News about Yahoo snooping on customer emails has been doing the rounds. So how safe are your emails?
All, or almost all, email providers scan your mails: it’s one of the ways they identify spam emails and put them in a junk folder. Your emails are scanned for keywords that trigger the advertisements shown against them. Is that a good thing? Maybe. As this will ensure you only get relevant ads.
Lets take the case of the most popular email service providers: Google and Microsoft.
Since both Google and Microsoft are based in the US, then as a non-US citizen, your data is vulnerable to American snooping. Following the Snowden revelations, no data held online by any American company can now be considered private, and this could include any site running in the .com domain.
You could, of course, encrypt all your emails, or use a secure mail service provider. One of the simplest ways to encrypt emails is to use the PGP-based Mailvelope, which uses a Firefox plug-in or Chrome browser extension. It comes pre-configured for popular web-mail services including Gmail, Outlook.com and Yahoo Mail. However, it uses public key cryptography, so you can’t send someone an encrypted email unless you know their public key.
Finding a secure service may be even harder.
We all remember the class action suit against Google in 2013 and now the controversy surrounding Yahoo, makes this task so hard.
Response from Yahoo
Following the Yahoo news, the email service provider has issued a statement saying that being a law abiding company, it complies with US policies.
“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a spokesman for Google said in a statement.
And a Microsoft spokesperson said in a statement, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” The company declined to comment on whether it had received such a request.
Strong Passwords – In spite of the fact this advice is given on every single tech blog, it is amazing how often it is ignored. You can use special characters, numbers, and upper and lower case alphabets to adopt this safety measure.
Reliable Secondary Email Addresses – Consider getting a Hotmail or G-Mail account just for conducting business on the web. This way your personal and professional mails can be segregated.
Setup SMS Alerts – Most email service providers will send you the password reset code whenever someone tries to reset your password. If you are a smartphone user, you can rely on these SMS alerts and disable password recovery via email altogether. Email accounts are always vulnerable to a hacker from a remote place, but your mobile phone is not.
Be Careful on Public WiFi – Avoid using public WiFi for accessing email or transacting online with a credit card. Accessing emails is a big risk.