

My Email Privacy is Worth more than $36 per year - gherlein
http://blog.herlein.com/2011/02/my-email-privacy-is-worth-more-than-36-per-year/

======
mukyu
[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://blog.herlein.com/2011/02/my-
email-privacy-is-worth-more-than-36-per-year/&hl=en&strip=1)

My Email Privacy is Worth more than $36 per year

By gherlein, on February 6th, 2011 - No comments I’ve been using Google Apps
Mail to host my mail for herlein.com for years. In fact, I was a very early
adopter. I’d say I was in the beta, but hey, so was everyone! Seriously
though, I was pretty early. It seemed like the thing to do. I had been hosting
my own mail forever and had a server die (the real death) and was tired of
fighting spam. It was a free, seemingly reliable alternative.

Over the last few years I’ve become increasingly frustrated. As a free
solution I had no support, so when my wife’s emails were going missing I had
no help in chasing it down. I never did solve it. I had mails forwarded to me
that were indeed sent, but alas, they never showed in her inbox. That’s
probably when I found that there were two inboxes – the real one accessible
from POP/IMAP and the web interface. Last year I seriously played with using a
local client (on Linux) for at least my mail. It was a baby step to the real
leap I wanted to make, which was to get off GMail altogether. But none of the
Linux clients were really to my liking; they all had some warts that were just
too ugly for me to cutover. This last week my wife started having problems
accessing a web site that happens to be hosted on Google sites. It was a
really strange permissions problem, apparently because logging on to get
herlein.com email set a certain user permission in the new Google App
infrastructure. I spent 15 minutes chasing that before realizing that I really
want no part of it.

I’ve been able to ignore the privacy implications of using Google for a long
time. However, lately I’ve had a growing sense of unease. After all, NOTHING
IS FREE. I was getting email services but was paying in units of privacy… and
we don’t yet know the conversion rates for that currency! As I scraped through
the new Google App infrastructure I realized that Google’s email is really
complicated – it’s not just a simple email interface anymore. They are bolting
on a ton of things underneath that we don’t know much about. Hell, they may
not know much about them either, to be fair. Does the right hand know what the
left is doing over there? Even if they do, am I comfortable with that much
more of my data and traffic crossing that system?

You see, Google is an advertising company cloaked as a technology company. I
work in advertising and I joke that part of my job is trying to make Minority
Report style ads really viable. But Google is DOING THAT NOW, just without the
silly retina flashes, and not in ways we can even imagine now. Over the last
few years they ‘index’ all my email, measure my click throughs, and with the
Google Apps infrastructure can see a lot deeper into my traffic and inner
workings (assuming I host docs there, etc). To what gain? Ads. Better and more
specific relevant targeted ads. Good for them, they are building a business. I
won’t address any moral issues around all this. For now, it’s legal, they got
there first and so far they are executing on it. Nice. And supposedly they
provide an opt out. But their system is so darn complicated under the hood,
will it really work?

Except that I don’t have to play. Or at least, I can choose to not accept
services in exchange for aspects of my privacy that I cannot measure (yet). I
can move my email to another provider, for starts.

So I did. I turned on a Rackspace email account and pointed my MX records
there. Unfortunately I didn’t realize that GoDaddy DNS sets the timeouts to 1
week by default for MX records, so I’m keeping Google set at a lower priority
and keeping it active for a week, just to be sure I don’t drop an email (as a
side note, I’ll be moving my DNS off GoDaddy soon too – I simply hate their
GUI). I don’t really care for the RackSpace web interface for mail, but it’s
functional. That’s my backup really anyway, since I do most of my mail on my
mobile, or from my desktop. And now that I have cut over to all Mac’s at home
I just use the Apple Mail program. It has warts too, but it’s functional, and
I love how well spotlight finds stuff on my hard drive. I don’t need Google to
search mail! Really! That technology is so commonplace now. That value add is
commodity! Rackspace has a special deal for SliceHost customers (I host this
blog on SliceHost) so my email will cost me $36 per year. I suspect that my
privacy is worth a lot more than $36 per year!

My only remaining question is: why didn’t I do this sooner?

~~~
TheAmazingIdiot
Knowing I am replying to the article that is no longer available...

I'm an unemployed IT guy, who is currently getting unemployment. I couldnt
afford the services I use unless Google offers them free. I do have a
blackberry, for the very reason I bought it before the layoffs and I can still
afford it (need it for interviews and emailing resumes).

I use Gmail. Because of BB integration, my email contacts are updated near
real time with GMail. I also have 2 copies of my emails: phone and Gmail. And
well, 7GB storage also helps.

I also use Google Calendar. It blends seamlessly with my BB calendar. I can
make notations and such and know my data can be accessed by those I allow on
the Google App. None of this loosey goosey crap we see from Facebook. And when
Google Engineers do violate security and privacy, the company comes out and
actually says "Terminated for Violating Privacy and Security". That takes
balls.

I also have a Google Voice phone number. I have switched carriers 2 times. A
while back, a number port that didnt was no longer a problem. All my client
calls go through Google Voice as does all other business calls. Because of the
BB app, I can call from the GV number directly, or use my cell phone's number.
Voicemails are transcribed and sent via text, and they are all saved on GV.

If I was to calculate how much these services actually cost, I'm probably
looking at 40-60$ month for all of them with the appropriate integration. But
they're no cost to me. I know they COST for the service, and that is the
knowledge that they datamine who I am and all content thereof.

A complete aside: A few weeks ago, I did a mall survey for Coca-Cola sampling
2 tyes of Coke I assume will be out on the market soon. I did about 8 pages of
stuff, including demographic and all that. 5 pages were critique questions on
the product I tried. For about 2 hours of work, and 2 cases of Coca Cola, I
was PAID $120.

In both cases I knew what was asked of me in terms of time and/or data. And I
was compensated well for both.

------
Encosia
I used to self-host my domain's email, moved to Google Apps a couple years
ago, and can't imagine going back.

The onslaught of open relay probing and inbound spam was unbelievable. At some
points, I honestly thought I was under a targeted DDoS attack because there
were so insanely many inbound connections for hours at a time. Even though I
was always able to get it under control, new email-related fires were
constantly popping up. Worse, handling all that traffic put considerable load
on my server; capacity which would have been better allocated toward serving
web traffic.

In the aftermath, I've also noticed that email I send through Google's SMTP
server is less often flagged as spam on the receiving end, whereas I had
trouble with mail sent through my self-hosted SMTP (and my own ISP's SMTP)
ending up in the junk/spam folders at a lot of destinations. That was one of
the more insidious drawbacks because it took me a while to fully realize.

At the scale where Google Apps is free (i.e. few enough users that you don't
likely have a full-time sysadmin), it's difficult to understand not taking
advantage of it. I value my time too much to waste it on unnecessary server
administration.

~~~
trotsky
I agree that self hosted email is in many/most cases a recipe for headaches.
But the article wasn't suggesting that you should self host - he was merely
saying that in the choice between a free service provider that reads and
analyzes all your email - and a pay service provider that doesn't snoop - he
figures he'd rather pay a couple of bucks a month.

~~~
Encosia
Good point; I missed that he was talking specifically about their managed
email service vs. their hosting accounts.

In terms of confidentiality, the Google Apps for Business terms and conditions
are more reasonable than the free version. So, if he's open to paying a couple
bucks, it seems like he could have just upgraded and saved the hassle of
switching.

Looking at the Rackspace offering, I realized that one big item (for me, at
least) missing from the comparison is push support for mobile devices. Unless
I'm misunderstanding, the Rackspace hosting requires that you purchase the 5x
more expensive Exchange hosting in order to get push email support.

------
w1ntermute
> Last year I seriously played with using a local client (on Linux) for at
> least my mail. It was a baby step to the real leap I wanted to make, which
> was to get off GMail altogether. But none of the Linux clients were really
> to my liking; they all had some warts that were just too ugly for me to
> cutover.

Can anyone recommend any good Linux email clients? I've used Thunderbird,
KMail, & Mutt, but none of them has really been to my liking. Thunderbird's
got the sluggishness that comes with XUL, and KMail & Mutt don't fully support
HTML (yes, I know it's an abomination, but other's use it, so I've gotten over
it). So I've continued to use the Gmail web UI, even though I'd really prefer
to use a desktop client.

~~~
dhimes
I threw in the towel and went with Evolution on my main rig. I works ok-
occasional hiccups, but with calendar integration becoming more important to
me I went with it. The Cal syncs to google and my own caldav. T-bird had to
come off of the special builds for a 64-bit box, and getting Cal to work was a
pain.

Since I keep the email on a separate workspace (and Evolution doesn't have
taskbar notification by default-which is a win for me) I only check it
periodically throughout the day. The major pain-point is that it will "forget"
the logins of my accounts if I leave it open all day. With my workflow I can
just close it if I get annoyed.

Thunderbird handles filters better, in my view. Unless I'm missing something,
with Evolution I have to add every single person into a "rule" to sort
incoming mails into folders. With Tbird I can say "If member of this list-> go
here." Very nice and useful to me as I manage a community service organization
with over 100 members. I can send everyone on my mailing list into a special
folder for that group without having to enter "by hand."

I have a 32 bit netbook that I use Tbird with, however.

~~~
w1ntermute
I use Google Calendar as well, so Evolution sounds like a nice option. It
looks like it's really integrated into GNOME though - does it depend on a lot
of GNOME libs?

How is the support for Gmail's "nonstandard" features, like labels and
Priority Inbox? I guess what I really want is a desktop mail client that fully
supports Gmail's features.

Edit: while reading about Evolution on the ArchWiki, I saw this:

"Unfortunately, Evolution currently (version 2.26) suffers from a serious IMAP
issue, as reported in [2]. It appears this issue has existed for at least the
past 3 years prior to this version, and it shows no signs of being dealt with
soon."

The alternative IMAP setup they describe involves syncing the mail locally,
using up several GB of space, which is scarce on my laptop's SSD. The bug
report linked to from the wiki shows that it still hasn't been fixed.

~~~
dhimes
I don't use gmail- so I can't help you there. My accounts are pop-accounts. I
do believe it's heavily based on the gnome libs.

~~~
dhimes
Update: Calendar seems broken- wouldn't you know, the day after our
discussion. It actually does push to google calendar, it just says it isn't.
Hmmph.

------
mst
Your site appears to have flatlined under the load.

Title: Database Error Body: Error establishing a database connection

------
octopus
I use Gmail for all my mail and in general it works great. If you use
Thunderbird or other mail client you can always have a copy of all your emails
on your computer.

A more interesting approach will be to use a USB drive for storing your
emails, you can simply plug the stick in your Windows, Mac or Linux computer
and use your email. This is completely OS agnostic because Thunderbird uses
text files for configuration.

------
motters
If you really want email privacy:

Plug computer + web server + email server + https + a webmail gui

Once set up costs close to $0/year. For anything which needs to be uber-
private you can use pgp, as usual, with next to no chance of Google or anyone
else scanning your plain text.

~~~
techsupporter
Unfortunately, the vast majority of ISPs in the States and Canada block
inbound port 25 from anywhere, as well as outbound port 25 to anything other
than the ISP-provided mail servers (to say nothing of spam blacklists having
ISP-numbered pools listed). That means that the majority of users are going to
have to go with a hosted solution or roll their own using a server (or VPS)
that's in a datacenter somewhere.

------
TheAmazingIdiot
And email "privacy" is cheap, if you know how to do it.

There recently was an article about setting up Firesheep provention on AWS
[http://www.stratumsecurity.com/blog/2010/12/03/shearing-
fire...](http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-
with-the-cloud/)

That, of course, has the user set up a remote OpenVPN, with a free tier Amazon
AWS. Average costs for bandwidth are around $0.50 per month. A domain name is
what, around 9$ or so per year. I can get an ipv6 address/AAAA record and a
/48 from he.net for free. And with appropriate know-how, I can set up qmail
(and it's apt-able).

And that's as private as AWS is, which I think as long as you arent doing
anything to garner attention (think piracy) you'll be fine, all on $1.25/month
for a VPN and Email server

~~~
drivebyacct2
It's just a bit of a misnomer since the costs increase greatly after a year
due to the costs of an EC2 instance seeing as it's not really a "free tier" as
that article implies.

~~~
TheAmazingIdiot
Not really. It's well stated that the costs are ignored, with exception of
bandwidth, for a year. After that, "normal" costs are applied.

That's a simple answer, and what I did with Amazon: I went to Wal-Mart and
bought a $15 Visa. When the money runs out, no more service. It keeps
recurring costs such as these down to a sane level with no chance of going
'nuclear' like some of those AT&T bills did with overseas data.

~~~
drivebyacct2
Neither your comment or the article you linked to mentions that the $1.25/mo
VPN+Email is only true for 12 months max.

edit/ I guess your comment can be read to be only discussing the costs of
"privacy", but I guess that implies that the only privacy concern with non-
self-hosted web mail is data when it's being transmitted. I'm less worried
about you stealing my email over wifi and far more concerned about the FBI
reading my mail off of Google's servers. In that sense EC2 costs more than
$1.25/mo.

\--- edit: your reply below.

I don't know why you keep replying and trying to argue with me. Your comment
implied that email privacy was cheap because it only cost $1.25. That's not
accurate and that's all I was trying to point out. I'm aware of the
changeability of DNS records, still not sure what that has to do with me
merely pointing out that email privacy isn't 1.25.

~~~
nickzoic
AWS EC2 nodes are fairly cheap, and I like them for a lot of things, but
there's also a whole range of virtual host providers like
<http://www.asmallorange.com/hosting/shared/> who provide Linux-based shared
hosting with a GUI to set up email, web etc. services.

That'll avoid Google reading your email. On the other hand, if you're worried
about the FBI reading your email, you probably need to either run your own
mailserver or run PGP. Preferably both. There's an OpenPGP plugin (Enigmail)
available for Thunderbird, works well enough.

(usual disclaimer: just a satisfied customer, etc)

