Whenever a person asks me for a Riseup invitation, I ask them a simple question: “why?” If their answer is “privacy”, I’ll tell them that their privacy practices are more important than the service they use. It doesn’t mean that it’s good to use Gmail, it means that if they don’t meet the basic requirements of respect for their privacy, safe tools will not help them.
As you know, email is not a centralized system. Unlike messengers like Telegram, you’re not forced to sign-up on a certain email provider to message somebody. For example, I can email my friend, email@example.com, using my own email server, firstname.lastname@example.org. Email is a decentralized system.
Now, you should know that on decentralized systems it’s important for both sender and recipient to follow safety protocols. If you enable two-factor authentication, use a secure service like Aktivix, download all of your emails to your localhost and erase the server from every single detail that can be used to identify you, you followed a pretty good practice for your safety. However, if your recipient uses 12345678 for password or even keeps your emails on its Gmail account, all you did is worthless.
But there’s still some things to do. For example, encrypting your emails is what you should do if you’re not sure about privacy practices of others. When you encrypt your emails, you reduce the chance of personal/important details to be read by a computer or possibly humans.
Email is just an example for sure. Another example is your messengers. You can use a safe messenger (in general) like XMPP but unless you don’t encrypt your messages, there would be no difference. Unencrypted messages on XMPP can be as dangerous or privacy-violating as Whatsapp. In both situations, your messages can be read by a robot or a person.
How to Practice Privacy?
What I personally do is whenever I’m going to use a service, I think about how much personal data I’m providing.
First of all, it’s important for me to use free software. By using free software, I can understand how that software or service works. By understanding the software, I can decide whether it suits me or not.
Another thing is that I always encrypt. Encryption is almost everything left for us, people, to protect ourselves. No encryption means no safety. Also, I never use software that wants to handle my encryption. Encryption helps my safety if I’m the one who controls it, not the server.
When your service provider wants to encrypt your messages using keys that they own, safety just becomes a lie.
If you want someone not to read your letters, it’s you that should hide the letter. You can’t trust the one who you’re trying to hide it from to hide your letter.
One of my other practices is that I almost always use decentralized services. With decentralized services, we can choose a service provider that is more privacy-respecting and still use the same service we want.
An example of decentralized service is Mastodon. With Mastodon you can choose an instance with good privacy policies and still use the same software.
You should always remember that nobody is trustworthy enough with your personal information. The first rule of being safe is to be able to be anonymous. Anonymity is a choice but the ability of being anonymous is a right.
You should know that privacy comes with a cost. Nothing is free in this world. You either pay with money, or you pay with your data and privacy. The way you pay, however, is your choice and you’re gonna choose your way by choosing your practices.