
FastMail is not required to implement the Australian metadata retention laws - joneil
http://blog.fastmail.com/2015/04/09/fastmail-is-not-required-to-implement-the-australian-metadata-retention-laws/
======
joneil
The post is from April, I'm reposting this because it's even more relevant
now, with Australia's data retention due to take effect next week.

As a founder of an Australian startup that facilitates communication it's
interesting to hear that using international hosting seems to bypass the
requirements. IANAL etc. As the post mentions this is a pretty good way to
discourage investment in local tech infrastructure.

Previous discussion :
[https://news.ycombinator.com/item?id=9345935](https://news.ycombinator.com/item?id=9345935)

~~~
brongondwana
It's nice to see this blog post getting more traffic. Unlike our average blog
post which we make up out of our own heads, this one had a bunch of legal
research behind it by actual lawyers.

And yes, totally agree. It made us put our plans of an Australian datacentre
on the shelf for the foreseeable future.

Data in Australia is already crazy expensive
([https://blog.cloudflare.com/the-relative-cost-of-
bandwidth-a...](https://blog.cloudflare.com/the-relative-cost-of-bandwidth-
around-the-world/)) and we're working at the latency problem from the other
direction ([http://jmap.io](http://jmap.io)) as well, so we're focusing more
on making the location of the datacentres not matter so much. We're currently
in Amsterdam, Los Angeles and New York.

~~~
voltagex_
Thanks for all your work. I've recently set up FastMail, but damn, kicking the
GMail dependency is hard.

~~~
bad_user
I also switched from Google Apps / Gmail to FastMail and I can't go back even
if I wanted to.

Biggest difference between Gmail and FastMail in how they handle email is tags
vs classic IMAP folders. This can be a turn off for people, but for my
personal email I discovered that I want folders. This is because my personal
email also has the role of backing up my work email. I've lost work email in
the past when switching jobs and I don't want that to happen again. And with
FastMail I can simply download my work email in its own folder, so it doesn't
have to pollute my personal email. FastMail is also very flexible in its
settings. Setting up filters is easy in Gmail but limited compared with what
you can do with those Sieve scripts in FastMail. Speaking of the interface, I
now like FastMail's interface more, as it makes it easier to switch between
folders, or back and forth between email, calendar, contacts or notes.

SPAM filtering in Gmail is said to be extremely good, however a certain class
of spam has been reaching my Gmail Inbox for the past 2 years with me being
unable to stop it - I made the mistake of giving away an email address on my
blog and now I get emails related to SEO marketing and bullshit. In Gmail I
cannot setup a filter that automatically marks an email as spam if it contains
the word SEO. But in FastMail I can do just that.

FastMail does CalDAV for the calendar and CardDAV for their contacts. I can
sync my Android phone and it works out great. IMAP is also very responsive and
standards compliant. And personally I feel good about rewarding a smaller
player that plays nice with others because monoculture are bad ;-)

Another thing I did after that was to create 2 Google accounts. I'm using one
Google account for Google Play purchases and nothing else. This is because
Google Play purchases are not transferable. So for example I have an old phone
lying around that I gave to my son for playing. Restricted accounts only work
on tablets, don't know why, so my son ended up having access to my email,
which is not cool. Plus I'm all for paying for apps, but I should be able to
share my purchases with my wife. Like if I buy a GPS device, we can both use
it, but if I buy a maps app my wife can't borrow it without borrowing my
account, along with my email. And I don't like this kind of lock-in.

There are some downsides. I could not find a good email client that can do
IMAP Idle. FastMail's app works on Android but I don't like the UI. On the
bright side that app is simply exposing their web interface, so FastMail works
very well in a mobile browser, something that Gmail doesn't do and it matters
when borrowing other people's devices.

All in all it's been a great transition for me and best of all is that I can
now try out other Google services and products without feeling remorse or fear
of lock-in ;-)

~~~
x0x0
Hmm, I've found fastmail to be generally buggy. The latest incident is their
calendar doesn't interoperate with outlook; fastmail was off by an hour from
an exchange invite. (And while the exchange invite did look correct to me, if
the bug is exchange's the problem is fastmail's given the relative market
shares.)

CalDav is also shoddily implemented; for example, on android using fastmail's
recommended 3rd party caldav sync, creating a meeting on your phone (calendar
client using caldav to sync to fastmail calendar) will not send meeting
invites. Surprise!

FastMail's message compose is also unusable on mobile firefox if there is
quoted text in the compose area.

I use it because I'm removing google products from my life; you should just
watch for the above bugs.

~~~
bad_user
Off by 1 hour seems to me like a timezone issue. I interact with people from
an organization that uses Exchange heavily and I haven't had problems on
invites I received or have sent. Note that Outlook 2000 and Outlook XP/2002
have problems and email clients like Thunderbird can treat that. You should
contact FastMail's support though.

You are right that FastMail doesn't send out invitations when using third-
party clients. FastMail is mentioning it on their page [1] promising they'll
implement it, however I think this should not be the job of FastMail, but that
of the client. For example this works fine in Thunderbird because Thunderbird
sends those invites by itself, all you need to do is to specify which email
address is linked to which calendar. Thunderbird sends invitations by itself
for regular CalDAV accounts, but with a Google Calendar it doesn't do that
because it is Google's Calendar that it is special. In this case it is the
CalDAV-Sync integration that should send the invite.

Mobile Firefox is new and it doesn't surprise me that FastMail's compose
doesn't work in it, because it has weird behavior when I interact with text
boxes. I also use Firefox on my Android, but not for mobile web apps. It's
currently too unpolished for that. But I'm sure that some bug reports will
help.

One thing I'm happy about with FastMail is that things improve. For example
they weren't supporting CardDAV for family accounts before August. Now they do
and I'm pleased with it, though I wouldn't mind some extra functionality.

But that's the thing we are missing in the consumer / producer relationship,
the direct relationship between the parties involved, the feedback. With
Google there's nobody I can talk to, because they are too big to listen to
individuals like myself. Usage of Google, Apple or Microsoft products leads to
much like what happens in agriculture ... the rise of monocultures, the end of
diversity and ultimately we end up with disastrous consequences for our own
health.

[1]
[https://www.fastmail.com/help/clients/applist.html](https://www.fastmail.com/help/clients/applist.html)

~~~
brongondwana
We're working on (by which I mean I am working on) the invitation support for
clients. The standard allows either, and we didn't turn it on because it was
buggy, then months of other things dragged us away.

It's really looking pretty nice now - the tricky part is safely processing
incoming invitations, which I'm trying out a couple of different architectures
to see what is most robust.

------
brongondwana
This is old news (April this year) but it got picked up again because one of
our politicians posted it as a guide to how the law is about to affect
companies that have servers in Australia, vs those (like us) without
infrastructure on-shore. It's a strange law!

~~~
alfiedotwtf
When an Australian Senator is linking to a VPN how-to in order to circumvent
the law, and ISPs are still in the dark as to what data actually needs to be
retained, it's a useless law.

~~~
michaelt
It may well be a useless law. But unless the senator is from the party that
supported the law, politicians making the other party's laws look stupid might
just be politics as usual :(

~~~
NamTaf
He most certianly isn't. Scott Ludlam is from the Greens party, which are a
not-extreme-but-still-left left-wing party. They're the 3rd 'major' party in
AU politics, but trail far behind the big two. The big two came together on
this to pass it, so although many of the minor parties are up in arms about
it, it got steamrolled through.

Additionally, Scott Ludlam is far more technologically adept than many of the
old white law-educated guys in parliament. He's younger, he's very much of the
IT era and is much more understanding of technology as a result. That's why he
speaks out against this and other technology-related policies so often,
because he _gets_ the technological side of things.

------
MichaelGG
I just wish Fastmail didn't have servers in the US. Not really quite sure what
the benefit is there; email isn't latency sensitive.

If a Swiss company were to pop up with a competitive mail offering, I imagine
they'd sweep up a lot of business easily eh? Not that it's much more secure,
just harder to imagine Switzerland easily handing over records, whereas with
folks like MS, they've shown they'll do it on even non-legal requests.

~~~
alfiedotwtf
> I just wish Fastmail didn't have servers in the US

tl;dr - We are Australian, so PATRIOT Act doesn't apply.

[http://blog.fastmail.com/2013/10/07/fastmails-servers-are-
in...](http://blog.fastmail.com/2013/10/07/fastmails-servers-are-in-the-us-
what-this-means-for-you/)

"It has been pointed out to us that since we have our servers in the US, we
are under US jurisdiction. We do not believe this to be the case. We do not
have a legal presence in the US, no company incorporated in the US, no staff
in the US, and no one in the US with login access to any servers located in
the US. Even if a US court were to serve us with a court order, subpoena or
other instruction to hand over user data, Australian communications and
privacy law explicitly forbids us from doing so."

"Australia does not have any equivalent to the US National Security Letter, so
we cannot be forced to do something without being allowed to disclose it."

~~~
hydrogen18
I don't really follow your logic here. If your servers are physically in the
US, a judge will just issue a warrant to seize the servers.

~~~
robn_fastmail
Maybe. They'd have to issue that warrant to our datacentre operators though,
not us, because there's nowhere to send the documentation. And then they can
compel our datacentre not to talk about it, if they like, but they can't stop
us talking about.

Really though, the point of all this isn't to say they can't take our servers
- of course they can, via legal and illegal means. The point is more to say
that they can't do it _quietly_, which greatly raises the bar, because now
you've got a PR shitstorm to deal with.

But really, it's not going to happen, because we have good legal processes in
place. There are proper channels from most countries in the world to the
appropriate Australian authorities, and from there to us, and once that
request comes in we service it and that's that.

If you want reasonably secure and private email, and you're not doing really
dodgy shit, we're probably a safer choice that many. But we're not selling a
privacy service, just an email service. If privacy is 100% non-negotiable for
you, then you'll need to look elsewhere.

~~~
techdragon
Sold. I've been on the fence about moving some of my most important addresses
off of the cheap shared hosting Cpannel managed crap they are on at the
moment. It's crap hosting but it's free.

Your Australian honesty, "not doing really dodgy shit" won me over. I'm going
to move a few over and check your service out properly.

Nice to see another Australian company doing well :-)

~~~
duncan_bayne
Not only is their product good, but their service is first rate.

I was recently working with the developer of the ASynK contact synchronisation
tool ( [http://asynk.io/](http://asynk.io/) ) to track down an issue I was
having synchronising contact details from Fastmail using CardDAV.

It turned out to be a Fastmail issue; one of their developers was quickly on
the GitHub issue chatting to the ASynK maintainer about it, and they had a fix
in a couple of weeks.

Impressively clueful support.

------
basicplus2
Surely as they have servers in America Australia gets the data anyway as it
will be collected for them by America.

------
verusfossa
I generally like Fastmail and the for pay model, but their Employee Access to
Data section of their Privacy Policy seems to be a bit too cavalier. I may
just be naive though.

PP:[https://www.fastmail.com/about/privacy.html](https://www.fastmail.com/about/privacy.html)

Also, I feel they overstate the jurisdiction piece. Being in Australia is
important, but it certainly doesn't make you a paragon of privacy or Australia
a privacy Eden. Company culture is great, but a five-eyes becoming more
surveillance-heavy by the day doesn't make the technical aspects of
maintaining private communication any easier. I'd be wary not to oversell.

~~~
robn_fastmail
In what way do you consider the privacy policy cavalier? What would you prefer
it said?

I don't believe we made any claims that Australia is a "privacy Eden" or that
we're "paragon of privacy". Indeed, we frequently say we're _not_ a privacy
service, just an email service that cares about privacy among other things.

More specifics on both these points would help us discuss them properly.

------
tedunangst
Is FastMail an Australian company? I'm guessing maybe yes, since otherwise it
seems such a post is unnecessary, but nowhere does it actually say anything
like "You may think the law applies because we're an Australian company,
but...". For all I know, this could be a law attempting to target any company,
in any country, that does business with Australians.

~~~
robn_fastmail
Yes, we're an Australian company.

[https://www.fastmail.com/about/company.html](https://www.fastmail.com/about/company.html)

------
jacques_chester
While it's important to get legal advice, there are two things to bear in
mind.

First, the meaning of a law can only be settled in the courts, strictly
speaking. A legal opinion is a best effort, but it is an opinion, not a
judgement.

Second, Parliament can amend any law it passes at will. And it has the power
-- rarely but sometimes exercised -- to make its legislation retroactively
effective.

~~~
brongondwana
Yeah, sure - at which point we change that blog post, inform our users. _NO_
jurisdiction is different in this regard - welcome to life.

------
walkingolof
I've been a Fastmail customer for almost two years now, its been working
really great. The best thing with Fastmail is that it shows there is a future
for a Internet with choices, choices beyond the 4 or 5 global cooperation that
tries to dominate every aspect of our life.

------
rdancer
I fail to see how this helps their users in any way, seeing as the data will
be intercepted by NSA, GCHQ, or indeed ASD, retained wholesale (not just
scraps of headers a.k.a. metadata) forever, and shared with whoever asks
nicely?

------
kristianp
Not unrelated:

[https://mako.cc/copyrighteous/google-has-most-of-my-email-
be...](https://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-
has-all-of-yours) HN discussion:
[https://news.ycombinator.com/item?id=10229928](https://news.ycombinator.com/item?id=10229928)

------
mrmondo
Big ups to Fastmail, as a user myself, I find them to have both a solid
product and fantastic service.

