Ask Slashdot: Recommendations For Non-US Based Email Providers? 410
First time accepted submitter jlnance writes "I don't particularly like the NSA looking over my shoulder. As the scope of its various data gathering programs comes to light, it is apparent to me that the only way to avoid being watched is to use servers based in countries which are unlikely to respond to US requests for information. I realize I am trading surveillance by the NSA for surveillance by the KGB or equivalent, but I'm less troubled by that. I searched briefly for services similar to ymail or gmail which are not hosted in the US. I didn't come up with much. Surely they exist? What are your experiences with this?"
Comment removed (Score:5, Informative)
hushmail.com (Score:1, Informative)
it is in canada. the americans could still get to it, but at least they would need a proper canadian warrant, not just a nsa search button. i wouldn't suggest it if you plan to do crime, but if you just want basic civili liberties it is a worthwhile option.
Use your own domain and host (Score:4, Informative)
Domain names are relatively cheap, and hosting is relatively cheap. I go that route myself. The only people that have access to my server is the hosting company (which is no worse than Google to be honest)
if you have the means, the very best solution is to run an email server out of your home or place of business.
Startmail (Score:2, Informative)
www.startmail.com -- currently in closed Beta -- and based in the Netherlands.
Securing email is complicated (Score:4, Informative)
If your ISP allows it (and that's a big if in today's spam wars), you could run your own email server to host email service for yourself, your family and your friends and require SSL/TLS connections for all communication. Don't forget TrueCrypt or luks/dm-crypt for disk encryption on the server itself. But this only protects against eavesdropping and snooping for email users on your hosted service. There's basically nothing you can do about emails sent or received from outside of your own service. And then there's the assumption that email recipients inside of your hosted service will adequately secure their own devices (good luck getting grandma to use TrueCrypt).
If you can actually accomplish this, well, you have better powers of persuasion than I (my boss is a smart and tech savvy guy and I can't even convince him). Your best bet is: don't use email for anything you wouldn't want publicized.
Re:KGB better than NSA? (Score:4, Informative)
The FSB and SVR, the artists formally known as KGB, have limited resources. They are used to going after those that they evalutate as threats.
The NSA has unlimited resources. The NSA just goes after everybody. They can afford to skip the evaluation phase.
Re:Runbox.com (Score:5, Informative)
Yeah, it ends 100 miles inside [slashdot.org] the border.
Re:Wrong Question (Score:5, Informative)
Evidence suggests that scaling quantum computing to the large number of qubits required to decrypt 2kbit RSA would be extraordinarily expensive, if possible at all. The largest quantum computer[1] built so far outside of secret institutions has, I believe, 14 qubits (I may be a little out-of-date, but not by a long way). Scaling has occurred at a fairly constant linear rate of about 1 qubit per annum since the earliest machines were produced. There's no signs of an exponential take-off the way there was with conventional computing hardware, which suggests that the expense of scaling to larger and larger quantum computers doesn't get decrease the way it does with silicon.
Some data points:
1998: 3 qubits
2000: 5 qubits
2001: 7 qubits (largest achieved to date with single atom containing all qubits in different degrees of freedom)
2005: 8 qubits
2006: 12 qubits
2011: 14 qubits
This is the best private industry can do. I'd be surprised if the NSA were doing more than a factor of 10 better. To crack 2048-bit RSA, about 3000 qubits would be required[2], or about 20 times my best guess as the limit of what the NSA could have achieved. Besides, Shor's algorithm is not instant: even if it's faster than any classical algorithm, it's still third-order polynomial on the number of bits in the input, and quantum computers don't perform individual operations particularly quickly, so even if we assume the NSA has managed to make a quantum computer that's a thousand times faster per operation than existing private systems, to factor a 2048-bit RSA key on a 3,000 qubit computer would take about 8.6 billion operations running at about 10-100us each, which is to say approximately 1 to 10 days of time on the (enormously expensive) system (of which they almost certainly only have one, which will therefore have a very long prioritized queue of jobs waiting for it).
And upgrade to 4096 bits, and they'll need a quantum computer with 6,000 qubits, and the job will take somewhere between a week and three months to complete.
[1] I'm excluding so-called quantum annealing computers from this, e.g. various systems produced by D-Wave, because they cannot be used to run Shor's algorithm, so are not a threat to RSA. This is not so much an entry into the debate as to whether or not they should be classified as quantum computers, but a practical decision based on the subject under discussion.
[2] traditionally, this would be 4096 (twice the number of bits in the input), but this arxiv paper claims 1.5 x bits in input or fewer is achievable [arxiv.org] through a method I don't really understand
Re:KGB better than NSA? (Score:4, Informative)
FYI: Putin was not, as is commonly stated, head of the KGB. The highest rank he achieved before his resignation was Lt. Colonel. He was appointed head of the FSB in '98 by Yeltsin, however. FSB is one of the successor organizations of the KGB, covering similar ground to that of MI5 (particularly counter intelligence and domestic surveillance, all the fun of the FBI and NSA rolled into one).
It is interesting in this regard to note that George H.W. Bush was himself once Director of Central Intelligence (CIA head). One might almost get the impression that being privy to the secrets gathered by a state security apparatus has political advantages.
Re:Not sure I understand the question. (Score:5, Informative)
You realize that the NSA facilities in Germany are still intact, right? What was canceled is the part where the US, UK, and France could request Germany to surveillance on their behalf. Whatever basis the data sharing was under is not known, and there is no reason to believe it has been canceled. Chancellor Merkel denied it was even happening until it got leaked. Now you believe her that they stopped, on account of canceling the most public related agreement? I guess the NSA employees on US bases in Germany just sit around and play cards all day now, right?
It has also been said publicly by German government officials that the old agreement was obsolete, and hadn't been actually used as the authority for anything since reunification! If you're going to fall for a bait-and-switch that is already reported on, how can you hope to avoid secret government surveillance?
Actually what you really do is reward companies in the countries that have the least transparency, where you know the least about what they do to spy on your, or help others spy on you. You're better off choosing companies that take the risk of publicly asking for more transparency, and employing your own security such as PGP/GPG
Re:KGB better than NSA? (Score:2, Informative)
NKVD -- dissolved in 1954
GPU -- dissolved in 1923
Perhaps you think of the GRU? Or you're a time-traveller.