Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Yahoo!

Ask Slashdot: Advice For a Yahoo Mail Refugee 322

New submitter ma1wrbu5tr writes: Very shortly after the announcement of Verizon's acquisition of Yahoo, two things happened that caught my attention. First, I was sent an email that basically said "these are our new Terms of Service and if you don't agree to them, you have until June 8th to close your account". Subsequently, I noticed that when working in my mailbox via the browser, I kept seeing messages in the status bar saying "uploading..." and "upload complete". I understand that Y! has started advertising heavily in the webmail app but I find these "uploads" disturbing. I've since broken out a pop client and have downloaded 15 years worth of mail and am going through to ensure there are no other online accounts tied to that address. My question to slashdotters is this: "What paid or free secure email service do you recommend as a replacement and why?" I'm on the hunt for an email service that supports encryption, has a good Privacy Policy, and doesn't have a history of breaches or allowing snooping.
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Advice For a Yahoo Mail Refugee

Comments Filter:
  • by OffTheLip ( 636691 ) on Thursday June 15, 2017 @02:06PM (#54627139)
    Use gmail.
    • by Anonymous Coward on Thursday June 15, 2017 @02:11PM (#54627199)

      Gmail is great in terms of reliability, spam filtering (best I've found), and features. But if you're looking for privacy, the only company that's probably worse in my mind is Facebook.

      • by mysidia ( 191772 )

        Gmail is great period. Regarding privacy; I think their major advantage is they are HONEST, where some of the other more egregious offenders are more concealed.

        You DO have privacy in the sense that your neighbor and random people at Google cannot look at your E-mail.
        You don't give a whole lot up, Although we do know they WILL collect keywords in your e-mail and use it to build a statistical model about you.

        If that concerns you, then your best option is to SELF-HOST your E-mail on your own server or

      • by mellon ( 7048 ) on Thursday June 15, 2017 @03:34PM (#54628063) Homepage

        The Terms of Service are actually pretty strict, and Google has extremely good data center security hygiene. The ToS on gmail are much more lax, even though it's the same software.

      • by swillden ( 191260 ) <shawn-ds@willden.org> on Thursday June 15, 2017 @03:37PM (#54628087) Homepage Journal

        Gmail is great in terms of reliability, spam filtering (best I've found), and features. But if you're looking for privacy, the only company that's probably worse in my mind is Facebook.

        What do you mean, specifically, by privacy?

        If you want to keep your family, friends, neighbors, etc. out of your email, then Gmail is great. Security is excellent, especially if you enable two-factor.

        If you want to keep random hackers out of your email, then Gmail is great. Security is excellent, especially if you enable two-factor.

        If you want to keep your ISP out of your email, then Gmail is great. It uses TLS connections for all client communications, and also with whatever other email servers it talks to that support it. Gmail-to-gmail communications is definitely encrypted all the time, both in transit and in storage.

        If you want to keep the FBI/Police out of your email, then Gmail is as good as any US-based email provider can be. They all have to provide data in response to proper subpoenas and warrants, and Google's lawyers scrutinize requests carefully.

        If you want to keep the NSA out of your email, then it's hard to say, but I suspect Gmail is quite good. Snowden revealed that the NSA was tapping Google's internal fiber, but Google has since moved to comprehensive point-to-point encryption. It's not completely impossible that the NSA has compromised the key management system that enables that, but it's actually pretty unlikely. I would assert that on this measure Gmail is as good as any large US-based email provider can be. Smaller ones may slide by the NSA because they're not interesting... but if they do become interesting they'll almost certainly be easier to pop than Google is.

        (As an aside: If the NSA is targeting you specifically for surveillance, as opposed to just sweeping you up in the dragnet, you should just give up on electronic communications entirely.)

        If you want to keep Google's advertising profile analytics software out of your email, then Gmail is awful. Your email will be scanned by systems that try to work out what you might be interested in buying, and this data will be correlated with web searches (if you don't have web history disabled), and data from other Google products. The resulting information will be used by Google (not by advertisers; they don't get access to the treasure trove) to show you ads for things you might want to buy, instead of things that you almost certainly don't want to buy.

        • LOL @ NSA. It's not quite as bad as all that. My biggest concern is all of the unreported or belatedly reported breaches. Supporting encryption and having a good Privacy Policy are important as well.
    • by lgw ( 121541 )

      Take Marissa's advice
      Use gmail.

      I'd stick with one of the big providers, if you're going to use web mail at all. I switched from gmail to outlook.com, partly to live a Google-free life, but mostly because the gmail UI kept getting worse and worse. But certainly the latter is subjective, as is one's tolerance for an all-intrusive panopticon.

      • Re: (Score:3, Insightful)

        I switched from gmail to outlook.com, partly to live a Google-free life...

        Out of the frying pan into the fire.

        • by lgw ( 121541 )

          Microsoft isn't a panopticon. They don't mine your browsing habits, search history, email, phone location history, etc the way Google and Facebook do. Perhaps just lack of competence to do so.

          Google knows your age, race, religion, where you live, where you work, you're sexual preference, your income, your political views, and so on. All in databases the government can take control of at their whim (the government doesn't need their own Muslim database).

          • Google knows your age, race, religion, where you live, where you work, you're sexual preference, your income, your political views, and so on. All in databases the government can take control of at their whim (the government doesn't need their own Muslim database).

            Has the govt taken control of their DBs? No.
            Would they like to take control of Google's DBs? Yes.

            Ergo, they are not able to do so.

            Could it happen? Sure.
            Could any data store be hacked and stolen? Yes
            Is Google less secure than any other of the thousands of data stores that contain your personal data? You decide (hint: no).

            • by lgw ( 121541 )

              Ergo, they are not able to do so.

              Could it happen? Sure.

              You contradict yourself.

              They are certainly able to as they have more guns than Google. That's how you do threat modeling. They currently choose not to (perhaps because thNSA already has all the data? Hard to know.)

              If we keep the sort of government we don't have to fear, then all is good. But if the government goes full totalitarian (and we're really not that far off), suddenly everything changes.

          • It's actually shocking how little google knows. I've made no attempt to hide anything from them, but when I check what they think my advertising preference interests are, they've got so many things absurdly wrong.

          • This is satire, right?
      • I switched from gmail to outlook.com, partly to live a Google-free life, but mostly because the gmail UI kept getting worse and worse.

        What is this "Gmail UI" you speak of? My Gmail UI on the desktop looks like this:

        http://www.claws-mail.org/scre... [claws-mail.org]

        In other words, I have a hard time understanding complaints about the Gmail UI since people DON'T have to use it. That's what IMAP is for, so you can use Gmail with a proper e-mail client.

        You also don't see ads that way AND that enables you to archive locally if you want and use your choice of secure e-mail methods (PGP or S/MIME).

  • Run your own (Score:5, Insightful)

    by Z00L00K ( 682162 ) on Thursday June 15, 2017 @02:06PM (#54627147) Homepage

    Run your own mail server, that's the only way you can be reasonably sure that you have control over your mail.

    • by Anonymous Coward on Thursday June 15, 2017 @02:15PM (#54627247)

      Run your own mail server, that's the only way you can be reasonably sure that you have control over your mail.

      I second what Hillary says.

      (Is it a stretch to mention the captcha is 'dwelling', as in run your own server in your dwelling?)

    • Re: Run your own (Score:4, Informative)

      by Anonymous Coward on Thursday June 15, 2017 @02:28PM (#54627379)

      "Sure?"

      Running a good, reliable mail server yourself is hard to do well. Doing good spam filtering is harder. Being secure/hackproof, harder still.

      Running your own server if you're an amateur is a terrible idea.

      Sure, you COULD spend a huge amount of time learning how to do this well, and a lot of time keeping up with patches an maintainence. But it's likely the highest cost option if you value your time at all.

    • Of course. Everybody is a whiz at Sendmail, Dovecot and the like. But it sure beats having your email in 'the cloud'!
    • Running your own server doesn't ensure you have control over your email. In fact, unless you have hired, 24x7 technicians you trust, and are running it in a hardened data center you built yourself, etc. you probably have more leaks to your server to bad actors than you do using one of the big providers.
  • None (Score:5, Insightful)

    by 110010001000 ( 697113 ) on Thursday June 15, 2017 @02:06PM (#54627149) Homepage Journal
    People are REALLY going to hate this, but there is no 100% secure network service. Computer networks were designed for sharing information between nodes. The idea of keeping others out of that sharing was added on later. On a large interconnected network like the Internet it is impossible to do 100%. I can feel the nerd rage boiling here and the claims that "you don't know what you are talking about!". But save it. Reality tells us otherwise. If it is on a network, it isn't secure.
    • People are REALLY going to hate this, but there is no 100% secure network service. Computer networks were designed for sharing information between nodes. The idea of keeping others out of that sharing was added on later. On a large interconnected network like the Internet it is impossible to do 100%. I can feel the nerd rage boiling here and the claims that "you don't know what you are talking about!". But save it. Reality tells us otherwise. If it is on a network, it isn't secure.

      This, the only truly secure network device has been disconnected form the network. The most secure network devices make it very difficult for the authorized user to access the system and extremely difficult for anyone else to access. Just about everything a network device does to make it easier to access and use just makes it less secure.

    • by headhot ( 137860 )

      Google has been pretty good about discussing compromises and offering a host of 2FA techniques. Google is in no means 100% transparent, but after the Chinese hacking attack on dissidence, and the Snowden stuff, Google has stepped up on security options and access notifications.

      • Google is reading and scanning all your email. Give me a break.
        • by trg83 ( 555416 )
          Yes, but they hate competition in doing so, so they try pretty hard to secure it from all other parties!
        • Google is reading and scanning all your email. Give me a break.

          Obviously if the author is coming from Y! Mail, this isn't their concern. They are asking about security from 3rd parties. So yes, contrary to your snide remark, discussions about 2FA and security notifications are relevant here.

    • People are REALLY going to hate this, but there is no 100% secure network service.

      For once, Binary Bro is correct. (Statistically it had to happen sooner or later.)

      But it's true: there is no 100% secure network service, no matter whether you use an established provider like GMail or run your own private domain mail service.

  • Don't Match (Score:5, Insightful)

    by ZiakII ( 829432 ) on Thursday June 15, 2017 @02:06PM (#54627151)
    has a good Privacy Policy and free

    Don't match in my experience.
  • by DickBreath ( 207180 ) on Thursday June 15, 2017 @02:08PM (#54627167) Homepage
    If you want privacy, isn't email the wrong tool? Isn't email like a post card that anyone can read in transit?

    If you want private communications, look for a different way, a private way, to communicate.

    If you want convenient email for casual use, try GMail. For example, Google will find things in your email, like confirmation emails of your upcoming flights, and then Google will be sure to remind you on your smart phone. But I don't treat communication with my airline the same as I might treat communication with other parties.
    • by tepples ( 727027 )

      If you want privacy, isn't email the wrong tool? Isn't email like a post card that anyone can read in transit?

      Mail in a PGP or S/MIME envelope can't be read in transit.

      If you want private communications, look for a different way, a private way, to communicate.

      Someone supporting a product, service, or free software project still needs some means for users to contact him. What's the private way to provide support to members of the public? A web-based issue tracker would still need email so that users can log in without a password, such as when resetting a forgotten or compromised password.

    • Isn't email like a post card that anyone can read in transit?

      Most email servers connect to each other via an encrypted channel. So the emails aren't in plain text whilst in transit.

      • Isn't email like a post card that anyone can read in transit?

        Most email servers connect to each other via an encrypted channel. So the emails aren't in plain text whilst in transit.

        Unfortunately it's really not "most email servers", but only "some email servers". Most all of the big ones do use SSMTP, though, so most email is transferred via an encrypted channel.

  • I haven't had any issues. Unless they make major changes, I see no reason to move on.
    • Same here. I won't be closing my hundreds of email accounts on Yahoo. I haven't used them in a decade. I see no reason to change them, close them, move them, or take any action whatsoever.

      When the big Yahoo email breach occurred, how many people had the following questions?
      1. I wonder how many of my email accounts (that I haven't used in years) are affected?
      2. I wonder what percent of the breached accounts are my email accounts that I haven't used in years?
    • ATT/Yahoo email account.

      It should be interesting, if nothing else, since the new Overlord is an ATT competitor, and Verizon has been recently in the news [networkworld.com] shuttering up their own email activities.

  • Fastmail (Score:5, Insightful)

    by ebonum ( 830686 ) on Thursday June 15, 2017 @02:09PM (#54627177)

    Not free, but it works well. Note: Servers are in NY.

  • I use two (Score:5, Interesting)

    by mhollis ( 727905 ) on Thursday June 15, 2017 @02:12PM (#54627205) Journal

    I use Apple for personal email. I have had a mac.com email address since Apple came out with it. Their current server name is "me.com" and Apple does not advertise in this service, as it is a paid-for service. It allows pop3 as well as IMAP.

    For professional email, I use gmail. Google does a great job of excising spam. It is advertiser-supported email, but I never use a web browser for my gmail account. Instead, I use the pop3 function. It propagates to my cell phone, my desktop and my tablet. When I delete something on my cell phone, it deletes on my tablet, but not on my desktop. For a free service, I do not think you can do any better than gmail.

    • It is advertiser-supported email, but I never use a web browser for my gmail account.

      I don't have any problem with the advertiser-supported email model, or with Google (I work for Google), but it's worth pointing out that these things you put together in one sentence are not related. Not using a web browser doesn't prevent gmail from analyzing your emails to identify your interests. It does prevent gmail from showing you ads in the webmail UI (aside: using Inbox does, too, since for whatever reason there are no ads in that Gmail UI), but if Google can correlate your email and other traffic

  • Gmail + Thunderbird (Score:3, Interesting)

    by Snotnose ( 212196 ) on Thursday June 15, 2017 @02:14PM (#54627237)
    I've got 2 gmail accounts (no, snotnose@gmal.com is not one of them). I connect to them via Thunderbird, which downloads the messages to my local hard drive. It's worked like a champ for some 8 years or so.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Be careful, as Thunderbird DOWNLOADS all folders, emails, and attachments by default. Including your SPAM folder. One of our users had thunderbird and our AV system went nuts because it was downloading the trojan attachments to the spam emails.

      I did a little digging but there was not clear answer on stopping it from downloading attachments by default.

      • I make sure it's an imap, rather than a pop3 connection, so that I don't lose what's online. Years ago, while on one of my Linux experiments, where I had KDE, I used Kmail once, and it acted only as a pop3 connection, and all my email was sucked up from the server. Later, when that hard disc got somehow corrupted forcing me to re-install, I lost all those emails.
  • Fastmail (Score:5, Insightful)

    by jeauxkewl ( 1465425 ) on Thursday June 15, 2017 @02:15PM (#54627241)
    Fastmail for the win. Reasonably priced, don't think they are going anywhere and have been ultra-reliable. I've been with them about 15 years.
  • I've had a yahoo address so long, it still ends in @sbcglobal.net All I use it for is online garbage...let all the junk go there from sites that require an email address to do anything.
  • by Gaygirlie ( 1657131 ) <(moc.liamtoh) (ta) (eilrigyag)> on Thursday June 15, 2017 @02:18PM (#54627279) Homepage

    "has a good Privacy Policy, and doesn't have a history of breaches or allowing snooping." -- Runbox fits all of those. Norwegians have very strong laws regarding privacy, which should please you, and the company doesn't do any advertising or crawling through your emails for tracking or anything like that. It's not a free service nor is it the cheapest one available, but I've been their customer for several years and I would at least recommend one to take a look at their offerings.

    • Thank you. I hadn't run across that in my searches previously. Added to the short list for further investigation.
  • I have used G Suite for several years - Gmail running my domain's email. I get even more storage than regular Gmail, no ads, and I can still access my mail as an Exchange account on my iPhone so I can get push mail on Apple Mail. Before that, I had a hosted Exchange account with GoDaddy that did the job alright. Today if I wanted to go the hosted Exchange route I'd probably just do Microsoft Office 365's business plans that include email - either the $5 one that just gives you Exchange and OneDrive, or t
  • I'm on the hunt for an email service that supports encryption, has a good Privacy Policy, and doesn't have a history of breaches or allowing snooping.

    You don't want any of the free offerings (like Gmail) then. As far as I know, every mail service that is free does snooping for advertising, whether it's directly in their web client or used elsewhere.

    I don't have any paid services to recommend (and even these may or may not come with data slurping) but you could always try rolling your own. Domain names are c

    • Running your own mail server isn't for everyone, but I'd say absolutely you have to own the domain if you want control. If someone else owns the domain that your account depends on, you have no control over the future of your own account. This is the fundamental error I made 18+ years ago when I started calling Yahoo my permanent email address and thinking only my employer addresses were transitory.

      • by RyoShin ( 610051 )

        Indeed. I recall having a lot of problems when I used my .edu address for stuff in college and then graduated.

        For those that might be squeamish running their own, I believe Gmail offers a way to use its service with your own domain, but I don't know if that costs money (and they might still do data collection even if it does, which is why I didn't mention it in OP.) I imagine other e-mail providers offer similar options.

    • I had previously ruled out the "Clinton Option" but you make a good case and bring up some ideas I hadn't considered. Thanks for replying.
  • by ebrandsberg ( 75344 ) on Thursday June 15, 2017 @02:23PM (#54627327)

    The main issue with e-mail is that it has two parties involved. If either of the parties is compromised in a communication, then it doesn't matter how secure the other party is. Due to the sheer volume of people using Gmail, it is likely they already have a copy of most of your mail anyway. By using Gmail just like so many other people, you at least only have one system potentially snooping on you. If you believe that you are more secure using other systems, you are likely wrong.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      That's a reason for nobody to use gmail, not a reason for everybody to use it.

  • You could create your own website and use the email services that come with the hosting package.

  • Look, email is not secure. Not at all. Any other way to thinking about it is a lie.

    You see, email has to connect with just anybody. That means you can't exchange email freely, you have to have an agreed security frame work if you want email to work. Even TLS is no real protection.

    That being said, I'll upload an ansible script to set up a multi-tenet mail config you can run on any linux cloud provider or you can use only of the many that are already around.

  • Proton Mail (Score:5, Informative)

    by Rick Schumann ( 4662797 ) on Thursday June 15, 2017 @02:32PM (#54627423) Journal
    I've had the same question recently and the answer I got was Proton Mail, based in Switzerland. Fully encrypted end-to-end. I'm surprised someone else hasn't mentioned it by now.
  • Proton Mail (Score:5, Interesting)

    by ControlsGeek ( 156589 ) on Thursday June 15, 2017 @02:32PM (#54627433)

    Proton Mail is hosted in Switzerland has end to end encryption with Android and IOS app support and has withstood denial of service attacks from suspected state sponsored hacking.
      Just the fact that a state actor tried to take them down is a reason to consider them.

  • You are already going through the pain of changing your address. Make sure you don't have to do it again some time in the future. Mail providers change policies or shut down, sometimes without warning.

    Go ahead, and pick a mail provider that you like. But also go out and buy a personal domain. You'll probably be able to find one you like for $10 per year, and you can find DNS providers that will do mail re-direction for free. Have a wildcard redirect set to send any email sent to the domain forwarded to the new mail address. Don't like the way the provider is now doing things? Get a new provider and email address, and change the redirect.

    • To add on to this great advice, PAY for G Suite. It's $50/year for the mailbox, completely ad-free, and comes with business support. It doesn't support complete integration like the free gmail account (Play family sharing is a particular pain point), but it's the best anti-spam solution available today and that's worth the money alone. Add to it the benefits of Drive, Photos, Hangouts, etc and it's a fantastic value for the money.

  • If you want encryption, you really need to just do it yourself. When you do, it doesn't make any difference which provider you use. I would use Gmail simply because they are so huge, the reliability shouldn't be an issue. It works with any standard IMAP client, and since your messages are encrypted, Google can't even scrape them to profile you. Also make sure you are using your own domain name, so that you can easily change providers should you ever wish to.

  • I'm looking around as well, and what I read about ProtonMail [protonmail.com] is pretty convincing. They offer free or paid accounts, promise no logging, and they're located in Switzerland.

  • Follow in the steps of Ms. Secretary Clinton and put together your own private email server!

    I did that like 20 years ago when it wasn't as popular.

    • That's a lot of work and a lot of room for error. Not worth it unless you really don't want to answer to anyone about email. You can get it done on AWS.

  • Build or rent a server, load it up. Fetchmail can fetch mail from any POP or IMAP provider, if you want to go that route. Or, you can accept mail directly through sendmail, which is not trivial and requires a domain.

    If you don't want to lose control of your email address ever again, you can register a domain and either host it yourself, or find a commercial host that will work with customer domains.

    Outgoing with sendmail is easy, or your incoming host will usually provide it too, if you prefer that.

    Horde

  • A lot of hosting services provide plenty of space. They come with free email accounts too, so you can set up 'throwaway' emails like donotspamme@yourdomain.com that you can use for services that might spam you.

    Shop around for the hosting providers that have what you want. I use fetchmail to pull mine down locally, and pine as my client (yes, for real), but there are plenty of email clients or webmail options on your provider.

    Best of all, you can keep your domain and you control it.

  • by TheOuterLinux ( 4778741 ) on Thursday June 15, 2017 @03:10PM (#54627835)
    It's available via web and on mobile devices, including iOS 8 if you have an older phone. You get 500 MB storage free, uses two passwords (one for account and one for mailbox), and the providers themselves cannot recover your mailbox passwords. You can tag your emails, make folders, identifies spam, and has an easy way to report bugs/features. They also have a bounty program for hacking with no success and are protected by Swiss privacy laws. It was made by CERN and MIT. The servers are located in a bunker 1000 meters below the Swiss Alps that use end-to-end encryption and 4096-bit SSL certificates. No cloud hosting and they manage their own stuff. https://protonmail.com/securit... [protonmail.com] The only problem is that it uses Azure. I'm not an M$ at all, but it's either this or Enigmail with Thunderbird and Protonmail is very easy to use and the customer support is awesome whether you're a paying member or not.
    • Aren't they the geniuses who thought it was a good idea to pay blackmail to stop a DDoS? How does it use Azure though? I thought they ran their own servers and didn't use the "Cloud"
  • Where Google basically mines your data en masse and gives it out to US government agencies, Proton Mail is in Switzerland and is not subject to involuntary data request from USA government requests. (Of course they could do it voluntarily but it would really hurt their rep if word got out) https://protonmail.com/ [protonmail.com]
  • by mattmarlowe ( 694498 ) on Thursday June 15, 2017 @04:43PM (#54628615) Homepage

    If all you care about is convenience and price, gmail is the best bet.

    However, gmail has a few weak points:
    - Governments and corporations assume you are using it, if you become a target, first thing they do is sue or force google to give them a copy of all your email. You may not find out about it until after the fact. Basically, using gmail/google means you are OK with the surveillance state being able to grab all the details about your digital life whenever it wants.
    - Hackers assume that getting access to email is the best path in social networking and they have put together an extensive trick list focusing on gmail since everyone uses it. And, if they gain access, are you sure you would know about it or even if google found out about it, that they would tell you? It's in google's interest that everyone forget about the security of their cloud data.
    - Gmail gets coordinated with all the other info that google knows about you and google sells info about you to their customers or targets ads for you on behalf of customers. Frankly, even without email, I think google knows enough already.
    - Gmail imap is _wierd_ and google will probably shut it down in favor of some google only protocol if they ever can.
    - Google is no longer a _good_ company, as it has become bigger, it has started to act more like a Monopoly and that combined with its ownership of android is pushing us more towards a closed internet. I honestly don't want to support Google's growth anymore.

    Another option is office 365:
    - Microsoft has its issues, but it realizes it really needs to compete in the cloud space.
    - Microsoft email integrates well if you have a mobile hardware device like a Surface Pro/Surface Book.
    - Exchange sync for contacts/calendar/groupware is hard to compete with.

    That said, MS has its own security issues....so the best solution is likely hosting your own email....and for those who don't have the time to be constantly updating, find a good mail software suite that does get updated automatically and which has a good security history. Zimbra might be a good example - there are many others.

Modeling paged and segmented memories is tricky business. -- P.J. Denning

Working...