The economic impact of this could very well counteract any net plus the US had while they were able to spy at will. Likely it's not going to be the same parties that will end up footing the bill.
The practical effect from a security point of view of this exodus is likely not very significant, I take it as read that EU pipes & major hubs are also bugged in much the same way, possibly even by the NSA and their friends with tacit approval or blind-eye-turning of local authorities, presumably under some data sharing agreement.
Just this morning it was revealed that Belgacom (the Belgian major telco) has concluded that their communications are being spied on and I'm sure that even though the Belgian government is reacting very much upset about this that when the final verdict is in we'll find that that very same government at some level of the bureaucracy knew about this since day one.
Plausible deniability will protect those in charge.
So, you can move your data around as much as you want, it won't make much more than symbolic difference unless you go to really exotic or lawless places.
Maybe Switzerland or Iceland could re-invent themselves as data bastions but that would merely shift the attention to lines running into and out of those places.
There's a lot of pulling of hair and gnashing of teeth going on right now in the blogosphere, but strikingly few people actually doing anything, and the actual movement looks more like a tiny ripple in an otherwise calm tide pool than it does a 100-story wave.
I suspect that until better, easier-to-use services come along than the ones being skewered in this post, most people are simply going to stay right where they are.
And once those services do come along, and attract a large enough user base, I'm pretty certain they will in turn attract agencies like the NSA (or whatever the local government equivalent may be, if not in the U.S.), showing up with hands out and secret court orders up.
If privacy was paramount to people, no one would be on Facebook (I'm certainly not, and haven't been for years). Yet, Facebook, much as everyone constantly complains about its blatant disregard for users' privacy, seems to be doing just fine, with its billion or so users and its $80 billion valuation.
The Internet is living, breathing, functioning proof that, at least to 99.9999% of human beings, utility > privacy. Unless the U.S. government starts skimming off the top of people's bank accounts, I don't think there's going to be much of a mass exodus any time soon - the motivation simply isn't there.
Google's a data company. They're definitely going to see this and if it's non-trivial then they're going to react. Lawyers and lobbying ensues. Policy may be affected.
I guess I just don't value my boring private data enough to put much work into this right now. But if I ever need a new cloud service, being outside the US will definitely count as a big plus.
From a few months ago if you were serious about trying to comply with the law in Europe then by now you are either migrating to EU hosting, you've already migrated or you are planning your migration. If not you run the risk of being found non-compliant at some point in the future or to get very pointed questions when a new investor decides to step on board or when you're in a position to sell your company to a larger entity.
This is not going to be advertised, it isn't going to be in the headlines, it is just happening underwater and out of sight. But it definitely is happening. Individuals making those same choices are doing so for different reasons than corporations.
However, I contend that had an equal amount of R&D been invested in a distributed cloud (what we used to refer to as "the Internet," not to be snarky)--especially one that provided federated encrypted data backup among trusted friends and family, a model that would embrace high-bandwidth symmetric connections to consumers' homes and the notion of self-serving--we'd be better off now.
In other threads at HN, I believe this has been covered sufficiently, so I'll cut that short.
I think your first paragraph may be correct insofar as there are many of us who were already doing self-hosting of our data. Those concerned with privacy were already assuming the situation was fairly bad, although I think even we were surprised at how bad it is.
My data is no more interesting than the OP's. Boring e-mail, boring family photos, boring unpopular music, boring documents. Yet out of principal, I self-host it. Self hosting is not that remarkable, but it is a rapidly disappearing practice. As recently as five to ten years ago nearly everyone in the world self-hosted their personal data.
Since my first DSL line in 1998, I've always splurged a bit for a symmetric connection. Since then I've found it disheartening that symmetric connections were and remain marginalized. Today, I can connect to my home VPN relatively easily from any of my devices to access my data. It could certainly be a lot better (I've ranted elsewhere that VPNs suck; they've not seen genuine R&D in ages).
Running a personal mail server is pretty simple too. With so much *-as-a-service out there, I admit that some people are losing the will to install a service of their own, but assuming you do a little bit of research, some modern options are more or less install-and-play, with decent anti-spam.
Again, had a distributed cloud continued to see bountiful R&D as the plain cloud has, the self-managed options would be 5-10 years more mature today. Had Thunderbird not been effectively neglected for the past ~4 years, it would probably be a (slightly) nicer e-mail client.
Hi there. This is, in fact, exactly what I've been working on over the weekend.
I have ~8 GB of mail spread across three e-mail accounts hosted by Google (excluding my original @gmail.com account, which I never use). I've now got my own server set up and about 0100 UTC today (Monday) I "flipped the switch" (changed MX records) and have been keeping an eye on it since then.
I did an initial run with imapsync to move the bulk of the mail over and, after 0100 UTC (when the TTL expires) I'll do another run to make sure I've gotten anything that ended up in the mailboxes on Google's servers since then.
Afterwards, I'll delete all of the messages in those Google accounts and, finally, remove the whole domain and such. I'm sure that Google will still have a copy of all of that for a good while but, at some point, they'll delete it.
In the grand scheme of things, I know that it isn't really going to make a difference. It's more symbolic than anything but I can feel a little bit better knowing that my data is more secure/private than it was.
I've been meaning to do it for the last few months and I'm happy that I finally devoted the time to making it happen.
(For the curious... a RHEL derivative, configured according to the CIS RHEL6 Benchmark and DoD/DISA RHEL6 STIG (for the most part), running Postfix and Dovecot (w/ SSL/TLS and a "real" certificate although I'm starting to think I'd be more comfortable if I had just made my own) w/ AMaViS and ClamAV thrown in as well.)
Imagine, for a moment, that evidence comes forward that Snowden wasn't the first.
Imagine that someone in Snowden's position did exactly the same thing, only for financial gain, say, selling private company secrets to a competitor.
That would change the situation, would it not?
A lot of companies with a lot of data are asking themselves whether or not to put that data in the cloud. Storing data in the US right now is a bit like suggesting you store your confidential files in 1980s Soviet union -- only, they would probably have been a lot safer in the 1980s Soviet union.
The rub for me is not that some NSA goon could snoop on where my gaming group is meeting up next week. It's that they could use the scale of their surveillance powers to profile and target groups of individuals in much finer strokes. They don't need to mobilize a state police force to stop random persons and check their papers anymore. It's much more quiet now and less noticeable. We can let our imaginations run rampant about what they could do with this information but I think there's evidence of what they do use it for already and the reality is often much more frightening because it seems so benign.
When conducting 702 FISA surveillance, the only information NSA obtains results from the use of specific identifiers (for example email addresses and telephone numbers) used by non-U.S. persons overseas who are believed to possess or receive foreign intelligence information.
Foreign terrorists sometimes communicate with persons in the U.S. or Americans overseas. In targeting a terrorist overseas who is not a U.S. person, NSA may get both sides of a communication. If that communication involves a U.S. person, NSA must follow Attorney General protects the privacy of U.S. persons.
The collection under FISA section 702 is the most significant tool in the NSA collection arsenal for the detection, identification, and disruption of terrorist threats to the U.S. and around the world.
I suspect they might use the aforementioned section of the FISA to enable the extradition and persecution of whistle-blowers as terrorists. This would allow them to black-van these people and remove them from the world. However one can only speculate that this is true. And therein, in my opinion, lies the danger.
Edit formatting issues...
echo "my quote" | fold -s -w 77 | sed "s/^/ /"
When conducting 702 FISA surveillance, the only information NSA obtains
results from the use of specific identifiers (for example email addresses
and telephone numbers) used by non-U.S. persons overseas who are believed to
possess or receive foreign intelligence information.
Foreign terrorists sometimes communicate with persons in the U.S. or
Americans overseas. In targeting a terrorist overseas who is not a U.S.
person, NSA may get both sides of a communication. If that communication
involves a U.S. person, NSA must follow Attorney General protects the
privacy of U.S. persons.
The collection under FISA section 702 is the most significant tool in
the NSA collection arsenal for the detection, identification, and disruption
of terrorist threats to the U.S. and around the world.
I have no idea about 702 fisa surveillance, but what we do know is:
1 - the nsa collects intelligence
2 - if you, as an american, communicated with a foreigner, you're fair game.
2b - if you, as an american, communicated with an american who communicated with a foreigner, the nsa collects your communications.
2c - if you, as an american, communicated with an american who communicated with an american who communicated with a foreigner... the nsa collects your communications.
2d - why yes, if you're observant, you might think this is virtually every american.
3 - if they accidentally collected your, as an american, communications, they keep it. "Accidentally".
4 - since all pigs are liars, they distribute this to, amongst others, the irs and the dea, along with a guide to whitewashing where the information came from. So the dea can, what do you know, pull over a random van for a busted tail light or not signaling a lane change or signaling a lane change to early or just cause they feel like it -- there is always, 100% of the time, a reason for a cop to pull over a car if they want to. Then they randomly find drugs! Who knew, must be just a coincidence! 
The undated documents show that federal agents are trained to recreate the
investigative trail to effectively cover up where the information
originated, a practice that some experts say violates a defendant's
Constitutional right to a fair trial. If defendants don't know how an
investigation began, they cannot know to ask to review potential sources of
exculpatory evidence - information that could reveal entrapment, mistakes or
I have never heard of anything like this at all, said Nancy Gertner, a
Harvard Law School professor who served as a federal judge from 1994 to
2011. Gertner and other legal experts said the program sounds more troubling
than recent disclosures that the National Security Agency has been
collecting domestic phone records. The NSA effort is geared toward stopping
terrorists; the DEA program targets common criminals, primarily drug dealers.
It is one thing to create special rules for national security, Gertner said.
Ordinary crime is entirely different. It sounds like they are phonying up
6 - since this already migrated from "omg terrarism" to drugs, you may wonder where it will end. tip: it won't just be with drugs, it never is.
According to the directive, member states will have to store citizens' telecommunications data for six to 24 months stipulating a maximum time period. Under the directive the police and security agencies will be able to request access to details such as IP address and time of use of every email, phone call and text message sent or received. A permission to access the information will be granted only by a court.
Concerns about spying on foreigners vs. nationals? Does not apply in the EU. All the chatter about mission creep in the PRISM data, how it's used by the DEA, IRS etc., rather than use national security? That's routine, by the book usage of the very same data in the EU.
Note that the DRD applies to specific requests and that the data is kept by the corporations (typically telcos and ISPs) rather than turned over wholesale to government institutions, in other words, you need a warrant to get specific data.
As such, there is a huge difference here.
Where the hypocrisy comes in is where the EU nation states were actively aiding the NSA in exchange for access and tricks regarding nationality to side-step local limitations ('I spy on your citizens if you spy on mine').
Another thing, hypocritical maybe, even if the EU is being "just as bad" in a certain sense, piggybacking on the US outrage on this topic may help matters in the EU as well. Even if it's just increased privacy-consciousness among the public. For real, like people have pointed out, we already knew about surveillance in the EU months (or longer) before Snowden leaked his info, it was public knowledge and nobody said anything because it wasn't really in the news. Now it is, and some of it may stick to what the EU is doing as well.
But of course that says nothing about what European police organizations are up to ... secretly. I'm thinking of things like the "Bundestrojaner".
I think I explained in which ways I think it is better as far as the data retention directive is concerned. Whether or not it is really better in practice considering what police in any particular country might do, that I don't know. Maybe we need our own Snowden to tell us that.
As Europeans turn against Americans (or more precisely, non-Anglos turn against the Anglosphere/Five Eyes), the West begins to fracture precisely as the East begins to rise again with force.
It's going to be an interesting decade.
Also, these quarrels will hardly damage international relations in any significant manner as to prevent the west unite in whatever manner they see fit to face the east.
These revelations don't change things much, macropollitically.
The only thing that could, maybe, be changing is the US people perception of their country but, again, many western democracies are not keen on listening to the people.
Most every national government is probably involved in data sniffing to one degree or another, major hubs are/can be bugged, and undersea fiber connections are especially vulnerable. This, in addition to all of the insecurities found in common consumer gear.
There's probably a tidal wave of folks moving, but I agree: the move is nothing more than hugely symbolic. The only thing you might accomplish is change the organization that's capturing your data and perhaps the method. But that's about it.
What we cannot defend from is the liberal use of NSLs to subvert endpoints controlled by Google, Facebook etc, which make it way too easy for them to mass-dragnet, leading straight to LOVEINT abuses and the like. Moving away from these services should help in this regard.
This said, moving away from these services does take some work, which is why OP deserves lots of kudos.
This technical barrier is getting weaker every year (or month or week?), we cannot be sure that encryption is still holding up, or at least: that it will always hold up. And besides that, endpoint security may be acceptable for real experts, but never for the layman (probable backdoors in Windows, MacOS - maybe even Linux OSes).
If we as a society decide to accept what the NSA does, then we accept the total loss of privacy - it's then just a matter of time. And without privacy, democracies will die and corruption will flourish.
To think that...
> only real baddies will be seriously targeted.
...is a grave mistake.
It's also a political stand. As a foreigner who can't vote against the current US government, or even as a US citizen, your action can have a political impact.
However, I personally don't store my data there - even though I am deeply disturbed by the recent revelations and invoke all manner of security precautions in my own digital life.
First of all, it appears that intra-US Internet traffic is subject to less scrutiny and open to a much more narrow interpretation of the laws that (supposedly) allow this snooping to happen. Once your traffic leaves the US, the 4A (and other) protections seem to relax significantly. Let's set aside for the moment the bad behavior of other global and national "observers" on the network, which we have to assume are at least as bad as the US NSA ... and let's just concern ourselves with the US side of things. From that perspective, moving your traffic out of the US appears to have a lot of unintended consequences.
Second, it really shouldn't matter. SSH is SSH and duplicity is duplicity and storing a fragmented TC container is ... well you get the idea. If I have the right toolset, I should be able to store my data on a USB stick that I leave in the NSA lobby every night. You should ask yourself how large and unwieldy your digital life has become if you can't just trust the math.
Oh, and also ...
 SSL/PKI is not the right toolset. gmail is not the right toolset. Weirdo walled garden dropbox gdrive non-standard private API garbage is not the right toolset.
 We support synology devices perfectly, right out of the box, and right through their GUI config. Just saying.
But the reason Gmail is not being trusted is that there is some possibility the NSA has backend access to their servers via various kinds of legal arm-twisting they are not allowed to talk about. I don't encrypt the mails I send via Gmail before they hit Gmail's servers. You can't "trust the math" unless you do said math and encrypt content before you send it out. As soon as there is any unencrypted data on an external service, you've (theoretically) lost it to the grubby paws of said flunkies.
Or at least that's what I think (crypto experts of HN, feel free to correct and/or chastise me).
The answer to your question, though, is no - we don't have anything. We just have raw disk that you access over SSH.
So you can do whatever you want. That's the point. If any party had backend access to our servers, it wouldn't matter if you used a reasonable (and simple) toolchain.
However I'm having trouble finding a way to back it up securely. The built-in backup methods don't seem to account for encrypting the backups (even if the volume is encrypted). Any suggestions?
A) Download the source , and see if it is complete and then you can port in cryptsetup and the LUKS stuff from Linux.
B) Run Linux. If you're at the point where you're worried about encrypted backups, then you should probably be running some form of Linux instead. You can get a small form factor PC that includes the motherboard and processor for not much more than the Synology box. That'll give you a lot more options for software and services too.
We're using this for all the offsite backup drives, and it wasn't too hard to get going. If you (or anyone reading this) can't figure out cryptsetup, just PM me and I'll help you out.
My question was purely about backing it up securely. I'm guessing rsync'ing the encrypted volume is the answer, just need time to look into it.
One thing I am worried about is potential liability of having someone sueing us under data protection laws here in Ireland, claiming their data was inspected by US and we couldnt protect their privacy
Here in Europe we get to have data protection commisioners and strong laws on the subject unlike across the pond.
The companies are incorporated in the US, so subject to US law. But the physical servers are located in other jurisdictions, and sometimes US law conflicts with that law.
In practice, so far I suspect that the US law has won out, because other jurisdictions haven't known to fight it. In the future that might change, but... secret orders supported by secret laws enforced by secret courts can be pretty hard for other jurisdictions to fight.
but even if you can delete your mail from your mailhost after downloading it to your private machine, isn't the point that the NSA probably collected the email before it even hit your mailhost?
However, I think responses like this create tension between the companies agreeing to give their information, and the government. If google, yahoo, and facebook start to lose money they might potentially fight legislation like this going forward and may advocate in reverting these policies.
There is nothing wrong with the argument, it is sound logic, and reasonable. In fact, I agree with it.
No, this comment made me recoil because for a second, it made me envision a reality where our political influence, as people, can only be exercised through corporations.
And, (maybe, I confess, because I am so deep into the lecture of cloud atlas) I can't help but sense that it is a dangerous road to be embarked on. But these are just my two cents...
In this scenario, the NSA wiretaps will get direct access to any email sent over unencrypted connections to the ISP mailserver, but they'll have to work harder to get at the encrypted data.
Of course, as we know they've suborned the encryption used by many, many organisations so this is no guarantee of protection against an NSA fishing expedition, but it's a lot better than nothing.
I don't think the current disgust will last too long. A lot of people will move, at some point they'll realize the grass isn't all that much greener on the other side.
There is a definite activation energy required for such a move and I'm sure that the NSA debacle provided just that for a fairly large number of parties but in the very long term the difference will be small. (In the short term it will be quite significant, at least as long as this issue is on the front-burner in the media).
The response to things like this is usually an impulse with a strong attenuation over time. It'll never quite become 0 but it will get close to 0 in a fairly short time.
The reason why right now we are seeing all this movement is because Glenn Greenwald specifically is doing an extremely good job of keeping the focus on this subject. Mainstream media would normally have completely passed an issue like this by as too technical and not enough human interest to spend a lot of time on (both of those are negatives in a news cycle that thrives on eyeballs and associated advertising).
The longer this story is kept in the public eye the bigger the fall-out will be. For now, I'm very impressed with how they are managing this, considering the adversary.
My armchair quarterback opinion, reveal the rest now and hope for a critical mass of outrage.
That's a valid concern about something which I consider the most disgusting stance a citizen could have.
As if news and outrage are supposed to be novel and entertaining. It shows that those who feel that way are not active citizens of a democracy, but passive couch potatoes, overstimulated with media BS and their own private affairs, and unable to think or act to better their country and communities.
Consider the enormity of using the same excuse for black rights ("Jim Crow laws? Seggregation? Who cares about this, didn't we already have a civil war and a KKK discussion for so many years?") or anything that took time to fix.
That is already happening, even here on HN where people consider this off-topic because it is also mainstream news.
Unfortunately, I fear the mainstream mindset towards this issue will hinge on how the major political candidates in the 2016 election choose to frame the issue. If there's widespread consensus from the leading Presidential candidates in both parties that this is not an issue - then the mainstream populous is likely to get in-line with that mindset in-support of "their" candidate.
I hope the public perception of these issues doesn't get dumbed down to political-party allegiance, but I fear it may be the case.
And those policies, which can be summarized as "we won't store our shit with US companies" will last for decades.
It may take many years before they are fully implement because nobody wants to throw money at migrating legacy with no immediate financial upside. Besides, in many cases there aren't yet sufficient competing non-US services that meet all requirements.
It will be a slow exodus, but it will also be a massive and irreversible exodus.
Unless shown otherwise I'd warrant a guess that outside the tech community the overwhelming majority or people and businesses don't care about what the NSA does.
Personally I doubt it - those backdoors have been known for years, and nothing happened.
 This report is dated 1999: http://www.heise.de/tp/artikel/5/5263/1.html
This of course does not solve the metadata problem. But I don't think the populace is really considering this angle. Protecting content is much more visceral.
The NSA is the largest practitioner and consumer of surveillance among its allies and other targets, and likely drives and influences most surveillance activity among its allies and other targets. The NSA gets its funding from US tax collections, and those taxes are controlled by US politicians.
So at the least, non-US citizens and corporations should move their data and activity out of US-controlled or affiliated corporations. There is only one way that this surveillance can be changed at all, and that's by US corporations and their rich executives and shareholders feeling a rumbling in their bottom lines. This will rouse them to direct the recipients of their political and lobbying dollars to cut this shit out.
I'm sorry, but we citizens of the US have long lost control of our government. It's money.
Vote with your feet. Don't fund the US surveillance state.
If we could make the internet run more secure encryption generally, then the NSA, forced to target specific end-points, would howl in frustration....
It would be quite hard for tech companies fight this fight.
I don't want the NSA to snoop through my email and family photos, but the fear of data loss easily trumps my fear of not having privacy. To me, that's the tradeoff for using public services like dropbox/Gmail: I get more redundancy at the cost of privacy.
Edit: Just read your comment further down where you also mention using Glacier. Have you restored any data from it to test it out yet? If so, are you happy with it? Thanks.
What I meant is that the author is so focused on privacy issues that he/she forgets about redundancy.
I am not yet ready to come to that conclusion and have recently stepped up my efforts to better protect my data -- both at rest and in transit -- and encourage everyone else to do the same.
The United States of America
And at least here in Latin America I believe there aren't enough hardware providers to build anything resembling a modern computer.
Indeed, but at least the backdoors aren't used to feed an establishment that has a track record of rendition, UAV assassination and technology-based lethal sabotage.
However, I am simply taking all MY email out of gmail, so that MY database is not the one that's used to get information about others. Besides this, because I'm not using gmail anymore, I'm using OpenPGP more often to sign and encrypt emails.
I agree that it's a drop in the bucket, but it's a drop that I had to add.
"Educate" your friends. Provide them with the facts/sources they need so they open their eyes.
Edit: Oh I see I've been voted down. I guess that makes my statement untrue.. My point was that outside the USA the NSA has free reign. Only inside the USA does the NSA have restrictions. Obviously they crossed some lines and we are still fighting for privacy around the globe. But moving data outside will not stop them.
and the Mailpile project on Indiegogo which will hopefully work as my email frontend on a local server:
I'm planning on buying a small server for running all my services on a VPN (mail server, GitLab, Mailpile etc.) and a decent NAS with RAID'ed backups of server + lima drives + time machine and if possible send that to a safe off-site backup.
You've only removed the particular copy that you had access to.
I recently experienced the same pain with Thunderbird after moving away from the new Gmail compose interface however I've since moved on to Airmail  which deals with conversations (and other Gmail behaviours (shortcuts etc) in a very similar way to Gmail and am extremely happy with the move.
I use Linux on all my laptops and workstation, so unfortunately I can't use airmail or postbox (windows + osx) for this.
Edit: usable, but seemingly with no support for encryption/signing, among various other things. Maybe it needs a bit more time to be ready.
You're only shifting eyes from western intelligence to a third world dictatorship, or Russia's FAPSI and GRU units. And in some cases, moving your data out of the US may subject it to even more scrutiny or dragnets.
It's ironic that it's easier to leave the good corporations than the bad ones.
No it hasn't.
European companies will be pleasantly surprised that the prices listed include VAT - which means that if you provide your company's VAT number on sign-up, you won't have to pay VAT. So a €7.90 VPS will cost a European company €6.64 (roughly equivalent to $8.86).
EDIT: as other people pointed out elsewhere, the UK may not be that much better (if at all better) than the US. The question is, though, where is safer?
I think the Swiss market has ample room for more competition.
Look out for the prices, though: the discount showed is not permanent, just a first month promotion.
Here's a question he asks to people who think that because they're Americans they're "more protected" against NSA spying than foreigners:
Who would be me more afraid to call someone like Appelbaum or Julian Assange? Someone from US, or a foreigner?
I think everyone knows the answer to that question, and you also have your answer for how protected Americans really are against this total surveillance.
Check out: http://www.ubuntu.com/phone
Devices supported: https://wiki.ubuntu.com/Touch/Devices
Currently, the Galaxy Nexus seems to be the best option; see its hardware support progress here: https://docs.google.com/spreadsheet/ccc?key=0ArLs7UPtu-hJdDZ... (column "Maguro")
The most important question is whether or not the NSA or other agencies in the US are actively committing industrial espionage, meaning not only that they are spying on foreign companies but also passing on data to US competitors.
Considering all the shit going down lately... we've seen a recent surge in use of things like DuckDuckGo and OwnCloud, but no good replacement for the Gmail UI. I'm surprised no one's seen that opportunity and created something similar, but installable on your own personal server so that you can have access to a good web UI from anywhere.
If I can make the time, I'd love to do something like this.
I'm afraid this will be characteristic of the anticipated mass exodus. People will move away from US services because it makes them feel good, but their destinations are going to be either Five Eyes territory or countries that don't even feel a need to hide their surveillance apparatus.
At the very least, it adds a small per-person cost to their surveillance, because they have to store copies of e-mails themselves rather than getting Google to do it.
because if the US intelligence services took interest in him, moving his data to other servers would totally stop them. i can see the agents shaking their fists at the sky, helplessly staring at the server just beyond their reach.
so fulfilling to finally act out those ultimate nerd fantasies. just as awesome as the PGP mail users in college back in the days. sending plain text mails with pgp signatures, because somenone else could forge your identity - riiiiight.
i wonder if there is a direct correlation between this mindset and stuff mounted on the belts of said users. giant keyrings, led flashlights, multitools, etc - always prepared for the movie in your head.
I still have my gmail account to see what mail ends up in there (and then notify people), and to use google+ (not going to stop that yet).
Already probably about 98% of important mail is going directly to addresses on my own domains.
Not necessarily. It means he removes the "trove" aspect of his email inbox. Putting together all his communications from the recipients adds to the difficulty (not impossible since "they" have all the metadata and others are probably compromised), but at least he removes the major point of failure.
source: used to work in eu intelligence agencies
You can run, but you can't hide.
You are probably correct. My point is that I can make it slightly more complicated for you to sniff around in my data, and that was the whole point of this move.
If more people do this, it will get progressively harder for you to do your mass surveillance job as you do it now.
I'm sorry I had to leave you,