Just In Time 4 Tech justintime4tech.fyi ← all guides

Privacy & Sovereignty

Your email is someone else's filing cabinet

A free inbox feels like yours — your name on it, your private letters inside. But a free inbox lives on someone else's computer, in a cabinet they hold the key to. They can read it, scan it, learn from it, and build a picture of your whole life from who you write to and when. Here's what's really in that cabinet, who can open it, and what holding your own key would mean.

Just In Time 4 Tech · A field guide, not a sales pitch

We treat email as private the way we treat a sealed letter. But the architecture underneath is closer to renting a filing cabinet in someone else's office: your correspondence is stored there, the landlord has a master key, and the rent is paid not in money but in permission to look through the drawers. For the big free providers, that looking isn't a scandal or a breach — it's the business model, stated plainly if you read far enough.

This isn't about any one company being villainous. It's about a structure most people have never had laid out plainly: where your email actually sits, and who can open the drawer.

Who can read your email

"Private" suggests only you and your recipient. The reality is a ladder of access most people never see — and on a typical free service, you're not even at the top of it.

Who can open the drawer — typical free inbox

The provider Your mail is usually stored unencrypted on their servers — meaning the company can read the contents, not just the address. They hold the key to your cabinet.
Their systems Automated scanning reads your messages to power features — spam filtering, sorting, "smart" suggestions. Some of this genuinely helps you; all of it means your mail is being read by machines.
Third parties Some providers let outside app developers access your inbox, and the contents can be mined — the vetting isn't always transparent. Trackers in the emails themselves report what you open and click.
Authorities Because the provider holds the key, they can hand your mail over if legally compelled — you may never know. A cabinet someone else can open is a cabinet others can ask them to open.
You Also you, of course — but notice you share the drawer with everyone above. On this ladder, "your" inbox is the one place you're not alone.

One provider argued this openly in court: that everyone using email must necessarily expect their messages to be subject to automated processing — that scanning is simply part of providing the service. They're not wrong about how their system works. The question is whether you knew that was the deal.

A sealed letter is private because no one but the recipient holds a way in. A free inbox is a letter handed to a company that keeps a copy of the key.

What the envelope reveals, even unread

Here's the part that surprises people most: even if no one ever reads a word of your messages, the metadata — the information around the message — quietly draws a startlingly complete portrait. You don't need the letter's contents when the envelopes alone tell the story.

The envelope, not the letter

Metadata is everything about a message except its words — and it's collected at scale.

Who you write Your whole network of relationships — who matters to you, and who you answer fastest.
When & how often Your daily rhythm, your sleep, your work hours — and which relationships are intensifying or cooling.
From where Your location when you send — home, work, travel, traced over time.
Subject lines & senders What you bank with, who your doctor is, what you bought, who you owe — the shape of a life from the labels alone.

Police and intelligence services have long valued metadata precisely because it reveals so much without the "content" protections. A pattern of who-talks-to-whom-and-when is, as one famous quip went, often more telling than the conversations themselves. The drawer doesn't have to be read to give you away. It only has to be catalogued.

Where it's genuinely a fair trade — and where it isn't

Let's be fair, because this field guide isn't about fear. Some scanning is the service honestly working: spam filtering has to look at mail to catch the bad stuff, the way a tax accountant has to see your finances to do your taxes. That's not surveillance — it's the job. And not every provider monetizes the same way; some explicitly don't scan for ad-targeting, and genuinely private, encrypted options exist.

The line isn't "scanning bad, no-scanning good." It's consent and control. Did you knowingly agree to how your mail is used — or was it buried in a policy you couldn't reasonably read? And crucially: who holds the key? A provider that can read your mail is one breach, one policy change, or one legal order away from that mail being elsewhere. The risk isn't only what they do today. It's that the key isn't yours.

What holding your own key looks like

Sovereignty over email runs along a spectrum, and you don't have to leap to the far end to gain ground. The principle is the same one threading this whole field guide: the less someone else holds, the more is truly yours.

  • Encrypted, zero-access providers. Services built so that even the provider can't read your stored mail — the key stays on your side. Ad-free, paid by subscription rather than by your data. A large step toward sovereignty with little effort.
  • Your own domain. Sending from you@yourname.com instead of a provider's address means you can change who runs the mail behind it without changing your address — the same portability that matters for a website. You own the name; the plumbing is replaceable.
  • Self-hosted mail. The far end: running your own mail server, so the cabinet is literally in your house and you hold the only key. It's more work and not for everyone — but it's the purest form of the thing, and modern tools have made it far more approachable than it used to be.
  • Strip the trackers. Whatever you use, blocking the spy-pixels inside emails stops senders from learning what you read and when. A small move with outsized return.

You don't have to host your own mail to be sovereign. You only have to stop assuming the cabinet is yours when the key isn't.

See your own ladder

You don't need to overhaul anything today to see where you stand. A few honest questions:

  1. Is my mail stored in a way the provider can read — or with zero-access encryption only I can open?
  2. How is my free inbox paid for — and what does the provider do with what it learns from me?
  3. What third-party apps have access to my inbox right now? (Most providers list this in security settings.)
  4. Do I send from an address I own — my own domain — or one I'd lose if I left?
  5. What would it cost me to leave this provider — and does that cost feel like a choice or a trap?

Whatever you find, it isn't cause for alarm — it's just the cabinet, finally seen clearly. Most people have never once been shown who holds the key to their inbox. Now you can decide, on purpose, how much of your correspondence you'd like to actually hold yourself.

When you're ready

Want email on a foundation you actually hold?

I help set up sovereign mail — your own domain, privacy-respecting or self-hosted providers, trackers stripped — so your correspondence sits in a cabinet you hold the key to, not one rented from a company that reads the drawers. The same own-it-completely standard as everything else here, pointed at your inbox.

See privacy & hardening services →

The field guide · one thesis, ten threads

01Your fonts are phoning home 02You can measure traffic without surveilling people 03The cookie banner confession 04Who owns your website? 05Fast is a privacy feature 06Your site should let everyone in 07Your email is someone else's filing cabinet 08The CDN that watches everyone 09What your keyboard sends home 10Consent isn't a contract you sign once