So, why would I trust you with 5 years of all my sent and received emails? Should I take your word for it that you'll just save the email addresses and the sent/received timestamp for each?
@blueplastic - we do regular security audits and will soon engage with a firm to provide that guarantee as well. In the interim, what would you like to see to alleviate that?
I do appreciate the reply. The only way I'd feel safe is if you never got or saw my emails. Instead of me sending 5 years of my emails to you, I'd rather you send me 2,000 lines of code to analyze my email locally and locally tell me who I need to follow up with. If your analyzation code came to me, I wouldn't even mind if it did NLP and deeply datamined the emails to tell me who I may have missed following up with.
Ideally, I'd like to see unsecure e-mail replaced by crypto communication systems based on OTR and people locally storing their emails on Raspberry Pis, but that's dangerous stuff and I probably shouldn't have even said that.
Thing is, I'm sure you're nice guys and gals right now, but when you're billionaires and have 500 million people's digital data, evil you will turn.
By the way, good presentation at SVNewTech last night.
I have to think about the security of my business. The way to get me to stop running my own SMTP and IMAP is to provide a service which is:
- auditable (our stored messages by us; the whole system by a third party)
- reliable (99.9% uptime, that's not so awful)
- resilient (if you lose a server or a data center, I shouldn't have to worry about it. Ideally I don't notice anything except perhaps a slowdown)
- guaranteed (with a hefty bond against security issues and another one against prolonged downtime, not a pro-rated refund)
Those are the gotta-haves. If you provide a secure clearinghouse to talk to our clients and vendors, that would be a major selling point. It has the chicken-and-egg problem, of course, but also the network value effect.