
FastMail’s servers are in the US – what this means for you - masnick
http://blog.fastmail.fm/2013/10/07/fastmails-servers-are-in-the-us-what-this-means-for-you/
======
nullc
> There are of course other avenues available to obtain your data. Our
> colocation providers could be compelled to give physical access to our
> servers. Network capturing devices could be installed. And in the worst case
> an attacker could simply force their way into the datacentre and physically
> remove our servers.

> These are not things we can protect against directly but again, we can make
> it extremely difficult for these things to occur by using strong encryption
> and careful systems monitoring. Were anything like this ever to happen we
> would be talking about it very publically. Such an action would not remain
> secret for long.

> Ultimately though, our opinion is that these kinds of attacks are no
> different to any other hacking attempt. We can and will do everything in our
> power to make getting unauthorised access to your data as difficult and
> expensive as possible, but no online service provider can guarantee that it
> will never happen.

This kind of frank disclosure should be highly rewarded. I provided similar
frank disclosure text (elsewhere) only to have it whitewashed.

When everyone is underplaying the real limitations it's impossible for people
to choose alternative tradeoffs— "Why should I use this slightly harder to use
crypto thing when foo is already secure?"— because the risks have been
misrepresented. Underplaying the limitations also removes the incentives to
invent better protection— "Doesn't foo already have perfect security?".

~~~
alan_cx
"This kind of frank disclosure should be highly rewarded."

With all due, Im sorry but, no.

Had it come before the Snowden leaks, absolutely. But it didn't.

After the event, facing a danger of customer loss or loss of confidence, it
can only be seen as too late and defensive move. All these companies must have
known something about these risks, yet remained in a passive conspiracy of
silence. Not one stood up until Snowden did. By then, too damn late.

~~~
Kudos
Before the Snowden leaks Fastmail was owned by Opera, it has since been bought
by Fastmail staff.

[http://blog.fastmail.fm/2013/09/25/exciting-news-fastmail-
st...](http://blog.fastmail.fm/2013/09/25/exciting-news-fastmail-staff-
purchase-the-business-from-opera/)

------
westicle
> Australia does not have any equivalent to the US National Security Letter,
> so we cannot be forced to do something without being allowed to disclose it.

This is not true. The Australian Crime Commission has some of the most
extensive secret coercive powers in the Western world.

[http://www.austlii.edu.au/au/legis/cth/consol_act/acca200228...](http://www.austlii.edu.au/au/legis/cth/consol_act/acca2002289/s29b.html)

I would suggest that either:

a) Fastmail is aware of this and is covertly spreading the word that it might
be compromised; or

b) Fastmail needs better lawyers.

~~~
robn_fastmail
I would argue that section 29 is very narrow in its scope, and allows for
disclosure once an investigation is completed, and allows for disclosure to an
attorney, whereas my understanding of an NSL is that it can order pretty much
anything it wants without limitation. That seems quite different to me.

But then, I'm not lawyer. You're probably not either. Which is why I keep
telling people to get their own legal advice if they're concerned about it.

~~~
westicle
Actually I am a lawyer. In the past I have even advised clients who received
ACC notices (they are more common than most people would think).

Needless to say I was staggered at the scope of the powers granted. Forget
about transparency, justice and the rule of law. If you receive one of these
you _can_ be compelled to give evidence or documents in secret, without
judicial oversight or public scrutiny.

~~~
robn_fastmail
I just checked upstairs. The advice we have is roughly:

\- ACC has judicial oversight

\- its unclear how this interacts with the Telecommunications (Intercept and
Access) Act

With my boss throwing in:

\- law is a giant mess

\- until you have two extremely well-funded parties disagreeing vehemently
about the interpretation, you'll never get a final answer

We're still happy with our publicly-stated position. You might disagree, and
I'm not really in a position to argue with you. Its my corporate masters with
their necks on the line, and they seem relaxed about it. That's good enough
for me :)

~~~
ye
Either way, it makes your service completely vulnerable to the government's
interpretation of the law. If they force you to disclose your customers' data
in secret tomorrow, or face jail time, I have no doubts what your choice will
be.

I'm not calling you a liar, btw, I just think you're naive/oblivious, and
considering you just now discovered what ACC is and had to check with your
lawyer (who isn't even sure how it interacts with other laws), I wouldn't use
your service to send any critical information. Ever.

~~~
robn_fastmail
> If they force you to disclose your customers' data in secret tomorrow, or
> face jail time, I have no doubts what your choice will be.

We have no doubts either. The privacy policy clearly states we will give your
data to the Australian authorities if supplied with the proper supporting
documentation.

I didn't just find out about the ACC, though I wasn't aware of the details.
But I'm not a lawyer, just a sysadmin, so I don't need to be. The "its not
clear" bit is simply that there are two laws that appear to be in
contradiction with each other. Its never been tested in court. And thus, its
not clear. But we have confidence that what our position is legally
supportable or we wouldn't be here.

~~~
jrochkind1
Laws that appear to be in contradiction with each other, never tested in court
-- so, yeah, quite like the US legal situation, right?

------
robn_fastmail
Hi, FastMail employee and author of (most of) that blog post here.

Just so we're clear, the point of this post was not that we don't think the
rules don't apply to us. Instead we're trying to make it clear where position
on these things are. The topic of this thread is a sensationalist sound-bite,
nothing more.

I'm not going to go over the points again here because I'm pretty sure we said
it all in the post (but ask questions if you like, I'll be here all week!).

The most important point to take away from this post is that your privacy is
your responsibility. We're trying to provide you with as much information as
we can to help you determine your own exposure, and to let you know what we
will work to protect and where we can't help. Its up to you to determine if
our service is right for you. No tricks, and no hard feelings if you'd rather
take your business somewhere else!

~~~
anologwintermut
I may have missed this elsewhere, but why are you're severs in the US at all?

~~~
robn_fastmail
[https://news.ycombinator.com/item?id=6506626](https://news.ycombinator.com/item?id=6506626)

------
andrewfong
Note the obvious caveat though:

"There are of course other avenues available to obtain your data. Our
colocation providers could be compelled to give physical access to our
servers. Network capturing devices could be installed. And in the worst case
an attacker could simply force their way into the datacentre and physically
remove our servers."

As the colocation providers are based in the U.S., they would be subject to
the National Security Letters. FastMail claims this is no different from any
other hacking attempt. But in a normal hacking attempt, colocation providers
would be free to explain to FastMail the extent of any hacking on their end.
Moreover, hackers typically do not have physical access to any data. Even with
encryption, physical access opens up a lot of attack vectors that most
sysadmins don't anticipate.

~~~
MichaelGG
If they mount webcams and other sensors inside the cabinet, they could detect
unexplained access to their servers. Not sure what it'd really accomplish. The
colo provider would either say "tech mistakenly opened that cabinet" or "no
comment". The only real defense is to assume any such access is a breach and
have servers immediately overwrite FDE keys in RAM and power off - and if they
were that committed, they wouldn't host in the US in the first place.

~~~
duskwuff
There is some historical precedent for such methods. I believe one popular CDN
(possibly Akamai?) has its nodes set up with sensors of some variety to
discard sensitive data if the hardware is exposed to light.

~~~
dsl
Dell (and possibly others) servers have chassis intrusion sensors that you can
trap in software, and do with as you please.

~~~
duskwuff
This goes beyond chassis intrusion, though - the servers are set up to freak
out if anyone even opens the cage to _look_ at them.

~~~
dsl
Yeah, that is just bar room banter between nerds. I've stood next to
unprotected racks of Akamai servers and nothing happened.

Nobody really builds systems where an HVAC engineer walking into your cage to
move a cooling tile will cause an outage, they just love to talk about how
they would build them.

------
rdl
The personal location of the operators is probably the #1 most important
security risk; location of customers, location of servers, and country of
incorporation are also important.

It's much easier to compel operators to do something (through legal threats or
potentially physical threats) than it is to do any active modifications to a
complex system, undetectably. Passive ubiquitous monitoring is a concern
because it's passive and thus hard to detect -- it's highly unlikely TAO can
go after a large number of well-defended systems without getting caught.
Obviously they'd be likely to hide their actions behind HACKED BY CHINESEEEE
or something, but even then, it's relatively rare to have a complete
penetration of a large site in a way which isn't end-user affecting, and rarer
still for the site not to publicize it.

That said, if I wanted to compromise Fastmail, I'd either compromise a staffer
or some of their administrative systems to impersonate staff.

------
sschueller
The US government will just take their server. They don't care if you go out
of business.

Look at what they did to megaupload.com.

~~~
brongondwana
This is the same megaupload where FBI agents took part in a raid on a house in
a non-US country?

[http://www.listener.co.nz/commentary/the-internaut/kim-
dotco...](http://www.listener.co.nz/commentary/the-internaut/kim-dotcom-
megaupload-new-zealand-timeline/)

As I said in a response on our forum, if the stakes are high enough, no
datacentre in the world is safe.

Bruce Schneier recommends protecting against terrorist attacks by improving
emergency response capabilities - with the side benefit that your measures
also help against natural disasters:

[https://www.schneier.com/essay-292.html](https://www.schneier.com/essay-292.html)

(edit: that's not a great version of his point actually,
[https://www.schneier.com/blog/archives/2005/09/katrina_and_s...](https://www.schneier.com/blog/archives/2005/09/katrina_and_sec.html)
is more on point)

Similarly, our main focus for security is protecting against all forms of
attackers, including common theft or misplacement of our servers. We consider
that to be more valuable for the overall security of our users (including
security against denial of service) than fighting an impossible fight.

FACT: if the three letter agencies in the USA want your data desperately
enough, they will get it. With FastMail, they have a legal way to obtain it
which is quite a lot of effort, but (hopefully) less expensive to them than
taking our servers offline.

What they can't do, by Australian law, is require our cooperation in blanket
surveillance on all our users.

~~~
rplnt
"As I said in a response on our forum, if the stakes are high enough, no
datacentre in the world is safe."

The stakes being relevant to US that is.

------
brongondwana
Hello inflammatory headline.

That's a very small part of a lot of what we have to say, most of which is:

* we can't be compelled (under current laws) to install blanket monitoring on our users

* we can't be compelled to keep quiet about penetration that we notice

* there are always risks, including the risk that any random group knows unpublished security flaws in the systems that we use

We have written some things about techniques we use to reduce those risks
(physically separate internal network rather than VLANS on a single router for
example) - these help protect against both government AND non-government
threats. But we can't make those risks go away entirely.

What we're saying is - the physical presence in the USA only changes one low-
probability/high-visibility threat, which is direct tampering with our
servers.

Regardless of the physical location of servers, we would still comply with
legally valid requests made through the Australian Government.

It is our belief and hope that this process is difficult enough to mean that
US agencies only ask for data when they have good cause rather than "fishing"
\- but still easier than taking our servers and shutting us down, with all the
fallout that would cause.

------
bad_user
I found this article brutally honest. What they are saying is that (1) NSA
snooping is more expensive for the NSA as they can't engage in blanket
surveillance on all of their users, while keeping them silent, but on the
other hand (2) you can't expect and shouldn't assume privacy, because if the
NSA wants to listen on your traffic, they will.

This in combination with FastMail being acquired by its former employees,
coupled with their investment in CardDAV and CalDAV, makes me really excited
about them. I was actually looking for a good replacement to Google Apps and
FastMail might be it. It's still a little expensive though, compared to Google
Apps, I hope they'll bring those prices down just a little.

~~~
pppp
I am more than willing to give FastMail twenty USD per year, so it is not
expensive in that regard, but it is expense for what you get. 1GB of space?
Give me a break. All of the tiers need to shift down a notch while keeping the
price the same. $20 for 10 GB would be reasonable.

~~~
bad_user
Well, that's what I meant. I pay something like $50 / user account yearly in
Google Apps and I get 30 GB of space, plus Contacts, Calendar, Google
Hangouts, Drive and all the other goodies. Paying $60 per year for email with
15 GB of storage seems kind of expensive.

------
workhere-io
There's one question they haven't answered: Why do they even need to have
their servers in the US? Their blog post admits that there's a big chance that
the US is spying on their customers. Given the fact that FastMail is a
Norwegian/Australian company, why don't they just move their servers to e.g.
Norway?

I realize that even if the servers were in Norway, an email from a FastMail
user to a gmail.com account would still be read by the NSA (because it would
pass through American servers), but email sent from FastMail to other email
hosts in relatively safe countries would not be read by the NSA.

~~~
alfiejohn_
We're no longer Norwegian :)

[http://blog.fastmail.fm/2013/09/25/exciting-news-fastmail-
st...](http://blog.fastmail.fm/2013/09/25/exciting-news-fastmail-staff-
purchase-the-business-from-opera/)

~~~
workhere-io
Alright, but the point still remains: You could theoretically place your
servers anywhere in the world, so why choose the US?

~~~
alfiejohn_
Like what Bron mentioned above:

'Which comes back to the point I've been trying to make all along here. In the
most serious extreme, nowhere in the world is "safe"'

Do you have any suggestions for countries that have excellent data
connectivity, would successfully resist pressure from US/UK/X authorities to
hand over our servers, and at the same time would not themselves want access
to?

~~~
workhere-io
Norway, Iceland and Switzerland come to mind.

As for whether or not they want access to data: There's nothing wrong with
governments accessing data if there's a court order in place and their request
is part of an investigation. It's the automatic surveillance of _everyone_
that NSA does that's a problem, and it's certainly not all countries that do
that.

 _In the most serious extreme, nowhere in the world is "safe"_

Sure, but there are _levels_ of safety, and the US has turned out to have a
low degree of safety for a Western country. The fact that you probably can't
find a perfect country shouldn't be an excuse to pick a notoriously unsafe
one.

~~~
alfiejohn_
We're already in Iceland - from [http://blog.fastmail.fm/2012/07/03/a-story-
of-leaping-second...](http://blog.fastmail.fm/2012/07/03/a-story-of-leaping-
seconds/)

"We have a complete live-spare datacentre in Iceland. Eventually it will be a
fully operational centre in its own right, but for now it’s running almost
100% in replica mode."

I'm not so sure about the safe-haveness of Switzerland these days. They
already caved to the US, giving them access to banking info (what they're
famous for... which leaves me wondering what Switzerland got in return):

    
    
      http://uk.reuters.com/article/2013/08/28/uk-switzerland-usa-tax-idUKBRE97R0CY20130828

~~~
workhere-io
_We have a complete live-spare datacentre in Iceland. Eventually it will be a
fully operational centre in its own right_

Let me know when that happens and I'll gladly sign up for your service :)

 _I 'm not so sure about the safe-haveness of Switzerland these days. They
already caved to the US, giving them access to banking info (what they're
famous for... which leaves me wondering what Switzerland got in return):_

I don't see how bank secrets have anything to do with Internet surveillance.
There's a general tendency now both in the US and the EU to pressure tax
havens such as Switzerland, Andorra, the Bahamas, etc. to give up their bank
secrets so that corporations and rich individuals can't hide their income and
avoid paying taxes. That seems fair enough, and I don't see a direct link
between that and Internet surveillance.

------
CurtMonash
The persuasive part of this is disclosure. It's a promise to be open about any
breaches, plus an observation that the US lacks the legal clout to stop the
promise from being kept.

------
Quai
I know that my word doesn't mean much, but I have had the chance to talk to
several of the guys working at Fastmail during their years at Opera Software.
They are -serious- about mail and they are -serious- about privacy.

Next time I'm out shopping for email services, I will give my moeny to them!
(And, to give something back for all the Tim Tams brongondwana brought with
him to Norway ever time he was on a visit ;) )

~~~
robn_fastmail
If you want to just send timtams, that would be fine too. We seem to have run
out of them in the office...

~~~
brongondwana
I'll get you timtams if you run the fire escape with us...

~~~
robn_fastmail
I'm afraid that if get fit and stuff I won't want them anymore! :'(

~~~
brongondwana
Hasn't stopped me.

~~~
robmueller
Stick to IRC for the internal chats guys.

Wait, I meant email... ;)

------
traeblain
So they are saying that they can never get a NSL to turn over information, but
where are these servers? Who has the keys to the door of the server room?

So maybe they don't get the NSL, but the people/group/company that is handling
the servers might. This seems disingenuous. I could be wrong, but it feels
like they are making claims that will dupe people into their service because
they feel safe.

~~~
frenger
> So maybe they don't get the NSL, but the people/group/company that is
> handling the servers might. This seems disingenuous.

well they do say explicitly that, near the bottom. Hardly disingenuous.

------
MichaelGG
The only real benefit I see here is that your IP won't be easily revealed.
That is, given a fastmail account, the e.g. FBI cannot quickly get your login
IP, like they can with e.g. Outlook or Gmail. So, for just low-level anti-
surveillance, SSL to fastmail might suffice instead of using Tor with Gmail.

Unless you're using PGP or S/MIME, SMTP is still most often unencrypted.

~~~
rdl
I think the assumption is that FBI has to obey the law to produce evidence for
prosecutions. NSA doesn't, particularly vs. "foreign".

------
iSnow
Since the Silk Road bust we know the US LE is able to convince or force
colocation providers to provide them with an image of a server. After that,
pretty much any communication can be considered open to the NSA. I am not
surprised that he does not clearly mentions this.

So FM should move their servers out of the US even if that's inconvenient.

~~~
robn_fastmail
Actually we did clearly mention it:

    
    
      "Our colocation providers could be compelled to give physical access to our servers."
    

But in the very next paragraph:

    
    
        "These are not things we can protect against directly but again, we can make it extremely difficult for these things to occur by using strong encryption and careful systems monitoring. Were anything like this ever to happen we would be talking about it very publically. Such an action would not remain secret for long."
    

Its not hard for a skilled sysadmin to take an image of a running server. Its
extremely difficult to do it without administrative access to the machine AND
to do it without anyone noticing.

~~~
sandstrom
You could move the servers to a country with more respect for rule of law.
That would be awesome!

------
frank_boyd
> our primary servers are located in the US

Why would you do that, especially when you're not even a US company?

~~~
robn_fastmail
Because most of our customers are in the US. If your goal is to provide the
fastest service around, it helps to put your servers near your users.

~~~
frank_boyd
You're implying that you would make less money by trading in your US location
for more security. That means that you believe not enough users care enough
about their privacy to accept that (really light) trade-off.

~~~
brongondwana
It might also mean that many of our users believe in the same tradeoff that we
do - that we're not overreacting to one low probability/high visibility risk
by throwing out the incredibly good reliability we've had for years to shut
everything down, ship it to a location with unknown reliability and spin it
all back up again - complete with new IP addresses and all the headache that
would cause tons of customers who have hard coded things on their own domains
(annoying but true - recycling IPs is hard)

There are tons of downsides to shutting down everything that's working well in
a knee-jerk reaction to one possible risk - never mind that the government of
whatever country we choose could very well cooperate with the same agencies
we're running from - or they could just corrupt an employee of the datacentre
we're in - or...

So maybe if you're going to put words into our mouth you could put ones about
how much we care about our users and our reliability that we don't jump on
unproven setups just because of a single (unchanged, just more public) risk.

~~~
sillysaurus2
You're not representing your company very well. If you're going to be mean,
you'd better be right. But in the scenario you describe, the solution is to
move incrementally, one server at a time, not "shut everything down, ship it,
then reboot everything simultaneously."

FYI you have about 1.5 hours to edit your post. You may want to do that,
because otherwise it will probably scare off most informed potential customers
who read it.

~~~
brongondwana
Do you have a realistic idea of how long that would take, and what the risks
and costs involved are? How would we "move" the servers, without a
significantly higher risk of the data being leaked? Assuming Europe, that's an
8 hour flight at the least.

I'm guessing people are assuming Europe as the bastion of all things good
here. Certainly it's more affordable for hosting than Australia, and more
reliably connected than anywhere else.

A more realistic scenario, if we had the budget for it, would be to buy a
duplicate set of hardware, install it in the theoretical new location,
duplicate all the data, grandfather everything running at NYI.

This would be a process that would take months or years of real time as well,
plus quite a lot of admin time. Just duplicating all the email, well - I did
it recently, I carried an almost full set of backups on encrypted hard disks
from New York to Australia (the key was only ever in tmpfs on the host in New
York, copied in over ssh inside a VPN link, and all copies nuked and the
server rebooted and reinstalled before I left New York) Even filling those
disks at the maximum IO rate we could sustain took over a week - and unpacking
it at the other end would take as long again.

All this for theoretical security against one of very many risks we face. It
is my considered opinion that we can get better return on our security
investment (both time and money) in other ways than scrambling to get
everything out of the USA.

And "emails being read by the US Government" is only one of very many security
threats. We could make our users' emails VERY secure by putting all our
servers in the shredder - it might reduce uptime and recoverability of data
somewhat...

... so I'm hoping most informed potential customers understand that there are
other risks in the world, and we balance our defenses amongst the various
risks.

Throwing away everything that's good about our New York hosting in exchange
for maybe being more secure against one particular risk is not a decision to
make lightly, your assertions nonwithstanding.

~~~
skrause
You could also just create a second, completely separate setup in Europe
running on a new domain. People who don't care about their @fastmail.fm domain
or those use their own domain can move to the European setup.

~~~
brongondwana
Yes, we could. It's certainly an idea that's on our radar.

------
Maximal
As Australia is a member of the five eyes group, I do not see any added
protection from FM being incorporated there rather than in the USA.

This is why I use a email service in Norway (runbox.com), which, as far as I
know, is not sharing information by default.

~~~
brongondwana
The legal situation in Norway is... in flux at the moment. The Snowden
revelations might stop information sharing from coming in, but Norway is
looking like leapfrogging Australia pretty much with data retention (along
with much of Europe):

[http://theforeigner.no/pages/news/updated-parliament-
passes-...](http://theforeigner.no/pages/news/updated-parliament-passes-data-
retention-directive/)

Norway isn't some magical safe haven from legal data requests. We receive law
enforcement requests through the Norwegian system for mail.opera.com users
(which, despite running on the same infrastructure, is operated under
Norwegian law, not Australian - isn't life complex)

[http://en.wikipedia.org/wiki/Telecommunications_data_retenti...](http://en.wikipedia.org/wiki/Telecommunications_data_retention)
tells a few interesting stories.

Australian law may indeed change, and we'll be compelled to update our
policies to match. So far, we've avoided it.

[http://www.smh.com.au/technology/technology-
news/government-...](http://www.smh.com.au/technology/technology-
news/government-shelves-controversial-data-retention-
scheme-20130624-2oskq.html)

------
topbanana
They don't need to seize the server. SMTP is plaintext and on a well known
port number. I'm sure the NSA have a record of every email sent through the US
in the last few years.

~~~
kijin
It is possible to encrypt SMTP connections with standard SSL/TLS technology.

FastMail has been using opportunistic encryption on their incoming and
outgoing SMTP servers for years. If you send an email to another service that
does opportunistic encryption, and if both the sender and recipient uses SSL
to access their mailboxes (as FastMail requires), the email will never be
transmitted in plain text over the Internet.

~~~
janvidar
The problem with such opportunistic encryption, is that you could insert a man
in the middle which basically intercepts the traffic and modifies the
handshake to exclude the STARTTLS extension.

With opportunistic SMTP encryption this will cause things to proceed in plain
text. The sinister thing about this is that e-mails still flow, so it still
works.

~~~
robn_fastmail
There's a solution for this. Its called DANE. See
[http://tools.ietf.org/html/draft-ietf-dane-
smtp](http://tools.ietf.org/html/draft-ietf-dane-smtp)

We're currently investigating it.

~~~
bigiain
I don't suppose you got any numbers easily at hand about how much of your port
25 traffic negotiates a TLS encrypted connection?

~~~
robn_fastmail
A very naive estimate based on one day of logs from one server says over 75%
of our incoming port 25 connections are encrypted. Although that says nothing
about the quality of the cipher in use and the type of messages that come
through, its still significantly higher than I would have expected.

I can see I'll be spending some time on this in the next few days!

~~~
bigiain
Thanks for that. They're useful numbers for me, because I've got this plan…

My current side-project involves a RaspberryPi (sitting in my loungeroom on my
home ADSL connection), iRedMail, full disk encryption, a handful of
inexpensive VPS providers with APIs that allow automated provisioning
(DigitalOcean, NineFold, and Hetzner – to spread out the jurisdictions) – with
the RasPi opening a reverse SSH tunnel for ports 25 and 465. Add in a DNS
provider with a useable API so the 'Pi can spin up and shut down VPSes itself
and update MX records to suit, and VPS images configured to not log anything
mail-related, and I think I've gone as far as I can to secure my end of all my
email. Having physical control of the hardware/storage that my email relies on
won't protect me against NSA level targeted-at-me snooping, or even local law
enforcement with sufficient "probable cause" to get a judge to sign a search
warrant, but at least I'll _know_ if someone grabs my server hardware. (Hmmm,
I wonder if there's some NSL-type coercion that could be used against my
partner to force her to let someone take/image my 'Pi while I'm not home, and
not be allowed to tell me?)

Possible over-paranoid ideas include refusing port 25 smtp connections that
wont negotiate a secured connection in response to a STARTLLS command, and
possibly blacklisting mail originating from any of the 8 known PRISM
collaborators. I like the _idea_ of ensuring none of my mail arrives from
known-intercepted sources, but reality dictates otherwise since way too many
of the people I really do want to communicate with are exclusively using
gmail/yahoo for email (or worse still, have migrated largely to Facebook
messaging instead of email).

------
rdl
As far as I know, Australian law is common law and would allow a judge to seal
a warrant. So, fastmail's asertion that there is nothing like an NSL where
they couldn't disclose a search is incorrect. I'm sure it is just lack of
awareness, rather than intentional deception.

(Ianal, ianaa, but I am pretty sure I am correct on this point.)

------
jessaustin
While some describe this as "frank", I think to have that quality TFA would
need to specify where the decryption keys are stored. Are they in the USA
colo's too? (I realize I could probably figure this out myself if I could be
arsed to do so, but why not just tell us?)

------
aamargulies
I've been having a discussion with a fastmail staff member about surveillance
and fastmail. You can see the discussion here:

[https://www.fastmail.fm/html/?MSignal=TZ-**378397*97ae93f3](https://www.fastmail.fm/html/?MSignal=TZ-**378397*97ae93f3)

------
a3n
FastMail's servers on on the internet, and so you're fucked.

Just sayin'.

------
bckrasnow
Transparency takes precedence over everything else in this post, aka the thing
you haven't seen US companies doing at all.

Hmmmmmmmmmmmmmmmmmm.

------
dutchbrit
Or the US could just go to the Datacenter and force them to give access.

------
duncan_bayne
This makes me very happy to continue being a Fastmail customer.

------
616c
Thank you, Fastmail. This is why I pay for you.

~~~
TwoBit
Despite that they just stated that your data will be owned by the US
government in a raid on the US-based fastmail servers? And with no apparent
way for US-based users to avoid that?

~~~
andyhmltn
In all fairness, how are they supposed to combat that without moving their
server location?

------
smegel
Now swear in blood you weren't under any kind of nondisclosure order when you
wrote that.

------
tweeeyjg
This is a joke right? How much were they paid by the NSA to write this post?

~~~
merusame
Ffs, why even bother writing junk like this at all?

------
phy6
If I was going to set up a honeypot for evil-doers/dissidents, this is the
message I would spread.

~~~
robn_fastmail
If I was an evil-doer/dissident I wouldn't be trusting my life to the
collective wisdom of the internet ;)

