
Google has most of my email because it has all of yours (2014) - liotier
https://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-has-all-of-yours
======
leeleelee
The takeaway?

Don't use standard e-mail (gmail or otherwise) for anything that needs
guaranteed privacy. Once you send an e-mail, it is not within your control
what happens to it or who sees it.

That's why, for example, in healthcare -- messages are commonly wrapped in
secure message "containers". The e-mail simply has a link that takes you to a
third party where the actual message is stored, encrypted, has an expiration
date, and you must authenticate to view it.

Convenient? No. But privacy always comes at a cost of some sort.

~~~
x5n1
See
[https://en.wikipedia.org/wiki/Internet_Mail_2000](https://en.wikipedia.org/wiki/Internet_Mail_2000)

------
Animats
My incoming mail goes through SpamAssassin at the IMAP server, which does a
decent job. All my mail addresses are public on web sites, so there's a lot of
junk filtered out.

My phone also uses the IMAP server, so I don't need any Google services. It's
an Android phone, but it's never been logged into Google, wasn't bought from a
carrier, and many of the built-in Google apps have been removed. (Hint: when
you start up a new Android phone, and it wants you to log into Google, click
"Later". Then remove the "Google One Time Startup" app to shut up that
message.)

This isn't a security thing; it's to block ads.

~~~
cbpy
Or you can also install Cyanogenmod without installing the Google-apps
package.

~~~
ionised
This is what I do.

------
ISL
Previous discussion:
[https://news.ycombinator.com/item?id=7731022](https://news.ycombinator.com/item?id=7731022)

(thanks for the new clickable site-history link; it makes resurfacing the
duplicate posts _much_ easier)

Also: (2014)

~~~
dang
You're welcome! That's one of the reasons we added it. (The other is that it's
fun to explore HN's history.)

Since it has been over a year since that thread, though, we won't bury the
repost as a dupe.

------
amelius
It is unfortunate that encryption systems for email never really found
widespread use.

~~~
api
It's all about ease of use. https is probably the _only_ user-friendly / good
UX crypto solution in common/widespread use (unless you count transparent
drive encryption), and it achieves this in part by being centrally controlled
via registrars to eliminate the need for the user to understand PKI. This in
turn makes it kind of a joke from a crypto-snob POV, though it's good enough
for most routine stuff.

Even MacGPG plugins for Mac Mail.app are really hard to install, manage, and
use, and require a level of expertise and knowledge of how PGP/GPG works that
makes them off limits for non-technical users.

~~~
omouse
I'm trying out TutaNota (not the easiest to remember name :/) and they do
encrypted email: [http://www.tomshardware.com/news/tutanota-end-to-end-
encrypt...](http://www.tomshardware.com/news/tutanota-end-to-end-encrypted-
email-rise,30077.html)

Recipents basically receive a password from you in another channel (email, IM,
phone convo, face to face) and can use it to decrypt the email from TutaNota
when they receive it. I tried it out myself and the only clunky thing is that
they load up their whole web app just to read one message, but it's kind of a
clever piece of marketing because the web app works pretty well so the
recipient who doesn't use encryption gets exposed to an interface that's just
as easy to use as what they're used to.

For everyone using TutaNota, the decryption is transparent which definitely is
encouraging.

I've seen some people sending around credit card info or social security info
and forcing the intended recipient to use a password when receiving that info
is a small price to pay for piece of mind. It's almost criminal to send
signatures on documents and social security/credit card info in plain-text!

~~~
Ricker
Didn't know about them before, looks interesting. I've managed to find their
site - [https://tutanota.com](https://tutanota.com) \- even though I was
searching for Tutanova (should have just used copy & paste. The name is indeed
not easy to remember...

A few questions remain:

* How do they 'encrypt emails to anybody'?

* Where do they encrypt - locally or on the server?

------
pdkl95
Aka, the "second-hand smoke" effect of gmail (or any similar service). Even if
_you_ are fine with giving your data Goggle (or Facebook, etc), it's a problem
if your forcing that decision on others.

The solution is probably using email in a manner closer to how it was
originally designed: many local MTAs instead of a handful of centralized MTAs.

Here's a product idea, which could make someone a lot if they can find a way
to implement it: a home server that is a minimal, secure, _locally contained_
, _turn-key_ home email MTA (with some localhost-only IMAP/webmail interface).
You sell the server (and maybe a 1-time service to help people set it up).

This server would have to include a "choose your vendor, enter your credit
card, click subscribe" super-easy interface to let people subscribe to vendors
(multiple, if desired) that provide lower-MX-priority backup MTA services.
(perhaps with an optional "hidden MTA" option, where your home server and
lowest MX is only visible to the service, so the home router only connects to
know hosts, IFF that is something that the customer wants.

People already understand local-only delivery because it emulates snail-mail.
If you can let people receive messages and data unattended and asynchronous,
so they can run the server when they want and receive their data directly
(nobody else involved except for the backup services _of their choice_ , then
you have a product that will sell. It doesn't even need to have to have great
uptime (that's what multiple MX records are for) or performance.

~~~
toothbrush
I love the second-hand smoke analogy. I will use it when having The Talk with
my friends :).

~~~
pdkl95
It's Aral Balkan's analogy, from his talk[1] that I _strongly_ recommend
showing during That Talk. His presentation is amazingly approachable for a
broad audience. Even my not-interested-in-tech _mother_ has started to
understand these issues specifically because of Mr. Balkan's explanation.

[1]
[https://projectbullrun.org/surveillance/2015/video-2015.html...](https://projectbullrun.org/surveillance/2015/video-2015.html#balkan)

------
dredmorbius
re:publica 2015 - Aral Balkan: Beyond The Camera Panopticon has an excellent
further discussion of this problem beyond just Gmail:

[https://www.youtube.com/watch?v=jh8supIUj6c](https://www.youtube.com/watch?v=jh8supIUj6c)

------
systemz
Configuring and maintaining email servers is a mess. Most of the people are
just outsouring it. There is a lack of simple to use free tools to provide
self hosted email.

~~~
Tepix
Have you tried sovereign (
[https://github.com/sovereign/sovereign](https://github.com/sovereign/sovereign)
)? For someone who knows a bit about Linux, it's a snap to install and get
running.

