[cortesoft]

He is not talking about the actual flaws as being the example as to why we shouldn't give the NSA backdoor access; he is saying that the leaks prove that even the NSA can't keep their stuff secret. If they couldn't keep their hacking tools secret, why should we think they can keep their backdoor access secret?

[rgbrenner]

In case anyone has been living under a rock for the past 3 years:

FBI's (recently fired) James Comey has been asking for an encryption backdoor for the past 3 years:

2014: https://www.fbi.gov/news/speeches/going-dark-are-technology-...

At that time, he said unbreakable encryption should be illegal: http://www.newsweek.com/going-not-so-bright-fbi-director-jam...

2015 (asking for a backdoor): https://www.theguardian.com/technology/2015/jul/08/fbi-chief...

2016 (same): https://arstechnica.com/tech-policy/2016/03/fbi-is-asking-co...

2016 (tried to force apple to create a backdoor for the iphone): https://www.apple.com/customer-letter/

And then here recently, he's upped it to an international agreement to create a backdoor: https://www.techdirt.com/articles/20170327/10121437009/james...

He's not the first, only, or last person to ask for it.

[superkuh]

The UK's doing it, http://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance...

[Kholo]

Good time to remind folks that gmail, facebook, whatsapp, amazon etc aren't going to be able to protect their data forever at the levels they currently are capable off.

A couple of bad business decisions and they are where yahoo is today. So be smart about how you use these services and educate the non-technical folks around you.

[cortesoft]

What would 'being smart' about using these services mean? It is pretty difficult to get through life in the modern age without using email for sensitive documents (or at least without using ACCESS to your email as a way to gain access to sensitive services, eg password reset emails, proof of ownership, etc)

Since email in the modern world has this type of importance, what should I do? If you say gmail can't protect their data forever, do I not use gmail for email? What do I use then? No service will be free from data leakage, even an email server I run myself.

[Kholo]

Did I say stop using them?

Distribute risk. Use multiple accounts. Don't handle all work/financial stuff on a single account. Keep work and personal accounts separate. Reduce the number of hours you spend online being a data milch cow for these corps. This automatically reduces dependence. Don't allow messenger chat transcript backups to happen by just uninstalling the app every other night. Don't restore any saved transcripts on disk on reinstall.

I could go on and on but basic rule is use your imagination. Don't use these tools the way they want you to use them. Use them as you would use a tool in a workshed as an aid, not as a drug you are dependent on.

[corford]

Just make sure whatever email provider you use offers IMAP and use a client like Thunderbird to keep a local copy in sync. Back that up somewhere safe and you're fine. If you need good, fast search, use something like X1.

[paulryanrogers]

This was something I thought POP did better since it requires maintaining one's own copies after downloading. But it was much less convenient as people used more devices.

Sad that managing our own multi device services is so time consuming.

[cortesoft]

That will protect you from data loss, but not data theft.

[corford]

Data theft is a separate issue. Whether your using gmail, your own mail server or an account with your ISP; if you're machine is compromised all bets are off (including all your other files, not just email). At least with a backup you wont lose your data as a result of the theft.

[malandrew]

I would say that it's probably smart to occasionally purge all your content from online services and keep your data in cold storage you physically control.

[cortesoft]

There is quite a large cost to that, though. Being able to search through old emails is a lifesaver. I can't count how many times I have searched through email to find some account info I set up years ago, or to get date information about when something happened. Just today, I searched my email for my old FastTrak account info, and found it on an email from 5 years ago.

Deleting all my email would be a big cost to pay for a gain that I can't exactly quantify; I would have to figure out the likelihood of my data being leaked over time and the cost to me if the data was leaked. That isn't readily obvious what the risk factor is for me, but I KNOW the cost factor.

[donarb]

You can download/store your email to a medium that you control, like a portable hard drive. Storing email online invites theft and can provide hackers with personal information that can be mined for personal info.