[liberationtech] Secure hosted mail
liberationtech at lewman.us
liberationtech at lewman.us
Sat Feb 25 11:38:19 PST 2012
On Sat, Feb 25, 2012 at 05:48:38PM +0000, jgrahamc at gmail.com wrote 0.9K bytes in 22 lines about:
: I'd be interested to hear opinions from the list in privacy aware and secure hosted email.
Being pedantic here, I think you mean privacy-preserving instead of
privacy aware. Google, Hotmail, and others are all privacy aware. They
all have privacy policies which promise to do everything possible to
remove your privacy. Gmail is actually pretty secure. With 2-factor
authentication, ssl web/pop3/imap interfaces, and multi-factor
authorization for your account, it's better than many others.
That being said, 'hosted' is going to imply a 3rd party. In the US,
this means your email will fall under the 3rd party doctrine, see
http://public.findlaw.com/internet/email-privacy.html for a quick
overview.
You may want to ask potential providers about their subpoena policy,
and if they tell you when they receive one for your email. Google pulls
the 'transparency report' as their example of being transparent, but I
don't know if Google actually tells individual users if their email is
subject to a subpoena. Lavabit claims all of the email is stored
encrypted, https://lavabit.com/secure.html. It's unclear if this means
they can legitimately respond to a subpoena or warrant with the fact
that their data is out of reach of their staff. All US providers have
to respond to valid subpoenas and warrants.
A legitimate, and frequent, complaint is that hosting your own email is
lots of work, especially if you are non-technical. It's easy to hire a
person to do the initial setup and even troubleshoot problems. If you're
not going to keep your software and configuration current, then don't
host it yourself.
>From experience, it's pretty funny to get a subpoena for your own
email when you host it yourself. I believe my lawyer sent a very nice
explanation of 4th and 5th amendments and how I cannot comply with
the request. If I hosted it with a 3rd party, it's unclear if I would
even have known about the subpoena or had a chance to stop it.
--
Andrew
http://tpo.is/contact
pgp 0x74ED336B
More information about the liberationtech
mailing list