[prophesi]

It's why GDPR came into being, and California's recent data privacy law. We have no reason to have faith in these companies to keep our data safe, or to use it properly. After 10+ years of having our credit card numbers, social security numbers, emails, passwords, and so on leaked again and again, I fail to see how one wouldn't have trust issues at this point.

[dataflow]

I never said you can't have trust issues or that GDPR isn't necessary, I'm saying neither of those implies they are invading your privacy when they show you ads based on your emails. This should be pretty clear?

[prophesi]

The root of the issue is that if they _are_ invading your privacy, you wouldn't be able to tell.

https://en.wikipedia.org/wiki/Black_box

[mehrdadn]

Yes, and if they aren't, you wouldn't be able to tell either, so all that means is you're willing to recklessly make unjustified accusations to defame a company without actual evidence.

[prophesi]

Well, we already know they require reading your emails to power their Smart features. That's enough of an invasion of my privacy to use a FOSS alternative, and I'll always be an advocate for this.

[pas]

Which makes sense, but reading emails to provide smart features is not an automatic loss of privacy.

Google runs the SmartBot2000 software for you. If you use FOSS but run it on AWS EC2, you still need to trust the software, manage the upgrades (or trust the auto upgrade feature, trust the maintainers), and trust AWS for not fucking with your VM.

We have a few physical servers. And probably always will. We run our own email, but also use gmail too. Because sometimes our email breaks, sometimes [understandably fewer times] gmail breaks (or is not available, such as in China). And we will probably always run our email, but it's a lot of work, and it's not for everybody. And even though postfix, dovecot and K9/thunderbird/roundcube are all fine, they are not as smart as gmail. (but usually snappier)

You need decades of experience to set up a secure email host. GMail does it for people in exchange for showing them ads. (uBlock FTW, BTW)

NSA/Prism is a valid reason to use your own mailserver, but then again, keeping up with TLS/OpenSSL issues is a valid reason to use a non-self-hosted solution (as they do it for you, though gmail accepts unencrypted SMTP :/).

And of course, at the end of the day, there's ProtonMail!

[prophesi]

Very true! I personally use both ProtonMail and Tutanota, and give my thanks to Proton for opening their OpenPGP library. I don't think the source to their servers is open, but that's not necessary since:

1) you can't verify they're actually running that code anyway

2) it's end-to-end encrypted so as long as the client-side code is indeed doing its part, your message could be sent to everyone on the planet without any fear of anyone figuring out its plaintext.