Ask Slashdot: Recommendations For Non-US Based Email Providers? 410
First time accepted submitter jlnance writes "I don't particularly like the NSA looking over my shoulder. As the scope of its various data gathering programs comes to light, it is apparent to me that the only way to avoid being watched is to use servers based in countries which are unlikely to respond to US requests for information. I realize I am trading surveillance by the NSA for surveillance by the KGB or equivalent, but I'm less troubled by that. I searched briefly for services similar to ymail or gmail which are not hosted in the US. I didn't come up with much. Surely they exist? What are your experiences with this?"
KGB definitely preferable except for Russians (Score:4, Interesting)
Re:Runbox.com (Score:4, Interesting)
Besides, the way I understand it, whatever privacy protections remain apply to US citizens on US soil. Use a foreign email serviced, and it sounds like all bets are off.
Re:Wrong question (Score:2, Interesting)
Since the NSA programs are designed primarily to intercept communications between US and non-US folks,
You haven't been listening. They are designed to intercept everything. The queries are supposed to relate to outside communication and/or anything else of interest (by definition, if someone looks at it for some reason, that means it is of interest). But everything is intercepted.
Yes, encryption, VPN, yada, yada. You really don't gain much by moving it.
Except that decrypting stuff is expensive, so the average NSA snooper will incur traceable costs he might need to justify better than "oh, I just had a hunch I might be interested in my neighbors mail".
Re:KGB better than NSA? (Score:4, Interesting)
Re:Runbox.com (Score:5, Interesting)
The Norway data pipes probably run through the UK, as do most of the pipes in the EU. So rather than installing back doors on Norway's servers, the UK just sniffs the big data pipe traffic and captures that directly. And they give not one whit about your constitutional protections, any more than the US respects the Canadian constitution and Charter of Rights when they sniff our traffic while it passes through the big data pipes south of the border.
I don't think people are getting it yet.
Between Australia, the UK, and the US, something on the order of 90% of the global data traffic runs through the leeching backbone nodes that have sniffers attached to them. They don't need the cooperation of your local governments and ISPs to do their dirty work.
Re:NSA and foreign mail hosts (Score:4, Interesting)
I think there are ways around it, not a 100% perfect but at least make their job a lot harder. Services like lavabit were good and it goes to show that they needed to use some nasty legal tactics to make them open up. Those tactics are not available when you use providers in countries like Russia or China. Sure, they can tap the underwater fiber all they want, but I think it still is better than nothing.
Re:Not sure I understand the question. (Score:5, Interesting)
Yes, correct.
In my experience, having a mail server provider in Europe (e.g.) and using PGP/GPG could help. The problem is of course that your recipient also needs PGP/GPG.
1&1 and Deutsche Telekom in Germany just announced that (paraphrasing it) they will take email security more seriously now. You might want t get an email account at GMX in Germany (product of 1&1) and then use PGP/GPG for fully confidential communication. I wouldn't use their webmail interface, rather suggest to use their IMAP/POP Interface using SSL/TLS.
Using PGP/GPG *and* a foreign email service provider helps in (a) encrypting your email (PGP/GPG), and (b) (if used with SSL/TLS) communication, also hiding the sender/recipient identification, including your email's subject.
On the other hand, I don't know if that would be really secure (for [b] at least), as the German secret service (BND) seems to forward communication information to the NSA (at least the meta-information)...
If you really want to communicate securely, I recommend a "dead mailbox"-principle electronically, but by using PGP/GPG to encrypt the file in question, maybe even hiding the content as a picture or video...
Re:Roll your own... (Score:5, Interesting)
A while ago I had a similar thought. My solution was quite easy:
Install an email system that does the the following: Normally, when "standard" email arrives, it is processed as usual.
When an email arrives from an authorized sender (such as you), in a very specially formatted way and with special content, the mail server immediately starts destroying all emails, all communication logs, and all attached backups. It literally not only unlinks the files, but also replaces all impacted file-contents with "0". You can even do it on block-level completely reformat (overwrite) the hard disc in a way that it looks crashed. It then initiates a clean re-install of a clean, unused, fresh out-of-the-box system.
The only that you have to do is to make sure none of the backups are available... Then again, I would probably NOT have historical backups of emails outside somewhere, but rather backups on devices that *are* connected to the server and erase those too...
End result: "Ooops, sorry, but it seems, my server has crashed..."
Re:Not sure I understand the question. (Score:5, Interesting)
You would have to lease space in a datacenter ...
Uh, no. Use Linux (or *BSD) and point your local SMTP at your ISP's Smarthost. Encrypt files locally with GnuPG and send them as attachments. The only difficult part is expecting the recipients to do the same in reverse and to treat your privacy as seriously as you do. There, you'll need to exercise judgment as to who to trust and with what (just like in every other area of life).
I really couldn't give a rat's ass how many cycles the NSA wastes on trying to crack my encrypted attachments. I consider myself fortunate in not having to support them financially (I'm non-US). I've toyed with the idea of making a cronjob blast out emails to random addresses simply to supply them with stuff to waste time and effort on, but I don't really care that much to bother.
If I ever manage to contact the Medellin or Cali or Zeta cartels' IT guys, I'll have a proposal for them, but so far no joy there. That would be great fun.
Re:Not sure I understand the question. (Score:3, Interesting)
Re:KGB better than NSA? (Score:2, Interesting)
The KGB still don't send drones to kill innocents to other countries, things that happen with the NSA if you are not in US, and maybe in a short time, even if you are.
Grandpa, that's because the FSB does that now. http://en.rian.ru/military_news/20130121/178915985.html [en.rian.ru]
Now take your meds it is almost nap time.