Ask Slashdot: What Country Has the Best Email Privacy Laws?

An anonymous reader writes "Given all that is going on with the ability of the government to go through my email if it is on a third-party server, I was wondering: what countries have the best privacy laws and what are some good hosts to use? I would rather pay a token fee to have secure private email than have members of the government able to read it as soon as it's 180 days old if I keep it at my email provider."

Most secure country:

[ngc5194]

My-own-email-server-istan.

Re:

[hedwards]

That was my thought. The only important thing is that stored emails tend to hang around longer, meaning that there's more time to decide whether or not to trap the information. Not to mention a better guarantee that you'll encounter the email you're after.

Re:

[xaxa]

All communications must go through the country of ISPistan. There it is processed, and all data is sold to the highest bidder.

And most emails will be stored by whoever you communicate with.

If this is important don't use email; use something else.

Re:

[Jane Q. Public]

And if it's snail mail it will go in somebody's drawer. And if it's a text message it will stay on somebody's phone for 37 years.

Get serious. If it's REALLY important, then nothing is safe but whispering in somebody's ear, next to a busy, noisy street.

Or holding a small note up directly in front of their face, which you retain and later destroy.

privacy laws won't fix a broken privacy model

[Junior J. Junior III]

Email is inherently insecure, since it is transmitted in clear text and stored in multiple hops between destination and recipient, where its contents may be intercepted, altered, copied, stored, etc.. If you're relying on the law to keep your email private, you've already lost. Use digital signatures for authenticity and integrity, and strong encryption for confidentiality. At that point, you really don't need the law's help to keep your emails private.

Re:privacy laws won't fix a broken privacy model

[Junior J. Junior III]

I mean, do you even know what countries your emails might route through between sending and arriving at their destination? If you're going to go to a server in a different country to gain the benefit of their better privacy laws, you're likely going to need to transfer data over networks that geographically reside in other countries too. And your end points probably are still somewhere within your own country. What are the laws like there?

Re:

[PhunkySchtuff]

Whilst the Internet can route around damage or disruption and your packets aren't guaranteed to take the same path every time, in practice they will take a more efficient or shorter route over a longer one.

If I'm in Australia and I'm checking my gmail which is hosted somewhere in the USA, there is an undersea fibre cable between Australia and the US. My packets aren't going to suddenly start going via Finland and Japan just because they feel like it. I can be quite well assured that my data will travel from

Re:

[cheater512]

Actually your packets will take a even shorter route - straight to Sydney.

traceroute to gmail.com (66.102.11.83), 30 hops max, 60 byte packets
1 192.168.0.1 (192.168.0.1) 0.628 ms 0.829 ms 1.026 ms
2 * * *
3 202.7.173.17 (202.7.173.17) 104.611 ms 104.799 ms 104.795 ms
4 syd-sot-ken-crt1-ge-5-1-0.tpgi.com.au (202.7.162.173) 104.993 ms 105.193 ms 105.389 ms
5 202.7.171.18 (202.7.171.18) 105.386 ms 105.583 ms 105.783 ms
6 66.249.95.224 (66.249.95.224)

Re:

[lazybeam]

Don't most of those cables go through NZ and/or Guam? Also, if both Reach and SXC are damaged, or ISP becomes misconfigured then our packets could go through Japan (Finland is highly improbable though). Then there is the Chinese who have "accidentally on purpose (allegedly)" hijacked large parts of the Internet causing traffic to go through them.

Internet routing is quite interesting. Recently my office got a new IP address, in the 14/8 range, a range only allocated to APNIC a few months prior. Most sites wo

Re:

[Cimexus]

Yeah I agree that you certainly don't have any guarantees that your traffic will go direct to the US. As you say if something gets damaged it may well end up going via another country, and you have no guarantees or control what route it will take at any given moment. Looking at the major cables to the US:

SXC / Southern Cross Cable: This has a loop topology. The southern half of the loop does go through NZ, however, the northern half goes direct from Sydney to the US (Hawaii, then onwards to California). Whi

Legal precedent considers email secure

[mrcaseyj]

Back when clients started sending emails to lawyers, it was questioned whether lawyers had a responsibility to warn clients on their web sites that email was insecure. The courts decided that lawyers needn't publish public keys and tell clients to use them because it was considered almost always secure enough for almost all clients. Obviously some clients and lawyers need all the security they can get, but they apparently don't consider that the case in general. The situation was likened to telephones, snai

Re:

[obarthelemy]

you do still need laws to litigate if an angry ex, an employer ... find a way (keyloggers...) to get your keys.

Re:privacy laws won't fix a broken privacy model

[klapaucjusz]

Email is inherently insecure, since it is transmitted in clear text

Most mail nowadays is transmitted over SSL [wikipedia.org]. Yes, that's still vulnerable to MITM-ing, but it's no longer a simple matter of passive snooping.

If you're relying on the law to keep your email private, you've already lost.

Please. Strong privacy laws won't prevent ISPs from occasionally snooping on their users, granted. With no privacy laws, howver, expect your ISP to routinely spy on you, and sell the data to advertising companies.

-- jch

Re:

[hedwards]

Unless I'm missing something, which I don't think I am, that only applies between you and your mail server, between mail servers there is no such guarantee.

Re:privacy laws won't fix a broken privacy model

[klapaucjusz]

STARTTLS is used between mail servers if:

• both the sender and the receiver support the STARTTLS extension; and
• the receiver has been configured with a certificate (even a self-signed one).

All modern mail servers support STARTTLS, and most ISPs have configured a certificate in their MX. To see if yours has, do the following:

$ host -t mx google.com
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
$ telnet aspmx.l.google.com smtp
Trying...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP
EHLO localhost
250-mx.google.com at your service
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
QUIT /blockquote

Re:

[Anonymous Coward]

Since requiring TLS on my laptop to server connection I have found it is very common for hotel and airport ISP's to hijack the connection and route mail through their own servers. How did I find out? They don't support TLS so the connection fails. Then if you use runtbird to start thunderbird you can find the evidence. In future I will be using runtbird anyway to check if they are hijacking the connection and supporting TLS.

Example below from a Delta lounge in ATL:

0[192c140]: SMTP Connecting to: mail.myc

Yes, you're missing something

[billstewart]

Most SMTP servers will use encryption for mail transfer these days, not just for mail submission and mail reading. klapaucjusz's [slashdot.org] reply to your article has more details on how.

Re:other means of storage

[symbolic]

There are third party services (like messagelabs offered by Symantec) that provide email scanning and archival. This puts an interesting kink into the model, because now the path includes more than just other email hosts. These services can have their own retention and privacy policies, and you, as merely one endpoint in a communication process, may have no idea that such a third party is being used.

Re:

[syousef]

Email is inherently insecure, since it is transmitted in clear text and stored in multiple hops between destination and recipient, where its contents may be intercepted, altered, copied, stored, etc.. If you're relying on the law to keep your email private, you've already lost. Use digital signatures for authenticity and integrity, and strong encryption for confidentiality. At that point, you really don't need the law's help to keep your emails private.

How the fuck does this get modded insightful?

Using PGP or whatever else is not going to help you if the law requires that you give up your keys or rot in prison for the rest of your life.

If the opening poster was interested in technical ways to keep his email private I'm sure he would have asked. This is slashdot, so it's entirely possible he's already got the encryption and signature angle covered. This was not a techy question, and a techy answer is not appropriate!

Re:

[Jane Q. Public]

But the law in the U.S. doesn't require you to give up your keys. It was ruled that was testifying against yourself. Trying to force you to give it up is a violation of the 5th Amendment.

The only exception so far was a guy coming in to the United States, and because the computer was asleep (not off), the border search found child pornography that was normally encrypted, but the encryption engine was running. The man then turned off the computer.

Since they ALREADY KNEW there was illegal material in the

Zeus, Jupiter, Terminus

[handy_vandal]

"This question is as ludicrous as asking which god is most powerful.. It's Zeus, isn't it?"

Not necessarily. I don't know about Zeus, but there may be a parallel with Jupiter (the Roman Zeus, "Jupiter" = "Zeus Pater").

Jupiter was the supreme Roman god in most things, and he was rightly respected for hurling lightning bolts, but there was one greater than he:

Terminus, the divine personification of boundaries and boundary-stones, to which even Jupiter was subordinate. (The Romans were very, very big on prop

Re:

[Americano]

Just a wild guess, but I presume that if that's the case, you end up making angry posts to slashdot about how all of your friends and coworkers are too stupid to use software which is complicated to install and complicated to use?

If this [gnupg.org] is the way people are going to get the ability to encrypt/sign emails, then yeah, they're not going to use it.

If this [gnupg.org] is the list of features "customers" are expected to make sense of, then yeah, they're not going to use it.

GPG is great software, but it's not exactly trivia

Re:

[icebraining]

What bothers me is that not even CS teachers use it. I mean, they can program in OCaml, but they can't configure their mail client to send encrypted emails with if the recipient has a key?

Re:

[Jane Q. Public]

That is the problem with most encryption software. It simply isn't easy to use. You have to configure it and run it via the command line (something most people won't learn how to do), or else, like TrueCrypt, set up a password, choose from among several encryption schemes (or a combination of them), and choose a hashing algorithm... most people won't bother to learn about whether they should be using Serpent or Twofish or AES, or look up what a RIPE-MD-160 is.

And ANY good encryption scheme -- I don't car

Re:

[Jane Q. Public]

"In addition to being entirely unnecessary for the vast majority of users who aren't living in a dictatorship, paranoid, criminal or all three.."

And the "criminal" argument is simply bogus. In effect, it is the old argument that "if you have done nothing wrong, you have nothing to fear."

Anybody who knows a little bit of history knows how ludicrous that concept is!

Does it matter?

[steevven1]

Even if you host your own email server or use a server in a country with great privacy laws, every email you send or receive is stored on two servers, each with your name (email address) attached to it. Unless everyone you email has the same security policy as you, your messages are little more secure than they would be if you used any other email server.

Re:

[fuzzyfuzzyfungus]

Be sure to avoid living in Britain, in that case.

Re:

[Noughmad]

No, you can still live there, just make sure you NEVER lose your private key.

Storing email?

[krelvin]

If this is really worried about this...Why are you storing any email on a 3rd party server? As new email arrives, save it to your local computer, removing it from the inbox. No email is then left to become 180 days old. Nothing to worry about. Actually that is not true since you most likely will be worrying about something else then too, but...

Re:

[fuzzyfuzzyfungus]

This would appear to be operating on the optimistic assumption that hitting "delete" has any effect other than making the message invisible. If you are lucky, cheapness and/or laziness on the part of the operator will mean that they purge and/or just lose everything they can get away with as fast as possible. If, on the other hand, they are doing some sort of data mining for commercial purposes, or complying with some sort of retention request, game over, man.

Re:

[Jane Q. Public]

It also assumes that you use POP3, not IMAP, or at least have fine control over your IMAP settings. Because by default, IMAP keeps copies of your emails on the server, not your local machine.

IMAP is great for people who want to access the same email accounts from several machines and see the same thing on all of them. From a security standpoint, it has it's head so far up its ass it will never see daylight.

Re:

[Jane Q. Public]

I was having trouble with my email account on my hosted server, and I called tech support. I told the guy what the problem was. He said "Why do you want to use POP3? Use IMAP. POP3 is soooo 2003..."

I just smiled and told him to get my POP3 working again.

What Country Has the Best Snail-Mail Privacy Laws?

[lobiusmoop]

Given I can't be bothered to take the most basic steps to gain a little privacy for my letters, like using envelopes, writing everything on postcards that let everybody in the postal industry in contact with my mail read it, what are the best couriers for me to send my letters with?

Honestly, I think some articles are just deliberate trolls for the computer-security folks on Slashdot.

Re:

[sandytaru]

Redact everything yourself. Problem solved. Stick it to those government snoops!

Re:

[icebraining]

I often here "encrypt your mail", "use POP3", "download the mails from hotmail/gmail/yahoo to your computer"... The problem is, I have no idea how to encrypt mail, what POP3 is or how to download my e-mails.

Search Google for "how can I encrypt my email"; first two results are step by step guides on how to encrypt your email, either with Thunderbird or Gmail.

Re:

[digitrev]

Encrypt your mail: That's fairly easy. You need to get yourself set up with GPG, the Gnu Privacy Guard. If you use Linux, then most e-mail clients support it (like Evolution), but if you're a Windows user, then you need Thunderbird and the enigmail add-on. What GPG does allow you to sign / encrypt e-mail. It does this using public key cryptography. First you create a public key and a private key. These are tied together. Never give away your private key. The public key can go to anyone and everyone. Now wha

Best email security laws?

[Locke2005]

That's easy: Sealand [sealandgov.org]!

Re:Best email security laws?

[houstonbofh]

Havenco closed in 2008. No sealand hosting now.

nowhere really

[t2t10]

Many European nations nominally have better privacy laws, but they have lots of exceptions for national security, police enforcement, and privacy law enforcement, as well as other loopholes.

But you're likely also no better off storing it on your local disk; for your government or your ISP, accessing data on your disk is likely no more complicated than pushing a button.

If you want your E-mail to be private, encrypt it, whether it's on a local disk or a server, and even then, there's a good chance others can intercept the key and read it anyway.

Re:

[farnsworth]

If you want your E-mail to be private, encrypt it [...], and even then, there's a good chance others can intercept the key and read it anyway.

Would you care to expand on that? I was under the impression that both smime and key-pair encryption are pretty solid.

Re:

[t2t10]

Governments, software vendors, and/or ISPs can easily install key loggers and backdoors on your machine through the usual software update mechanisms. Once they have that, they can get your keys no matter what system you use.

Re:

[angel'o'sphere]

Many European nations nominally have better privacy laws, but they have lots of exceptions for national security, police enforcement, and privacy law enforcement, as well as other loopholes.

Which loopholes do you mean?
A search warrant issued by a judge according to evidence presented by the prosecutor is not a loop hole in my eyes. I'm not aware about other "loop holes".
angel'o'sphere

Re:

[t2t10]

The loopholes where governments can access and share your data if it is "in the public interest". No, they don't need a warrant for that, and they can do just about anything based on that. Here is one of the places where that exception is listed http://bundesrecht.juris.de/bdsg_1990/__4c.html [juris.de] There are other holes in the law.

Re:

[angel'o'sphere]

Erm,
you copied pasted the wrong law/paragraph.

This is not about allowing anyone to read your emails, but about your personal data.
As you copied a german paragraph I repeat: in germany EMails can not be read without a judge giving a warrant first.
For emails exactly the same rules apply as for written letters on paper.

angel'o'sphere

Re:

[t2t10]

No, I didn't "paste the wrong law". That is one of the relevant laws. Similar exceptions exist in other laws:

http://dejure.org/gesetze/GG/10.html [dejure.org]

http://bundesrecht.juris.de/g10_2001/BJNR125410001.html#BJNR125410001BJNG000300000 [juris.de]

Note that exceptions can be justified under "Volksverhetzung", which is such a vague concept that a lot of politically unpopular speech might fall under these exceptions.

If you want to claim that "in germany EMails can not be read without a judge giving a warrant first", you have to

Re:

[angel'o'sphere]

As you are obviously german and can read the law, you missed the fact that you posted "Das Bundesdatenschutzgesetz" which has nothing to do with "Fernmeldegeheimnis".

The latter one is an extension to the constitution, "Verfassung" which explicitly states that you need a warrant from a judge.

I don't get where you have your missinformation from.

The stuff you linked in this last post again has not much to do with "protection of telecommunication" but is referring to an intelligence agency. And the paragraph st

Re:

[t2t10]

No, I'm not German, I just follow German politics and law.

As for the laws, both are relevant, since communications privacy requires both laws, both laws have exceptions, and both kinds of laws apply to ISPs.

You are picking out bits and pieces of the law and draw conclusions from them, but that's not how it works. In fact, the most relevant parts are Â2 and Â3. Â2 says that executive branches can order telecom providers to give them information; there is no mention of the need for a judge's

Re:

[angel'o'sphere]

Well,

no offense, but all your conclusions are not correct.

You are interpreting the laws you are citing wrong.

In fact, the most relevant parts are Ã2 and Ã3. Ã2 says that executive branches can order telecom providers to give them information;

Personal information!!! not EMAILS. Under certain situations, if you can make a strong claim, you can get e.g. connection data, web pages that got accessed etc. But not the actual data you transfered via the wire, that means: no, not a copy of the photos

Re:

[angel'o'sphere]

Lol, you again bring complete false contextual answers. The question was never if a security agency like CIA or BND may in special circumstances read email without a court order, the question was wether the "government" or the "police" may do it.

Did you ever read the laws you citate?
And did you read the articles you link?

Neither the law you linked nor any article says that THE POLICE or THE STATE does NOT NEED a court order. Of course they need one.

The BND is an exception just like the CIA or NSA is ... so

"...what countries have the best privacy laws..."

[John Hasler]

Because we all know that all govenments can be trusted to respect such laws when their own interests are at stake.

If you have secrets that you must protect against goverments why are leaving them (unencrypted, evidently) on third party servers? And why are you discussing that fact on a public forum?

What about the people you communicate with?

[timothyf]

Are you sure you're always communicating with people that live in countries with privacy laws that are just as secure? Unless you're really good about keeping your contacts secure as well, all it means is that they have to issue more subpoenas.

data rendition

[Tumbleweed]

Are you sure you're always communicating with people that live in countries with privacy laws that are just as secure? Unless you're really good about keeping your contacts secure as well, all it means is that they have to issue more subpoenas.

This brings up a point - I wouldn't be at all surprised if data isn't routinely sent out of the country for analysis and decryption to countries who have no laws against such things.

This is a false question!

[bogaboga]

Ask Slashdot: What Country Has the Best Email Privacy Laws?

And here's why I say this:

It depends on who's metrics we'll use to determine what is 'best'. So that's the question.

Re:

[Odinlake]

Anything can be misinterpreted by someone who doesn't want to understand. I'd say implicit in this question is:

"According to whatever metrics you yourself apply when using the word 'best' in this context, out of the countries you have any knowledge or instinct about whatsoever, have you noticed any one that seems to have somewhat better email privacy laws than the other."

Now this is still not very precise, but I imagine if the best literary minds in the world got together and wrote a treaty on the subj

Might be a good start-up idea for the PRC

[ibsteve2u]

You know the People's Republicans of China are going to read your email, but would they share with any other government? Doubtful.

Depends

[Oceanplexian]

Whatever country you're living room is, where you would obviously be keeping your mail server in a rack running under truecrypt.

If you don't want to bother than that, then, your privacy just isn't important. As soon as you put your personal information on someone else's hardware you lose control of that information.

The Answer is...

[DanielRavenNest]

Don't put anything you want to keep private on a third party server. If you must use email, find one with encryption. Microsoft Outlook has had it since at least version 2003, and there are lots of other programs available.

Host it yourself

[Animal Farm Pig]

Why not just host it yourself using the open source mail server and transport of your choice?

Re:

[the eric conspiracy]

Generally that requires a static IP because so many ISPs won't deliver mail from a dynamic address.

Not everyone can get one of those.

Strike one.

[westlake]

I was wondering: what countries have the best privacy laws and what are some good hosts to use?

You are a foreign national routing allegedly innocent e-mails through an unfamiliar host 1,200-12,000 miles distant. Do you really think that won't attract unwanted attention on both sides of the border?

For email apply the same laws as for paper mails

[angel'o'sphere]

... at least in germany and most european countries.

If you want to read them you need a search warrant.

angel'o'sphere

Re:

[bloodhawk]

or a router or a mail server in the chain between the sender and recipient, then you can just read it to your hearts content with no one the wiser. seriously if you are relying on governments or providers to keep your privacy then you have already lost. Sign it if you want to be sure it wasn't altered, encrypt it if you want to be sure it wasn't read. otherwise all bets are off.

Re:

[houstonbofh]

"I wonder who he has been talking too? Quick, put a sniffer in last month! Case closed!"

Re:

[DCFusor]

Nah, no warrant need to read them -- done all the time. Warrant only needed to convict you for something in them. But -- no need for a warrant then either. Just use the email to figure out who to watch, and then they bust you for whatever they see you do. Just like the way you are entitled to confront your accuser. Some guy calls the cops on you, they show up, and they see, you name it, and bust you for it. The cop is now "the accuser" and you never find out who called them. Just ask the cops sometim

Re:

[angel'o'sphere]

Sorry, that is not how it works in germany or any EU country I know about, like france, italy or UK or netherlands.

angel'o'sphere

IMMI - International Modern Media Initiative.

[mordur]

I don't know which country has the best protection for users of online services now, but Iceland most certainly will be a contender when the IMMI legislation has been passed as per the Parliamentary Resolution passed on June 16. last year. Check it out: http://immi.is/ [immi.is]

Finally, on on topic answer!

[houstonbofh]

Damn! I have mod points, but I have already posted in this thread. But thank you for being the first one with an on topic answer. I may just hunt you down in other threads and mod you up.

Enforcement?

[kuzb]

Best laws are one thing, but I'm more interested in best enforcement.

How about using encrypted email for a change?

[jopet]

Its easy. Enigmail and Co have been there for ages.

China definitely

[KostasPlenty]

China has arguably the best privacy laws. In China the state really will go the extra mile to protect the privacy of all government agencies that have access to your emails.

IPv6

[muckracer]

I wonder, how the adoption of IPv6 will cause a paradigm shift here. It would allow every user to host his very own mail server right at home (though technically already doable even with v4), incl. SSL etc.. Subpoenas for your mail would need to be real search warrants, the entire (mail) hosting industry would mostly become irrelevant and people could send mail the good old-fashioned way *directly* to each other ('s IP). Snoops would have an awful time with this, when they have their established live-feeds

Trick Question

[darth dickinson]

"Email Privacy" does not exist.

DON'T PAY FOR IT!

[gl4ss]

if you don't want it to be associable to you via bank slips.

ask it from a trusted associate who doesn't run backup servers and who has enough noise in his transfers.
if you're really paranoid that is. of course, you should also have your eggs in multiple baskets. but if you don't want it to be searchable later, then you should somehow arrange that the chat isn't stored at all(so that whoever eavesdropping you would at least need to pretty much log all your traffic, because he couldn't just bust the door in).

Nepal!

[herojig]

Nepal! The best law is none at all, for anything. Freedom and self-governance without a tax-sucking government to get in your way. Do what you want, as long as it hurts no one but yourself. If you screw up, you will be punished - by your peers. Namaste.

Re:

[Aldenissin]

Not Goatse, but still disgusting and off topic... I am just trying to figure out why someone takes time out of their day to repeatedly spam Goatse to Slashdot. Is this a bet or something? Either way, perhaps you should consider that while virtually no one is "normal", you should get checked out for your obsessive compulsive tendencies...

Re:

[WrongSizeGlass]

They're also using:
http://freeblogspot.org/journalism/2011/04/03/post/
http://tinyurl.com/42kdzgp (uses a data:text/html;base64 eventually redirect ending up at goatse.ru)
http://tinyurl.com/5szfvml (uses a data:text/html;base64 eventually redirect ending up at goatse.ru)

Re:

[DurendalMac]

Dammit, by the time I clicked it was gone. Now I want to know what horrid image was up there.

Re:horrid

[TaoPhoenix]

See my post above. NSFW!

Re:

[Locke2005]

When I told my daughter that glitter comes from unicorn poop, I thought I was being original and making that up. (I try to keep her as misinformed as possible.) Now you come along and point out this is not an original idea! By the way, she insists the color of the glitter matches the color of the unicorn, so only gold unicorns would poop gold glitter.

Re:

[debilo]

I am intrigued by your daughters ideas and would like to subscribe to her newsletter.

I assume constant monitoring of her outbox may be required.

Re:

[countertrolling]

(Score:-1)

This is what I get for pointing out that our 'anonymous' submitter here is a company troll grasping for page hits.

So one more time for posterity, privacy on the internet, and any expectation thereof is pure mental masturbation.

This site is being compromised by too many sockpuppets and zombies. It used to be fun when was a small group of friends, but not any more. Maybe it's best to just stay away from the front page.

Re:

[cbiltcliffe]

This is what I get for pointing out that our 'anonymous' submitter here is a company troll grasping for page hits.

Errm...

There's no link in the posting. How exactly would this generate page hits?

Not Your Own Country (and not a high-spam country)

[billstewart]

The governments most likely to be interested in you are your own government and any you might be trying to overthrow. So don't go there. And use your own mail server to store your mail on, not your mailbox provider's.

Pick some country other than your own, not the US, not a notorious spam or cybercrime haven. (The latter's obvious, just because you don't want your mail discarded automatically by your recipients.) The countries that have good privacy laws mostly have police agencies trying to pass data re

There's always a work-around!

[Paracelcus]

Run an SMTP/POP3 server in a VM that loads from an encrypted partition, use a dynamic DNS service so that you can be found. Or rent a COLO in a third world country, etc, And send everything/receive everything as an encrypted attachment. Use steganography to distribute embedded keys in mainstream porn images on annoying pop-up web-page ads.

Live in a skid-row hotel room, move often, use prepaid cell phones, don't use snail-mail, if you have a beard, shave, if you don't grow one, large dark glasses, broad-b

The Adrian Lamo method?

[way2trivial]

http://en.wikipedia.org/wiki/Adrian_lamo#Personal [wikipedia.org]
Popularly called the "homeless hacker" for his transient lifestyle, Lamo spent most of his travels couch-surfing, squatting in abandoned buildings and traveling to Internet cafes, libraries and universities to investigate networks, and sometimes exploiting security holes.[2] Despite performing authorized and unauthorized vulnerability assessments for several large, high-profile entities, Lamo refused to accept payment for his services. During this period, in

Re:

[cbiltcliffe]

Hilarious.
Really.
My ass is somewhere on the floor.
Seriously.

Ok...now...
If you're afraid of someone being able to read your email when it's hosted somewhere out of your direct control, then host it yourself.
A combination of fetchmail, Apache, and Squirrelmail/Horde/GroupwareOfChoice, along with a free dyndns.com account, and you've got all your mail completely under your control, and still available anywhere.
Assuming you use Linux, when you set it up, make sure you use encrypted LVM, and even if the governme

Re:

[Lobachevsky]

In the U.S., if you are deemed to be hiding vital information and it's encrypted, you are required to give your decryption key or face jail time for contempt of court. There's an XKCD comic about beating the key out of someone as by far the most efficient way to decrypt.

Re:

[SwedishPenguin]

Except the data retention directive requires providers to store email for at least 6 months.. (minimum in directive, actual period can be longer in individual countries)

Re:RETARDED

[Jurily]

legally private, as opposed to "secure"

I'm not sure this term has any meaning when applied to information that is instantly, cheaply and undetectably duplicated, especially if this duplication is the whole fucking point. How many servers did that mail pass through while it got to the recipient?

What we really need is to define encryption as a basic human right.

Re:

[zill]

What we really need is to define encryption as a basic human right.

I wholeheartedly concur.

Unfortunately this won't happen anytime soon due to all the import [wikipedia.org] and export [wikipedia.org] restrictions.

Re:

[hedwards]

Because, he'll get you laid.

Re:

[Runaway1956]

That troglodyte crawled up a chicken's ass and waited for days, and still couldn't get laid.

Re:

[ibsteve2u]

lolll...guess I should have expanded all of the comments. Your idea is essentially the same as mine, giving yours the marks for originality.

Re:

[currently_awake]

I think we can safely assume that all email sent to/from north korea is recorded/stored/examined in detail unless it's encrypted. I'm pretty sure sending encrypted email to north korea will result in the men in black helicopters coming to visit you in the middle of the night. If you really care about security use your own email server, with self destruct if tampered with. (and if they try to obtain it legally they will probably go for the hard drive before telling you- oops!)

Re:

[ibsteve2u]

I stand corrected; use the RNC email servers, instead.

Re:

[Tumbleweed]

I am pretty sure that the North Korean government does not provide the US government access to email stored on their servers.

Yeah, but they probably would to the Chinese government, who in turn will sell it to some general's company on the side, who will then spam the ever-loving shit out of you until eternity. All in Chinese, of course, making it even more useful. The other stupid as shit spammers tend to come from Russia. Do they _really_ think anyone outside of Russia or former Soviet bloc nations speaks Russian?

Re:

[houstonbofh]

No doubt... I to am interested in this. Yes, I know it is no substitute for good encrypting, and I know how START/TLS works and so on. But being able to avoid a data mining fishing expedition should be easy low hanging fruit.

Re:

[houstonbofh]

The funny part is with all the invective, I don't think that most of them realized what the question was. They think it was "How do I keep my e-mail secure..." And I too would like to know the answer of what countries do not allow easy datamineing fishing trips.

Re:

[houstonbofh]

You are more subject to interception, but not datamining.

Re:

[houstonbofh]

Dude, didn't you see who it was? Anonymous! They have a reason to hide! They are about to protest Sony! http://www.facebook.com/group.php?gid=21903225493#!/event.php?eid=136813236391154 [facebook.com]