I recently left ProtonMail and went back to Fastmail. My reason was that they will never be able to fully support IMAP and now CalDAV because of the encryption they use. I grew to accept that email is not for secure messaging and my paranoia of "I'm being watched" just went away.
If you need secure messaging, use something other than email.
I came to a similar conclusion. You should write every email as if it were public, because it's entirely likely that it will be. They can be forwarded, made public through legal discovery, or exposed in a data breach (eg. Sony/North Korea).
Forget security for a second, imagining every email as public record will make you more considerate and less biased writer. And from a business perspective, email should be viewed as a public legal record, because in some cases it will be used that way.
That's not to say that there shouldn't be private messaging options, it's just that email isn't one of them and was never really built to be. PGP was always sort of a tacked on solution with a lot of faults (no forward secrecy, plenty of meta data leakage, usability issues)
All that being said, I still left Gmail for Fastmail. Just because I consider every email I write to be public doesn't mean I want Google getting a free pass to mine and sell my data.
Unlike most other responders, I generally trust Google not to do this. Everything they say they don't do has been confirmed to me one way or another by people working there that I trust.
They may make money off ads but I don't think they have any real incentive to lie about what they're doing. Because most of their users don't actually care. I would be curious if anyone knows of any scenario where Google has outright lied about what they do and don't do with information, because I've never heard of it.
For me, I moved off gmail for other reasons: my email is too important to randomly lose access to because e.g. their youtube AI thinks I'm spamming a channel on Youtube. I look at all my data in Google as if I might lose access to it forever some day, because someday I might, with zero recourse.
What exact behavior of Google are we talking about here? I'm pretty sure they do mine emails for their own ad targeting. On the other hand, I'm equally sure they handle the information securely and don't pass it on to anyone else.
> Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
Whenever I book a flight google offers to set alarms and gives me don't forget your flight tomorrow notifications. They are obviously reading the email to achieve this.
You're right, "Sell my data" might have been too strong. But they are certainly mining it to train things like their "suggested responses". In my view, it's an ad company, and while they might not be doing it today, there's nothing stopping them from using my data in the future, hence the "free pass".
I don’t trust google products. I will never buy anything they want to sell to me. Burden is on them.
I tore off my nest thermostats and replaced them with dumb ones. I miss the ability to change my heat remotely, but at the end of the day. I don’t need that functionality.
> “To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you,” a Google spokesperson told CNBC. “You can delete this information at any time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page.”
What guarantee is there that this is not being used for other purposes? To train other kinds of models? To, say, monitor other people’s AWS bills, in order to optimize their own offerings? How likely is it that such a project was approved with no gain except adding perceived value to the Gmail product? I have a hard time believing they would do it only for that.
> I have a hard time believing they would do it only for that.
Why? Adding perceived values is how you get more users. More users == increased revenue.
I think the important question is: if Google were doing something nefarious like that, why on earth would they tie it to a public feature instead of just keeping it totally secret?
But is that actually nefarious, or meaningfully proscribed, or is it not understood that this kind of stuff is how Google makes money, and how it will continue to make money into the future? Is this unacceptable to most people? I am uncomfortable with it, but isn't this the way "business is done?"
I think you're right in the simple case, and they're not _currently_ doing something nefarious, but I also think it takes one creative product manager one day to decide they will directly sell that data, and most people will be too invested by that point
IMO the burden should be on Google to prove that they don't. The flow of personal data through their systems is opaque and they have plenty of incentives to monetize the data.
Sure you can. Apple does not run its image classification on your images using its cloud servers. You can test this by stepping inside a microwave or other cage and seeing that image classification and search still works on the iPhone.
---
On the other hand, what Apple does with your photos that you allow to be exfiltrated through iCloud... that's your own stupid fault.
You definitely can [0], but this one would probably be hard for google without significantly modifying the architecture of gmail in ways that would remove its revenue model. For example, they could open source a client that had audit-able end-to-end encryption, but then they couldn't optimize ad revenue by aggregating and mining large email datasets.
> a proof demonstrating that a particular problem cannot be solved as described in the claim, or that a particular set of problems cannot be solved in general
If that is so then "public" and "private" are insufficient categories to describe messaging options.
I'm forced to send proof of identity as well as proof of address via email. I'm receiving bank statements and countless other sensitive documents via email. And I have absolutely no other choice.
Whoever gets a hold of my email can impersonate me in almost every context.
So no, I do not consider the contents of my email public. Absolutely not!
I'm not willing to consider a service completely insecure just because it can never be completely secure.
In fairness, I don't think he meant the contents of your email account should be public, he said you should write and behave as if it could be because who knows what a webmail provider will do with your data. That's a very different thing than saying it should or will become public.
The question was whether or not it makes sense to make email services as secure as possible and prefer more secure email providers to less secure ones.
Some say we should give up making email more secure, because it can never be as secure as more modern messaging services.
That doesn't make sense to me, because we don't have a choice other than to use email in ways that require very high levels of security. I cannot behave as if my email could become public any moment.
I would love if the world were to move on to more secure messaging platforms. But it's simply not the world we live in right now.
> You should write every email as if it were public, because it's entirely likely that it will be. They can be forwarded, made public through legal discovery, or exposed in a data breach (eg. Sony/North Korea).
None of these are unique to email.
This is the attitude one should take for any electronic form of communication. Even old-fashioned ink on paper letters of significance have made it into the public record for all to see.
> I came to a similar conclusion. You should write every email as if it were public, because it's entirely likely that it will be
I think this is mainly governed by expectation and received benefits.
I would let my doctor see me naked, because I'm expecting the doctor will fix my problem if I agreed to do so, and I assume the doctor will respect my privacy by not leaking information about my physical characteristics and private parts with others.
But what if it's for example the owner of my favor restaurant asking to see the same? I don't think I would go there anymore.
> Can I have the creds to your Fastmail account then? I'm curious what you're up to these days.
This is just as specious of an argument as the retort of "ah so you claim you have nothing to hide but you have curtains on your windows, checkmate, I am very smart."
The issue is not one of what specific measures are or are not taken, it's about having the informed choice to make decisions based on information use. I wager that a lot of people would make the choice to pay with actual cash when shown the actual cost in data of how their personal information is being used. But, conversely, a bunch of people probably don't truly care or mind, and the loss of information control is worth less to them than the loss of money to be paid.
That doesn't then imply that a person has zero care about the information under their control, nor that their refusal to give you control of that data makes them a hypocrite.
No, I didn't, and I think you know that but you're trying to bolster a point you know isn't on the mark.
You showed your true motivations in your reply to someone else:
> If we're talking in hyperboles, then let's go all the way, right? Or 'public' means 'eventually public'? Or what?
We're not talking in hyperbole. At least, most of us aren't. We're trying to discuss reality as it is on the ground.
The person you replied to before said to imagine the contents of my e-mail box as though it is a public record. To imagine does not make it so. I imagine myself as James Bond whenever I put on a suit coat and tie; I am not James Bond. I can imagine my e-mails as ones that, through no intent of my own, are exposed and made as part of the public record but treating them as though that possibility might happen does not implicitly make them public. It also doesn't mean I don't want them to remain my own secure property.
This is not a very strong argument. Here's a specific refutation: the credentials to their primary email account are likely equivalent to the credentials of many other services that they use, because of password reset. None of those emails are encrypted, or ever will be; further, they're of little value just a day or two after they're sent. That commenter could coherently expect both that their mail spool would eventually be "public" and that it was safe to use email for password resets.
More generally: it's reasonable both to expect that your mail spool could eventually be public, and still not to want people to read it. There are things I don't want people to read, and there are things I need to be as careful as I can to ensure everyone can't read. Email works for the former and not the latter, and the latter is what encrypted messaging was invented for. Comparatively: I don't know many people who trust Twitter DMs, and "let's move this off Twitter DMs" is a constant refrain. But my answer to "can I read all your Twitter DMs" is still "no".
No credentials is fine, I understand. As I specified, I would also settle with a dump of the emails. Public means public, right? If we're talking in hyperboles, then let's go all the way, right? Or 'public' means 'eventually public'? Or what?
The reason I'm asking is that the original comment is basically dismissing efforts to make personal productivity products more secure for the reason that they can become public at any time anyway, so why bother, right? Well fuck it, let's all pack it up and go home then, make email public and unencrypted and reallocate the development effort to something more lucrative like desktop apps in Javascript.
I agree that email shouldn't be considered secure but disagree that you should just give up as a result.
It's trivial to use an email provider in a more privacy-friendly jurisdiction (e.g. Mailbox.org in Germany) and with a bit of effort you can even move to a provider the PGP-encrypts incoming email which can then be decrypted by your email client (which can connect with IMAP).
Given that the first measure is near-zero effort and saves you from silent/warrantless law enforcement requests, I think it's worth it.
Encryption is a bit more annoying but it does save you from later disclosure of your emails.
True, though I still think it's preferable to use for business, purchases, and logins. If I'm using an email besides Gmail, at least it means that I have a shot in that Google won't immediately know that I signed up for X service or made X purchase. Sure, they probably can figure those things out in other ways, but I'm not going to willingly hand everything directly to them.
Part of the reason I use Protonmail(and pay for it) is because I want to support the notion that the web can be made up of different services as opposed to all being calls to .google.com or .facebook.com.
I feel very frustrated when I hear this argument, as if it’s futile to switch to a different email provider. It’s actually hyperbole. Most people use chat and messaging platforms (or social media platforms) to communicate with others. Personal email, IME, has reduced drastically over the years. That leaves emails that businesses send to individuals, which are usually sent through non-free-profiling-based-Gmail methods (including GSuite, which Google cannot use to profile people). Only small businesses that don’t know any better or don’t want to spend money on email would use an @gmail address (or @yahoo, @outlook, etc.) to correspond with potential and current customers.
> Even if you use protonmail, google still has most of your email because they have the most of everyone else's.
I have far more incoming emails than outgoing and most of them are automated - probably not using GMail. That includes most of the most sensitive content like invoices and account management.
Please note that Fastmail is an Australian service. I would not trust Fastmail with my email privacy. Not because of the company, but because of the encryption laws in Australia.
Reporting on Australia's encryption laws is wildly inaccurate. For one, it does not allow authorities to compel companies or individuals to introduce an encryption backdoor. The law very explicitly addresses this issue, see section 317ZG, which forbids any kind of "systematic weakness" or "systematic vulnerability" and very explicitly states that weakening encryption is included in those definitions.
What's permitted is to build something that targets a particular person in such a way that it cannot possibly affect another person's security.
The example I use (though IANAL) is that a request to backdoor WhatsApp's encryption would not be permitted under the law. However I think that pushing an update that checks for a particular person's hard-coded phone number and forwards messages to law enforcement would be permitted.
Recent (2018) Australian data encryption laws are insane and archaic. It allows law enforcement to force individuals (including but not limited to developers) or companies to build a back door and requires them not to tell any one, including their employers. I'm not saying the US is better or worse, or that the UK (where I live) is better or worse. I'm raising awareness as not a lot of people know about their data encryption laws.
Personally I'd wanted to move to Australia but stopped chasing that due to their data encryption laws.
> Are you suggesting isp’s are more trustworthy in America?
Certainly not.
My comment is relating to their data encryption laws that was passed in 2018. If you care about your privacy in any way, shape or form, individuals should be very wary of using services that operate from, or are owned by individuals in Australia (and the rest of the 5 eyes for that matter) unless you have your encryption keys and all encryption happens on your client app.
Same deal, I loved the service but I don’t love living in my browser. I wanted IMAP and eventually that meant installing an app that ran a local IMAP sever that your client needed to connect to.
I suppose it’s a limitation of the protocol, and it’s good that protonmail doesn’t store your emails plaintext. However, they know the encryption keys...and so will any attacker.
I went to the Office 365 email package because I get more value out of the exchange server. Any emails I want to encrypt, I will do so myself. 99.99999% of my inbox is spam and automated mailing list crap and notifications and TOS updates, with maybe one or two emails every couple of months that are actually from a human being.
> However, they know the encryption keys...and so will any attacker.
I might be mistaken, but my understanding is that they encrypt your encryption keys using your password within the browser. They only store the encrypted blob and thus they are unable to decrypt any emails.
Having said that, since emails come in unencrypted anyway, they can, in theory, log everything there. Including the sender, receiver and what the email contains.
"Secure messaging" is a fantasy. Nothing is 100% secure. The question then becomes, how much security is important to you? Personally I prefer a marginal level of security with encrypted email over no security at all. Your argument is the same as saying, "well they might as well store our passwords in plain text since encrypted passwords often get leaked or hacked anyway".
Fastmail doesn’t offer phone support for paid users.
I have an account with them and spent months troubleshooting a carddav sync issue with my two Mac computers before giving up and switching contacts over to iCloud.
Proton mail seems pretty hungry for business. I inquired for a paid plan and they follow up all the time with sales people who have unique email addresses.
Interesting maybe try a fresh contact import on your macs? I know about 20+ people who use IMacs iPhones and MacBooks with fastmail and have no syncing issues.
If you need secure messaging, use something other than email.