|
> With email, you're right that POP/IMAP on a dedicated box is preferable from a security standpoint. This depends on your threat model, and I'd argue that this statement is untrue for the vast majority of people, even people who have the technical know-how required to run their own email server. Running an email server, keeping it up to date with the latest security patches, managing SSL certificates, blocking spam, blocking malware, and blocking phishing attempts are all things that Google is better at than you. Part of the reason for this is their access to incredible volumes of data, which lets them analyze trends and emerging threats across an relatively large subset of the email-using population. The average user's threat model is much more along the lines of phishing, malware, or spam-related fraud. Google is incredibly good at protecting people from these threats (as is obvious when I compare the volume of spam, which often contains malware or phishing links, that I receive on my Gmail account against my other, non-Gmail accounts). Of course, if your threat model is that you require protection from law enforcement or government surveillance, then Google may be a poor choice as they are legally obligated to turn over information about you that is requested by such entities. If that is your adversary, however, than you should have a lot more work to do to protect yourself than just quitting Gmail and setting up your own mail server. |