Reply to: Private Email Recommendations

The profile was based on my search habits. However they take them with a massive pinch of salt because there are stories of similar things proving uselessness.

Anyway how can they like, Facebook etc, prove you exist? They can't.

All email services may ask you to provide the info and state it is a terms of their service but they have to go to court to enforce it.

I know from other cases there has been a publicity fall out when companies have enforced the terms of their service even without going to court. The one that comes into my head immediately is Facebook not allowing people to use stage names,.

Of course, but we have to be practical. All I'm asking for is reasonable protection and a certifiably private email system, which is possible within the realms of practically.

Runbox for example, does not use browser cookies. Of course the majority of the time you'll be sending and receiving unencrypted email, but we have to be practical. I don't care if I send an email to my accountant about with an Excel of my monthly expenses attached, and this email is snooped and stored in the NSA archive for example, but I do care if I send my passport copies, driving licence copies, and other personal and sensitive information and this information is intercepted and 'stolen'. I also can't guarantee that the systems of whoever intercepts my data are secure, and where it will go from that point onwards, etc. Two solutions to this are a) choosing a private email provider as described and b) sending sensitive information securely using encryption.

I agree if you want to be totally secure you have to build it yourself. But on what basis do you make the statement that you can't believe service providers' claims? Smaller companies like Runbox and SmartMail make their business by staying out of your business, they would collapse if there was ever any doubt to this. The big players stick their T&Cs in your face and tell you how they use (and abuse) your data, and we now know that external agencies have complete unfettered backdoor access to all your data.

The only 100% secure way to use email is to implement a One Time Pad system. Unbreakable but difficult to implement.

What do you mean Google summarised who you were? Did they create a proposed profile based on your data?

This is only part of the issue: profiling based on your known inputted data and search data. I am sure there is some legal obligation to provide the correct name and DoB etc. when you use their services. Think this could be used against you at any point?

The best security will be no email... No one can hack what you don't have.

Your looking for a secure mailbox but how secure will your access to it be? Browser insecurity, WiFi insecurity etc. Then consider you'll still be receiving insecure mails.. There is only so much you can actually control.

And keep your money under the bed while you're at it.

Actually it's not paranoia when it's true.

In reality if you want a secure email server it's build, maintain and host it yourself or nothing. No matter what a service provider advertises you really can't believe their claims.

Google looked at my browsing history on two accounts and summarised who I was.

In both cases they were completely wrong. On one account I was looking at cars, DIY, gadgets and white goods so I was obviously male and in my 50s. On the other account I was looking at clothes and silly stuff so I was female and 19......

I have not found one profiling thing that has guessed me correctly. It also doesn't help them that I lie about my birth date on things I don't feel should have my real birth date.

Now that is being paranoid.

Well, GCHQ & NSA would say that, wouldn't they?

It can't be the exact opposite because you can't make a quote for example on the lack of evidence, there will be information you're required to fill in and just like now it'll be based off that. Whereas, you could infer a number of things from innocent conversations, exchanges and personal data in general by continuing to expose your data to external agencies and ad companies. If your data is available and up to date then you can bet they'd take it and use it to form a conclusion. This is hypothetical of course but it really would not surprise me if it starts to find footing in reality.

I agree, I really wouldn't bother trying to maintain a personal email server, but you wouldn't have to. Consider Runbox's email policy for example: https://runbox.com/why-runbox/email-privacy/, they provide the assurance that private really means private and is not subject to snooping or data mining.

And you think that when this Orwellian future comes you are not going to be charged at premium rates, just because there is no data about you? I bet it will be the exact opposite and you will be deemed maximum risk as obviously you have something to hide.

If you so wish to uncouple yourself why not just invent a virtual identity, don't link it to your real identity and use it for normal email / chat/ search / maps in the virtual world.

The biggest single problem with personal in-house e-mail server is the absolute PITA of keeping it in the White lists and out of the black lists only to be sure your e-mails will be received, which is a full time job.

I consider myself tech savvy, and none of that bothers me in the slightest.

I don't want my data hacked of course, and I get the big brother side of things (if they can get access to do this...what about in the future they push for and then do something worse)

I just struggle to care enough about it.

Each to their own and all that.

I built my own mail server using iRedMail - Free, Open Source Mail Server Solution for Linux/BSD on a VPS from DigitalOcean

Hosted in London. Dunno if that helps.