Wall Street Journal exposes 3rd party access to users’ Gmail inboxes.
Google admitted this week that while they have honored their promise to no longer scan users inboxes for advertising purposes, they have not restricted 3rd party application developers from doing so.
Sources quoted in the Wall Street Journal [paywall] article said that developers have access to hundreds of thousands of email inboxes through the Gmail plaform in “plain text”.
Additional information about Google’s inherent privacy issues are discussed more in-depth by ProtonMail’s developers here.
Clients of McAfee Media Solutions are recommended to explore using alternative email options until this issue is resolved. Several alternatives are offered and explained below:
FlowCrypt.com
Starting in 2016 as CryptUp, FlowCrypt is a Free, Open-Source plug-in for Gmail that allows users to send and receive PGP encrypted emails with little-to-no technical ability. The service allows for both signed and/or encrypted emails to be sent from Gmail user to user with on the fly encryption. Because encryption and decryption occur in the users browser and not on a far away server, users can be reasonably sure that their data is safe. One downside, while FlowCrypt offers a mobile app, emails sent with FlowCrypt will appear in as an encrypted PGP block when viewed without the plugin or mobile app. This can make checking email on a friend or work computer difficult, though we trust that our clients know better anyway.
Bonus feature, all users are given a free personalized and encrypted dropbox that can be used to receive important or sensitive messages or files.
ProtonMail.com
Started in 2015 by researchers at the Large Hadron Collider, ProtonMail serves as an end-to-end encrypted private mail storage service. While paid services are available, all users are able to access a free mailbox with a name of their choice, access to mail aliasing, and at-rest and end-to-end encryption. Even easier to use than FlowCrypt, ProtonMail manages the entirety of the PGP encryption keys without any user interaction. Additionally, 2 Factor Authentication and VPN services are available on the platform.