|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
8 Jun 2013, 07:44 AM | #1 |
Junior Member
Join Date: Jun 2013
Posts: 2
|
Can the US Government "Mine" Email on my FastMail Account?
I've been with Gmail since 2004, and yesterday, yet another scandal has been uncovered by this administration here in the United States.
Please don't laugh at my question, I really do want to know. Is FastMail secure, and private, from the US Government? Will they be mining my operamail.com e-mail address? If I have my own domain name e-mail address and use FastMail, will the (can the) US Government "mine" the content of my e-mail? Do I have anything to hide? Of course not. However, I don't trust the US Government more than I can throw the US Government. Please advise, and offer helpful suggestions if you would please. |
8 Jun 2013, 01:21 PM | #2 |
Member
Join Date: Jun 2004
Posts: 32
|
It is worth noting that under certain provisions of US Law, companies that organizations like the NSA get data from may be required by law to lie about the NSA getting data from them.
That said, I think Fastmail (being a small guy) is in a position of far more likelihood of data security than say, Google. At least, no more or less secure from the NSA than any other e-mail provider these days. (Use of your own domain/whatever doesn't change this, as the NSA would just want message contents, which is essentially a database read on the backend) If you want to avoid it altogether, you could roll your own IMAP server, but then you have to trust the company doing the hosting not to outright provide access to the database/files. And you have to trust your OS maker. And your ISP. And all the ISPs between your computer and your host... |
8 Jun 2013, 01:27 PM | #3 | |
Junior Member
Join Date: Jun 2013
Posts: 2
|
I was afraid you were going to say that . . .
Quote:
I was hoping for an answer that had something to do with 256 bit encypted e-mails or something like that. I don't know, . . . I just feel violated. |
|
8 Jun 2013, 01:30 PM | #4 |
Member
Join Date: Jun 2004
Posts: 32
|
There are theoretically services out there that fully encrypt all of your e-mail the whole way through. That means you have to trust that they're telling the truth, and that they're not also opening a backdoor to the NSA.
And even if that's all secure, the message ends up being plaintext in the memory of your machine, and can you be sure that your machine isn't compromised? A great essay that I had to read in my Compilers class in college can be found here. In it, one of the guys who created C discusses trust on computer systems. |
8 Jun 2013, 03:18 PM | #5 |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
You shouldn't. Email is not a secure protocol. Though it is possible to make it secure, by encrypting it (at both ends) it really is a lot of work, for the sender, and the receiver - both.
|
8 Jun 2013, 03:37 PM | #6 | |
Cornerstone of the Community
Join Date: Jun 2004
Location: Rupert, WV
Posts: 880
|
Quote:
|
|
8 Jun 2013, 05:45 PM | #7 | |
Registered User
Join Date: Aug 2003
Location: UK
Posts: 463
|
Quote:
The ONLY way to keep email content secure is for the content to be encrypted on the senders local client and then decrypted on the recipients local client. (ie the keys used for encryption/decryption are on a secure local machine, not on a 3rd-party server). Any other setup, you have to assume that email has the same privacy as sending an unsealed postcard through the postal system. For example, all the FM technical guys have got full, unfettered access to all of your emails. The only thing between your email content and FM's staff is trust. Nothing more. Last edited by hobbes : 8 Jun 2013 at 05:51 PM. |
|
9 Jun 2013, 12:03 AM | #8 |
Cornerstone of the Community
Join Date: Mar 2011
Location: ~$
Posts: 652
|
Even if you encrypt the subject and body of your email, a three-letter agency will still be able to find out who you sent it to, exactly when you sent it, and perhaps even your IP address. "This dude emailed someone in Pakistan 37 times in the last 6 weeks, mostly at odd hours in the early morning" is probably suspicious enough to get the authorities involved.
|
9 Jun 2013, 12:10 AM | #9 |
Member
Join Date: Jun 2004
Posts: 32
|
And again, if your operating system is compromised, then it doesn't matter how much encryption there is on the server-side, as soon as it's decrypted on your computer, game over.
(And this isn't even getting into things like TEMPEST, which can do things like read computer monitors through walls based on their EM radiation and stuff) The basic fact of the matter is that as long as you use an electronic device, someone with enough money and time will be able to snoop on you. (And realistically, even sans electronic devices, someone with time and money could still do it; the main thing the electronic devices do is that it makes it a lot easier to monitor people en masse without a high cost of manpower) |
9 Jun 2013, 01:06 AM | #10 |
Master of the @
Join Date: Jan 2002
Location: Denmark
Posts: 1,302
|
How passwords are retrieved in the real world: http://xkcd.com/538/
|
10 Jun 2013, 11:18 AM | #11 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
the US government is not accessing google servers directly. they don't have to. email is sent via an unsecure protocol. the US government controls the backbone of much of the net, so they have access to almost all unsecured information sent over the internet. Google is irrelevant. Microsoft is irrelevant. the backbone providers are relevant. why do you think the US government doesn't want Huawei Chinese equipment running this backbone in the states? this could give the Chinese government to the same information...
no conspiracy theory, just basic networking knowledge explains how the government gets the data. so the government doesn't need access to fastmail. if your emails are sent through servers which the government has access to, they get your data. simple as that. sorry for no caps... a problem with my tablet tonight. |
2 Nov 2013, 05:04 PM | #12 | |
Junior Member
Join Date: Nov 2013
Posts: 1
|
The NSA taps directly into Google and Yahoo's servers
http://www.dailydot.com/politics/nsa...-google-yahoo/
The NSA taps directly into Google and Yahoo's servers By Joe Kloc on October 30, 2013 Email The National Security Agency collaborates with British intelligence to tap directly into the private data clouds of Google and Yahoo which store the information of both U.S. citizens and those abroad. According to the Washington Post, leaked documents obtained from former intelligence contractor Edward Snowden reveal that unbeknownst to the two American tech companies, the NSA has backdoor access to their servers. The NSA’s infiltration of a company’s cloud exploits the structure of their massive server networks: Information from the “public Internet” as the NSA calls it, is sent from browsers and devices to front end servers. Those servers then send the information to a network of private servers owned by the company and presumably accessible only to them. Those servers are linked together to form a private data storage cloud. Inside this cloud, user information is readily passed between servers. The surveillance program, known as MUSCULAR, exploits these links between front end and private servers. Once data is collected, it is apparently scanned, and relevant information is kept while the rest of the data is discarded. The slides use words like “full take” to describe the amount of data collected, which ranges from metadata to text to photos to videos. Quote:
|
|
15 Nov 2013, 10:14 AM | #13 |
Member
Join Date: Jan 2010
Location: China
Posts: 73
|
I do believe FM is so secure; however, Australia is listed among top countries asking Google for user information...Have a look at here:
http://news.cnet.com/8301-1009_3-576...ata/?ttag=gpwl |
15 Nov 2013, 10:47 PM | #14 | |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
Quote:
http://www.nydailynews.com/news/nati...icle-1.1506312 If they got into Merkel's phone... http://www.foxnews.com/politics/2013...ays-944692234/ They could have infiltrated anyone's network, no matter where the servers are located. At least for a while, we have to assume nothing is safe online. /cl |
|
21 Nov 2013, 01:16 AM | #15 | |
Essential Contributor
Join Date: Jan 2005
Location: UK
Posts: 289
|
Quote:
However, there are a couple of interesting services in development that hope to change this... Heml.is Aims to take the pain out of PGP & create a beautiful UI (it does look very nice). Importantly the encryption keys are held only by the users, servers will be in a privacy friendly location and messages aggregated(?) to avoid metadata collection. Also, the developers are the folks from Pirate Bay - probably the people least likely to comply with data collection orders that they're forbidden from revealing to the public. Mailpile Focusing on a 'decentralised' and encrypted email service. You hold the encryption keys and host the email server on your devices, giving better control of your data (screenshots) Fastmail posted about the difficulty of getting people to actually pay for new services. Both of the above projects were crowdsource funded and reached 150% of their targets: - Hemlis: $152,300 contributed by 10,450 people in 3 days. - Mailpile: $163,064 reached in 5 weeks. It appears people are willing to pay for privacy. Last edited by Abydos : 21 Nov 2013 at 05:14 AM. |
|