ProtonBlog(new window)

Gmail is not end-to-end encrypted, and Google retains access to all your emails. Here are five steps to make Gmail more secure and the best alternative if you’re looking for genuine privacy.

We explain why Gmail is not completely secure or private, how to improve Gmail’s default security, and the easiest way to secure your emails so no one but you can read them.

How secure is Gmail?
Is Gmail private?
Is Gmail secure from hackers?
5 steps to make Gmail more secure
      1. Use a strong password
      2. Turn on two-factor authentication (2FA)
      3. Beware of phishing attacks
      4. Try Google’s security checklist
      5. Use enhanced encryption
Is Gmail safe for work?
Best Gmail alternative for security and privacy

How secure is Gmail?

First, Gmail does encrypt your emails but cannot guarantee they’re completely secure all the time. That’s because Gmail uses standard TLS (Transport Layer Security)(new window) encryption by default.

With TLS, your emails are secure while they’re being sent from A to B, but only if the recipient’s email service supports TLS. And once they arrive, the privacy of your emails depends on what encryption the receiving server uses.

Second, Google holds the encryption keys to the emails stored in your account. So Google can access your data and hand it over to third parties, like advertisers and governments. Only with end-to-end encryption(new window) can you guarantee that no one else can read your private emails.

Get Proton Mail

Is Gmail private?

Gmail is not private because Google relies on your personal information to make money. Google tracks your every move online and shares your personal data with advertisers(new window). While Gmail is labeled “free”, you’re actually paying for the service with your data.

Google said that Gmail stopped scanning your emails for advertising(new window) in 2017. Yet later Google was caught giving third-party developers access(new window) to users’ emails. Google also uses Gmail to track the things you buy(new window) and scans emails to enable smart features(new window) by default, though you can switch this off.

Google records everything you do as you use its services. As the Gmail privacy label in Apple’s App Store shows, Gmail collects vast amounts of your personal data.

Gmail privacy label showing a list of the personal data Gmail collects — an indication Gmail is not secure or private

In short, a service that relies on surveillance-based advertising(new window) can never be genuinely private.

Is Gmail secure from hackers?

Google takes steps to secure Gmail accounts from hackers. And you may think hackers are unlikely to target your account unless you’re a high-risk individual like a political activist, journalist, or public figure.

While that may be true for most people, you could still fall victim to a data breach(new window). As Gmail is not end-to-end encrypted(new window), it is technically possible to intercept Gmail data. So if Google’s servers were somehow compromised, your data could be exposed.

And remember that Gmail is not as secure as it could be out of the box. As with all email providers, the security of an individual Gmail account depends on how you set up and use it. Follow the advice below to reduce the risk of being hacked.

5 steps to make Gmail more secure

Here are five steps you can take to improve the security of your Gmail account.

1. Use a strong password

Create a unique, random password for your account. Learn more about strong passwords(new window), and consider using a privacy-focused password manager(new window) to create and remember them.

2. Turn on two-factor authentication (2FA)

Make sure you activate two-factor authentication (2FA)(new window), which Google calls 2-step verification. With 2-step verification, after filling in your password, you enter a six-digit code from your phone to gain access.

3. Beware of phishing attacks

Phishing is when criminals send malicious emails to trick you into falling for a scam. Over the first half of 2022, phishing remained the top cause of data breaches(new window) in the US. Learn how to spot and prevent phishing attacks(new window).

4.  Try Google’s security checklist

Go to Google’s Security Checkup(new window) and see what it recommends. The checkup mainly contains the steps we cover here, and it will not stop Google from scanning your emails. But it may flag suspicious activity in your account or other sensitive settings you could tweak.

The Google Account Security Checkup, a way to check how secure your Gmail is

5. Use enhanced encryption

You can also set up enhanced encryption in Gmail, known as S/MIME(new window). But S/MIME is aimed at enterprise users, and you’ll need to pay for an eligible Google Workspace account to use it. So let’s take a look at Gmail encryption for work.

Is Gmail safe for work?

If you have a paid Gmail account for work (Google Workspace), Google says it uses 128-bit AES(new window) encryption or stronger to store your data and TLS to protect your emails in transit. 

While these are robust protocols, Google Workspace emails are not end-to-end encrypted. If you have an eligible account, you can enable enhanced encryption (S/MIME)(new window), though you’ll need an administrator account to set it up.

But even with S/MIME enabled, your emails are not as secure as they could be:

  • Messages still are not end-to-end encrypted, so it’s possible that Google or a third party could access them.
  • S/MIME encryption only works if the email recipient also has S/MIME enabled. There’s no way to send a private email to anyone who does not have S/MIME set up.
  • Unlike PGP(new window), S/MIME has a centralized system of certificate authorities that could be compromised, though this may only matter to you if your business requires the strictest confidentiality.

So if you’re serious about the security and confidentiality of your business communications, consider a more secure alternative.

Best Gmail alternative for security and privacy

If you’re looking for the best security and genuine privacy for your emails, you need to use end-to-end encryption.

You can use a third-party plug-in like Mailvelope(new window), which allows you to use end-to-end encryption in Gmail. Yet this requires some technical knowledge to set up, and you’re restricted to a web app. You can’t use it with mobile devices.

The easiest alternative is Proton Mail, which is more secure than Gmail(new window) but just as easy to use. Proton Mail has advanced security features enabled for all accounts, free or paid, to give you privacy by default:

  • Only you can read your emails: End-to-end encryption goes one step further than TLS. Not even Proton can read them.
  • Improved security in a data breach: Zero-access encryption(new window) means all emails in your account are encrypted, even those not from Proton users.
  • End-to-end encryption to anyone: Send a Password-protected Email(new window) for free to any email account.
  • No tracking or logging: While Google tracks every action you take with your free Gmail account, Proton Mail records nothing you do.
  • Swiss privacy: Unlike Google, which is based in the US, Proton Mail is subject to Swiss privacy laws, some of the strictest in the world.

At Proton, our vision is to make secure email available to everyone, so join us — sign up for secure email for free.

If you’d like to support our vision, get a paid individual plan, or consider Proton for Business if you need email for work. Together, we can build a better internet where privacy is the default.

Secure your emails, protect your privacy
Get Proton Mail free

Related articles

passwordless future
With the advent of passkeys, plenty of people are predicting the end of passwords. Is the future passwordless, though? Or is there room for both types of authentication to exist side-by-side?  At Proton, we are optimistic about passkeys and have int
At Proton, we have always been highly disciplined, focusing on how to best sustain our mission over time. This job is incredibly difficult. Everything we create always takes longer and is more complex than it would be if we did it without focusing on
is icloud keychain safe
If you’re on any Apple device, you’re familiar with the iCloud Keychain, the Apple password manager. It’s a handy tool that stores passwords for you and helps you manage your logins.  For a program that stores all your most sensitive data in one pla
We recently announced that Proton Pass now supports passkeys for everyone across all devices. Universal compatibility is a unique approach to implementing passkeys, unfortunately. Even though passkeys were developed by the FIDO Alliance and the Worl
How to upload and share private video
Your private videos are for your eyes only. However, not all cloud storage services are good at storing videos securely, let alone privately. In this article we explain what you can do to keep file sharing companies from having access to the videos y
Many email services, citing security reasons, require a phone number for identity verification. This creates an unfortunate paradox in which you must give up a highly sensitive piece of personal data to Big Tech. But there are simple ways to create
Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec