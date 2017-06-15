Ask Slashdot: Advice For a Yahoo Mail Refugee 113
New submitter ma1wrbu5tr writes: Very shortly after the announcement of Verizon's acquisition of Yahoo, two things happened that caught my attention. First, I was sent an email that basically said "these are our new Terms of Service and if you don't agree to them, you have until June 8th to close your account". Subsequently, I noticed that when working in my mailbox via the browser, I kept seeing messages in the status bar saying "uploading..." and "upload complete". I understand that Y! has started advertising heavily in the webmail app but I find these "uploads" disturbing. I've since broken out a pop client and have downloaded 15 years worth of mail and am going through to ensure there are no other online accounts tied to that address. My question to slashdotters is this: "What paid or free secure email service do you recommend as a replacement and why?" I'm on the hunt for an email service that supports encryption, has a good Privacy Policy, and doesn't have a history of breaches or allowing snooping.
Gmail is great in terms of reliability, spam filtering (best I've found), and features. But if you're looking for privacy, the only company that's probably worse in my mind is Facebook.
Gmail is great period. Regarding privacy; I think their major advantage is they are HONEST, where some of the other more egregious offenders are more concealed.
You DO have privacy in the sense that your neighbor and random people at Google cannot look at your E-mail.
You don't give a whole lot up, Although we do know they WILL collect keywords in your e-mail and use it to build a statistical model about you.
If that concerns you, then your best option is to SELF-HOST your E-mail on your own server or
Take Marissa's advice
Use gmail.
I'd stick with one of the big providers, if you're going to use web mail at all. I switched from gmail to outlook.com, partly to live a Google-free life, but mostly because the gmail UI kept getting worse and worse. But certainly the latter is subjective, as is one's tolerance for an all-intrusive panopticon.
I switched from gmail to outlook.com, partly to live a Google-free life...
Out of the frying pan into the fire.
Microsoft isn't a panopticon. They don't mine your browsing habits, search history, email, phone location history, etc the way Google and Facebook do. Perhaps just lack of competence to do so.
Google knows your age, race, religion, where you live, where you work, you're sexual preference, your income, your political views, and so on. All in databases the government can take control of at their whim (the government doesn't need their own Muslim database).
I switched from gmail to outlook.com, partly to live a Google-free life, but mostly because the gmail UI kept getting worse and worse.
What is this "Gmail UI" you speak of? My Gmail UI on the desktop looks like this:
http://www.claws-mail.org/scre... [claws-mail.org]
In other words, I have a hard time understanding complaints about the Gmail UI since people DON'T have to use it. That's what IMAP is for, so you can use Gmail with a proper e-mail client.
You also don't see ads that way AND that enables you to archive locally if you want and use your choice of secure e-mail methods (PGP or S/MIME).
Run your own (Score:2)
Run your own mail server, that's the only way you can be reasonably sure that you have control over your mail.
Run your own mail server, that's the only way you can be reasonably sure that you have control over your mail.
I second what Hillary says.
(Is it a stretch to mention the captcha is 'dwelling', as in run your own server in your dwelling?)
None (Score:4, Insightful)
Don't be obtuse (Score:2)
Don't be obtuse.
Of course there's no perfect security. You know, if a burglar wants to get into you house badly enough, he'll get in. So why bother locking your door? In fact, just leave your front door open... Oh, change all of your PINs to 1234 and your passwords to "password" while you're at it. After all, if there's no perfect security, why have any security.
The point of TFS is finding a service that is as secure as reasonably possible, while still being useful.
People are REALLY going to hate this, but there is no 100% secure network service. Computer networks were designed for sharing information between nodes. The idea of keeping others out of that sharing was added on later. On a large interconnected network like the Internet it is impossible to do 100%. I can feel the nerd rage boiling here and the claims that "you don't know what you are talking about!". But save it. Reality tells us otherwise. If it is on a network, it isn't secure.
This, the only truly secure network device has been disconnected form the network. The most secure network devices make it very difficult for the authorized user to access the system and extremely difficult for anyone else to access. Just about everything a network device does to make it easier to access and use just makes it less secure.
This, the only truly secure network device has been disconnected form the network.
True, but that kinda rules out email as a thing.
This is a correct statement. Even non-networked airgap isn't secure.
But we have to work for it then.
Google has been pretty good about discussing compromises and offering a host of 2FA techniques. Google is in no means 100% transparent, but after the Chinese hacking attack on dissidence, and the Snowden stuff, Google has stepped up on security options and access notifications.
People are REALLY going to hate this, but there is no 100% secure network service.
For once, Binary Bro is correct. (Statistically it had to happen sooner or later.)
But it's true: there is no 100% secure network service, no matter whether you use an established provider like GMail or run your own private domain mail service.
Don't Match (Score:4, Insightful)
Don't match in my experience.
Email the wrong tool for privacy (Score:3)
If you want private communications, look for a different way, a private way, to communicate.
If you want convenient email for casual use, try GMail. For example, Google will find things in your email, like confirmation emails of your upcoming flights, and then Google will be sure to remind you on your smart phone. But I don't treat communication with my airline the same as I might treat communication with other parties.
If you want privacy, isn't email the wrong tool? Isn't email like a post card that anyone can read in transit?
Mail in a PGP or S/MIME envelope can't be read in transit.
If you want private communications, look for a different way, a private way, to communicate.
Someone supporting a product, service, or free software project still needs some means for users to contact him. What's the private way to provide support to members of the public? A web-based issue tracker would still need email so that users can log in without a password, such as when resetting a forgotten or compromised password.
I'm just staying with Yahoo mail (Score:2)
When the big Yahoo email breach occurred, how many people had the following questions?
1. I wonder how many of my email accounts (that I haven't used in years) are affected?
2. I wonder what percent of the breached accounts are my email accounts that I haven't used in years?
It should be interesting, if nothing else, since the new Overlord is an ATT competitor, and Verizon has been recently in the news [networkworld.com] shuttering up their own email activities.
It's fairly trivial to export your messages. You can copy them someplace local via any IMAP client. Contacts from Yahoo aren't bad either, since it'll make a
.CSV for you. Putting the messages back on another service isn't horrible once you have those things under your own control.
I too had that, and using Thunderbird, I moved all the folders I wanted into other accounts. One thing I forgot - to move my Financial folder into one of the other accounts, and lost everything there. Fortunately, I was able to retrieve the email of my tax preparer, so the damage was not irreversible. But this is what I'd suggest: use Thunderbird to host your yahoo! as well as your other accounts (you do have >1 email account, don't you?), and then move all the emails that are not worth deleting to
Well this is awkward (Score:1)
If you are trusting someone else to manage your email, you will never be sure someone isn't reading your emails. Simple as that. I'd go with Google since they are at least open about what they do with your emails. Or at least as far as I know.... which is all you can say about any free or paid service.
Now setting up your own email service isn't all that terribly hard. If you really care about your security, that is the way you will go. Otherwise, you just figure out who you distrust the least.
Prepare to land in the junk folder (Score:2)
Now setting up your own email service isn't all that terribly hard.
Provided you're fine with all your outgoing mail ending up in the junk folder. Even with working SPF and DKIM, deliverability isn't certain if anti-spam measures on recipients' mail servers refuse to accept mail from IP addresses issued by a home ISP.
Fastmail (Score:2)
Not free, but it works well. Note: Servers are in NY.
I second this.
Unseen.is - Encrypted e-mail (Score:1)
I think this is really the important bit.
The OP obviously is looking for an email service that is completely different from the one they are migrating from, however expect that it will exist, and probably want it for approximately the same cost (near zero)
I think this may be asking too much.
For a good alternative to Yahoo mail, you could use Gmail, it has all of the same security issues as Yahoo but I don't think it is in any way worse (and arguably I do trust google more than I trust yahoo, though that doe
B'cos years ago, Yahoo! was a pretty respectable company, and had loads of good stuff associated, like geocities and yahoo chat! If I recall right, it was even there ahead of Google, and were a pretty good bet when Netscape was floundering. My first webmail account was Netscape.net (under Netscape 4), then yahoo & hotmail.
Things changed, & went downhill once Google pioneered the concept of monetizing everything on the internet - be it email, web pages and so on. The biggest evidence of that is
Try Proton Mail (Score:1)
ProtonMail out of Switzerland is pretty good and seems to be pretty secure.
https://protonmail.com/ [protonmail.com]
Never mind the transport. That will always be compromised. Depend on the security of the strongbox. Understand the motivations of the developer (spyware, compromised by the NSA, Chinese or both) and issues related to secure key exchange.
I use two (Score:4, Interesting)
I use Apple for personal email. I have had a mac.com email address since Apple came out with it. Their current server name is "me.com" and Apple does not advertise in this service, as it is a paid-for service. It allows pop3 as well as IMAP.
For professional email, I use gmail. Google does a great job of excising spam. It is advertiser-supported email, but I never use a web browser for my gmail account. Instead, I use the pop3 function. It propagates to my cell phone, my desktop and my tablet. When I delete something on my cell phone, it deletes on my tablet, but not on my desktop. For a free service, I do not think you can do any better than gmail.
Gmail + Thunderbird (Score:3, Interesting)
Be careful, as Thunderbird DOWNLOADS all folders, emails, and attachments by default. Including your SPAM folder. One of our users had thunderbird and our AV system went nuts because it was downloading the trojan attachments to the spam emails.
I did a little digging but there was not clear answer on stopping it from downloading attachments by default.
Fastmail (Score:1)
Completely agree (Score:2)
I've been with Fastmail since it was in beta in 2001. The company ONLY does email and associated services. This means they are focused on making it work correctly and users having a good features. I would never consider moving.
Won't matter to me (Score:2)
Runbox.com (Score:2)
"has a good Privacy Policy, and doesn't have a history of breaches or allowing snooping." -- Runbox fits all of those. Norwegians have very strong laws regarding privacy, which should please you, and the company doesn't do any advertising or crawling through your emails for tracking or anything like that. It's not a free service nor is it the cheapest one available, but I've been their customer for several years and I would at least recommend one to take a look at their offerings.
G Suite or Office 365 (Score:2)
Roll your own (Score:2)
You don't want any of the free offerings (like Gmail) then. As far as I know, every mail service that is free does snooping for advertising, whether it's directly in their web client or used elsewhere.
I don't have any paid services to recommend (and even these may or may not come with data slurping) but you could always try rolling your own. Domain names are c
Running your own mail server isn't for everyone, but I'd say absolutely you have to own the domain if you want control. If someone else owns the domain that your account depends on, you have no control over the future of your own account. This is the fundamental error I made 18+ years ago when I started calling Yahoo my permanent email address and thinking only my employer addresses were transitory.
Indeed. I recall having a lot of problems when I used my
.edu address for stuff in college and then graduated.
For those that might be squeamish running their own, I believe Gmail offers a way to use its service with your own domain, but I don't know if that costs money (and they might still do data collection even if it does, which is why I didn't mention it in OP.) I imagine other e-mail providers offer similar options.
Use Gmail--and here is why (Score:3)
The main issue with e-mail is that it has two parties involved. If either of the parties is compromised in a communication, then it doesn't matter how secure the other party is. Due to the sheer volume of people using Gmail, it is likely they already have a copy of most of your mail anyway. By using Gmail just like so many other people, you at least only have one system potentially snooping on you. If you believe that you are more secure using other systems, you are likely wrong.
Your own website (Score:2)
You could create your own website and use the email services that come with the hosting package.
Email simply is not secure (Score:2)
Look, email is not secure. Not at all. Any other way to thinking about it is a lie.
You see, email has to connect with just anybody. That means you can't exchange email freely, you have to have an agreed security frame work if you want email to work. Even TLS is no real protection.
That being said, I'll upload an ansible script to set up a multi-tenet mail config you can run on any linux cloud provider or you can use only of the many that are already around.
It's pretty easy though to send and receive encrypted email using for example PGP.
Any relay server harvests your info (Score:1)
It really doesn't matter what you do for privacy, since all the relay servers in the email chain are harvesting your information anyway.
And then giving the metadata (or meaning) to all the intel services. Which also are hosted at the connection points.
However, if you fully encrypt your email at the source, host your own ISP. We'll still get the info, either from the recipient or other things you aren't aware we use, but it makes us work harder to get it.
Free? Nothing is free.
Proton Mail (Score:3)
Proton Mail (Score:3)
Proton Mail is hosted in Switzerland has end to end encryption with Android and IOS app support and has withstood denial of service attacks from suspected state sponsored hacking.
Just the fact that a state actor tried to take them down is a reason to consider them.
I use Signal I listened to Eric Snowden (Score:1)
Don't just get a mail provider. Get an address. (Score:2)
You are already going through the pain of changing your address. Make sure you don't have to do it again some time in the future. Mail providers change policies or shut down, sometimes without warning.
Go ahead, and pick a mail provider that you like. But also go out and buy a personal domain. You'll probably be able to find one you like for $10 per year, and you can find DNS providers that will do mail re-direction for free. Have a wildcard redirect set to send any email sent to the domain forwarded to
Don't rely on an email service for encryption (Score:2)
If you want encryption, you really need to just do it yourself. When you do, it doesn't make any difference which provider you use. I would use Gmail simply because they are so huge, the reliability shouldn't be an issue. It works with any standard IMAP client, and since your messages are encrypted, Google can't even scrape them to profile you. Also make sure you are using your own domain name, so that you can easily change providers should you ever wish to.
ProtonMail (Score:2)
I'm looking around as well, and what I read about ProtonMail [protonmail.com] is pretty convincing. They offer free or paid accounts, promise no logging, and they're located in Switzerland.
Private Server (Score:2)
Follow in the steps of Ms. Secretary Clinton and put together your own private email server!
I did that like 20 years ago when it wasn't as popular.
fetchmail + sendmail + imapd + horde (Score:2)
Build or rent a server, load it up. Fetchmail can fetch mail from any POP or IMAP provider, if you want to go that route. Or, you can accept mail directly through sendmail, which is not trivial and requires a domain.
If you don't want to lose control of your email address ever again, you can register a domain and either host it yourself, or find a commercial host that will work with customer domains.
Outgoing with sendmail is easy, or your incoming host will usually provide it too, if you prefer that.
Horde