

Ask HN: I'm done with Gmail (a.k.a. NSA-Mail). What's the best alternative? - flavmartins

With the NSA infiltrating Google and Yahoo. I&#x27;m ready to drop Gmail. What&#x27;s the best alternative?
======
a3n
If by best you mean stopping the NSA from getting your communication, the best
alternative is paper letters in an envelope or face to face speech away from
any devices like your phone or laptop that can be hacked.

Any and all email providers can be subverted (and probably are). You could run
your own email, but most email and all metadata is cleartext in transit. You
could use encrypted email, but except for the one or two of your friends who
would put up with encryption, all your comms are going out clear on the open
internet.

You can secure specific communication between specific pairs, but as a
practical matter you cannot secure email today because almost no one you know
will cooperate with you. If you were to reverse engineer email and the
internet you would have to conclude that it was designed for surveillance.

If it really matters, don't use the internet or the phone.

P.S. I use fastmail.

~~~
wesleyac
Ah, but paper letters are delivered by the USPS, and thus not secure against
NSA spying ether.

~~~
davyjones
* Prepare 100 (or whatever) onetime pads using truly random events.

* Prepare a metadata sheet indicating the serial number of each of those one time pads.

* Hand both over in a face to face meeting (you keep a copy of metadata and one time pads).

* Indicate the serial number of the onetime pad used in your letter and encode the rest of your letter using that onetime pad and post the letter.

* Destroy your one time pad and your corresponding party also destroys his/her copy in an irretrievable fashion.

This all assuming nobody else gets to see the onetime pad except you both.

~~~
wesleyac
Yes, but that requires meeting in person. If you want to go that far, just use
PGP + OCR + Air Gap.

Much simpler.

------
charlesism
It's pointless to jump to another webmail provider. You will still be at
someone else's mercy.

A VPS is better, but only slightly better, for the same reason.

If you really care about privacy, buy a low-end server and install Roundcube
(or Mailpile when it's ready for production).

~~~
flavmartins
mailpile looks NICE! I'll have to keep checking on it.

------
eliot_sykes
In the future, perhaps the Dark Mail Alliance mentioned earlier on HN:
[https://news.ycombinator.com/item?id=6642106](https://news.ycombinator.com/item?id=6642106)

------
Maximal
If you want a non-US service: runbox.com

------
wesleyac
lavabit before it went down. As of now, PGP.

Privacy is dead, long live security!

~~~
SilliMon
PGP is the best option, but makes it harder for the recipient. Perhaps added
security = added hassle, and there's no way around that.

Here's how to protect GDrive files:
[https://news.ycombinator.com/item?id=6644888](https://news.ycombinator.com/item?id=6644888)

