You Should Use a Private Email Server. Google Makes It Hard

The security rationale for owning a private email server is straightforward. The main way hackers break into email accounts is by phishing, sending links to fake login websites that trick you into giving away your password. But traditional email servers don’t use the web at all. The only way to log in is through Outlook, Apple Mail, or another email app, making them more or less impossible to phish.

Privacy is another draw. The server’s data can’t be tapped by, say, Google to form a sprawling psychological profile aimed at selling you stuff you don’t need. And if the police want to read your emails, they have to come to your house with a court order instead of emailing one to Mountain View, Calif. On the other hand, if your private server is accidentally destroyed by accidentally falling in a lake before said order can be served, well, that’s accidentally that.

I’m not planning to commit any lakeworthy crimes, but stories about tech companies’ violations of privacy have gotten me thinking about a scenario that once seemed unimaginable: life without Gmail. Google, after all, has repeatedly been accused of improperly collecting user data. Earlier this year it paid $13 million to settle a class action over its Street View program’s scooping up personal information from people’s home Wi-Fi networks. (It denied any wrongdoing.) And yet I was still giving it the entirety of my inbox. If some of the world’s plutocrats didn’t trust Gmail—or Yahoo Mail or, God help them, AOL—why should I?

“You shouldn’t have to be in some sort of political or financial elite to have access to something like this,” says Giri Sreenivas. He’s an engineer who runs Helm, a startup in Bellevue, Wash., that aims to bring the Hillary setup to the rest of us. Sreenivas co-founded Helm three years ago because he was concerned about the ways the online services we use are also using us. He decries the rise of “surveillance capitalism,” a term that author and retired Harvard Business School professor Shoshana Zuboff coined to refer to the vast stores of private data that big tech companies, especially Google and Facebook Inc., amass and effectively sell to advertisers. “The internet was meant to be open and free and should allow anyone to participate as an equal member,” Sreenivas says. “The pendulum has swung too far in the other direction.” He’s quick to note that he doesn’t condone the use of private servers for diplomacy, since the public should be able to keep tabs on public business.

Setting up my own email server would have been impossibly daunting if I’d had to figure it out for myself. Now I could buy Helm’s beautifully packaged model, which looks like the roof of a toy house and was designed by the guy behind the Fitbit, for $499. Sreenivas’s software promised to manage it for me for an additional $99 a year after the first year, which would include backing up an encrypted version of my server to the cloud. The Helm came with a metallic USB drive with a ring on one side, a “key” needed to decrypt the backups. That means aspiring lawbreakers would have to destroy the key, along with their server and their smartphone, to truly erase their data.

This spring, I started telling friends, family, and co-workers to send email to a new address at maxchafkin.com. My friends and co-workers mostly just stared blankly. My mom called it “neat.” Nobody seemed to appreciate that I was about to try moving away from my primary mode of communication for the past 15 years.

Gmail has been more important to me than any product I’ve ever owned. It’s where my wife and I first started flirting, and where she and I now, 14 years and two kids later, send jokes and Gchat-length love notes. It was the center of my professional life for years, and I still use it for some work-related stuff. It contains the contact information of pretty much everyone I’ve ever known, correspondence with sources from my days as a freelance journalist, plus a decade and a half of credit card bills, tax returns, embarrassing pictures, bad jokes, and apologies for those jokes. Here’s one thing Google won’t know until this story runs: In the summer of 2004, shortly after I graduated from college, I paid a guy on EBay $5 for an invitation to sign up for it.

Google had launched the service a few months earlier, and to join, you still had to get an invite from someone who already had an account. At the time, most email providers offered users maybe 20 megabytes of data, making them either delete the rest of their inbox or download it to a desktop computer. Google provided a gigabyte to start with and periodically increased the total. Even better, users no longer had to sort their inboxes into a complex series of folders; all they had to do to find a message was type a keyword into the Gmail search bar. “Never delete another email” was the service’s tag line, and until 2006 it didn’t even have a delete button, just “archive.” All of this was free. When the company first announced the basic pitch on April 1, 2004, it seemed so unbelievably good that many people assumed the whole enterprise was an April Fools’ joke.

To pay for this magic, Google said, it would show us ads tailored to the contents of our inboxes. In other words, it would use computers to scan our messages. Some critics immediately called this a creepy move. A California state senator, Liz Figueroa, said it was “a disaster of enormous proportions,” noting that non-Gmail users who corresponded with Gmailers could be unwittingly giving up their right to privacy.

Google treated Figueroa and her ilk like rubes. In a privacy notice that appeared prominently on the Gmail login screen, the company said such critiques were “misinformation” that threatened “to eliminate legitimate and useful consumer choices.” This argument seems laughable in today’s era of tech-enabled misinformation, but it’s one that I, and most in the press, accepted at the time. I was such a voracious Gmail user that I eventually went way past the 15-gigabyte limit and started paying the company $1.99 per month for extra storage.

We did so, I think, because Gmail was so useful and because Google’s tailored search ads seemed harmless. (Like early Facebook ads, they were a lot less intrusive than they are today.) In 2017, Google said it would stop customizing ads based on the content of users’ Gmail messages, though it still scans those emails for security purposes and for use in features such as Smart Compose, which suggests words and phrases before you type them. A spokesman says that the company “anonymizes” the data and that features like Smart Compose, which are turned on by default for consumers, are optional for corporate customers. I suppose that’s comforting if you’re a corporation.

Google has always emphasized that no humans are involved in any scanning, but last year the Wall Street Journal reported that the company had allowed marketers—“developer partners,” Google has called them—to read users’ emails, even after its 2017 promise. A few months later, Google announced changes to its policies, including a new ban on any outside app that isn’t “directly enhancing email functionality,” a rule preventing developers from selling data to marketers, and another declaring that “human review of email data must be strictly limited.”

Given Google’s track record, it’s important to remember that Gmail’s principal function—sending an email—works more or less like every other system that’s used the simple mail transfer protocol since its invention in 1982. When you send a message, your email client (Gmail, or Apple Mail, or Microsoft Outlook) uploads it to the server managing your email, which looks at the destination address and sends the message to the recipient’s server for download to their phone or computer. If you’re both using private servers, the only intermediaries are the telephone wires or cell towers through which the data travels.

There are downsides to this closed circuit, notably that it heightens the consequences of human error. If, just as a crazy example that definitely didn’t happen to me on Day 2, someone inadvertently unplugs your email server while vacuuming, emails sent to your inbox won’t be delivered until it’s plugged back in.

It took me about an hour to get my server up and running. That included setting up my domain name, copying all the old emails from my Gmail inbox so I wouldn’t lose them forever, and configuring my smartphone and computer to receive messages. It was easy enough, though not Google-level easy. Search was also a bit of a comedown: I’d have to rely on Outlook’s search engine, which is better than I’d remembered from The Time Before Gmail but painfully slow by comparison.

Even so, the experience of having my data sitting there in a little box on my desk where I could keep an eye on it was weirdly thrilling, and I soon noticed changes in how I thought about other services, especially Google’s search engine. A few weeks later, I found myself resisting the urge to search the web for information about a family member’s serious medical problem, realizing that this query would inevitably go in the tech company’s profile of me, leading to the inevitable pharmaceutical ads and who knows what else. In the past, I wouldn’t have given this a second thought, but suddenly it seemed like an insidious double-bind of surveillance and self-censorship. I started using DuckDuckGo, a Google competitor that doesn’t collect user data.

The experience made me wonder if Google’s data collection practices had been restricting my thoughts. This seemed half-crazy until I started asking around about the idea. A 2017 study published in The Cambridge Handbook of Surveillance Law showed that web searches for health-related terms fell after the 2013 disclosure by National Security Agency whistleblower Edward Snowden revealed previously unknown levels of government spying on internet activity.

For years, I realized, I’d been self-censoring my emails, too, keeping certain thoughts and feelings out of even personal correspondence because of a fear that they might wind up in a hack, or a lawsuit, or some advertiser’s data dump. People do this at work all the time, but it seems slightly insidious as more of our personal communication moves to electronic forms. Although my Helm could still get hacked, it made me feel a tiny bit freer. No bosses were reading my emails, nor were any Google bots or spies—I mean, uh, “developer partners.”

The downside of my new freedom, and it was a huge downside, was that my messages sometimes didn’t get delivered. I’d send a question to a friend, wait expectantly, then have to send a text asking if they’d received the note. During the first couple of weeks, the answer from my Gmail-using friends was generally no. Google was routinely quarantining my Helm messages in spam folders. To fix this, I’d then have to ask contacts to add my new address to their Gmail address book. Most didn’t bother, leading to more missed messages and more hectoring texts.

There’s a term of art for this: “warming up” your inbox, to build cred for your server with Google and other cloud mail services, so that they won’t assume you’re writing to offer a secret Nigerian fortune or cheap Oxy. As anyone who’s had to complete a Captcha knows, having to act a bit like a robot to convince a robot you’re a human is humiliating, and the begging-my-friends part made it awkward, too. Plus, I couldn’t take that tack with strangers, so a lot of the important emails still wound up going through Gmail.

Was this a spam-prevention strategy or a clever way to retain me as a Google customer? Google says that its priority is to protect users from unwanted and harmful messages and that my recipients would naturally train its algorithms when they dug them out of their spam folders and clicked the “report not spam” button. But it’s hard not to see this trashing of small-fry servers’ messages as a happy accident for the company, at least. “There’s a power dynamic at play here,” says Sreenivas, who argues that Google could easily fix the problem if it wanted. “They’ve gotten overly aggressive.”

My delivery rate improved the more I used my Helm account. Still, the experience has led me to hesitate every time I want to send a message that seems even moderately important. In those cases, I usually end up opening my old Gmail account. Sreenivas says my experience is unusual, and I believe him. But as much as I want to be free of the thrall of surveillance capitalism, I also want to use the thing that works.

“I ran my own server until about 2007, but Gmail was too easy,” the chief executive officer of a publicly traded tech company told me over lunch a couple of months ago, shortly after I’d set up the Helm. He asked me if I really trusted my server—set up by me, an English major with a full-time job that doesn’t involve engineering, and guaranteed by a 10-employee startup—more than I trusted one of the world’s most technologically sophisticated companies, which employs battalions of Ivy League Ph.D.s and former intelligence officers in its security department.

The counterargument is that even the most technically sophisticated companies get hacked. Yahoo’s security team, called “the Paranoids,” was widely considered one of the best in Silicon Valley, until it was revealed in 2017 that hackers had stolen the passwords of all 3 billion Yahoo accounts four long years earlier. Just because you’re paranoid doesn’t mean they aren’t out to get you.

By contrast, despite the controversy around Hillary Clinton’s server, the emails stored in her basement were never hacked as far as we know. Clinton was the ultimate victim of two embarrassing hacks, though: the emails of the Democratic National Committee, which had been following normal corporate IT practices, and the personal inbox of her campaign chair, John Podesta, who typed his Gmail username and password into a fake login page.

When I brought up Podesta, the tech CEO nodded and then looked down at my iPhone, which was sitting on the table. My email might be safe, but email was only a small part of my data footprint, he pointed out. The phone had a decade’s worth of pictures stored on it, plus texts, a call history, and a million other things—backed up, of course, on Apple Inc. servers. “The thing I’d be worried about,” he said, “is iCloud.”

©2019 Bloomberg L.P.