Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Recommendations For Non-US Based Email Providers?

Posted by timothy on from the lesser-of-evils dept.

First time accepted submitter jlnance writes "I don't particularly like the NSA looking over my shoulder. As the scope of its various data gathering programs comes to light, it is apparent to me that the only way to avoid being watched is to use servers based in countries which are unlikely to respond to US requests for information. I realize I am trading surveillance by the NSA for surveillance by the KGB or equivalent, but I'm less troubled by that. I searched briefly for services similar to ymail or gmail which are not hosted in the US. I didn't come up with much. Surely they exist? What are your experiences with this?"

21 of 410 comments (clear)

  1. Not sure I understand the question. by Anonymous Coward · · Score: 5, Insightful

    Actual communication security implies point-to-point security. In such a setting, a third-party service doesn't make any sense. Hence either what you're look for can't exist, or you won't know if it's secure.

    1. Re:Not sure I understand the question. by Anonymous Coward · · Score: 5, Insightful

      You would have to lease space in a datacenter, buy a domain, setup VPN, use securelinux (though probably not since it was written by the NSA) or solaris, run a VM inside that, always do a restore before accessing email and read through the tens of thousands of lines of code to delete out anything that MAY compromise your security (best use open source in this case). Also you will have to ensure that everyone you email is doing the same thing. So you may want to start mandating that everyone you email use your domain, but since it will b so expensie you should probably charge for it to at a minimum off set costs. Though you should probably charge enough to ensure that you can afford to quit your current job to do full time maintenance.

      After all that, probably be best you find a neutral country that has no agreements with the US and will refuse to work with it.

      But good luck!

    2. Re:Not sure I understand the question. by Gr8Apes · · Score: 1, Insightful

      You realize that Germany has cancelled their agreement, and the rest of the EU is considering similar actions currently. A few more leaks and segmentation of the internet will follow pretty quickly, and the idealistic neutral internet we thought we knew will be but a distant memory. OTOH, this will fix the "issues" with the .com domain, as only US companies will be on it.

      --
      The cesspool just got a check and balance.
    3. Re:Not sure I understand the question. by Znork · · Score: 4, Insightful

      Of course, the part that the NSA et al seems most interested in is the source and destinations of your mails to map your associations. By sending via your ISP smarthost you're still handing them that info, so if you want to cut them out of the loop you need to vpn the mail relaying outside their grasp and ensure encrypted smtp/tls direct between endpoints.

      Your random mail idea does screw with them in a nice way tho as it'd mess up their social graph and probably get yourself classified as an uninteresting spammer after which you can freely inform islamic insurgents how they can enlarge their manhood and obtain large fortunes from Africa by sending a small upfront payment.

      But for actual secure comms it's probably better to use i2p or some other darknet. And traffic on that screws with the snoops as well.

  2. KGB better than NSA? by tonytally · · Score: 4, Insightful

    You'd really rather have the KGB looking over your shoulder rather than NSA? Surely you are joking.

    1. Re:KGB better than NSA? by Opportunist · · Score: 5, Insightful

      As a US citizen, I sure as hell would prefer the KGB looking over my shoulder. the chance that it has any kind of impact on my life is far lower.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:KGB better than NSA? by Princeofcups · · Score: 2, Insightful

      As a US citizen, I sure as hell would prefer the KGB looking over my shoulder. the chance that it has any kind of impact on my life is far lower.

      Considering it was disbanded in 1991, I wouldn't worry about them either. Americans really don't care about world history do they (we)?

      --
      The only thing worse than a Democrat is a Republican.
    3. Re:KGB better than NSA? by gmuslera · · Score: 3, Insightful

      So far the countries that i've seen to do indiscriminated killing in other, not in war, countries because "there are hidden terrorists" are US and Israel. Maybe they manage to kill the suspicious people (with no certain that they were guilty, but they redefine them as plain terrorist after all), but they kill also everyone around. US sent drones to schools, funerals, weddings, games and so on because "there are a suspicious meeting there". I don't know what Russia is or may be doing, but i know what US is doing, and is bad enough.

  3. Wrong question by Anonymous Coward · · Score: 3, Insightful

    Since the NSA programs are designed primarily to intercept communications between US and non-US folks, if you are in the US and store your mail somewhere else you are asking the NSA to collect all of it. Today, if you are in the US and have your hosting in the US the NSA only gets the parts that go between you and someone in another country (or where you said some "interesting" thing like "that new pressure cooker that fits in my backpack for camping is the bomb". If you move your mail to another country, the NSA will be collecting it all (assuming your communications end point is still in the US). Yes, encryption, VPN, yada, yada. You really don't gain much by moving it.

    1. Re:Wrong Question by Anonymous Coward · · Score: 2, Insightful

      That is fucking bullshit. The NSA don't have a monopoly on scientists and practical quantum computing is decades off.

      There's nothing the NSA would like people to believe more than that they can magically break modern encryption that would take 1000,000s of processor years to decrypt. The more people believe it, the less they will bother using encryption and the easier it is to keep tabs on the few that do.

  4. Roll your own... by flogger · · Score: 5, Insightful

    My email server is sitting in my laundry room. I also host some message forums and picture galleries for just my family and friends. It is how I communicate with them.

    Only about 1/3 of my family and friends use my server for email.... So any over seas email service is going to have the same limitation as mine. If I email my sister from my server, that email goes to gmail. So now the NSA knows what I sent to my sister.

    So unless everyone you communicate with is outside of the US or on a server outside of NSA's reach, it won;t do any good.

    Sorry to break it to you, but in the war against terror, the American people have lost.

    --
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    "First things first -- but not necessarily in that order"
    -- The Doctor, "Doctor
    1. Re:Roll your own... by wezelboy · · Score: 3, Insightful

      Let's get hypothetical...

      One of your nephews or cousins that uses your e-mail server decides to purchase a pressure cooker online. He also has some friends in Europe that he e-mails once in a while. What do you do when the NSA asks you for all the e-mails stored on your server?

  5. Wrong Question by ocularsinister · · Score: 5, Insightful

    What you should be asking is "How do I get everyone to sign and encrypt their emails as a matter of course?"

  6. Re:Runbox.com by Anonymous Coward · · Score: 4, Insightful

    Personal data must be kept confidential unless required by law or court order.

    That's a hole you can drive a truck though. The NSA justifies everything on those grounds.

  7. Makes no difference. by dgatwood · · Score: 4, Insightful

    From all reports, most or all of the countries where spying occurs, despite their very vocal public outcry against what the U.S. is doing, are in fact sharing information with the U.S. government. And even if they don't, the U.S. can simply grab the data on its way out of the country to that server.

    The only way to make email secure is to abandon email in favor of a protocol that supports end-to-end encryption, such as iMessage, XMPP, etc. and to tweak your centralized server and/or clients to require that end-to-end encryption be used. And even then, the metadata (who sent mail to whom) is at risk. The only way to prevent metadata from being trackable is to either develop a new system in which locating a user does not require credentials and use Tor to connect to the centralized server (e.g. use wide-area Bonjour to advertise your current IP address) or design a whole new messaging system built in a darknet.

    Either way, email is and has always been just as secure as sending a postcard (which is to say, completely insecure), and cannot readily be improved upon significantly in this regard without starting over from scratch.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  8. use encryption by stenvar · · Score: 4, Insightful

    Many E-mail providers overseas require you to give personal information to sign up, often due to legal requirements in those countries; sometimes they verify that with a credit card number or simply by comparing your address data with government databases. Many countries (including much of Europe) also have data retention requirements and give their own police and intelligence service nearly free reign, and they may well exchange data with the US anyway, so it's not clear you're better off. And some providers of anonymous services may simply be fronts for intelligence agencies. And, of course, if the other parties to your E-mail use a US provider, your data is already available to US intelligence agencies, and your foreign E-mail account will stick out.

    As an American, if you want to communicate privately, you have to use encryption, and preferably steganography. Getting an E-mail account in another country really doesn't help very much.

  9. Re:Norway has a 4th Amendment? by MightyMartian · · Score: 3, Insightful

    I'm not attempting to argue with you. The point is not what the NSA should or should not be doing, but rather about the practical considerations. On US soil, the claim is all they can gather is metadata (the SMTP envelop). Start using a foreign mail service, and it's very likely that everything after the DATA command is being stored as well.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  10. Re:Runbox.com by BUL2294 · · Score: 4, Insightful

    But the on-site / server backdoors are necessary unless there's some unknown backdoor built into SSL that the NSA, MI6, IDF, etc. can utilize. By default, my GMail uses HTTPS, but the NSA's backdoor to Google servers negates that advantage.

    So, unless there's an unknown backdoor built into SSL, as long as Runbox.com uses HTTPS, how should "Australia, the UK, the US", etc. know what was transmitted unless they use a brute-force attack?

    Just yesterday, NPR indicated that US-based cloud platforms stand to lose between $21 billion and $35 billion over the next few years over the NSA scandal... http://www.npr.org/templates/story/story.php?storyId=210570888 . Lavamail and Silent Circle shut down unexpectedly & destroyed all data they had to not get caught up in the scandal...

    --
    Windows 3.1x calc: 3.11 - 3.10 = 0.00
  11. That won't work: 1and1 has management in the US. by Anonymous Coward · · Score: 5, Insightful

    1and1.com is a US-based company, or has management staff in the United States, so that won't work.

    This is what I understand:
    1) The U.S. government can force any company to do anything it wants.
    2) The U.S. government can demand that the company keep that secret.
    3) The U.S. government can put a U.S. employee in prison if 1 and 2 are not followed.

    Seems to me to be a vicious, anti-democratic government.

  12. Also by Anonymous Coward · · Score: 0, Insightful

    It is useless to listen to President Obama or US senators or representatives about that. Whoever controls the U.S. government certainly does not tell government officials when they do something illegal.

  13. Re:Norway has a 4th Amendment? by sumdumass · · Score: 1, Insightful

    The US government stopped worrying about the Constitution a long time ago. Just recently, they decided they had the power to mandate that every single US citizen purchase a specific product or be fined (Obamacare). But more to illustrate this, look at how the administrative branch of the government is refusing to follow laws congress implemented and how they think they can just write a new law without congress at all.

    And before anyone jumps in here to defend Obama as if their world would fall apart if his name was ever tarnished, this has happened by both parties in the past starting with the civil war and become widely done since the new deal where Roosevelt ended up having a stand off with the supreme court. Obama is used only because he is the most recent president to be doing it.