Browsing as anonymous user
Your progress is saved locally. Create an account for cloud sync and permanent storage.
Progress: 0/13
Secure your email account
Secure your email account using all of the methods described in the Password and 2fa modules.
Sign up for Breach Alerts
If you used your email on multiple websites you might want to check on HaveIBeenPwned if your email has been part of Data Breach.
Use email aliases
Use services like SimpleLogin or AnonAddy to create a unique email alias for each service you sign up for. This will cointain Data Breaches to one account, make the task of linking your different accounts much more difficult and protect your from mass account cracking. Email aliasing is the best solution for using email as a mean to register accounts.
Disable Automatic Loading of Remote Content
The vast majority of commercials emails use hidden pixels to track if you have read their emails, from where and when. In most email clients and some web interfaces you can disable the loading of any remote content by default.
Never click on links in an email
If you recieve emails with a big button trying to make you click to get to a webiste never click. What you should do is to always go to the website directly. This will protect you from most phishing attempts.
Switch to an email provider that encrypts your emails at rest
To protect from your inbox being leaked if your email provider is hacked or if a support agent is compromised you should use an email provider that encrypt your emails at rest making this data unusefull. This is a good measure but not bulletproof, if the recipient of your email do not use the same or a compatible e2e encrypted email provider your emails will be unencrypted on the side of your correspondant, making him the weak link.
We recommend your use Proton or Tuta. Be warned that with Tuta you need your correspondat to use tuta (making it more like a messaging app) while with Proton you can e2e encrypt your emails using the open standard of PGP.
Show emails in plaintext and not HTML in your email client
Emails can be either in HTML or Plaintext. HTML add various risks as remote code is being executed on your machine. See usePlaintext for instructions.
Use a desktop client to read and backup your emails
To prevent some content manipulation or data collection you shoyuld start using a desktop client for your emails. This will also allow you to backup your emails locally. We recommend you use ThunderBird.
Encrypt emails with your own PGP key
If you use a desktop email client you can also start using extensions like MailEnvelope to encrypt and decrypt your emails locally while keeping your keys locally as well. This will lessen the ammount of trust you have in your email provider.
Use your Hardware Security Key to store your PGP keys
Anyone in control of yo ur PGP private key can read your communications. To prevent this you should store your PGP keys on a hardware security key like a Yubikey.
Do not use email for communications
Email is inherently insecure. Even if both parties use encryption with PGP, the email metadata (such as sender, subject, recipient, and timestamps) are still exposed. The only way to make it secure is to create a new encryption mechanism like Tutanota but then if both parties do not use it the email will still be insecure. If you want to message someone securely the only email you send should be the link to your Signal, Threema or SimpleX account.
Use a custom domain
See why I think it is not a good idea in most situations here (my blog). The only valid use cases I found were for a more convenient way to move between email providers and a more professional professional-looking email address.
Self hosting email
See why I think it is a bad idea for both privacy and security here (my blog).