> the USA just did a bad job hiding the fact that you had none.
Er, no - the USA are the main ones wholesale intercepting everyone's shit - I'm not a US citizen and I don't like it in principle. I did have a pretty good expectation of privacy until they started doing that, because no-one else has the resources to do a similar whole-take surveillance effort.
Anyway, I signed up for Fastmail because I thought it was foreign to the USA (though later found out the servers are hosted in NYC - doh).
But seriously, I'd love to see an end to the "oh well" attitude. The stance I do take is "you're spying on and profiling me? Fuck you I'm leaving". And that helps me sleep at night, for better or worse.
It's not an "oh well" attitude. In fact, I'm advocating that if you actually want your data private and secure, you shouldn't be hosting on someone else's computer at all! You shouldn't be practicing security through good-will (good will assurances by a party that they aren't snooping).
I send most of emails through gmail because I don't care if the NSA reads them. For my cross-border drug deals, I use carrier pigeons with encrypted handwritten messages.
Indeed. However, I've used Royal Mail (postal service in UK) all my life without thinking that I needed to worry about what I said - I always found that very liberating, looking back. Even postcards I assumed wouldn't be read by anyone, and certainly not photographed and archived permanently against my name. Given that IP traffic is replacing the postal service, to not have this assumption any longer is painful on several levels.
> You shouldn't be practicing security through good-will
Fair enough. That said, the need to defend myself against a well equipped foreign government is just not a job I'm up to on my own. I'd prefer it if the government demonstrated goodwill, which would seem to be their job.
> However, I've used Royal Mail (postal service in UK) all my life without thinking that I needed to worry about what I said
This is true for the United States Postal Service as well. I've always thought it'd be interesting to look at what historically brought about the strong privacy expectations to postal mail when it's technically so easy to intercept.
The whole situation arose because the government wasn't supposed to invade privacy, but it did anyways. So if policy is changed we'd just be back where we were before.
Tell me what "other major world covert agency" has these:
- Gigantic data centres like the one in Utah
- Practically all Internet data flowing through their territories
- The large majority of all cloud storage user's data, and largest social network, in the world, with the added unchecked ability for this major covert agency to request query all this data
- Strong influence in the world's crypto-standards
- Control over the world's two largest closed-source Operating Systems and the proven ability to place backdoors therein (the latter only for Windows, dunno if they got iOS too, but why wouldn't they)
There's quite a few more areas in which the US definitely has an exclusive and unique ability to track and intercept the entire world's Internet data that other "major world covert agencies" most definitely do not possess.
Now put some names to it, the others are? China and Russia? I think it was pretty bloody obvious that nobody was suggesting to all start using cloud storage in those territories instead. But even then, it IS strictly better to have your data surveilled in part by China, Russia and the US, than to have all of it surveilled by a single entity, the US. Because you know it won't be shared between them, and that is a tiny bit of privacy gained. So that's already where your silly defence of your beloved Orwellian government falls apart.
Of course, there's other places still.
Take the Netherlands, definitely another bad choice, but at least none of these "major covert agencies" have a direct line into our data. Our own secret service (AIVD) can be rather cosy with the NSA, and they definitely perform surveillance on a level of intrusiveness that equals and exceeds that of the NSA, but not on a level of SCALE and that is, when it comes to data and privacy, what can make all the difference. When the NSA comes knocking on the door of a Dutch Internet hosting provider (this happened), they will refuse or tell them to contact the police or something. We have no "gag orders", "secret laws", "plea bargaining" or similar Kafkaesque nightmare fuel like the US, so if the police forces a company to hand over data to the US without an extremely good reason, heads will roll. Like everywhere, there is a lack of accountability in NL, but this much I trust. You guys wouldn't need gag orders if no one would give a shit, after all.
So, a tiny but heavily surveilled country like NL is already two steps better for hosting data than the US. And then there's even better places. I don't know, I've heard people mention Switzerland? What about some places in East Europe with not too much oversight? Either way, just fragmenting all that data instead of keeping all of it right in the hole of the beast, is going to make it a lot harder to develop a terribly powerful singular system such as XKeyScore.
Then, there's of course the tiny little slight caused by the fact that hardly anyone in the US gave a damn about the whole world's Internet data being intercepted and analyzed by the NSA, but only started to complain when it turned out that included them, too. Not just that, but even right here on HN some people have the audacity to argue that it's fine (expected, even) to do this to the world, as long as there are legal checks and rules before the same is applied to US citizens. Doesn't sit very well with me, that. Is already a great reason to grab my data and take it some place else, and tell all my friends in the world to do the same.
So just stop, stop making excuses for the US or the NSA, and start acting like a citizen of the world.
This is the Internet, this is the 21st century, just grow up beyond "but they're doing it toooooo!", and who are you?
This sounds more like ability rather than choice. It seems odd to demonize the U.S. because practically all Internet data flows through their territories.
> So just stop, stop making excuses for the US or the NSA
I'm not making excuses, and of course it's a Bad Thing. But don't pretend that avoiding one actor is really a solution, any more than rebooting your computer is going to solve deeper issues.
> * Do you really believe these efforts are not being taken by every major world covert agency?*
No. Targeted surveillance is the job of every major world covert agency. Mass-surveillance of one's own population is an ambition of totalitarian societies and governments only. It's not necessary for secret services of the world to do their job or to do it well.
If I remember correctly, fastmail representatives have (here on HN) promised that they were planning a move from US-based datacenters to European datacenters, if not completely, offering it as an option for people who wanted it.
I'd love to get this confirmed, and some news on when I can expect to have my account hosted in Europe.
I suppose an argument might be made in favour of Germany -- but I'd be surprised if they don't have a similar infrastructure in place for wire-tapping as we know know is in place in the US. UK and France is out. Russia is an open spyocracy of sorts. Iceland?
I'm currently looking into setting up a VPS in Iceland or Germany and running my own mail server from it, moving away from Fastmail. It saddens me as I both dislike managing my own mail server and really like Fastmail, but having my email routed through the US is no longer feasible.
So far I've looked into 1984hosting.com and orangewebsite.com, both pricey compared to what I'm used to but I guess that is the price of better privacy. There is a cheaper one called icelandvps.com but they are owned by a UK parent company so I am little unclear about what that means for Iceland law, privacy etc. It may be cheaper to go to a German host, I am not yet decided.
Austrian company but they offer hosting in Iceland.
I once tried Malaysia. Bad idead, lot's of spam from Malaysia. Lost 50% of my Email due to blacklisting...
Since the .fm tld is for the Federated States of Micronesia, I was sort of hoping for hosting on some tropical island in the South Pacific, but even then the Fastmail operators would more than likely acquiesce to any US spying "requests."
Unfortunately, there are increasingly few nations which will refuse US et al spying "requests."
I think they could really get an edge over other email providers if they went all out as a pro-privacy/non-US email alternative. They would need to exit the US though to take such a claim seriously, which is unlikely.
Brazil? haha. Iceland or Germany for sure. Finland, Eastern Europe, maybe?
Simply out of USA/UK jurisdiction would be good, as they're now demonstrably the worst in the West (at least it would certainly seem so based on recent news trends). So, anywhere else.
Portugal just opened the largest EU datacenter. Connectivity infrastructure is really good in the country (heh, international debt had to go somewhere...). The government couldn't care less about snooping, although they are US-friendly to a fault. However, court approval is required for snooping and courts are slow moving and processes are open: Service providers may inform the customer about the snooping order and may withhold data if the customer challenges the court order.
I agree wholeheartedly. I'm a paid customer, I'm loving the service (support too), and this is the only thing keeping me from telling people how great FastMail is.