US privacy violations

Enos · 9 Aug 2013, 04:42 PM

(edited 2013-08-09@08:30 GMT)

Dear Fastmail.fm (or should I say dear Opera),
I have been your customer for a few years, during which I have been extremely pleased with your services, with the sole exception of the dreadful Web interface change.

I am now very concerned, because of recent abuses within the country now hosting your servers: the US.
I have nothing specific to hide from their paranoid three-letter-agencies, but I am concerned for the privacy of my contacts, I am concerned ordinary communications could be misinterpreted and I am concerned service continuity itself could be impacted (as it just happened with the recent closure of lavabit.com).

I understand you do better than other US-based companies in this regard, still I officially ask you the following:

Are fastmail.fm servers and data totally impervious to third-party access as far as you know?
(including physical and supervisor access, excluding network connections)

To which jurisdisction(s) are fastmail.fm mailboxes and network connections privacy and continuity ultimately subject?

Have you planned imminent relocation of your physical infrastructure to independent countries?

My continued use of your services depends upon clear and satisfactory replies to the above.

Thank you,
Kindest Regards from Italy

Enos D.
Security Consultant

r33 · 9 Aug 2013, 06:02 PM

I share your concerns. I renewed my sub before the whole Snowden thing hit the proverbial fan as I was very happy with the service (even the new web interface), but if I had to make this decision now, knowing about the massive privacy violations and the shutting down of lavabit.com, I would think twice.

Ric · 9 Aug 2013, 10:25 PM

I am also quite curious as to your thought on the shutting down of fastmail in a similar fashion to lavabit.

Are there circumstances in which you'd shutdown overnight to protect your customer's privacy?

janusz · 9 Aug 2013, 10:43 PM

Quote:

Originally Posted by Ric

Are there circumstances in which you'd shutdown overnight to protect your customer's privacy?

Of course, if/when it comes to that, you'd provide compensation for affected customers, wouldn't you?

thymara · 10 Aug 2013, 04:14 AM

add Silent Mail to the list of closed services

schlocker · 10 Aug 2013, 06:10 AM

+1

Excellent questions OP.

$5 a year is reasonable even if the storage capacity is considerably less than Lavabit, I would be behind FastMail 100% if the ownership has the same testicular fortitude that Ladar Leveinson has shown in the face of U.S. federal thuggery.

Ceramic · 10 Aug 2013, 06:15 AM

Also, last time I checked, Fastmail stores our passwords in *plaintext*, so if anyone gets holds of the server HDDs....

jcc · 10 Aug 2013, 06:32 AM

Quote:

Originally Posted by mucalculus

Also, last time I checked, Fastmail stores our passwords in *plaintext*, so if anyone gets holds of the server HDDs....

Citation desperately, achingly needed.

jcc · 10 Aug 2013, 06:44 AM

Quote:

Originally Posted by mucalculus

Also, last time I checked, Fastmail stores our passwords in *plaintext*, so if anyone gets holds of the server HDDs....

FWIW:

"[...] all passwords are now stored properly salted and hashed using industry-standard bcrypt."
http://emaildiscussions.com/showpost...5&postcount=96

Ceramic · 10 Aug 2013, 06:47 AM

Quote:

Originally Posted by jcc

Citation desperately, achingly needed.

http://www.emaildiscussions.com/showthread.php?t=52276

I got into into an argument in that thread with a Fastmail rep who claimed this wasnt a big deal.

Ceramic · 10 Aug 2013, 06:49 AM

Quote:

Originally Posted by jcc

FWIW:

"[...] all passwords are now stored properly salted and hashed using industry-standard bcrypt."
http://emaildiscussions.com/showpost...5&postcount=96

Ah THANK GOD. Thanks for the update.

Adon · 11 Aug 2013, 01:35 AM

So, as Fastmail's servers are physically located on the American soil, they are subject to the American law. You cannot operate in a country whille not being subject to the country's laws. Say I cannot go the the USA and punch someone and then tell them that in my country punching people randomly is not an offence.

PON · 13 Aug 2013, 02:34 AM

I think the answers to the first two questions hardly need to be rehearsed (i.e., are too obvious, but fair enough to ask for the avoidance of doubt). I share the interest in the 3rd question.

I have been a customer of Fastmail since fairly early on. I am considering alternatives that are not (or less likely to be) subject to pervasive intrusive surveillance by the US government. I have nothing to hide but, as a matter of principle, if offered a good alternative (Gmail is not one) based in a country with a respect for privacy and which doesn't violate its own constitution, I would be interested.

Properly regarded, it's a business opportunity for Fastmail.

Tom Gallagher · 13 Aug 2013, 04:18 AM

What other country would you suggest they relocate to.? Curious.?

north · 13 Aug 2013, 04:32 AM

Enos, did you already get an answer?

9 Aug 2013, 04:42 PM	#1
Enos Registered User Join Date: Aug 2013 Location: Italy Posts: 6	US privacy violations (edited 2013-08-09@08:30 GMT) Dear Fastmail.fm (or should I say dear Opera), I have been your customer for a few years, during which I have been extremely pleased with your services, with the sole exception of the dreadful Web interface change. I am now very concerned, because of recent abuses within the country now hosting your servers: the US. I have nothing specific to hide from their paranoid three-letter-agencies, but I am concerned for the privacy of my contacts, I am concerned ordinary communications could be misinterpreted and I am concerned service continuity itself could be impacted (as it just happened with the recent closure of lavabit.com). I understand you do better than other US-based companies in this regard, still I officially ask you the following: Are fastmail.fm servers and data totally impervious to third-party access as far as you know? (including physical and supervisor access, excluding network connections) To which jurisdisction(s) are fastmail.fm mailboxes and network connections privacy and continuity ultimately subject? Have you planned imminent relocation of your physical infrastructure to independent countries? My continued use of your services depends upon clear and satisfactory replies to the above. Thank you, Kindest Regards from Italy Enos D. Security Consultant Last edited by Enos : 9 Aug 2013 at 05:30 PM. Reason: simplification

10 Aug 2013, 06:10 AM	#6
schlocker Junior Member Join Date: Aug 2013 Posts: 7	Lavabit refugee +1 Excellent questions OP. $5 a year is reasonable even if the storage capacity is considerably less than Lavabit, I would be behind FastMail 100% if the ownership has the same testicular fortitude that Ladar Leveinson has shown in the face of U.S. federal thuggery.

13 Aug 2013, 02:34 AM	#13
PON Essential Contributor Join Date: Mar 2002 Location: Wicklow, Ireland Posts: 449	Relocating Fastmail servers I think the answers to the first two questions hardly need to be rehearsed (i.e., are too obvious, but fair enough to ask for the avoidance of doubt). I share the interest in the 3rd question. I have been a customer of Fastmail since fairly early on. I am considering alternatives that are not (or less likely to be) subject to pervasive intrusive surveillance by the US government. I have nothing to hide but, as a matter of principle, if offered a good alternative (Gmail is not one) based in a country with a respect for privacy and which doesn't violate its own constitution, I would be interested. Properly regarded, it's a business opportunity for Fastmail.

9 Aug 2013, 06:02 PM	#2
r33 Junior Member Join Date: Oct 2009 Posts: 11	I share your concerns. I renewed my sub before the whole Snowden thing hit the proverbial fan as I was very happy with the service (even the new web interface), but if I had to make this decision now, knowing about the massive privacy violations and the shutting down of lavabit.com, I would think twice.

9 Aug 2013, 10:25 PM	#3
Ric Junior Member Join Date: Aug 2013 Posts: 1	I am also quite curious as to your thought on the shutting down of fastmail in a similar fashion to lavabit. Are there circumstances in which you'd shutdown overnight to protect your customer's privacy?

10 Aug 2013, 04:14 AM	#5
thymara Member Join Date: Sep 2012 Posts: 97	add Silent Mail to the list of closed services

10 Aug 2013, 06:15 AM	#7
Ceramic Senior Member Join Date: Mar 2008 Posts: 124	Also, last time I checked, Fastmail stores our passwords in plaintext, so if anyone gets holds of the server HDDs....

11 Aug 2013, 01:35 AM	#12
Adon Senior Member Join Date: Jan 2010 Posts: 135	So, as Fastmail's servers are physically located on the American soil, they are subject to the American law. You cannot operate in a country whille not being subject to the country's laws. Say I cannot go the the USA and punch someone and then tell them that in my country punching people randomly is not an offence.

13 Aug 2013, 04:18 AM	#14
Tom Gallagher Senior Member Join Date: Apr 2007 Location: South Jersey, USA Posts: 195	What other country would you suggest they relocate to.? Curious.?

13 Aug 2013, 04:32 AM	#15
north Senior Member Join Date: May 2012 Location: north Posts: 174	Enos, did you already get an answer?