Hacker News new | past | comments | ask | show | jobs | submit login
FastMail loses customers, faces calls to move over anti-encryption laws (itnews.com.au)
378 points by qzervaas 4 months ago | hide | past | web | favorite | 278 comments

If anyone's considering moving their email addresses over this, please take the time to get your own custom domain to host email on. That way you can switch providers more easily and actually own your email address.

As a shameless plug: Purelymail, the mail service I'm working on, could use some more beta testers. It's (to my knowledge) the cheapest way to get email on a custom domain right now. https://purelymail.com/

As Fastmail, we also recommend that people get their own domain. Being able to move is prudent regardless of how good any one host is! Own your own namespace :) We would rather keep people because we're good, not because they're locked in.

I really don't understand the criticism. Fastmail have said that they will obey the law (all of it, not just this bit). The likelihood of them a) being required to assist under this particular law, or b) be able to provide the particular assistances required under this law are minimal.

The mail is encrypted at rest to protect against illegal access, not legal access. Fastmail are transparent on what they will or won't do. Where's the problem?

I'd be more worried about a programmer working on the bowels of OpenSSL or LibreSSL etc and being seconded by ASIO/ASIS/DSD than about companies.

I'm a long time (and very happy) fastmail customer and I have no problem with their position. Not because "I've got nothing to hide", but because if I did, I'd know not to use their service.

I depply despise the telecommunications assistance act. I think it's badly written and comes from an inherently uninformed and impractical idea that you can legislate against people keeping secrets. I hope that the reviews in Parliament right now, and, hopefully, the changes to be made under a new Labor government, will remove a lot of the stupidity.

I guessing people are concerned about the width and breadth of the potential searches.

We've seen at least the US government have some fairly expansive requests in order to track down one single person, and they never delete the data once they obtain it. So a copy of those records will forever be outside of your control, potentially without you ever knowing it.

People built up unreasonable expectations about the security of the service, and the legal changes attracted attention.

End of the day, if you have a scenario where a third party is the custodian of your information, that custodian has control of it and will follow whatever legal framework that they are obliged to follow.

For what it's worth, it's been a few years since I started moving from gmail to Fastmail and I couldn't be happier.

Thanks for that :) We appreciate you!

Another happy customer here! Incidentally this does not worry me as I don't use email for any secure or private communications and I don't think anyone ever should. At best any warrants will get a list of crap I've bought on Amazon and Aliexpress.

I get that email was not originally designed to be secure, but do you really not want to keep your amazon account, with your credit card number and home address, secure and private?

My amazon account has 2FA enabled on it.

Me too. Custom domain on FastMail. I'm not (too much) worried about AU's search warrants. My original move from gmail was because I got annoyed by the Google approach to everything. This said, if you happen to move the servers in a more privacy-friendly country I'd not complain.

I have a domain for my family with Fastmail. I miss the old family plan. The parents and children in our family have wildly different levels of email usage. A family plan would allow us to share pool resources instead of paying full price for barely-used children's account.

We are on a grandfathered plan now and are putting off upgrading to a current plan as long as possible because it's a huge price jump to start paying for my kids to have 25 GB of storage which they are barely using.

Just wanted to say Thanks for the good service. I'm a happy customer and I'm not planning to move. In particular I really liked recent iOS app updates. Good job!

I am on google’s grandfathered free tier for my domain. Recently it has gotten annoying with new google products since they have to be supported by g-suite for you to use them. So I recently was shopping around for a new host. Basically I’m a non-business user who is probably in your target market.

As others have said, your pricing is unpredictable and hard to compute. As I’m evaluating you with competitors, I’m not going to invest the time. In my experience, when a company makes it hard to know what you’re actually going to end up paying, you usually end up paying more than you want (see: Verizon).

From a business perspective, it seems to me your value proposition is that you are striving to be the cheapest email provider. I think you should consider the kind of customer this attracts. The sort of person who thinks a few dollars a month per email address is too expensive is going to be high maintenance. If you want this to be sustainable, I think you need a different angle. Consider that all these other email providers basically charge around the same amount. That isn’t an accident. I don’t know the email business, but I assume it needs a certain margin to actually be sustainable and these guys have landed in the right ballpark.

If you’re looking for business customers, then your pricing is basically rounding error compared to the other guys. It’s not materially different enough to matter for a business of any reasonable size to be worth having as a customer. In fact, the lack of predictability is a major deterrent. Businesses need to create budgets and every variable cost adds to the complexity of the forecast.

> The sort of person who thinks a few dollars a month per email address is too expensive is going to be high maintenance.

I have to disagree with this. Any email service that costs several dollars per mailbox per month is way too expensive for most people who tend to have more than a few email addresses, including shared ones. In many cases these may not be conducive to be trimmed down using aliases.

Take a look at Posteo.de, mailbox.org and Runbox.com. All of them are highly privacy focused, been around for several years, and also provide email for a low price. With prices of hardware going down, even those prices sometimes look high when you see the storage quotas, the low number of aliases (except Runbox), etc. (I concede that hardware is just one part of the solution, but see what Migadu.com says on that front).

Setting up a family of users even on Fastmail’s lowest tier (without own domain support) would soon become quite expensive, not to mention the standard plan.

I checked out Posteo and noticed on the sign-up page it does not allow certain symbols in passwords. I get the error message: "[password] is invalid (must have at least one lower case and one upper case letter as well as one number or symbol - diacritics and exotic symbols are not allowed)" Wonder why that is.

I have no idea why they disallow those. But you could email them and ask. They usually respond in a day or two.

Side note: Posteo does not allow own domains (you can only choose from the list of Posteo.* domains that the company owns). The reason for that is mentioned in their FAQ (in short, the company doesn’t want to have or store customer identifying information wherever possible).

Posteo are the guys who don't allow your own domain, only posteo-owned domains.

When you ask them about it they will lie and tell you that it's not technically possible.

Most people have no idea what a MX record is and that other providers support own domains, so they fall for it.

Obviously they depend on customer retention by customer lockin.

I hate people who directly lie like that for their monetary benefit. So I would never go anywhere near them.

I asked them (Posteo) about this 2 weeks ago and below is the response I received. I'm not an expert in this area, but the response sounded reasonable to me:

> We do not offer domain services because we do not save any personal data for any of our services. This is not possible with domains.

> Domains must be registered to a person’s name and address. As a provider, we would be required to store inventory data for all customers that use their own domains with us. As a result, we would have to provide this information to government agencies when requested.

> Additionally, security reasons also play a role in this decision. With customer domains, the owner of the domain is responsible for setting up security features like DNSSEC (and as a result also DANE). Even things such as SPF and other protocols for delivery would lie in the customer’s hand and could not be guaranteed by us.

> Because of these reasons we have decided not to offer domain services and instead to remain consistent with our focus on data economy.

I got the same mail two years ago, I think (haven't kept it, but the "reasoning" sounds familiar).

See, that's just half-truths that amount to lies.

They claim they need to store personal information about you when you're using your personal domain.

That's untrue. Only if you registered the domain with them they would need to know about you.

It's also untrue, because unlike .de, many other TLDs don't require full names and addresses in WHOIS, or there are "privacy shield" services like the one nearlyfreespeech.net is operating.

Security reasons.

Also untrue (although it's a reasonable business decision that they don't want to handle customers calling their support with the customer's own domain set up problems).

I continue to claim that there is exactly one reason they are refusing: A customer with a *@posteo.de address will pretty much never leave.

I wouldn't mind very much if they admitted that, it's certainly a geeky niche to serve, but this security-and-privacy bullshit really makes me mad.

Do you want to trust your privacy with a company that's lying, even if you wanted to argue that it's a white lie?

I’m not arguing that there aren’t people who have legit reasons to want to pay less for email services. I’m arguing that if the OP wants to run a profitable business, targeting that particular demographic is unwise. Hobbyist/tinkerer types have high quality expectations and will absolutely suck more support time and energy than, say, a busy dentist’s office who just wants to pay money and have their email work for 20 employees.

> Recently it has gotten annoying with new google products since they have to be supported by g-suite for you to use them

Interesting - which products has this been an issue for? I'm on the same grandfathered GSuite deal and used to have this problem, but haven't in a while.

I was flat out unable to use the family sharing feature of YouTubeTV. Support from gooogle was helpful but they didn’t have much to offer in the way of a workaround. They researched it and basically told me to get gmail accounts for everyone in my family or share my google account with my kids (!!!). Interestingly, I asked if I switched email providers if my account would revert to one that would allow family sharing. They couldn’t guarantee it.

When I setup a Chromebook (without enterprise activation) about 18 months ago, I ended up with an individual Google account for my free-tier GSuite email address. I'm not sure if it was a Chromebook thing, a Chrome profile thing, or a problem between by Chromebook and my chair!

Google home calendar integration :(

Look into migadu. :-)

Your pricing, while fairly transparent, is too complicated for most people to figure out what they would be paying.

Even I'm put off by being charged based on the number of emails I receive - why should I pay extra if I get a lot of spam that should be caught by the spam filter?

You have up to 6 different types of fees you're going to charge and no easy way for me to figure out what my numbers would end up looking like (Your $7.72 amount means nothing to me since I have no easy way to compare your estimates vs my usage).

For $50, FastMail gives you 25 Gb. That would cost $14 on your service. But they do not charge for sending/receive emails (which I think is stupid).

So we are looking at 14 + 4 +1 = $19 before you even send/receive emails.

I just did a quick look and it looks like I receive around 6000-7000 email a year. Most of it is advertising and notifications (that doesn't count SPAM emails which are countless and I hope you don't charge for). That's an extra 1.4 bucks.

I send around a thousand emails a year. That might seem much but it is actually very low. It is only 3 emails per day and you can do much more if you use email for personal and work. That's an extra 4 bucks.

So total is $24.4 assuming you stop your billing there. That's half of FastMail offering for a beta product which from the looks of it offer not interface.

I might come off as rude but I think you need to remove the pay-as-you-go billing and just bill something reasonable for a whole year. Plus offer something more than "Just Email"; like have a differentiating feature like security or privacy.

The thing about actually using Fastmail's 25 GB for $50 is that if you go even slightly over, you're going to need a $90 plan. Most users aren't going to use anything near that amount, especially since our compression is pretty good. (I'm not sure if Fastmail's 25 GB count is compressed or not.)

You're right that I need to add more value. My planned direction is more along the lines of utility than security/privacy, which I think Protonmail covers pretty well. There's a lot of interesting value-add to be done in email.

The pricing is more that we offer honest pay-as-you-go pricing, with caps to make sure you don't actually get a ruinous charge, in direct contrast to "billing something reasonable for a whole year". If you'd rather do the former, then yeah! You're really well covered in the email space already. But I think people are getting subscription fatigue, where every service imaginable wants its $5/month cut of the pie.

I have a currently very low usage domain that I feel I'm paying Fastmail a fair bit for. I wouldn't mind if I was using it a bit more actively but presently I'm not.

I'll sign up to your service shortly; it would be very economical with my current usage!

Good to hear! I'll be sleeping soon, but feel free to email my support address or just comment directly if you have any issues.

Roger - it'll be in the next week or so. Just need the time :-)

> Fastmail's 25 GB for $50 is that if you go even slightly over, you're going to need a $90 plan. Most users aren't going to use anything near that amount

Except the users who already are storing 25GB of mail?

I have ten years of mail on FM. Even with multiple years of multiple heavy mailing lists, sending and receiving photos, etc., I'm at about 4.2GB.

I'm trying to think about how you could offer more reassurance. Off the top of my head,

- Offer a calculator so that people can estimate their own cost. A small improvement, probably not significant impact.

- Offer a customer to enter their current IMAP creds, give an accurate estimate based on past usage. A big improvement, but which would require significant trust from the prospective client. Hard sell.

- Offer a guarantee of some kind. "If you don't come off cheaper with Purely, we'll make up for the difference". Reassuring, but increases your risk.

- Up the price of storage, and eliminate the price of traffic. Storage is probably an imperfect but adequate proxy for total usage price, given that the pattern nowadays is to archive rather than delete (non-spam) email.

> Offer a customer to enter their current IMAP creds

A huge majority of users use free webmail providers, and the biggest players in that space all allow Oauth access to email. Oauth can be scoped down to just the access you need, whereas if you give out IMAP creds those can be used to wipe somebody's email account.

Also, at least in Gmail's setup [0], the IMAP password seems to be your "Gmail password", which is the same thing as your Google account password. Don't ask for this. You don't want to have these passwords enter your company's infrastructure.

[0] https://support.google.com/mail/answer/7126229?visit_id=6368...

All good ideas. I think it'll also help a lot if in a year or so I'm able to say "99% of our customers only spend $X a year".

I actually just checked the storage price, and I notice that at some point I added a $2/10,000 charge to the equation at some point, which is almost all of the charge price. I'm going to remove that tomorrow, since it was probably just paranoia and not actual cost plus margin.

Hi Felz, I hope my reply didn't come as rude :) I was just suggesting. If you found customers interested in that kinda scheme good for you (the money does the talk after-all).

But I still don't think your offer is reasonable. I consume around 600mb of storage, so if you go above 25gb you'll probably get a 20-30usd bill from the send/receive billing.

> But I think people are getting subscription fatigue, where every service imaginable wants its $5/month cut of the pie.

Exactly, so your solution is to complicate the billing process?

Here is a better deal:

- $xx/year fix - $0.xx/year for storage

No other fees. Sending/Receive emails should not add to your overhead that much (unless the user is abusing).

I didn't take it as rude! I appreciate your input. And I agree that the billing will seem more complicated until and unless I can win enough trust that users realize the costs don't matter, because they'll come out ahead.

You're right that sending/receiving don't add to overhead much. The receipt is actually way overinflated right now, and should be down to a more reasonable number tomorrow (about $0.03/1000). I might just waive it completely if it complicates things too much.

Sending is much harder, because I need to deter spammers. I priced it significantly above Mailchimp's price for that reason. But the cost will definitely go down as my ability to detect and ban spammers improves, and we'll likely end up pretty much with a scheme like you're proposing.

As a less technical user, the number of sent emails is a little not straightforward to me. Like if I'm in a group email with 50 other people and I reply all, is that 50 separate emails or just one email charged?

I'm always on the lookout for email providers who protect privacy and are cheap. I have three suggestions for you.

Firstly, as others have stated, your pricing is way too complicated for anyone to understand and figure out how much they would be charged. It would be better to make some assumptions and go with pricing based on account, aliases, storage, etc. Your current pricing is almost like one of those cloud service pricing calculators. Very nice in theory for paying based on usage, but practically next to impossible to make any sort of cost estimates on.

Secondly, your privacy policy is very short and doesn't give a lot of comfort. Take a look at Posteo.de to see how privacy is handled. It's one of the best that I know of.

On pricing, also compare with mailbox.org.

Thanks for the suggestions! I'll look at the privacy policy again and see how I can make it more clear that we're not abusing users' trust.

I did look at mailbox.org. It's about double for their lowest monthly plan, which is reasonable.

Where I hope Purelymail will shine is that it scales a lot more naturally (once you hit mailbox.org's 2 GB cap, you upgrade to a plan that's 2.5x more expensive), it enables use cases that'd get you frowny faces from other providers (because we charge appropriately), and there's no surcharge for things that don't actually cost more.

Want a dozen usernames? Sure, whatever. Need a hundred users? Sure. Store 2 TB of mail for some reason? We've got you covered.

The downside, as you point out, is that the pricing gets a bit scary and I need to work on making it feel safer.

I am too flabbergasted at the complexity of the prices.

Maybe a good idea would be posting a simple online calculator or a downloadable spreadsheet?

As a further side note, I don't understand (for an end user) the reference to:

>Emails sent: $4.03 (if sent externally) or $0.03 (if sent within the same account) per 1000 plus $0.18 per GB

I mean, while sometimes I talk to myself, I never wrote to myself, set aside internal company e-mails, which e-mails are not "sent externally"?

Or am I misunderstanding something?

The pricing would definitely be much easier to understand with a calculator.

However, I have no quarrel with the approach to pricing here. In order for a service like this to succeed with very established incumbents, it needs to differentiate itself enough to carve out its own niche.

Domains could be used for groups, like families or companies that send internal email.

Yep, that's why I specified "end user" and "set aside internal company e-mails".

I never thought about the idea of having a "family domain", it could be a nice idea, though I guess its naming could be a possible venue for in-family disputes?

Rather than having in-family disputes, I've had relatively poor luck giving way vanity email addresses to family members. There's a lack of understanding and interest in how the email address would work in combination with an existing email account.

My name is "Mark Stosberg" and my email is "mark@stosberg.com".

Yep, I meant that:

1) my mom won't have an e-mail address with the surname of her first husband (my dad, passed away)

2) my brother-in-law (brother of my wife) surely won't have it

3) my cousins all have different surnames

4) my wife may accept one, but I talk with her every day and when we don't meet or talk via phone we tend to communicate via post-its on the fridge or similar

Sent externally means to a different account or provider. So basically, sending email to yourself or other users using your account is much cheaper. (There's no spam worries there.)

So where is posteo.de pricing and sign up? I can’t find it.

Sign up is in the header bar (Button named "Sign Up") and a second option is in about the middle of the start page. Pricing is mentioned both on the signup page and on the start page, starts at 1 EUR/month.

Using smaller iphone, sign up is nowhere. Not in the hamburger, nowhere else.

You need to make the pricing much much simpler - less math acrobatics = less friction in the decision process for the customer. Take a look at Migadu as an example of simple pricing - how many emails do you need to send per day? Many of your pricing components are items that most users will simply not know at the onset of the signup process to make a valid comparison.

Fastmail is the best webmail outside gmail.

Fastmail provides webmail that is faster to sync than gmail (seriously; I use fastmail for personal and gsuite for work all day); a calendar; and a nice little notes utility. Be warned it's fidgety to sync fastmail calendar on android because you'll have to use a 3rd party app. But again, worth it to de-google your personal life.

I'm a little bit skeptical, because you present very little information. Maybe it's all in the signed-in area?

1. I don't see anything about DMARC (DKIM, SPF) setup for your users. Do you provide DMARC?

2. Do you use shared ip's for all your users? If yes, how do you make sure my emails don't land in spam-filters, because of other users behaving badly?

3. Do you have a system in place and already experience to behave differently to different email hosters (e.g. send emails differently to gmail, yahoo or gmx)?

4. Do you provide spam-filters for incoming emails?

5. Do you provide support for email encryption and signatures (might be trivial, because it's part of the client, not sure about this one)?

6. What are your availability and reliability guarantees? What is your average/90%/99% delivery time and how often do you eventually drop an email? Will you inform me, when that happens?

7. How do you store my emails? Is strong encryption in place?

These are questions that I would want to have answered before signing up for such a service and they are the things that distinguish you from simply self-hosting emails for that money. It's also the reasons why I sometimes have to get emails from friends using their own domain from the spam-filter.

Sending emails is way harder than most people think (source: have worked in email infrastructure of a company sending billions of emails per month). Problems come especially, because email response codes are used differently across email hosters and it gets especially tricky when multiple independent users send emails over the same ip.

1. We require SPF, but don't have DKIM/DMARC yet. DKIM as far as I can tell doesn't actually... do... anything, but I need to look closer.

2. Same way anyone does it, I'd assume. Shared IPs, rate limits on sending, banning users who send spam emails. I'll likely need to hone exact approaches more.

3. Not that I know of? The mailserver I'm using might handle that.

4. Yea, fairly generic Spamassassin setup that I'm tuning.

5. I think signatures work through Roundcube, and maybe clientside encryption too.

6. I don't have SLAs yet (it's a beta!). My architecture allows for continuous deployment with no planned downtime, though. Delivery from gmail -> my servers and back seems to take about a minute as far as I know, but I can't answer the delivery time metrics without more data. You should get a bounce email on final delivery failure, which should take a maximum of about 208 minutes.

7. They're stored encrypted and compressed in S3, with an encryption key based off of a derivative of your password. Specifically: The encryption is AES/GCM with a per-message key encrypted by a libsodium crypto box, whose private key can be retrieved with a derivative of the user's password. The bucket also has AES-256 encryption in place.

Good questions! I'm going to work on documentation tomorrow. And yea, I realize that sending emails is going to suck.

Thanks for the quick and honest answers :)

About DKIM: It adds another layer of authentication to the email by adding a signature. It being absent isn't really a bad indicator, because unfortunately email headers might change during delivery. This will invalidate the DKIM signature. But it being there is a strong positive that the email comes from the domain it says it does. From another perspective: An email that might be filtered as spam without DKIM is more likely to go through with a positive DKIM result.

Don't SPF/SSL also provide proof that email comes from where it says it does? As far as I can tell, DKIM's advantage is to allow for direct message forwarding (not remailing), which is a fair use case, but pretty specific. In return it introduces a fair chunk of complexity to do right, with signing and message key rotation and keeping track of who you gave keys to.

SpamAssassin assigns small positive scores for valid SPF/DKIM/whatnot headers (and larger negative for lacking either), but it's not really an effective spam deterrant. Spammers can set up their own domains that pass all the checks (although I've heard they're having good times just sending from Gmail).

SPF authenticates the envelope-from domain, while DKIM authenticates the header-from domain. They're both useful, specially coupled with DMARC.

DMARC authorizes recipient servers to outright refuse email from your domain if it does not contain a valid DKIM signature, and/or comes from a non-authorized IP.

In short, SPF+DKIM+DMARC prevent email spoofing from your domain, protecting you from backscatter and reputation degradation.

For shared IPs -- suppose I am microsoft.com and I send official email through your service. I set my SPF record to the IP address you give me, from which all my email gets sent.

If that IP is shared, what's stopping someone else from signing up with you and then sending email that purports to come from microsoft.com?

DKIM/DMARC are fairly important. SPF, not so much, except as it pertains to DMARC.

It’s awesome that you’re providing an affordable service for custom email domains, but it’s worth pointing out that Zoho has free email for custom domains. There’s plenty of good reasons people choose different email providers, but if cost is your main concern, then you’re competing with free.

I once spent an evening trying to establish an account on Zoho. It never worked. Free is not free if it requires hours of your time and causes frustration.

According to Zoho's web site they don't have a free option. The cheapest one is one euro/month per user - not expensive, but not free.

Scroll a bit down and you'll see a "free plan" (above the FAQ).

It's not that easy to find, but it's there. As long as you don't care about using third-party clients (free plan has IMAP/SMTP disabled), it's a viable option. I've used it for a year or two before I've switched to FastMail and it worked fine.

There is a free plan on their pricing page [0], but this free tier is web access only.

[0] https://www.zoho.com/workplace/pricing.html

And because it's web access only, portability of email data is impossible (or crude and cumbersome).

Yandex offers custom domains similar to G Suite, for free. So if people want a free option, even just to try this concept out, I can say that is a formidable option.

If you have a problem with AU's law, I don't see how moving it to Russia is an improvement.

Valid concern, but I'm mostly pointing this out in the context of the parent comment. Emphasis on the fact that it's free, and may be a decent stepping stone for those interested in custom domain email.

Russia is unlikely to cooperate with the US government for the foreseeable future.

Well, you can be sure that Russia won't share your data with the US or UK unlike the Aussies! ;)

> Let's get straight to the point:

> We sell email.

You do what with my mail ?

Hah, you're right- that's terrible phrasing.

I only took a brief look, but I like the premise. The service seems far from something I would trust with handling my email. I still trust Fastmail (for reference). But I strongly welcome more alternatives to Gmail and services which prioritize user privacy. The attempt at monetization strikes me as extremely premature, given the competition. But I hope to see more.

> The service seems far from something I would trust with handling my email.

I think that's entirely fair. This is a pretty new project, and trust is built over time.

> The attempt at monetization strikes me as extremely premature, given the competition.

Free email services leave a bit of a sour taste in my mouth, since you're not the customer. I'd also have to put more work into stuff like adding hard caps to prevent abuse, but my thinking so far is that email really isn't something you should fuss over storage caps on.

It might be ultimately necessary to attract people (although Fastmail doesn't have a free tier), but I'll get there when I get there. I'm content to take it slow for now.

> Free email services leave a bit of a sour taste in my mouth, since you're not the customer. I'd also have to put more work into stuff like adding hard caps to prevent abuse, but my thinking so far is that email really isn't something you should fuss over storage caps on.

Thank you! I love being able to just pay a (modest) fee and not have to worry (as much) about perverse incentives. It fixes or minimizes so many problems.

Paying for GSuite (as you are for Fastmail) would also equally respect your privacy.

The problem is the level of trust. I don't trust Google, as an advertising company with a side business of technology, to keep its paws off of user data even in "anonymous" form. That's not malice; it's just temptation. There's way too much to gain, from Google's perspective, and comparatively little to lose by not keeping that wafer-thin wall intact.

FastMail, et al, alternatively aren't primarily engaged in the advertising business so they'd see a very small return from violating that trust and massive losses, so the gain/loss relationship is inverted.

What scares me most about gmail is the fear that one day an algorithm will decide I'm doing something wrong and terminate my account and no prospect of appealing the decision.

Do you think that Google would intentionally violate their contracts with various huge companies (Broadcom, BBVA, Colgate-Palmolive, etc) gain a little bit more advertising revenue? If nothing else the personal lawsuits for securities fraud against executives would be a huge deterrent.

I strongly doubt that they would, but it should be noted that them doing so would be extremely difficult to prove, and even harder to identify in the first place.

I see no reason why Google would treat various huge companies the same as my one person setup even if we all nominally use the same product (and anyway I'm pretty sure Broadcom et al. haven't signed up using the same web interface I would use).

Google, Amazon, Microsoft and all the other major SaaS providers certainly have strict controls to prevent misuse of customer data. Pretty much all companies end up signing up for products the same way, at least with the companies I've worked for.

You are vastly overestimating how much that information is worth to Google. Their average revenue per user is a pittance compared to the $5 per user per month you’re paying as a GSuite customer. They’re strongly incentivised to make sure your data isn’t misused in any way. It’s not worth jeopardising hundreds of millions in future revenue to show slightly more relevant ads to a handful of folks.

The strongest endorsement I’ve seen for GSuite is that even direct competitors to Google have no issues using it. They trust Google with their data that much.

> If anyone's considering moving their email addresses over this, please take the time to get your own custom domain to host email on. That way you can switch providers more easily and actually own your email address.

Seconded. I'd also add make that domain a .com, .net, or .org.

Yes, some of the other TLDs are cheaper, especially since they started making TLDs for almost everything. But spammers have jumped all over those, using them in from and return addresses. I suspect that a fair number of people have black holed email from entire TLDs due to this.

I know I have. I'm currently dropping all email from domains under: accountant, bid, christmas, click, club, cricket, date, download, faith, gdn, gq, help, info, link, loan, men, party, press, pro, racing, review, science, site, space, stream, team, top, trade, uno, webcam, website, win, work, xyz, and zone.

I am paying for personal email, internet connectivity, virtual servers and other services, and I don't think I would ever use such a service for personal purposes that isn't flat-rate. I don't actually use a lot of resources; I just wouldn't want abuse, security issues or other irregularities to threaten my ability to eat.

I'm not sure it's a winning proposition to have variable rate email services aimed at individuals or small companies.

People prefer to know up front what something costs, and I imagine they even rather pay double or triple the "real cost" if it means they don't have to think about it any more.

Zoho Mail is free, thus a "cheaper" custom domain email provider than your "cheapest" paid service, which charges per email received (wtf?!) and sent (i guess..).

For anyone thinking Zoho Mail might be a good idea based on this, I'll save you some time. From https://www.zoho.com/workplace/pricing.html:

> Up to five users.

> 5GB/User, 25MB attachment limit.

> Web access only. Email hosting for single domain.

That "Web access only" is pretty crippling.

As someone else pointed out here, Zoho Mail is web access only on the free tier. So you cannot move your emails to another provider unless you pay. So it's not really free in every sense.

So I'm in the market for this, but what if you shut down while I'm on vacation and not checking my email?

I know that fastmail will be in business in two years, but I'm not so sure about you.

If you offered some sort of auto-backup option, so that even if you went down I could take my mail elsewhere, that would be more compelling.

I really can't imagine shutting down with anything less than 6 months notice. Do people really do that?

The infrastructure I'm running on really is pretty cheap. The biggest expense by far are the databases, which run about $250/month for two. If I had to pay out of pocket to support even just a few users for a year, I'd do it.

Anyway I think the best paranoid option (no matter what mailhost you're using) is to set up automatic forwarding to a backup address. Or you can use imapsync [0] from time to time, which is a bit finnicky but gets the job done pretty well. (I actually might try putting up a quick web interface for imapsync sooner or later to cover import/export use cases.)

[0] https://imapsync.lamiral.info/

> automatic forwarding

Misses sent mail though...

> imapsync

If the emails are deleted on the server doesn't the client just delete them too?

If you use mbsync, you can disable deletion synchronisation from the server (or disable it entirely).

Does Fastmail offer an auto-backup option? Or any other email provider?

You can auto-download from just about anywhere that provides standard IMAP access!

Bron, I do (kinda) take backups of my FastMail account via an Outlook sync occasionally, but I'd really much rather you also had a Takeout-esque "one and done" download that included calendar and contact data and all. For my major online accounts, I like keeping an archive of these, compressed and dated.

Is there any chance FastMail will implement this anytime soon?

Even POP3 should suffice for backups. It downloads the complete emails by default anyway :)

POP3 is tricky when you use server-side rules to file emails into multiple folders. You can use + login to fetch each folder individually, but IMAP is definitely nicer to work with. And of course JMAP is coming!

I use offlineimap (https://www.offlineimap.org/) weekly to backup my email from FastMail.

Some DNS providers, along with things like HTTP forwarding, provide email forwarders as well. To you can set-up yourname@yourdomain.com to forward to your 'real' mailbox address.

I've done this for years, with it forwarding to my gmail account. I never actually send an email of the @gmail.com variety.

But you can't send "from" your address with that method. Replying sends from your Gmail.

Yes you can. You have to jump through a couple of hoops to get there, but you can. Look for "Send Mail As" under "Accounts and Import". If you have to put in SMTP details, put in gmail's own SMTP server.

This is the exact same setup I have. Main downside is if I use a third-party email client like Outlook or iPhone’s built-in mail app, I can’t select the from address. Which means I have to use Gmail‘s horrible iOS app which doesn’t seem to work offline or cache anything locally. Still the best overall setup I’ve found, but far from perfect.

That sounds pretty much like spoofing to me and not as actually sending from that address. Or does Gmail also give you the option to add the necessary DKIM and SPF records to your domain?

‘Actually sending from an address’ is a concept that doesn’t exist.

If you want, you can limit the hosts that are allowed to send mail coming from your domain using SPF. Google does not control your domain so they can’t force, forbid or give your the option to do anything, but they do have a supported way for you to add their servers to the list.

This is all legacy though, if you set up a new alternative address you have to allow Gmail to send the messages through your own SMTP server.

I was just paraphrasing the concept of authentication for email domains. That's what DMARC is doing and why I mentioned DKIM and SPF.

I was unaware gmail free has a supported way to add the correct SPF records. Though thinking about it, even unsupported might be as simple as regularly scraping them from gmail and hosting them on your domains DNS records.

But they probably don't support DKIM through that (now legacy?) hack, which granted, isn't that important if emails come from a gmail mail server.

I think that's the point. People who don't trust Google don't want their emails going through Google's mail servers.

Sigh. I think we're drifting off topic. Back to my original comment, some DNS providers offer mail forwarding as a service for your domain.

It can forward to any email account/mailbox. e.g. Fastmail or ProtonMail or whoever.

I just happen to use to to forward to a gmail account. I think mentioning that was my mistake given the current sentiment as it distracted from the point I was trying to make.

@Sendotsh then pointed out what he thought was a limitation in using Gmail this way, which I responded to, and here we are. :-)

Can anyone comment on good/bad domain extensions? Ie, aren't some domain extensions bound by odd nation specific rules? Namely, the ones that represent countries that we like.

I have a `.la` but I'm unsure if I want to put my email behind it. Thoughts?

I generally recommend .com. You can still get a pretty decent domain name if you try a bunch of options and put some thought into it. (It has to be 5 letters or above; I recently confirmed that every 4 letter or fewer domain name is taken.)

.com has legitimacy, it's not going to have hiccups (some country code domain names are pretty iffy, like .io had issues a while back), and contracts with ICANN ensure it's not going to extort a huge price out of you.

Yea, perhaps I'll snag the .com version of me .la - I'm keeping my .la for naming reasons, but I just don't know if I want to bet email on it. Appreciate the comments, thanks.

Have you tested your service using https://www.emailprivacytester.com yet? I would do it myself, but you don't seem to have a free tier


Am I missing something? The domain dropdown has no options and all usernames are taken.

Yup, I completely messed up there. I just bought a couple of cute domain names, but apparently completely forgot that the production database is not the development database.

It's fixed now, sorry.

It says the following on that page:

>You can add more users (and any domains you own) later if you need them!

>If you later add custom domains, you can reset your account with those too!

I've heard so many arguments against this, I don't know where to start.

Make sure, for starters, that if you use a custom domain for your email, you use a registrar with stellar security practices, as opposed to Namecheap, Godaddy, and many others that have shown deep flaws with vulnerabilities to social engineering. Otherwise, once someone has access to your domain, they have access to your email, which is the keys to the kingdom.

What registrars would you suggest?

Cloudflare is in the DNS business now as well. It is pretty straight forward.

Gandi, Hover.

I just need a quick and dirty redirect. I suppose your webmail client supports that, right?

It should support that through Sieve (filters, basically). If you want to redirect a whole domain, that's a routing level function.

I’m yet to hear if anyone using WorldPosta which is competitive and using MS Exchange

Do you recycle emails like Fastmail once people stop paying?

Yes, which is part of why I recommend getting your own domain. (Although you gotta pay for that too.) Is that a big issue for you?

"Recycle"? Does that mean that abandoned email addresses are given again to other people? That would be terrible practice. Hope I misunderstood.

All of the big commercial email providers do that.

Google is perhaps the biggest commercial email provider and they never release old usernames. That would be a huge security problem.

Google will not throw away any chance at regaining their lost product (you). So certainly, they are the exception. Without user data, Google would no longer provide email. If someone else starting using your identity, then their tracking, big-data and stats would be less useful.

Of course. It's a security nightmare.

THANK YOU for this, I will definitely check it out. The pricing of most email platforms, including FastMail, is simply ridiculous. And if you complain they'll tell you that, well, all other platforms cost rougly the same! It's basically an oligopoly.

Yea, that was my reaction too some months ago when I was looking to move away from gsuite, which was beginning to get ridiculously slow and expensive. (Seriously, what is gmail _doing_?)

We have this weird dichotomy in services pricing that's either free or pretty expensive. If you're a free customer, you're not a customer. You're a potential customer in need of sales. And everyone is looking for the features they can put behind a pricing gate.

Let me know if you run into any issues!

I love the honesty on your website. I feel like I'm being treated as an adult. Signed up.

Please don't change, even if you get much bigger.

Well, thanks. Feel free to let me know if you come across any issues.

I'll definitely try not to become full of bullshit :). I hope it's not as inevitable as it seems. (It probably helps that there's no VC funding involved, and I can stay small.)

Related: Mozilla may treat Aussie staff as 'insider threats' to code base



shouldn't all staff be treated as threats really? esp on projects with global impact(and hence global interest in compromising)

Given Yahoo's experience, yes.

The guy in charge of security and data access had a backbone and a reputation, so when somebody wanted a backdoor they simply went around him and got other people to hide it. (Which, of course, meant that the experts didn't review it and the thing was insecure.) I don't think Mozilla is wrong to treat Aus staff as a possible source for government privacy intrusion, but by that standard they really ought to view US (et al) employees as risks too.

Of course, the Yahoo compromise was allegedly approved by Marissa Meyer and corporate counsel. (Which suggests some ugly things about trusting behavior up the corporate ladder.) I guess that could mean Mozilla expects a US intrusion to show up at the executive level, while an Australian intrusion would be more likely to threaten random employees with legal consequences.

Yes. It was part of why certain assurance activities were in TCSEC at B3/A1 levels. It's why they had to model every behavior, every information flow, allow independent replication, and allow building from source locally. Leaves little room to hide backdoors.


DO-178C also traces code to requirements to spot dead code or back doors.

Don't know why this got downvoted; it's difficult and expensive to build systems that require multiple coordinated actors for critical changes, so few companies do, but that doesn't mean it's not a risk.


Yes. The number of cases were insiders were suspected or proven to be part of some issue is quite large. And this includes executives.

The way you get this to end is by annoying the common people of Australia. The Internet death penalty would be one way—have FAANG completely stop doing business in Australia until this is repealed, and block Australians from their services. No Facebook, no new copies of Windows, no new Macs, nothing that runs on AWS. It’s a small enough country that it wouldn’t really be a dent in their bottom lines. Congratulations, you just got most of a country to angrily write their parliament-critters.

> Congratulations, you just got most of a country to angrily write their parliament-critters.

Yes, and you also got every single other country in the world to take notice and to wonder what would happen if the same happened to them... leading to ad hoc legislation, actively looking for alternative providers, and a surge of new, sometimes govt-backed competitors (you know, in the name of national independence). Not to mention that all your existing competitors will start yelling “we would NEVER do that” at the top of their lungs.

The FANG may be as powerful as big nations, but event the biggest country needs a very good reason to declare war —and defending privacy isn’t it.

> […] and a surge of new, sometimes govt-backed competitors (you know, in the name of national independence).

Not sure if this is worse or better than FAANG. I can see the appeal though.

Cloud Service Providers have an intrinsic, shared/common interest in maintaining the easy cross-border operations and transactions.

So were they to coordinate - just as some big providers did around SOPA/PIPA, then they would have some impact. Otherwise of course no one will risk such a move.

Apple, though not a CSP is pretty much interested in keeping their privacy game going. (Which might not mean much outside the US for customers.)

> and a surge of new, sometimes govt-backed competitors

Eh, if you build it, they won't necessarily come (e.g. google+).

There’s no alternative providers.

Countries don’t have the power to dethrone FAANG.

There may be no global, credible alternatives now. There would most certainly be local, semi-credible alternatives gaining ground shortly after such a move. If the biggest, most entrenched provider suddenly disappears... well that’s going to give some ideas to a lot of people.

There are other search engines (maybe not as powerful as Google, but if you don’t have a choice...). There are other e-commerce platforms, and there are a shitload of cloud providers. There are other high-end phone and laptop manufacturers. There may not be a credible FB alternative (but I’m not shedding any tears over that). The only real crazy-hard-to-replace infrastructure IMO is the App Store duopoly.

As another poster pointed out, there are countries (Russia, China) where credible alternative providers evolved because FAANG were not allowed to enter the market. In time, the same would happen if they were to leave a market.

China never allowed them to ascend the throne in China in the first place, because it's very firmly reserved for the CCP.

> Countries don’t have the power to dethrone FAANG.

Tell that to the countries that already block them.

You may not realize:

AWS has a data center region in Sydney, AUS

You'd think that they'd want to close that sucker.

Does amazon own and operate it?

Yes? Of course they do.

Why "of course"? At one point in time (and this is probably still true), AWS was a client of various wholesale (and even wholesale/direct to consumer) in some regions. Equinix, Tata, Digital Realty Trust, ...

AWS is is big, but there are a number of much bigger players.

Operations can mean anything. If Amazon has staff at the location and exclusive cage access, and only dark fiber and electricity coming in, then it doesn't really mean who owns the physical site.

If AWS outsources physical security to the DC operator, and doesn't enforce other kinds of operational isolation, then it's of course doesn't matter what else AWS does there.

Not completely a given; their China footprint isn't directly them.

It's amazing to me that the people who write these laws are the least capable of understanding their impact.

If I am reading FastMails statement right, they have been forced to add backdoors to their codebase and not been allowed to tell their team about it. Only a lawmaker who has the technical acumen of say, my grandmother, would decree something like that and think it was a good idea. Australia deserves better than these clowns. Then again, I live in the US so...

We haven't been forced to add anything. The problem is that if the law says that we __could__ be forced to add something and not allowed to tell our customers, then there's no way for somebody to tell if we're telling the truth.

We pride ourselves on telling the truth to our customers, and we're quite clear that if we receive an Australian warrant for access to information about one of our customers, then we respond. That's different from adding backdoors.

Our submission asks that the law be updated so we're allowed to talk about any surveillance capabilities that we may be asked to add, but not about which users are being surveilled. That way our customers know exactly what we are capable of.

Right now we haven't received any capability requests (TCN) which is the bit we're concerned about, because if they required us to add features to the product without telling all staff about them, that would make it hard to maintain and ensure security as things were refactored. And any staff who DID know about it would have to be extra careful about what they say anywhere, because they could inadvertently leak something about the capability.

We expect the law to be updated soon, and hopefully this will be addressed. Until then - honestly, nothing has changed. We still operate under exactly the same process - if we receive a warrant from Australian Federal Police we respond. If we receive any other type of request, we point them to the AFP and the mutual assistance treaties that are appropriate. But it's impossible for you to verify that, because if something HAD changed, we'd have lie - and that's frustrating to us.

> Right now we haven't received any capability requests (TCN) which is the bit we're concerned about

I would be INCREDIBLY cautious about making statements like that. The penalty for discussing the existence or nonexistence of a notice under the new legislation is 5 years imprisonment. You can give 6-month statistical information, but you should have stated it that way if that's what you were doing.

I really, honestly hope you spoke with your legal council before making statements like that (I personally will not make statements like that until I get legal advice about how it should be stated to avoid a 5-year conviction).

Given that you're able to inform us currently that you've not received any capability requests, would it be legal and feasible for you to set up a warrant canary? I don't know if Australia has the same protections against compelled speech as the US [1, 2] which theoretically allow one to function, but if so, it might help encourage people to stay.

[1] https://en.m.wikipedia.org/wiki/West_Virginia_State_Board_of...

[2] https://en.m.wikipedia.org/wiki/Wooley_v._Maynard

Warrant canaries are explicitly disallowed under this legislation (you cannot comment on the existence or non-existence of a notice and there are strong restrictions on what sort of statistics you can provide).

In fact, I'm a little worried that they just said they have received no TCNs -- while you can provide aggregate statistical information over a 6-month window, if you get it wrong you're looking at a 5-year gaol sentence.

We have no real free speech laws (there is common law about it but that can be overridden by legislation). There is freedom of political speech, but that's a much weaker bar. Funnily enough, parliament has actual freedom of speech.

The second sentence of this comment is the only one that matters, unfortunately.

Yeah, I know - that's pretty much what we said. There's no way to distinguish between the two as an outsider. We're really strong on not doing security theatre nonsense:


So we're not trying to pretend anything about the legal framework - when we said "nothing will change" up front, we meant it - and when we say "nothing has changed" now, we also mean it. But we can't pretend that we couldn't be forced to say that if things had changed either, because that would be dishonest.

I was wondering, with these new laws, did FastMail consider to operate (partly) in other countries?

For example if FastMail has servers in Amsterdam (NL). Would it be possible to let customers decide on which servers they want to host their mail, so that it falls under the local (or EU) laws?

Thank you in advance for taking the time to reply here.

With the caveat that I'm far from an expert in this domain, as I understand it FastMail would have to comply with the laws of the country they're based in, as well as any country they'd have as customer or hosting provider.

I imagine the only solution is to move the entire company to another country, but I'd very much like to hear from people who do know what they're talking about.

Unfortunately "mercer" below is right - we need to comply with the laws of Australia regardless of where our servers are. The "Amsterdam server" idea is a red herring that doesn't change the legal landscape.

> The problem is that if the law says that we __could__ be forced to add something and not allowed to tell our customers, then there's no way for somebody to tell if we're telling the truth.

Why not report the opposite on a regular basis?

"We're happy to report that we haven't been forced by authorities to implement a backdoor in our systems."

That way, when you stop writing that every week or month or what have you, everyone paying attention will know you've been forced to add a backdoor and might be gagged.

Warrant canaries are unfortunately illegal in Australia in this context [1].

[1] https://boingboing.net/2015/03/26/australia-outlaws-warrant-...

They are illegal, but you're posting the wrong link (that's about journalist warrants). The legislation in question explicitly states that you cannot comment on the existence or nonexistence of a TCN, TAN, or TAR.

If you regularly report "We don't do X" and then cease reporting, it's equivalent to saying "We're now doing X".

To be fair, this is basically the software developer's dilemma in reverse. You're building out systems for areas of business with no domain expertise. End users constantly wonder why the developers built the software in such profoundly stupid ways.

Lawmakers face the same problem in that they're barraged with constant problems from completely different fields that they're unlikely to be subject matter experts in. How do they learn about it? By consulting subject matter experts. Who are these subject matter experts? Well established businesses in their field. This can lead to laws that are incentivized towards large businesses. That's just considering a situation where everyone is working in good faith.

Now consider lawmakers having to cater towards what is currently trending with the populace, kickbacks from companies, pull from different governments/organizations/political parties etc. And it's easy to see why politics is the way it is.

> By consulting subject matter experts.

Experts were consulted, and ignored. A lot of experts came right out and said these laws were insane. The Australian tech industry were not in favour, and the consulted experts were not favourable.

However, the experts that were listened to were the ones who worked for ASIO, who said that these laws were absolutely necessary just for the agency to continue operating, and it was urgent that they were deployed in the last few days of Parliament. So the laws got rushed.

If I had two experts, one of whom was security and one of whom was business, and they disagreed with each other, I would also be listening to the security expert first.

After all, there have been major catastrophic failures because some IT tech followed the orders of a CEO to give them access to a mission-critical system from their insecure home PC. Isn’t that essentially what the whole “but her emails!” (and, it turned out later, his emails) was all about?

Expert shouldn’t be counted in number of votes for/against... If you have FastMail and Atlassian, biggest and most successful startup of Australia who relocated to UK, telling you off with the CEO taking a public stance that the government is crippling progress, then it’s not hard to listen: Your economy will lose big.

It shouldn't work like this either. If two major chemical companies threatened with relocation and their CEOs told the government it is crippling progress unless it seriously relaxes environmental protection laws you wouldn't want the government to just back down.

At best you have some independent experts with no stake in the game, but even then politics will often result in a compromise that is suboptimal for all involved.

You're right. You'd want the government to approach with extreme caution when you have two largely conflicting opinions emerging. You'd want amendments to try and balance need and impact.

Unfortunately, this was rushed through in a matter of days, and in fact the Parliament doors were locked to force an immediate decision, trying to make people throw caution to the wind.

I’m not counting votes either. I’m saying that for all the flaws in how this law was made, the one thing that wasn’t wrong was putting national security over business interests.

(Probably didn’t actually help national security, but that’s a separate problem).

> Experts were consulted, and ignored.

This led to my point, though I made it in a roundabout way. None of these laws are made in a vacuum. When you get a law that seems to cause undue harm to industries or to general consumers, it's unlikely the case that lawmakers wrote up something due to negligence of the issues, but because another entity specifically pushed to have these laws written in this way.

I would expect anybody worth their salt to consult experts from said field they with to bridge into. Otherwise, why the hell are you blindly passing out laws? Sheer incompetence.

"Our particular service is not materially affected as we already respond to warrants under the Telecommunications Act."

I'm reading that as "we don't encrypt customer emails, so we already had to share them." That's consistent with what they've said in the past.

To be fair, they also explicitly point out in their docs that encryption on their end is pointless (since they have the keys) and that you should encrypt your e-mails on the client side with something like PGP (where you control the keys).

E-Mail sucks, that's all. Fastmail is transparent about it and does a good job.

(PS: I still think that they encrypt their storage servers, but again, this will only protect against someone physically taking away their servers, not against a warrant or an intruder.)

Exactly correct. We already share customer emails under limited circumstances and for explicitly requested accounts only (we've never participated in dragnets and we don't believe this legislation will require us to either).

We have a standard process for verifying each request with the AFP and ensuring that they have followed due process to get a warrant for the data. We strongly support (also spelled out in that submission) keeping judicial oversight of requests - which this legislation does still require for the access requests themselves - hence saying that nothing has changed for us, since we have existing capabilities and we already respond to legal requests.

Due process is not the only question though. FastMail users will also be wondering whether the content of their email has to comply with other laws made by the very same lawmakers that have just shown their complete disregard for privacy and a shocking level of technical incompetence.

They understood the impact.


They just put their own political skins ahead of good government and passed a law that they knew was flawed. There's been no mention of the touted amendments to fix it, as there is a federal election looming and if either side of politics proposes an amendment, the other will take the opportunity to manufacture a scare campaign and score political points.

> If I am reading FastMails statement right, they have been forced to add backdoors to their codebase and not been allowed to tell their team about it.

No, that’s not what they said.

Such statements can hurt a business and in this case it would be a pity since the business in question is doing everything they can to serve their customers.

Thank you :)

That is indeed not what we said - though we were pretty sure we would be taken out of context and the "there's a risk of somebody being asked to do this and that creates staff uncertainty" would be seen as "we've definitely already done this" :( Unsurprisingly, that's happened.

If I remember correctly from their statement on this issue before they were baaically unaffected by the new laws as they do not off end-to-end encryption, so they were already open to lawful intercept requests.

Email services claiming e2e encryption are snake oil.

It’s interesting to me how a demographics like that of HN can fall for it.

Agreed. But having encryption at rest on your stored email would be a decent feature.

Now it looks like if FastMail added that, they could be compelled by the government to break it anyway, without notifying the user.

Mailbox.org has a feature like that, where all incoming messages are PGP encrypted to your public key when they're received so there's only a small window where they have the plaintext (and the plaintext isn't stored long-term nor is it stored in a way where they can decrypt it).

The problem is that fundamentally email still provides them the plaintext -- so they wouldn't need to add a new capability or break the design of their at-rest crypto, they would simply have to stash away emails that were requested by a warrant.

The problem is that e2e messaging applications, where there is no way for the server to do this, are going to be in quite serious trouble. They would need to re-design their crypto so they can add additional "backdoor" device keys that let them access the messages, or provide backdoored binaries to the relevant target. And that's what TCNs will be used for -- to compel those kinds of backdoors.

So when I send my gpg mail, it’s not encrypted?

Yes, it is.

But if this is a feature of a mail service rather than a mail client, then the service has the keys and, given GPG has no perfect forward secrecy, they have the ability to decrypt all emails you send and recieve.

If you go down the road of the mail service owning a mail client that promises e2e, then the issue moves to worrying about the code that runs on your device. If it's webmail, the JavaScript can easily be changed, so you really want a thick client. Then you need to worry about the thick client sending data that it's really not supposed to i.e. can it read your key and send it to $vendor?

Even then, GPG without Perfect Forward Secrecy means that when your key is brute forced or side channel attacked, which we assume will happen, you lose all your secrecy, so you need to think about this as a temporary state.

Note that the key could be client side and the email service could encrypt the email in a way as to not find out your private key.

However, and this is key, a majority of email is sent and received unencrypted via their servers, because that's just how email works.

In other words, email at rest might be encrypted, but most of the email in transit is not. This means that a man in the middle (e.g. the NSA) can still intercept all your communications.

And even with PGP encryption, which is e2e, the meta data is still unencrypted because that's what the email protocol demands. Having the ability to see whom you're communicating with, that's enough in many cases.

Email is simply not a good solution for e2e encryption. If you have secrets to protect, there are now other solutions available, like Signal and even Signal has some issues (like its reliance on phone numbers for identification).

In any protracted discussion of US politics, it's pretty common for someone to raise the point that other countries have better voting systems than the one we use, where a winner-take-all paradigm inevitably devolves to a contest between only two dominant parties, and where there is little incentive for the victorious party to form a working coalition with the other. Australia's use of ranked-choice voting is frequently cited as one area where our first-past-the-post system is behind the curve, and in fact we're starting to consider adopting ranked choice voting in some limited areas [1].

We also hear frequent arguments in favor of Australia's compulsory voting law as a way to combat the sort of voter apathy that led to the... unexpected outcome in our last Presidential contest.

Stories like this serve as good counterpoints for Americans to raise in those debates, I think. Yes, Australia has implemented a number of progressive electoral reforms... but those progressive electoral policies are obviously not getting them better leadership or better laws. So why should we, in the US, follow their example?

[1]: https://bangordailynews.com/2018/08/28/opinion/contributors/...

That's an interesting notion. Not to follow this tangent to far, but I think that most likely it is a more representative democracy. If you were to ask the people in the US if they want a bill that would allow law enforcement to "read the private messages of terrorist", I'd guess that most people would say yes, not knowing or understanding the ramifications of what the law would mean, or what a clear definition of what terrorist are.

But to the point, I do agree that mandatory voting may be actively harmful as it values all degree of civic engagement the same. That being said here in the states we have actively installed barriers to make voting more difficult. We aren't really getting better leadership or better laws from it.

well, australian voting systems aren’t exactly progressive (it’s just a few steps above the worst case), and neither is the voting populace

id say our government matches closer to our electorate than what the US government does, but we still have only 2 major parties which severely limits choice. there are ways to combat this (NZ, Germany for example)

this example is also a fairly poor one, because it’s possible this law came as a “test the waters” as part of 5 eyes, so it could be followed in other counties. where spying and secrets are concerned, we shouldn’t draw too many conclusions because we don’t know all the facts

It doesn't necessarily have to be enacted in other 5 eyes countries. The specific wording of the law said they can enlist citizens to put in backdoors at the request of other Governments.

Even more absurd is that it also mentions this regarding economic espionage purposes. They legally could ask a developer to commit large scale theft of industrial secrets from say Germany for the benefit of Canadian enterprises. Anyone refusing faces penalties in secret court rooms.

The open ended nature of the wording is staggering.

Actually the political logic on national security legislation here is a little more complicated and not really related to the electoral system or compulsory voting.

National security policy has been used as a wedge issue here in the last 20 years, like in lots of other places. So the raft of security legislation that's been passed since the conservatives took office in 2013 has actually been as a result of both major parties voting together. If the Labor Party (centre-left) opposes security legislation, they're painted as soft on terror, weak on border security, etc.

Security agencies have given a shopping list to the Liberal (i.e. conservative) government - data retention, citizenship, and encryption amongst others. The Libs have put bill after bill forward in an attempt to generate opposition from Labor and thereby get an effective national-security wedge. Some of them have been 'genuine' reforms but some have been less so. Labor knows this of course. But it's ahead in the polls and wants to be a small target come the election, so it has refused to bite. The result has been a bunch of shitty new security laws.

It can be wonderfully disheartening to watch, especially given that lots of people on both sides of politics know perfectly well that they're bad laws but can't say it out loud due to the the politics of it. They're not all idiots who don't understand tech.

So while the electoral system here has delivered slim majorities for successive governments (or indeed minorities at times), it's not really relevant here. When the major parties vote together the laws are going to pass.

Sorry if that's off topic but I find it very interesting, albeit depressing sometimes.

Australia is significantly behind the US in terms of tech, and Australian lawmakers are also significantly behind. Ignorant, and draconian. Not a good mix. With no Bill of Rights to protect people.

It's borderline funny how inept the Australian government is with tech. NBN cost a fortune, and still sucks. My Health Record debacle. New anti-encryption laws, and leaders who think they can change the laws of math. ScoMo forgetting to set his domain on auto-renew... It's been a mess.

* Victorian couple quoted up to $1.2m to connect to NBN Co's fibre service - ABC News (Australian Broadcasting Corporation) || https://www.abc.net.au/news/2018-06-07/nbn-co-quotes-couple-...

* My Health Record: privacy, cybersecurity and the hacking risk | Australia news | The Guardian || https://www.theguardian.com/australia-news/2018/jul/16/my-he...

* Scotty Doesn't Know: prankster takes over Scott Morrison's website | Australia news | The Guardian || https://www.theguardian.com/australia-news/2018/oct/19/scott...

* Prime Minister Says The Laws Of Mathematics Are Trumped By Australian Law || https://www.buzzfeed.com/markdistefano/turnbull-war-on-maths

Add to this how messed up the visa situation is in Australia, and the crazy high taxes they put on immigrants, and they wonder why their economy can't keep up and homes have dropped 20% in the last 2 years...

They coasted on energy / natural resources for so long, but didn't invest any of the money correctly into tech training / startup scenes. Now that China took their foot off the gas, Australia will be in for a world of hurt.

You forgot the last national census, where they decided our privacy was not that important[1], and they were liberally threatening everyone with severe fines if they didn't fill it out anyway.

So when the most predicable result on the planet happened and twenty million people all tried to fill out the online form on the "census" evening they claimed it was a denial of service attack.

The shame of it was, the ABS had a pretty good reputation up until that point (I believe). Now they're just another joke and have no good will left.

[1] And which today we discover they've cocked it up even more so. https://www.itnews.com.au/news/algorithm-flaw-meant-census-r...

Or the medical record system that's non-searchable since it's just all flattened scans converted to PDFs. Fun. Our tax dollars at work.

> If I am reading FastMails statement right, they have been forced to add backdoors to their codebase and not been allowed to tell their team about it

I interpreted it as they could be forced to secretly add a backdoor, but I guess if they are sworn to secrecy on it, who knows. Maybe it’s time for me to switch from FastMail...

> It's amazing to me that the people who write these laws are the least capable of understanding their impact.

Kind of makes you wonder about the other laws they write that touch things you aren't as familiar with...


I'm not sure what you are trying to say here. The party that pushed for these news laws is the same party that has been opposing real action on climate change for years.

So yes, we do deserve better than these clowns.

Over the past 20 years, most developed nations have been working to reduce GHG emissions, through multiple governments and across multiple industries.

Australia shirked responsibility during the Kyoto protocol, letting the rest of the world tackle this problem.

Australia's current government cannot be solely blamed for this.

Of those 20 years you mentioned, the party we're discussing has been in power for around 14 of them - and the 6 years preceding that. I'd say the party that has been in power for over 75% of the last 25 years - and has actively campaigned against acting to reduce emissions - is somewhat responsible.

But what I don't understand is the relevance of climate change to the topic at hand: the assistance and access legislation harming Australian tech companies. And I'm still not sure what your original point was ("Australia's abysmal record on climate change affords it no sympathy"). Were you saying saying that Australia's tech industry deserves to be destroyed because a slim majority of the country keeps voting for a party that is, among other things, hesitant to act to reduce emissions?

I'm a long time Fastmail customer and will consider moving over this. I would prefer Fastmail moved their servers and place of business incorporation to an encryption and privacy-friendly country.

Why? Fastmail always complied with warrants to get your data, so nothing changes because if this law. If you want to hide something, encrypt your e-mails before they reach Fastmail (and do the same regardless of provider you use, why trust anyone?)

There is the change that warrants are apparently not needed anymore. The PDF linked in the article says that there's now no judicial oversight over these requests.

I haven't decided myself if I'll switch, but if I do, it's more of a matter of principle. I just don't like how the world is becoming more authoritarian-like, and I feel it will continue to move this way unless people demonstrate their unwillingness to put up with such policies.

Because, at least to articles I've seen, this could be read as the requirement to implement backdoors. And that would be different than what FM did before.

I actually thought about switching over this, but I found no service that gives me the same features that FM has (fast web interface, calendar, fido u2f, aliases, send as aliases, custom domains, dmarc SPF and all those acronyms, good support) even if I would be willing to pay whatever (and I was grandfathered into the old $70/2 years plan on FM)

It's a signal to Australia as well as to Fastmail. I like Fastmail. American companies invert their corporate structure to avoid taxes. They become Irish companies with an American subsidiary. Fastmail can become a Dutch company with remote employees in Australia. If the law is seen has having negative economic impact on the tax base, perhaps it will change. Undermining encryption for some weakens security for all.

If I leave Fastmail, I think I'll most likely switch to self-hosting email with Helm instead:


For a family of four, the annual cost would be about half of Fastmail's standard plan.

Their servers are at the New York Internet (NYI) in Bridgewater, New Jersey, USA, with secondary sites in Seattle and Amsterdam. Should it instead be the country where the company is registered that ought to be changed? (How do you move a business across country lines?)

I’m sure Bron, Rob or Nigel will weigh in shortly. Fastmail is a damn fine service, I now trust Australian internet privacy even less due to recent law changes and this does concern me not just with Fastmail but as someone that designs and hosts platforms for software the organisation I work with writes - which is also in Australia.

This is covered in the article.

>“Our particular service is not materially affected as we already respond to warrants under the Telecommunications Act."

The new laws would apply to something like Whatsapp or Signal, which do not have the ability to access the communications of users (thanks to end to end encryption). Fastmail already has enough access that if a legal demand is issued they can hand it over.

I think point is, that with backdoor you don't need the warrant. Which opens the possibility of the abuse.

No, the new legislation's notices only are allowed to be exercised in order to fulfil the requirements of a warrant (or similar instruments that have judicial oversight).

Don't get me wrong, mandating crypto backdoors is obviously a brazen breach of privacy and opens the doors to all sorts of abuses. But plaintext systems like Fastmail won't be affected by the new notices because a warrant was already sufficient to get access to your plaintext emails.

FWIW, as currently legislated, the "backdoor" scheme still requires warrants to be issued for data captured under it.

Yes, that. The law allows for requiring new backdoors to be requested up-front, but still requires warrants to activate those backdoors for specific requests, and it still doesn't give firehose access. It's not as awful as it's made out to be by some, but it's still pretty ham-handed in some of its implementation, and that's what we're proposing they look at changing.

They can ensure something, but law is law. If Fastmail employees pressed by Australia authority, they must obey, doesn't it?

It saddens me when I’ve been a Fastmail customer for 4 years, happy with the pricing, happy with the service as a temporary resident my only way to make a stand about the laws is to move away from Australian service providers. I’ll likely start migrating mail shortly after purchasing a .dev domain.

If it wasn’t for my Australian partner I’d likely of left by now as tech work is limited here, severely behind places like London, currently feeling like it’ll be difficult to progress beyond where I am now within the AU. A lot of it is also now dubious big data, I.e what can we snoop on to sell you more or sell the data collected for dubious purposes.

Anyone know of a FastMail alternative? I was considering opening an account with them, but after reading this, I am concerned with the privacy implications, especially as I am trying to get off of Gmail.

The law has no privacy implications regarding FastMail: They always could, and had to, comply with legal orders for data. This is also true of Gmail and most other email providers. The primary difference here is that FastMail will only hand over your data in that scenario, but will never use your data for ad targeting or other corporate abuses of privacy.

ProtonMail and the like do more to protect you from the government, if that's your threat model, but you're going to lose out on a lot of features as well, because a lot of common expectations in email don't work with end-to-end encryption.

The new legislation does have implications for FastMail and privacy. Being spied on without any ability to review or intercede against the government's action via court is a serious loss to privacy.

Fastmail does offer any services that are affected by this law. Existing laws allow the government to get your data. Email is unencrypted so the government can get it. The law only affects things like proton mail because now the government can request you backdoor the encryption.

Posteo.de, run by a group of treehuggers so they make a big deal about how their data center is run by renewable energy, but they also care about privacy too. One down side is that you can't use your own custom domain.

And another is that I believe mail addresses are recycled. At least they were when I was testing their service a couple of years ago.

In my knowledge, among paid email services, only Runbox doesn't recycle email addresses. Fastmail, Posteo.de and mailbox.org recycle your address within a few months. I don't know what Mailfence's policy is on this. Are there any other paid and privacy focused services that do not recycle email addresses on their domains?


I switched from fastmail to migadu last week for my personal domain.

I've been using Migadu too. I have a bunch of other emails that I barely use, and would have been very expensive with other providers.

Yes I would have switched even if not for the new law just for that reason.

It also helps that they are based out of Switzerland, which has better privacy laws than almost every country out there!

ProtonMail? It supposedly has encryption that prevents ProtonMail from reading your email.

As long as they never silently introduce a backdoor in to the js app you are running. These new laws are purely to give the legal power for the government to request that.

If you believe that, yes. But that's not really novel. CounterMail had that a decade ago. Tutanota does too.

Using Thunderbird plus Enigmail for GnuPG, I can use any email provider, and be ~certain that they can't read my stuff.

> Using Thunderbird plus Enigmail for GnuPG, I can use any email provider, and be ~certain that they can't read my stuff.

Yes but no one can either :( In the last 5 years I received 2 encrypted emails, and thousands of non encrypted emails. The problem with PGP is that almost no one is using it.

Maybe the people you email with do use it though.

As I understand it, ProtonMail basically uses PGP. It just does it in Javascript or whatever.

But whatever. The ability to use GnuPG serves as a filter ;)

> As I understand it, ProtonMail basically uses PGP. It just does it in Javascript or whatever.

This means that maybe now the private keys are on your device, at any point in time they can update their frontend javascript code to get your private key and read all your emails.

> The ability to use GnuPG serves as a filter ;)

Yes definitely, I wouldn't get any emails at all anymore. Works great for Inbox Zero I guess.

> This means that maybe now the private keys are on your device, at any point in time they can update their frontend javascript code to get your private key and read all your emails.

That's the risk. By default, the filesystem isn't accessible to Javascript. But here, you've authorized key access for encryption and decryption. I suppose that Thunderbird and Enigmail could be modified to do much the same. But arguably that would be discovered quickly.

The difference is that Enigmail is maintained by an open source community, Thunderbird by Mozilla. Also the protocol your mail client uses to talk with your email server (POP or IMAP) don't really support the flexibility to send the keys over easily. As opposed to your clientside Protonmail client managed by javascript that can AJAX the keys to the mothership.

I looked at FastMail and ProtonMail. I ended up going with ProtonMail because they're in Switzerland.

I have successfully migrated to mailbox.org over Christmas and I am very happy with them so far. Excellent quality applications and web app, very reliable service and they use & support a lot of open source projects. They have a heavy emphasis on encryption and privacy.

Yeah, I was just about to open an account with them as well but I don't think I'm gonna be doing that anymore. It's unfortunate because they seemed to have exactly what I was looking for.

If you pay for GSuite as much as you would for Fastmsil ($5/month) you get the same privacy protections as Fastmail, along with better features (e.g. unlimited IMAP keywords per mailbox instead of just 128, better spam detection, etc.)

We only allow 100 these days... though I'm hoping that limit disappears once Cyrus IMAP internal datastructure changes happen. I bet Google aren't a fan of you having hundreds of keywords on emails either - but their data model at least supports it.

Well, one is a surveillance company that's always trying to get more data on people. One is a privacy-focused company with no stated interest in that. Both are in surveillance states with cooperation agreements. FastMail has the edge here short- and long-term.

Ideal case is one end-to-end protected in a country with stronger, legal protections for customers. ProtonMail fits that bill but lacks maturity. Some of us want our mail to definitely be delivered with a provider that will stick around long time. FastMail has the edge there over ProtonMail.

What privacy implications?

Why don't you switch to paid Gmail?

Not the person you're asking, but I don't "switch" to paid Gmail because there isn't exactly "paid Gmail". I would pay for the features of G Suite if I could get them to apply to my @gmail.com account - I don't want to set up a new account at a different domain. Said payment would eliminate advertisements from any Google service (exempting YouTube) where I'm logged in with my primary Google account.

i.e. I want paid G Suite to work like Office 365 Personal (which I do pay for), not Office 365 Business.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact