Weekend Wins: Fix That Leaky Email in 10 minutes
Your Email is a Privacy Nightmare—Here’s How to Fix It
I can still remember the first time it happened to me.
You’re scrolling through your inbox. You see the obvious usual suspects that you’ve grown accustomed to. So much so you probably don’t even look at them anymore or sometimes you might even laugh.
“Urgent notice”
“We have a question about your order”
“Your Bitcoin Wallet was hacked”
But every once in a while there is one email that you catches your eye because it’s not the usual “easy-to-spot” fake.
Let me know if this sounds like like the thought process you go through:
Maybe it’s a password reset request for an account you forgot existed, and at first, you assume it’s spam.
Then you check the sender.
It’s real.
You didn’t request a password reset.
But someone else did.
If they get in, they won’t just read your emails. They’ll have full control over:
Your banking accounts through password reset links.
Your social media profiles, which can be hijacked or impersonated.
Your work accounts, putting your reputation at risk.
Most people think of email security in terms of spam filters and phishing scams. But potentially the most dangerous risk? Losing control of your inbox means losing control of everything.
And the worst part? You don’t even have to get hacked for this to happen.
If you’re still using Gmail, Yahoo, or Outlook, your inbox has already been scanned, tracked, and stored indefinitely—often without you realizing it.
Big Tech’s Dirty Secret: How Most Email Services Sell You Out
Most people assume their inbox is private.
You sign up for Gmail, Outlook, or Yahoo because they’re popular, reliable, and convenient. But what you don’t realize is that these mainstream email providers are not built for your privacy—they’re built for data collection.
Behind every “free” or default email service is a hidden economy where your messages, contacts, and behaviors are harvested, analyzed, and monetized.
Here’s what they’re really doing with your inbox:
1. Gmail: The Data Hoover That Powers Google’s Empire
Gmail isn’t just an email service—it’s a data collection machine.
Every email you send or receive is scanned to create a profile of your interests, habits, and behaviors.
Deleted emails? They’re not really deleted—Google still stores copies on its servers for an indefinite period.
Google tracks your location whenever you log in and syncs your Gmail data with its entire ecosystem, from Google Search to YouTube to Google Ads.
📌 In 2018, Google confirmed that third-party developers—and even Google employees—could read users’ private emails.
They promised to “restrict access” afterward, but let’s be real: Google’s entire business model depends on collecting data.
2. Outlook: Microsoft’s Quiet Surveillance Machine
Microsoft markets Outlook as a secure business tool, but behind the scenes, it’s playing the same game.
Microsoft hands over user data to governments more than any other tech company.
Outlook’s spam filters don’t just block spam—they scan your incoming emails for patterns, feeding AI models that improve Microsoft’s advertising algorithms.
Even if you don’t use Outlook, Microsoft collects metadata from emails sent to Outlook users—so you’re still exposed if you communicate with someone using it.
📌 In 2021, Microsoft was caught secretly collecting the content of Teams messages, Outlook emails, and Skype conversations for its AI training.
The data collection goes beyond just these Microsoft programs, the operating system itself is setup by default to track you. Find out more about how they are doing it and more importantly how to stop it in this article:
You don’t even have to be the target—if someone you know is using Outlook, Microsoft already has data on you.
3. Yahoo Mail: The Dinosaur That Won’t Die (But Still Spies on You)
Yahoo Mail might not be as popular as Gmail, but it still has 200 million active users—and a long history of privacy violations.
Yahoo was caught scanning all incoming emails on behalf of the NSA under a classified government order.
In 2013, Yahoo suffered one of the largest breaches in history—3 billion accounts were compromised, and they didn’t disclose the full extent until three years later.
Even today, Yahoo sells data from your emails to advertisers, including details about your shopping habits, travel bookings, and financial transactions.
If you still have a Yahoo Mail account, you’re essentially handing over your entire digital history to corporations, advertisers, and even government agencies.
4. Apple Mail: Private? Not Quite.
Apple positions itself as the “privacy-first” alternative, but here’s the reality:
Apple stores your iCloud email data unencrypted, meaning Apple employees—or anyone with a subpoena—can access your messages.
Apple scans your emails for "suspicious content" using AI, and while this is framed as a security measure, it’s still a form of mass surveillance.
If you use Apple Mail on an iPhone, your metadata—including timestamps, sender/recipient info, and IP addresses—is still collected.
Apple is better than Google or Microsoft, but it’s far from the privacy-first platform they claim to be.
How to Fix This: The Best Private Email Alternatives
At this point you are probably completely frustrated because you feel taken advantage of by your email service.
I get it. I’m here to help.
If you’re serious about protecting your data, you need an email provider that treats privacy as a feature—not a hopeful last thought.
A secure email service should have:
End-to-end encryption so no one—not even the provider—can read your messages.
No tracking of your location, IP address, or login behavior.
Based in a geographic area with Strong privacy laws that prevent mass surveillance and government overreach.
Robust spam filters that are tuned to the new AI spam tactics
The best options available:
ProtonMail – Swiss-based, encrypted, and fully private.
Tutanota – Open-source, highly secure, and user-friendly.
Mailbox.org – Business-friendly with strong privacy protections.
Skiff Mail– Decentralized and zero-knowledge encryption. (edit SkiffMail is no longer in service)
I personally use ProtonMail because:
No one—not even ProtonMail—can read my emails.
It’s based in Switzerland, which has some of the world’s strongest privacy laws.
It doesn’t track, log, or store any metadata from my emails.
If you’re ready to switch, I’ve worked with Proton to offer my audience a great deal. Switch to ProtonMail Here
Switching email providers is a huge first step, but it’s not enough.
If You Stop Here, You’re Still at Risk
Your email is the gateway to your entire digital life.
But what happens after you secure your inbox?
Your network can still be tracked through your ISP.
Your online purchases leave behind a financial footprint.
Your personal data is floating around in hundreds of databases.
That’s why I put together a convenient Personal Security Guide, a step-by-step roadmap to protecting your entire digital life.
Inside, you’ll learn:
How to migrate to a private email without losing access to your accounts.
How to lock down your home network and block online tracking.
The best way to prevent fraud, data leaks, and financial identity theft.
Why deleting old accounts isn’t enough—and what to do instead.
This isn’t just theory. It’s the exact system I use to keep my data secure.
Get the Personal Security Guide Here
Because email privacy is just the beginning.
Your Turn: Let’s Talk About It
Are you still using Gmail, Yahoo, or Outlook? Why?
Have you ever had an email security scare?
What’s stopping you from switching to a private provider?
Drop a comment below—I reply to every one.
And if this post opened your eyes to how exposed your inbox really is, restack it—so more people can secure their email before it’s too late.
Community Mention
This post I’d like to highlight someone who’s new on the scene on Substack.
from .Most of you will not know but I like to do woodworking projects in my free time (haven’t had any for awhile). My father taught me the skills of woodworking as a young man and they have stuck with me.
I found Daniel’s journey into woodworking very similar to mine. He approaches his content in a way that offers the reader insight into his step-by-step journey to setting up his “shed” and tool selection. Very informative and entertaining. Go check him out. Here is his most popular post:
Until next time…
It all feels hopeless. Without every recipient you email using encryption, email is still sitting in the recipients mailbox unencrypted on arrival AND if we go through the massive effort of switching (changing every single account that sends email to the old address) and deleting it, it’s not even really deleted. What a f** mess.
Hello Jason, thanks for a great article.
I've been keen for a while to swap email, browser, cloud storage and everything, and if it was just my personal stuff I would. The thing that stops me is that I run my own small business which includes a website, domain, hosted emails (we're using office 365 because when we used the domain hosting we got blacklisted so often because the host was hosting multiple businesses). I present and teach so I often have to share documents with people and local councils / gov departments using office... with all this in mind, would a total switch be possible and still allow me to work/share with people using office or google products?
Thanks, Lucinda