[stuckagain]

If the feds want your "self hosted" emails they will break down your door, shoot your dog, and take every computer-resembling object on the premises.

[confounded]

I'm amazed that

"Nothing to hide, nothing to fear"

Has become

"Autonomy is pointless, resistance is futile"

In about a month.

[benevol]

It hasn't.

You need to remember the fact that already Snowden's revelations have proven that the NSA and other government agencies all have specific budgets for astro turfing activities (manipulating the public opinion by massively participating in online discussions).

And a couple of days ago, there was a nice post on Reddit's front page summing up the situation on Reddit. Reddit is basically completely compromised by whoever has lots of money (government, big industries, etc). Any company can buy astro turfing services nowadays.

So no, you can't trust public online discussion anymore. Not on Reddit and not here. Unless for topics you are absolutely certain that no economic interest is part of the equation.

[ceejayoz]

Ah, but what if this post is anti-Reddit astroturfing?

[aw3c2]

Exactly! They have to have good reason to do so. With "the cloud", they can just use their dragnet storage.

[sbov]

Yes, rights aren't absolute. If the governments wants your data on a self hosted server they need a warrant. In comparison, you have basically zero privacy protections when your data is in the hands of a third party.

[stuckagain]

In the case under discussion the government has a warrant.

[derefr]

You could "self-host" on a cloud server in, say, China, or Russia, or Iran (if they have any hosting services.)

I mean, the governments of those places will probably snoop your emails, but if their contents have nothing to do with them, they won't care. And they have no treaties with the US to force their hand to turn anything over.

Think of your server as Edward Snowden. What country should it hide in, so the US can't legally get to it?

[usernametbd]

> they have no treaties with the US to force their hand to turn anything over

Sure, but that doesn't mean they won't happily exchange that info as part of a deal with the US, assuming your data is valuable enough.

[sfifs]

You're forgetting the possibility of rubber hose cryptanalysis applied on you. In fact just by hosting in such places, you're probably inviting more attention.

[ThrustVectoring]

>the governments of those places will probably snoop your emails

Uhm, how? Gmail supports Transport Layer Security (TLS), and >80% of their emails to and from other providers do as well (https://www.google.com/transparencyreport/saferemail/). Reject non-TSL emails, give the server a public key and tell it to throw away the email plaintext, and the only remaining threat vectors seem like "get rubber hosed into disclosing your private key" and "server gets compromised, causing future emails (but not past ones) to get exfiltrated".

[stuckagain]

SMTP TLS doesn't and can't validate the certs. It is trivial to MITM it.

[st3v3r]

"I mean, the governments of those places will probably snoop your emails, but if their contents have nothing to do with them, they won't care."

Can't you say the exact same thing about the US government?

[confounded]

Iceland.

[wyager]

It's a lot more effort than just asking google. The goal behind practical security is to make things expensive, not impossible.

[donald123]

And will be pissed looking at a bunch of encrypted files.

[megous]

At least you know what happened. With google and such, you wouldn't even know you're under threat.

[throwaway2048]

They can get everybodys gmail with a single request, how many doors are they going to break down, and dogs are they going to shoot?

[stuckagain]

Are we talking about bulk requests? The case we seem to be discussing here involves "data associated with three Google accounts held by an individual who resided in the United States."

[Spooky23]

Yup. But you'll have more due process.