trained on stolen and often times private data.

Proton also touts that they use Mistral, an open source LLM. Sure, the source code may be open, but the training data is not, and has been confirmed that it’s “extracted from the open Web“. This means they scraped websites, presumably without permission and against most of those site’s policies. The organization behind Mistal also stated “Unfortunately we’re unable to share details about the training and the datasets … due to the highly competitive nature of the field.” meaning they are also refusing to honor attribution clauses from various copyright licenses.

Lastly, Proton is playing a little too loose with their communications and marketing materials. Take the following two statements, both from Proton:

“Introducing Proton Scribe, a private writing assistant that writes and proofreads emails for you”

and

“No, Proton cannot read a user’s emails.”

Well, which is it? Proton can read my email or it can’t? There are a few nuances that Proton appears to be playing with in their word choices of these and other posts.

  1. After being pressed further, Proton responded “It can proofread your emails if you explicitly request so. It doesn’t do so automatically.” …so yes, it can read your emails, just not until ask it to (or a bug makes it think you asked it to).
  2. “No, Proton cannot read a user’s emails. Proton Scribe is only active when you request its help.” …aka Proton Scribe can, but Proton can’t.
  3. “It does not have access to your emails to suggest premade replies, it only uses what you yourself ask it in the prompt.” …when they mention premade replies, they are talking about training the LLM. So this statement is accurate, in that they are not training the Proton Scribe on your data, but isn’t answering the question. The second half of that sentence again confirms the real truth, that Proton Scribe can read your email. Technically, it can read the text you tell it to read, which unless for some insane reason you’re using the LLM baked into your email client to perform some other email-unrelated task, is your email.

This all becomes a major illustration in why honesty, transparency, and consistency are so foundational to building trust. I also hope that this section illustrates why truly researching and evaluating your options is so important. Imagine how much more you give away or are taken advantage of with less scrupulous and/or free options?

Sustainability

As covered above, GenAI blows this out of the water and is a major concern. So if your solution includes GenAI you already lose.

For providers that don’t include GenAI functionality there is still a broad spectrum of things to compare against. I was pleasantly surprised to see the commitment and creativity here. There’s typical strategies like using 100% renewable energy (I don’t consider Carbon Credits a solution here, but that’s another topic). But here are some others that I saw, specifically from Posteo, that really impressed me how much they are thinking about this:

  • No flights: Since it was founded in 2009, Posteo has abstained entirely from business flights to protect the climate.
  • Additional holidays for train trips: Posteo offers all employees additional holidays for using climate-friendly train trips instead of flying during private holiday trips.
  • Free public transportation ticket: Our employees receive a free annual ticket for local public transportation.
  • Free bicycle repair: Posteo employees can have their bike repaired by a mechanic free of charge.
  • Energy-efficient hardware: We have set up energy-efficient hardware both in the office and for the servers.
  • Efficient programming: Preventing energy from being wasted, through optimised design of relevant processes.

In Conclusion

I didn’t think this choice would be so involved when I first started, but I’m happy I didn’t rush full-steam ahead given the trust issues I ran into. I’m still evaluating my options and haven’t made a final decision yet. If you have other recommendations or things to consider please comment and let me know!

Leave a Reply

Your email address will not be published. Required fields are marked *