Amazing to reflect on how much goodwill Fastmail has cultivated with me just by being a reasonably priced, full-featured, competent-support-having service. I'm unlikely to ever do anything with the Fastmail API, but I still upvoted mainly because I'm enthusiastic about the company.
The problem with Fastmail is its based in Australia.
A big no no if you care about your privacy.
They need to backdoor every session to comply with Australian rules, and every Australian is forced legally to comply, even if in an international company.
It's really disappointing to see this comment second on a page despite the fact that yet again... the law has no impact on Fastmail and never has. This is the unfortunate impact of FUD, where clueless comments will carry forward wrong views for years, even in the face of overwhelming truth around it.
Fastmail is not an end-to-end encrypted service. There is no requirement to backdoor it, like nearly every other non-E2E service, the Australian government can just... send a legal request. Like they always could. Or like they can do with nearly every other email service.
Fastmail is a company providing email services. No company doing that can every give you privacy against a government looking at who you're talking to, when you're talking to them. Only a minority protect the content, and even then it's only when using a proprietary protocol.
The protocol itself prevents email from being safe privacy-wise. It feels weird to single out Fastmail for that.
This is correct. Fastmail have actually spoken about this, and their silence on any particular topic can possibly be seen as a canary. They're a great company trying to survive in a hostile environment. I really hope that the new Australian federal government will get around to winding back some of the draconian laws the previous mob brought in, but I'm not holding my breath.
It is not correct. In order to need a backdoor, the service would have to be E2E in the first place, which it is not. Uninformed HNers bring this up on every Fastmail thread like it's a big deal when it has zero actual impact on Fastmail at all.
E2E isn't a requirement for something to be called a backdoor, even though governments are constantly demanding E2E backdoors.
An attacker having shell access or a government getting plaintext dumps of whatever email conversations they want (when users don't expect it) are perfect examples of backdoors. AT&T giving the NSA a secret room for them to suck up all comms, encrypted are not, is also a classic example.
Fact is, 99% of your email exchanges will be with MS and google anyway, so that horse has bolted. In terms of the threat model facing 99% of people, getting auto banned from Gmail is a far bigger risk than big brother reading their email. I care about privacy and seriously considered protonmail, bit it was too hard to use effectively (no IMAP) and FastMail is still a huge step up from Gmail or self hosting, balancing ease of use and risk mitigation. Excited to try out the API!
There's no point in being paranoid about "privacy". Where's the perfect privacy? I have been with Fastmail for over 14 years now, and I didn't feel the need to abandon them for other "privacy toting email service providers like Proton and Tutanota". I welcome the Australian government to check my filter rules on how to manage inbox zero and an excellent spam filter. While they are at it, I would welcome if they have a tutorial on sieve filter rules. I'd be delighted if their technocrat helps me with managing my MX records a pain-free experience.
Based/headquartered in Australia yet have servers hosted in multiple locations around the world? IIRC, some are in New Jersey and don't know how accurate it still is [1].
So, that's the worst of both worlds, right? Servers are in the US but still have to be subject to Australian laws, and also, they are subject to the US law for being in that country.
> They need to backdoor every session to comply with Australian rules, and every Australian is forced legally to comply, even if in an international company.
pedantry: PGP hasn't been a product for many years. The product is "Semantec Encryption". GPG is still a thing.
Separately "just use <public key encription>" implies it's easy to do. Even if we ignore the fact that software support is generally terrible, there's the much bigger problem of convincing the people you email with to use it too. If you're not doing super secret or illegal stuff that's generally not a thing that's going to happen.
I don't need encrypted email and all the hassle that goes along with that. That's not my threat model (and it wouldn't help since 50%+ of my email goes to Google and Microsoft anyway ...).
All I want is an email provider somewhere that will actually force someone to show up in person with a subpoena rather than turn over all my emails to a random bureaucrat who waggles some electrons suggestively.
Email contents are not private from any five eyes state, no matter the provider (maaaaybe one protonmail to another protonmail account, but I doubt it).
They still control your keys. I probably trust Proton more than the Australian government, but if my threat model includes caring about any government accessing my data then e2ee is the only option.
> Goes to show that even if there are a lot of competitors in a product space you can still do well simply by giving a shit.
The sad thing is that it's probably inevitable that someday an MBA will decide to burn that goodwill for some quick cash. Maybe not for a long time, but eventually it will happen. That's the society we've built and live in.
Actually we sold FastMail to Opera, and since it didn't really work out, bought it back again. Based on that experience, I'd be surprised if FastMail got (re-)acquired...
Fastmail is bootstrapped and profitable. They aren't beholden to outside investors trying to 10x their money. Fastmail also just doesn't have that sort of culture. (Source: I have friends there). They aren't looking to be a unicorn. They seem very happy to have a profitable business that they can nurture for decades.
Culturally, they're growing a garden, not launching a rocket ship.
Eventually the company will change hands. Knowing some of the people involved, I trust that when that happens, they'll find good stewards.
Everybody has their price though. They may not ever IPO or raise venture capital, but if Google came along and offered them $50b I doubt they'd say no.
The key thing is, with Fastmail building on open standards and promoting using your own domain, they have very little lock-in here. That future MBA is going to have a hard time keeping people from just moving on.
Exporting data over pop3 and Cal/Card/Web DAV is pretty easy, more than enough tools available. And without them supporting standards, they’d lose their customers.
I've come to embrace this as the business lifecycle. It's quite well-studied. Eventually, all businesses rest on their laurels; over-price, under-compete, and allow space for newer entrants. If we consider the positives here, this creates fantastic market and product dynamism, and (in theory) prevents companies becoming country-sized monopolies. I'm actually more concerned about companies which remain competitive and loved over generations. The kind of global power they could wield is scary.
It always depends on whether you can make managers feel like they make a difference; or else they will invent their own ways to make a difference and get a raise.
So I'm not experienced in hiring managers. But I would hope you could select hiring criteria that would avoid this. Don't hire people that fought to become a manager. Don't hire managers that are working to get paid (obviously work gets paid for - but the best workers care about the product more).
For me, the primary concern are the horror stories of having everything in your life linked to a gmail account and then getting locked out with no recourse from google support. My secondary concern is to have a custom domain and email aliases. In my country the abuse of personal information is rampant and I would like to start pursuing companies who sells my information without consent.
Now if only I could generate a mobile number (msisdn aliasing?) for each entity I interact with, so that I can know who sells my number to spam callers.
Used FastMail as part of my big DeGoogle initiative last winter. Very happy with it. However, one of the main considerations of Fastmail vs. other providers is that the domains they used are 'Visa-free' in terms of spam catchment - everything gets through!
But some have noted that FM is an Australian service with some interesting issues around privacy and five-eyes surveillance.
For me, in the end, I had to pay that price (as well as the sensible prices of the service itself), because I really needed my business mails to arrive in people's inboxes.
I cancelled protonmail and the subscription ended right away instead of at the end of the paid period, so there’s that. Honestly it was just a bunch of little things that added up. I don’t remember any one thing that was specifically distasteful except for the cancellation. I’m on fastmail now.
I switched from protonmail to fastmail recently. Fastmail was a ton faster and didn't randomly forget my sessions. Night and day to use. It also let me use two custom domains without paying twice, which was nice.
I had a bad experience as well. Been a long time proton user. I had a CC incident where the proton mail annual charge was incorrectly, without my confirmation labeled unauthorized.
PM cut off access to my account for 4 days as the issue was being resolved with them. Like, yeah I get it shitty situation and they probably have to deal with a bunch of scammers but I think it was way too extreme of a response given I explained what happened and have been a long term customer.
I'm thinking about going back to Gmail now.... any ideas how to defend against this? For example, have a tested procedure to change MX records of the custom domain to another provider or even self hosted in order to restore email access while an issue is being resolved?
I was primarily concerned with losing access to email and getting locked out of all my downstream accounts. Not so much an aversion to all things Google. So I still have gmail and still use Google docs. But for any important signups or comms, I use my Fastmail address.
I recently renewed my 3 year subscription with them and I've been a customer since 2017, before that I was on GSuite and O365. I still remember coming form GSuite and noticing just how easy it was to set everything up, pretty sure I had everything migrated over in ~1hr.
Since then the best news about Fastmail is that their is no news: they just freaking work. Everything is stable and predictable and that's what I want from an email provider. I'm sure that GSuite and O365 have more features for collaboration and I still recommend that customers sign up for O365 since that's what everyone is most used to. But I'll say for personal email, nothing beats Fastmail.
But by far the killer feature that they offer is domain aliases. With filtering and aliases, I'm able to run something like 5 domains and 20 distinct email addresses out of one inbox.
Yea, after awhile of using Fastmail for my own needs, I found that I really liked the service so I decided to setup a reseller account with them and have been switching my att/yahoo/sbcglobal email customers over to this service as there have been some issues with login and resetting passwords due to the merging of att and yahoo.
I really like the integration they did with iwantmyname domain name registrar. They make it very easy to setup a custom domain name with the service. Also I have had great experiences with the import tools and security features. The admin interface for managing my customer's accounts is great, its built right into the normal settings interface, and they have good privacy features with the relationship between the reseller and the end user.
Same. About a month ago I only knew of them by name but went down the rabbit hole and read all of their docs & checked out their repo's. I'm basically on the edge of de-googling my life because they are the first bunch to give me confidence that there is a long-term path forward. I hope they stay true to their stated mission.
I'm extremely enthusiastic about the company, I loved their product. I just couldn't deal with the concept of both Australian and American jurisdictions.
If they protected data by hosting in pro-privacy jurisdictions, I would be back in a heartbeat. As it stands, any claim about privacy is aspirational and completely unrealistic.
It depends entirely on your threat model. Their claims about privacy are fine if what you're worried about is ads and tracking rather than government surveillance.
Fastmail isn't end-to-end encrypted, so there is no requirement for a backdoor applicable to Fastmail. The Australian law is completely irrelevant to Fastmail except for FUD comments online.
The Australian law allows the government to order telecommunications providers to assist in intercepting telecommunications and assist in implementing the technical capability to intercept communications (aka backdooring stuff).
Practically for email there is no need or reason to back door anything to do this though.
If asked they’d just pull the content straight from the server, same as Google/MS assuredly do for the US government. So I don’t think the threat model or risk of back doors is increased.
I’d disagree with this for my case and likely for anyone who has two or three or four people at home who need their own mailboxes (not aliases). Fastmail is quite expensive for such cases. Of course, this applies to services like ProtonMail too. But there are services that are far cheaper that have been operating for years and hosted in Europe (the latter is for those who want to avoid hosting in FiveEyes jurisdictions).
Yep. I spent the best part of a decade fretting and procrastinating over one day sorting out 3-4 Google domains. When they announced they’d start charging I finally decided to move to and was astonished at how easy the migration to Fastmail was. I was done in about an hour across my desktop, laptop and phone. Haven’t had a single blip of any kind since then.
Totally agree on this, love the full-featured -- but still very clean and fast -- interface. Been happily giving them some of my money for almost 10-years.
Better than gmail recently. I have 4 different gmail accounts set to forward to a single FM account. In recent weeks some people here were saying they got spam in their inboxes on gmail, and I also did get a few. They were forwarded to FM which marked them as spam.
Actually really good. I've just checked my spam folder and it's full - nothing has made it through (I'd forgotten it was a thing, much like with Gmail).
