For the last 13 years, I’ve been using .edu email addresses. I like running a desktop email client, and although GMail now offers IMAP service, I’ve been trying to minimize my Google exposure. Universities seemed like an innocuous party with whom to trust my private communications.
Now that I’m likely done being a student, I’m thinking more seriously about what my grown-up email setup should look like. In particular, as I’ve written more about privacy law, I’ve become more acutely aware of the poor privacy protections American law affords to email. This is a particular concern given that I’m now working as a reporter. I try to avoid doing stories where revealing my sources could cause serious harms, but I think I still have an obligation to take reasonable precautions to secure my email.
So I have a question for readers: who do you rely on for email service? I know enough about mail server administration to know I shouldn’t try to run a mail server myself. And I’d rather not entrust my email to Google, Yahoo, or Microsoft. I’d be willing to pay $10-20/month for an email service that credibly promises high levels of reliability and confidentiality (though I’m not sure how I’d verify that the confidentiality promises were credible).
I’m also open to arguments that I’m being silly and should just join the GMail parade with the rest of the tech-savvy world.
Well, as you know I surrendered myself to Google some time ago. I don’t want to pretend it’s necessarily a good idea. Actually, it’s produced some catastrophic consequences for me (Google certainly doesn’t deserve the blame, but its system facilitated the process).
But I don’t think there’s a better solution. Running an outbound mailserver is impractical. Perhaps you could get away with an inbound instance on EC2, but I don’t think it’s likely to be worth the trouble. The complete failure of Hushmail to deliver on its promises seems to be to completely validate your skepticism of vendors who try to sell privacy.
If you’re not comfortable exposing yourself to the risk of Google turning evil, I think your best bet is probably to identify a webmail vendor based in a country that would mean problematic amounts of red tape for law enforcement, then do your best not to do anything very interesting to law enforcement. And of course use SSL and/or a client-based public key system to avoid ingestion by LE monitoring efforts.
Mostly you should probably start making more phone calls.
Philly-based Pobox.com has served me well for years. IMAP, Webmail, easy forwarding, etc. I point my MX records to them and control my forwarding rules. Privacy policy looks fine: http://www.pobox.com/privacy/
I’m not sure why you think you shouldn’t run your own mailserver. It’s not like your a luddite. If you really are concerned about privacy, it seems like your best option. I ran my own for several years. It let me run TMDA antispam – a piece of opensource to which I contributed a bit. It’s pretty simple to install something like postfix and courier-imap on a linux server. My setup ran itself w/very little administration for almost a decade.
My biggest problem with this setup was that I ran it over my cable modem at home, which was w/in my TOS w/my provider. But power, cable, disk & PSU outages left me occasionally w/out email access. I considered transitioning to a hosting provider, but went the simpler route of migrating my entire domain to google apps. Google’s spam filtering is pretty good. Not as good as TMDA. But good enough.
All that said, I seem to be less concerned about the privacy things as you are. Of course, there’s little incentive for the powerful to try invade my privacy. If I were as concerned as you seem, it’s really not that hard to run your own email server. I’m not sure I understand why you think it is. You can easily find a hosting provider who will give you a setup for under $20/mo.
It strikes me that there’s room here for an opensource project that uses google’s imap server to retrieve all gmail, delete it, encrypt it, and put it back encrypted. Hmm…
Depending on how many nerds you communicate with, using GnuPG with gmail may help considerably.
dullgeek: I think you have to weigh the potential scenario whereby someone breaks into your SMTP server and you spend the next week begging the SpamHaus people for forgiveness. I’ve watched sysadmins do this; it’s not something a person with an existing full-time job would want to tangle with.
tim,
the nsa logs and records every email sent anywhere no matter what so don’t think gmail is any worse or better than any other service on that point. and re what tom says above, same for phone calls. to communicate confidentially with sources, irc works for Anonymous and the black hat crowd so it should be good enough.
if you try to run an smtp server you will find often it is either blacklisted or not whitelisted and that just leads to the appearance of incompetence or unprofessionality-ness.
what about the host for timothyblee.com? i bet they have pop/imap , smtp and likely a web portal for mail.
Tom: I’m sure that’s a major PITA. But in nearly a decade I never once had that problem. A minimal linux system which exposes only postfix and imaps is going to be very difficult to penetrate. Especially if you do run a regular “apt-get update”.
Of course, I’m not saying that it’s impossible to break into. But at this point, Tim has to weigh the risks associated with an intrusion with the risks associated with a public mail provider giving up his privacy. I personally weigh the risks of both very small. But if I worried about my privacy as much as Tim seems to, I would likely weigh the risks of an intrusion to be lower than the privacy violation, and act accordingly.
I might have different views and goals from you, so I’m not sure how applicable this is. But FWIW:
I really loathe university email systems (and computing systems in general), so I go to great lengths to avoid them. I have my reasons.
My most important concerns are convenience, not wasting time, and not having to worry about data loss or switching providers. Email is too much of a time sink as it is. I think Gmail is the service most likely to be around decades from now, so that’s what I use.
Security from Government and other adversaries is important to me, but a second-order concern. I usually talk on the phone if there’s something particularly sensitive. Not that phone companies looking out for your interests, but they’re less likely to keep data around forever and it at least splits the risk. I’d use encryption if it weren’t such a pain.
Oh, and I have to say that running your own mail server is the worst option, nerds-with-too-much-time-on-their-hands notwithstanding 🙂
You’re being silly. You should use Gmail.
When you’re communicating via email with confidential sources, using end-to-end encryption to secure the contents of your correspondence is a very wise idea. Of course, that means both you and your source must rely on a compatible encryption protocol, such as PGP. If, for instance, you use Gmail, one way to encrypt your emails is to use the Thunderbird email client with the Enigmail plug-in (a PGP implementation). See http://news.cnet.com/8301-30685_3-10434684-264.html.
Under ECPA, no U.S.-based email provider can offer you guaranteed confidentiality if they store your email messages in plaintext (which is pretty much always the case to the best of my knowledge). No matter what a provider may claim, the government can compel disclosure of the contents of messages stored with a remote computing service without a mere subpoena in some U.S. jurisdictions. Notice can be delayed, often indefinitely. (see http://www.scribd.com/doc/51761318/The-Different-Stages-of-Privacy-Protection-for-an-Email-s-Contents)
The only way to protect your sensitive correspondence in light of this unfortunate gap in federal privacy protection is by running your own email server (preferably with a managed hosting service) and encrypting your entire system disk. If only you possess the necessary key(s) to access your emails in plaintext, even if your hosting provider receives a court order, it won’t be able to hand over anything but useless encrypted data. Moreover, assuming you don’t write down your key anywhere or hand it over to anybody else, no court can force you to disclose it unless it offers you complete immunity from prosecution. Unfortunately, I’m not aware of any tutorials that explain how to setup a secure personal email server.
My suggestion would be to find a small, well established ISP and pay them to host for you. Someone mentioned Pobox – I have no experience with them, but think that’s the right idea. Not using them now, but I used Panix.com for a long time – they are small, geeky and privide great service to geeky folks. They are also no-bullshit types, and are not friendly towards folks who want to read your mail.
Also, I’m sure you’re aware of this, but if you need to leave mail on your host (imap access from multiple endpoints, etc.), match your software policy to the law, and ensure that mail doesn’t sit on your host beyond 60 days. Hey, it is something. But it is better to keep a canonical mail archive that is physically in your control.
My approach to this (and not just for mail) is to (mentally, at least, and as much as possible implemented automatically in software) treat incoming data that I want or need to keep around as something to go in to my personal systems and be managed there. Mail servers are caches I can get to from different machines/ my phone, but scripts attached to key commands and cron jobs handle anything I need to keep. Some “cloud” services also act as caches for some things, but nobody is canonical for my data but me. I do sacrifice convenience, yes, but I also have my data from two decades ago. A lot more to say here, but that’s getting way off topic.
tl; dr: you have to find your own balance, but the combo of a small, scrappy, stable ISP and your own data store isn’t hard to manage and is hard to beat, at least as I understand your requirements.
I would agree with this except for one thing: Tim is also a nerd. I don’t know about his time commitments.
Duh just use Gmail
If you need security, use PGP.
If you need anonymity, use Hushmail+Tor+PGP
But does your day to day emails with your grandma need to be protected from prying eyes? or is ease of use more important?
For the most part it’s your source that will be the one needing Tor+Hushmail, not you.
Your single best bet is…
1) Get your own domain name
2) Find a cheap colo and run your own server. You know when your box is up or down and have the logs. You can implement oppurtunistic SSL/IPSEC for talking to other so configured mail systems. You can control your own spam/virus/archives/whatever.
If you can’t do that, shop for someone who will host the mail part of your domain.
Always keep a second and third hoster (at least mx) in mind for when your’s goes under.
Pull down your own mail routinely. And ssh tunnel up your outbound.
Smaller biz is better at internal privacy (policy/ethic). Bigger biz is better at external privacy (tech).
Or just go with google and accept the risks.
Anyone who believes a word any provider or biz says in regards to privacy or SLA is a fool. Use PGP, and keep backups.
Did you check out riseup.net? They are a free tech collective offering email hosting among other things. I exclusively use them since the beginning of the year and it’s great. Drawback is that it’s low space (15 MB although uppable [in which donations are very welcome]) and the web interface is either SquirrelMail or Horde, no Roundcube. But I dislike mail hoarding anyway so it’s all good.
(Also, unrelated to this article: As I see you use the Envolve chat, have a look at the free & open source alternative Jappix Mini.)