In The Guardian, a journalist tells of her experience of having her email account hacked.
"The realisation dawns that the email account is the nexus of the modern world. It's connected to just about every part of our daily life, and if something goes wrong, it spreads. But the biggest effect is psychological. On some level, your identity is being held hostage.
"The company that presents itself as the friendly face of the web doesn't have a single human being to talk to in these circumstances."
I love free stuff. I use free blog services and free email services, and I see it as a double advantage that, as well as not costing me anything, these services are somewhat at arms length from my identity. Possession of a few keys and passwords are what make me "anomalyuk", nothing more than that.
My real-world identity is another matter. My personal email accounts, with which I support my personal relationships and business relationships, are provided to me — here's a novelty — as a paying customer. The providers' customer services may be good or bad, but at least they exist and I can use them. It makes no difference to a Gmail user how good Google's customer service is, because Ms Davis and other Gmail users are not Google's customers at all.
I actually pay a couple of quid a month just for my email service, but that isn't necessary. Like you, Rowena Davis has an ISP — possibly more than one, if she gets her mobile separate from her home internet. They will provide her an email address, as part of the service she is paying for. They know it belongs to her, because she pays the bill, and if, as the bill-payer, she phones up and needs it reset, they will do it for her. However, for this service which she correctly observes is the nexus of her life, she has chosen to rely instead on a handed-out-on-the-street freebie instead.
I hereby declare that to be a Bad Idea.
Davis's story links to another recent one, of a 79-year-old charity volunteer who went through the same ordeal. Twice. The police told her: don't use free email services. Her conclusion at the end of the article: the police need to devote more resources. Not her — she's sticking with free.
There is one drawback with using your ISP's email service, which is that you may lose it if you want to change ISPs. As it happens, two generations of free services have come and pretty much gone (remember bigfoot? rocketmail?) in the time I've been with my current ISP, but that may be a fluke. And in any case, the old addresses are still supported.
If that concerns you, then do what I do and pay for it. One leading provider charges 69p a month for email hosting, plus £2.99 a year for domain registration — giving you an address that is transferable across providers and that looks more professional than a vodaphone or gmail address. And they have 24x7 telephone support. Alternatively, Yahoo! do an email service for $19.99 a year. Bigfoot, it emerges, are still around, and charge $19.95 a quarter. Is £1 or £3 a month really not worth paying for "the nexus of the modern world"? I should emphasize: it's not just that paying for the email makes it feasible for the provider to offer you some level of support: the mere fact of there being a payment makes it enormously easier for them to identify you, and therefore to clear up these fraud issues.
The surprising thing is that they're not marketing this more aggressively. The problems Davies had have been common for a few years: everyone in her position should be paying for decent email, but the providers aren't advertising on that basis. Google don't offer a premium service like Yahoo's, Microsoft charge $9.95 a month, which is a bit steep, and the services just aren't marketed.
ISPs could offer domain and mail hosting as an extra, but the consumer-oriented ones don't, or don't push it.
Possibly the providers are worried about adverse selection: if they advertise on the basis of being able to handle hacking incidents, they're offering hostages to fortune in terms of the inevitable dissatisfied customers undermining their name with complaints.
As a disinterested (and irresponsible) third party, I will do it for them: Do not use Gmail. Do not use MSN Hotmail, unless you are paying the $9.95 a month for premium (which I don't recommend, because it's too much). Use your ISP's email account if you're not planning to move or switch in the next five years. Otherwise get a personal domain and get a basic email service from the likes of 1and1, or, if that's too complicated (and it is a bit complicated), get Yahoo! Plus for $19.95 a year. I'm not recommending these through experience, just through looking for email services that cost a little money and offer telephone support.
If you're not willing to pay, or you're not willing to give up Gmail (which, I admit, is a very nicely done service), then remember that you have nobody to whine to if your Gmail is hacked. You have other options, and you have chosen to trust your email to a company you have no commercial relationship with. I have nothing against Google, but if you want a company to have responsibilities towards you, you have to pay them.
Labels: crime and freedom, technical