Hacker News new | past | comments | ask | show | jobs | submit login
Switching from Gmail to FastMail (maxmasnick.com)
223 points by masnick on July 19, 2013 | hide | past | favorite | 219 comments



American company, American servers, American jurisdiction. Sure they won't read your email, but the NSA will (just like Gmail.)

Update: hmm, so Opera aren't american? interesting. All the servers are definitely in the US though:

> "we have standard servers and a high speed connection in the US." - https://www.fastmail.fm/help/overview_about.html


Fastmail has always been an Australian company. Then they were bought by the Norwegian company Opera, who seem to have left them largely to their own devices. I haven't really noticed any changes from the acquisition. And yes the servers are in the New York, probably for latency reasons.

Here's more of the text from

https://www.fastmail.fm/help/overview_company_info.html

FastMail.FM's was started by Rob Mueller and Jeremy Howard in 1999. We are located in Melbourne Australia, we use IBM servers hosted by NYI in NYC US. FastMail.FM is now run by Opera Software Australia Pty Ltd, a whole owned subsidiary of Opera Software ASA of Norway.


Only S/MIME, PGP or similarly encrypted mail messages are secure. All other mail is routed through various servers which may or may not use an encrypted connection. It's like trusting the post office to never read your mail (which they have the authority to do if they perceive some kind of safety threat). Encrypt the message contents if you care for message privacy.

If you want sender/receiver privacy too, you can try using Tor hidden services direct to the individual. I can't think of any other way off the top of my head to send SMTP mail and completely conceal the recipient(s).


encrypted mail messages are secure

What is secure? If government sezies your key, in some jurisdictions they can compel you to release your passphrase (if one is required), then they can go back and decrypt absolutely everything you ever sent. (OTR gets around this but this is largely by leaving the network layer location privacy / initial authentication / key exchange problems out of scope.)

Finally, traffic analysis is pretty powerful. Even if Eve can't read your messages, she can see who they went to and when (and maybe who they in turn communicated with afterwards) and thus easily determine probable relationships - Tor based endpoint, or not. (Hrrm ... but two Tor based endpoints, on the other hand...)


Nothing is secure if you discount the rule of law.

http://xkcd.com/538/


I don't think we were discounting the rule of law. We were going with the 'currently some western governments will force you to reveal your password' legal reality.


Tor attempts to work around traffic analysis by using fixed-length records, and being a bridge helps hide your traffic with other people's. But nothing's perfect.

"Secure" in this context means "not readable by anyone but the recipient". Of course, if you have the recipient in custody, this is the easiest method to decrypt the messages: http://xkcd.com/538/

(OTR-style cryptography is nice, but sucks for store-and-forward communication; for a comporably difficult message to decrypt more than once, use one-time pads - but don't complain to be about distributing the pad dictionary, that's totally out of scope here ;)


So why not use Gmail with PGP?


It's certainly an option, but you must use a client like Thunderbird to do it, loosing the ubiquity of the web interface. Maybe when window.crypto will be standardized and with a good browser extension we will have security and easy of use.


>good browser extension

http://www.mailvelope.com/

https://github.com/crised/SafeGmail

No good (edit: stable and drop-in) Firefox tool yet.


Or just attach pgp files to your e-mail and use it with any e-mail client or server.


Fastmail is hosted by NYI.net in Lower Manhattan, a major FreeBSD shop. The site lists Opera as one of their customers.

The very nature of e-mail leads me to conclude that it really doesn't matter where an e-mail provider is located, because it will always be intercepted at some point. One can use another e-mail service, but if the people you talk to still use gmail, then does it really matter?

Perhaps it's time to talk about new messaging systems, with encryption by default, and a new address and routing system coupled with Tor.


We've had anonymous remailers for about a decade. Maybe people will start caring.

Bitmessage is up and coming, but needs a lot more development.

You could use OTR with servers for offline support and contact management (jabber, etc), but this isn't as convenient as email.

OTR (instead of PGP) over email is a theoretically possible, but the problem is still the same: No money in open source encryption == No easy to use interface.


Opera owns Fastmail


There are two ways the NSA can collect your email: fiber taps sucking up unencrypted SMTP connections, and "direct" collection from servers/FISA orders etc. Ironically if your email provider is in another country it's much more likely that emails to and from the US will be captured.

It would be interesting to setup a mail service with numerous SMTP relays around the world and attempt to connect the "closest" (least likely to be eavesdropped) relay to 3rd party SMTP servers. Communication between the relays and the main service (which stores your email in a friendly jurisdiction) would be strongly encrypted.


With our VPN thing we're doing "nearest hop to destination outroute" for traffic (essentially the opposite of most network providers who try to get shit off their net as fast as possible); doing the same thing for incoming for services is essentially what CDNs do. A CDN you could trust (for policy + technical reasons) to handle this kind of thing for all kinds of traffic, combined with DoS protection like CF or Prolexic, would be kind of baller.


This would be trivial to do with the right DNS provider and virtual machines spread across the world.


I wonder if it's better to return an "optimized" DNS MX record or just anycast.


Fastmail is owned by Opera a Norwegian company. Nice try though to inject a completely worthless comment.


Their servers are located in the US according to the article.


The GGP started off by saying:

> American company…

Then, noticing the critical error, the GP said:

> Fastmail is owned by Opera a Norwegian company.

Replying to the American company part.

> You said: Their servers are located in the US according to the article.

So, the servers location have nothing to do with whether the company is American or not. And while that might have a bearing on certain facets of the topic as a whole, it's meaningless in this context. Basically, what you said does not change anything.


And while that might have a bearing on certain facets of the topic as a whole

As in, the actual point, which is that your e-mails are liable to be searched by the NSA.


You mean, not the first point brought up by the GP, was which to say wrongly that it was an American company?

Correct me if I'm wrong, but if Fastmail moved servers outside the US, then it would be in a better position as a non-US company than if it was a US company with servers outside the US?

Despite what some might believe, where a company operates from is actually important, regardless of where the servers are hosted.


The point wasn't if the company was American, but if the NSA will have the reach to read your emails and with American servers, I believe it does.


So then why was it the first point in the GPs post? And the fact that it's not American means that it could offer hosting outside of America and provide better protection than an American company hosting outside of America.

Believing that it being an American company or not is not important is silly.


Although Facebook were looking to buy Opera last year.

http://www.huffingtonpost.com/2012/05/29/facebook-opera_n_15...


It's actually not a worthless comment. Norwegian ownership makes absolutely no difference to the privacy equation wrt the NSA if Fastmail's servers are colocated in the US.


It's a kind of worthless comment, but not for the obvious reasons. :)

People are operating on the equation of "hosted in America = possibly accessible via PRISM = compromised by the NSA," which is understandable given all the recent news. Perhaps you don't trust the assurances that the NSA's computers are only scanning metadata by default, only flagging suspicious keywords that then have to be processed by a human agent before they go ahead and actually start scanning your real email which of course they will usually only do with a warrant obtained in secret from a secret court that pretty much never turns down any warrant request!

Okay, but those very reassuring reassurances actually only apply to American servers. Communication going between servers in America and international servers is just as likely to be targeted and quite possibly more likely to be subject to deep scanning. We have to throw in "likely" and "possibly" because, as with all things NSA, we really don't know. But if you're concerned about data interception, it's very likely not relevant whether FastMail's servers are located in New York, Norway, Australia, or the Fortress of Solitude.


Yep. If the servers are in the US, or any of the NSA-tained countries like Australia, somebody is reading it.


Can you please tell me where you think a server needs to be located were you would consider to be "safe." Please note that every European country also falls into the will be happy to spy on someone camp.


Another thing to note is that even if servers aren't located in US, data may be routed through there. Traceroute from my home connection (in India) to a Singapore IP looks like:

    India -> US -> Japan -> US -> Japan -> Singapore
I'm not saying that the NSA has forced other countries to route their data through them. It could be due to several other reasons. But the main point is that it is hard to escape the NSA. Even if you do your best to keep your data away from the US, there are certain factors out of an individual's control (such as routing).


if I'm talking to my mailserver over HTTPS/IMAP TLS, I don't mind where the traffic is routed.

It's still not ideal (they can still see who you're talking to), but you'll never have 100% privacy. Just make as much of the data useless as possible.


> if I'm talking to my mailserver over HTTPS/IMAP TLS, I don't mind where the traffic is routed.

You do unless you're using PGP for all your emails, because SMTP can be easily intercepted in plan-text.

Of course, if you're using full end-to-end encryption (like PGP) for all your emails, you don't care so much about using HTTPS to fetch them, because you're using end-to-end encryption.


SMTP isn't always encrypted...


SMTP is very seldom encrypted. (by volume, only gmail attempts, yahoo and others don't last time I checked)


Not useful. You may be talking to your mail server using TLS, but it's highly unlikely that your mail server is talking to every other mail server (and vice versa) using TLS.


And then, even if all of the servers involved in delivering your mail communicate securely, the reciepent is going to reply in plain text, quoting your entire message...


Out of curiosity, is there direct fiber from India to the US?


No, I couldn't find about any direct fiber [1] between India and US. But somehow while tracerout'ing, the very next hop after my ISP is a Los Angeles based IP. Another thing to note is that there are three direct fiber connecting India and Singapore but it is not being used by my ISP (BSNL).

[1] http://www.submarinecablemap.com/


The IP "location" doesn't say anything.

My Azure IP shows up in Seattle, yet the connection goes to Amsterdam. What you're seeing is where the owner of the IP is located; that is not necessarily the same as the server.


Please note that every European country also falls into the will be happy to spy on someone camp.

Privacy laws vary a lot within Europe - even within EU - and while I'm sure every country in the world is "happy to spy", as you put it, I can't think of any European country save for the UK whose spying is as intensive as NSA's.


Well, France seems to be doing quite well, according to LeMonde

http://www.lemonde.fr/societe/article/2013/07/04/revelations...


I never said that being outside of the US is safe, just that being in the US is known-unsafe.


Iceland?


If you're in the US and your data passes through a pipe outside of the country, to say go to an email server, they nab it too. It has to be encrypted locally to be secure.


This is kinda going to a different direction than the article.

http://www.maxmasnick.com/2013/07/19/fastmail/#fn:1 "This may be a deal breaker if you’re concerned about government spying. "

I believe that Fastmail is a valid option if your main problem is with Ads and the fact that Google might be reading all your mails and companies are buying this big data to sell you better services / more targeted Ads around the web.

I'm currently switching to Fastmail because I don't believe in free lunch and I won't stand for it anymore.

If I want to make sure no one is reading my mails, then I have a problem. Most governments are doing this and we can't do much about. If I need privacy, then I use GPG.


I recently switched from Fastmail to iCloud, and I can say I'm very happy. (I initially switched from Gmail for the reasons you describe).

No functional difference for me, and I save some bills. I don't consider it a free lunch, either, since I basically pre-paid when I bought my iPhone.


The ability to use your own domain is a big win for fastmail though.


Network protections are, as you pointed out, something they cannot control. At the legal policy level, they are somewhat less cooperative as an Austrialian company with US server assets.

"> I feel safe in speculating that if you will not pony up the emails to a US judge, the people who maintain the server farm here in the US will.

They can't - they have no access to the emails, because they can't login to the machines and they can't access the encryption keys for the data. All maintenance of the OS/software is done from Australia.

We've had a number of US-based law enforcement bodies over the year try to get hold of our data without going via the appropriate Australian bodies, and it doesn't work out for them. In the end, they have always ended up submitting a request for cooperation via the Australian Federal Police, as they are required to do, and we respond to that request in line with Australian law."

2009 Slashdot.org Interview with Howard Jeremy, Founder of Fastmail

http://tech.slashdot.org/comments.pl?sid=1391605&cid=2963395...


From only a week ago here on Hacker News, a comment about a news story on Australia:

https://news.ycombinator.com/item?id=6037235

From the article:

"The contract was prompted by Telstra's undersea telecommunications joint venture called Reach. When it sought a cable licence from the US Federal Communications Commission, the DoJ and the FBI insisted on a binding security agreement.

"The contract does not authorise Telstra or law enforcement agencies to undertake surveillance. But under the deed, Telstra must preserve and 'have the ability to provide' wire and electronic communications involving any customers who make any form of communication with a point of contact in the US, as well as 'transactional data' and 'call associated data' relating to such communications."

. . . .

"The document was signed by Douglas Gration, a barrister who was then Telstra's company secretary and official liaison for law enforcement and national security agencies. "He told the Herald he could not remember much about the agreement. 'Every country has a regime for that lawful interception,' he said. 'And Australia has got it as well.'"

This looks like a pattern of mutual agreements among governments that cooperate in routing and connecting cables for international telecommunications. The statement is NOT that every telephone call from Australia to another country is listened to, but that a data archive is maintained that might be accessible with court orders. Particularly significant is the statement that other countries ask for the same arrangement if a cable connects to or through that country.

Switching email providers has little to do with what governments have access to your data by mutual agreements among the governments.


Who? FastMail? They're not American.


Servers are in New York.


Oh I see now, I always assumed they had their servers elsewhere since they aren't an American company. Hmm I'm going to ask them about that, I'd pay extra if they offered the option of running off non-US servers.


That doesn't refute what the GP said though. Fastmail is not an American company.


[deleted]


After the GP responded. So yeah, I don't see the point of pointing out worthless out-of-context crap. It happens far too often here. It's rubbish that should be called out so it hopefully stops.


Do Americans realize servers hosted in Europe will have more latency for you in North America? FastMail then becomes NotSoFastMail. I guess you all are okay with this trade off, in fear that the NSA is reading your super secret chain letter emails from your grandma.


[deleted]


I'm not bashing the USA in general, I'm sorry if it sounds like it (it's quite hard to write a catchy comment in this vein and get the tone right, perhaps I got the balance wrong this time.)

However, I am pointing out something that a lot of non-US citizens on HN have been saying lots over the past few weeks; setting up an email service that is outside the US (for the purpose of trying to avoid PRISM surveillance) is nontrivial, and while it would be great if this app were the answer to that, it sadly isn't.

I'm all for the US justice system doing what it's supposed to and having the supreme court rule on the constitutionality of PRISM! Then it will no longer be valid to generalise that all US-hosted services are bad news for privacy.


Also keep in mind, most of the people you'll want to send mail to will still be using email providers located in the US. So the messages will just be NSA'ed when they're delivered, instead of when they're sent.

On the other hand, if you have specific counterparties and you can get them to switch to the same thing you're using, just use TorMail, or run a VPS somewhere where you both have SSH keys and use it as a dead-drop, or whatever. "The solution must involve SMTP and POP/IMAP" is only relevant when you're communicating with unauthenticated peers... at which point, you'd better not say anything important anyway. ;)


I'm 99.9% certain that the Supreme Court would rule such programs Constitutional.


If true, then there is clearly no real balance of powers in the US; PRISM clearly violates the original spirit of the 4th amendment.

If noone is standing up for the constitution anymore, then the legislature + executive have taken control.


I installed http://www.iredmail.org/ on a five buck a month Droplet at DigitalOcean around six months ago. Seems to work great and I control it. I never use Roundcube. I use IMAP from the built in Mail.app on OS X. There is even a tutorial to set everything up.

https://www.digitalocean.com/community/articles/how-to-insta...


I use a home made version of iredmail I.e. Debian, postfix, dovecot. I use various IMAP clients for access.

Works wonderfully.


What about backups? I don't worry about Gmail backing up my email (though I probably should), but is there some way to get iRedMail to send encrypted backups to S3 regularly or something?


Backups every few days on a DO server like that costs about $1/mo I believe.


They just started charging for back-ups this month on DO. It is 20% of the cost of the droplet. So on a 512MB VM it is a dollar a month.


What about spam filtering?


It uses spamassassin which works pretty well.


I maybe get around one spam message a month. And it is always someone trying to sell me web design services.


> their servers are in New York

For us as a European business, that's a dealbreaker. It's not that we are completely paranoid and migrating off of American systems in a big hurry, but moving forward, not in the US and not owned by an American company is a requirement for any new service we use.

Even if we didn't care, we have to take into account our clients, and "no data under US control" has become not just a selling point, but a strict condition for many projects.

This was already very much the case before the PRISM scandal, and it's only going to get worse now.


Do you know of any good alternatives with servers outside the US?


You're naive if you think hosting in Europe means you're necessarily any safer.


For (European) businesses, it's not the issue of safety, but the issue of compliance. If I (EU citizen) have personal data with EU company that stores said data on US-controlled servers, they are potentially viable for breach of data-protection laws. Since these laws are EU laws, it wouldn't be a problem if EU governments would read this data, since that's governed by the same set of laws.


It doesn't matter if clients are naive or not, it matters if they have a checkbook.


Well that's how it would seem, in the wake of the Snowden revelations.


The main problem with abandoning Google is all the services associated with it, not only mail. And paid Gmail continues to offer mobile sync, which FastMail does not.

Yet, FastMail looks quite nice.


Push email isn't something I really want, but that's a good point if that is important to you.

The other thing I forgot to mention in the post is contact syncing. I'm honestly not sure if I like the contact pollution gmail does more or less than not having sync between FastMail and my phone.


My contacts are perfect on Gmail, no pollution at all. I use Contacts extensibly (birthdays, addresses, notes and all). They are all synchronized with my OS X Contacts as well, photos included. How are yours getting polluted?


+1 to Masnick. Google Contacts wreaks havoc (when it actually syncs) on my nicely organized vCard-based Contacts, especially when they duplicate cards that are in different or special groups.


Damn, I was about to sign up until I read this. I have to handle a lot of my work from my phone, and if it doesn't work well then I don't think it would be too useful for me.

Do you know if there's any plan for them to release an android app that would let my phone sync?

And I do realize the irony in trying to cut out google while using an android phone.


> Do you know if there's any plan for them to release an android app that would let my phone sync?

I use K-9 Mail on Android with Fastmail. They both support IMAP IDLE, so you get immediate push notifications of new messages.


Ditto here, K-9 + FM works as well as any desktop IMAP client that I have.


Maildroid works good for me. I made the switch to my webhoster a couple weeks ago.


Also, FastMail doesn't appear to have 2 factor authentication.



How does that work for IMAP access? Do you have an "application-specific password" like Google does, or just your regular password?


It doesn't exactly work like gmail does.

You can set many alternative login passwords in fastmail and the google auth is one of those.

So with the google auth you use your google auth fastmail password and append your google auth login so if your password is Password1, when you login you would be typing something like Password1123456 to login.

You can also set other login passwords for applications or imap with or without delete capabilities but a lot of the time they need full permissions to work with email clients, it could be nicer.


I believe pop/imap/smtp require "full access" type "regular" passwords.


I didn't see that. thanks


Am I the only one here that doesn't care about Gmail ads? I don't even notice them.


My point is that if you don't like Gmail ads, you should investigate switching to something else. I feel like many people are uncomfortable with the ads but might feel locked in.

I actually don't care that Google is machine-reading email to serve ads (see http://www.maxmasnick.com/2012/02/12/gmail_paranoia/), but I do care about polluting the interface with ads that look like email for the same reason I don't like the new compose interface. Both make the interface worse, and email is bad enough as it is without bad UI.


Or just, you know, block the ads for a fraction of the effort.


With what? I _do_ care about running random plugins in my browser that update in the background. There's nothing stopping a malicious plugin from scraping stuff out of your email, and I feel like _that_ is a legitimate security concern!


>I _do_ care about running random plugins in my browser that update in the background.

Then turn that function off [1]. There's no more security threat from well-known browser plugins from Mozilla's site than well-known packages from your OS's apt repo. And both are open source.

[1] http://imgur.com/tivq9o8


There's nothing stopping a malicious webmail provider from scraping stuff out of your email, which, BTW, is the whole point of this post.

Fastmail isn't even under the control of your local firewall.


I don't really care either -- it's a free service that I'm able to access on pretty much any web-accessible device on the planet. Sometimes maintaining a service like that requires a way to pay the bills (FastMail is a paid service.)

Why would I be 'uncomfortable' with ads? Sometimes I feel like the issue with ads in Google/other services falls victim to the 'Nickelback Effect', where a few other very vocal people hate the subject at hand and it spreads virally to the point where people can't describe why they hated the subject in the first place.


Please be fair, people hate Nickelback because they make bad music.


i pay for my gmail (google apps) so I don't have any ads.


Is there anything (for example in the T&Cs) that stops Google from creeping ads to paying customers in the future?

I bet not.


Yes. Google Apps business model, and all Google Enterprise products for that matter, do not rely on ads for revenue. Google sells their business customers a product and generates revenue through those sales. The TOS protects your data.


Perhaps you didn't understand my point.

Google could easily decide to serve ads to paying customers, and it seems likely that they've left this option open to exercise later.

The fact that they apparently "do not rely on ads" is irrelevant.

There are plenty of existent services that have revenue from customers, but still serve ads (visible examples include: pay-TV, public transport)


They could, but they would have to change their TOS, which business customers would have to agree to. Most of these customers would not, thus destroying this portion of Google's business, so they would never do that. Ads are not a part of Google's Enterprise business model. I don't know how to state this more clearly.


So what are my options if I can't use a service that can potentially serve ads? None?


Yeah, this is the problem. I pay for Hulu but there is no way to get out the ads. Google is going for an interrupt-based ad model here so you should expect it in the paid version too.


If they take example from AT&T, they would be selling your information even if you are a paying customer, which might result in more targeted ads elsewhere...


This is a false dichotomy and an unfair one. Firstly, fastmail is a paid product that may show you graphic ads if you are using their free tier. (https://www.fastmail.fm/help/advertising_web_interface_ads.h...)

To those who are arguing about advertisements not showing up in the Fastmail's paid tiers should also realize that there is the Google Apps for Business accounts, where you don't see ads. It also beats the popular 'if you are paying you are the product meme'.


There is no longer a free tier for FastMail.

As I mention in my post, Google Apps is a lot of overhead for just email. There are additional complexities with switching from gmail to google apps because of the integration with all other google services.

If someone was interested in switching from gmail to a paid service, I would argue that FastMail may be a better choice than Google Apps.


> MailMate and it's interesting thread hierarchy view.

How times change. This is how message threading has always worked before we got gmail and Mail.app which I have resisted switching to for years because the just didn't do threading "right".

And now get off my lawn :-)


So I've been told :)

I've been using email since like 1996 but had never seen that kind of thread hierarchy display until I used MailMate. I can't believe all these email clients have been holding out on me!


I'm suitably impressed that Fastmail has been around since 1999. At first glance I would have dismissed it as a service which I wouldn't expect to outlive Gmail (and thus be leery about moving to it). It still may not outlive Gmail, but its history seems that its been pretty solid so far.


They were responding to Gmail, by working on a more modern AJAXy web interface, even before Opera bought them.

I remember being concerned about the buyout, but it seems it's been nothing but good for them. Opera are a great company.


Tried fastmail and wasn't impressed. Rackspace email is a great choice. Its cheap and fast. Outages are rare. Has active sync support and IMAP push works on android/iPhone.

Rackspace also allows you to run exchange mailboxes alongside IMAP if you have a few users who are still tied to outlook.


What were your issues with fastmail?


It was two years ago so it may be better now. I had a number of mailboxes to migrate (~200). Their mass input tool didn't work. No timely response to a ticket opened on it.

Additionally it seemed like they were chasing the smaller accounts. Whenever I consulted the help/documentation it focused on the converting the 1-5 user shops into paid accounts. There wasn't many resources for someone who walked in expecting to pay $2k/month. I had to dig for details. Eventually I created a paid account just to test all the details.

Contrast that with rackspace where everything worked smoothly out of the box. Any limitations were spelled out clearly. In general it felt like all my needs were anticipated. In two years with them I've opened maybe three tickets all solved exceedingly fast.


I wish rackspace email had 2-factor auth and/or application-specific-passwords. :/


Secure ID token is a little much to ask for $3/month email.


Where did I ask for SecureID? I was hoping for a TOTP-based mechanism for 2-factor.


How's the Rackspace web UI?


No complaints. It's well organized and tends to follow a clear and minimalist design. Their status page follows a similar theme.

http://status.apps.rackspace.com/


I have a few clients on it and they like it. I don't use webmail myself, though.


I just disabled the 'promotions' tab, and it also disabled it on my android client. If they start sneaking ads in as real email, I'm gone. If I can disable the ads, I'll probably hang out for a bit longer, but it's time to start evaluating alternatives.


It's not an email.


There's a screenshot going around that shows ads in the gmail interface among the actual emails (not off to the side like they are now).


Snowden used lavabit.com, which is located in the US (and probably being scrutinized a bit more than usual these days).

I think it's more important to diversify services than to insist on airtight alternatives. My mail is not terribly exciting, but when combined with the rest of my searches, visited webpages [1], chats, news reading habits, social network connections, and phone location, all housed under Google's roof, it seems like I'm making it easier to piece together my life [2]. At least make it a little difficult by having to go to separate companies with court orders.

[1] And web developers contribute to the surveillance by installing analytics code.

[2] That of course is the Google AI wet dream, moar data.


>Snowden used lavabit.com, which is located in the US (and probably being scrutinized a bit more than usual these days).

Any proof to this? And, no, twitter is not a source of record.



Thanks. I've just created an account at lavabit.com. Will consider paying for this as well, maybe for a custom domain. Nice tip.


If you don't pay, it's not encrypted. https://lavabit.com/secure.html


For me, it's not that I'm afraid of GMail removing IMAP, it's that Gmail IMAP works really, really bad. For an email-client to work well with Gmail, it has to be tailored to Gmail, and that has given me some issues lately.

For instance, most of my mail is sorted into labels, skipping the inbox. When using a mail client with IMAP, these labels shows as folders. Deleting the mail from my client, doesn't delete it from Gmail, only removes the label. Useless.


I agree that IMAP will probably stick around in some form. My big concern is if they start doing some kind of rate limiting, it could make it very difficult to get all your email out.

However, along these lines the removal of Jabber support from Gmail is a little bit scary (first they removed federation support, then they killed it altogether). Limiting or removing IMAP is not outside the realm of possibilities.


  > However, along these lines the removal of Jabber support
  > from Gmail is a little bit scary (first they removed
  > federation support, then they killed it altogether)
Federation support was temporarily disabled, then re-enabled once they got spam filtering in place. Currently, XMPP works perfectly with a Gmail account.


I wasn't aware of that. I actually ran into federation issues a few months ago, but maybe it has been fixed since then.

My understanding is that upgrading to Hangouts still disables the old XMPP support.


  > My understanding is that upgrading to Hangouts still
  > disables the old XMPP support.
Sort of; the web interface will connect to either Hangouts or XMPP, but not both at once. XMPP continues to work fine for non-web clients, such as Pidgin.


What happens if you delete from the All Mail folder?


Wait, IMAP sucks because you do something in a non-standard way (labels in GMail) that is exposed over IMAP in the best way it can fake (folder) and it is IMAP's problem that automagically do what you think it should?

And just for added measure, deleting the label seems to me to be the right thing to do.


No, I'm not blaming IMAP, I'm blaming Gmail for making it hard for me to use my email with a standard mail-client.


OP's point was that one of IMAP's weakenesses is that it provides no clean way to represent what gmail does.


This is incorrect: Gmail could (and really should) be represented as a single mailbox, with labels mapping to flags. Combined with support for the (widely implemented in non-Gmail servers) QRESYNC extension to make resynchronization of the flags efficient, this would be a great mapping of Gmail's semantics to IMAP.

However, most IMAP clients expose mailboxes as "folders" and barely support flags at all (no indexing, not even slow search, no UI at all most of the time, and if it even bothers to parse them, often has some silly limit like "five flags that must be configured ahead-of-time in Settings"), so users would have had a totally useless experience.

In essence, Gmail's IMAP is implemented the way it is not because it is the best way to map Gmail's semantics on to IMAP, but because it provides a reasonable fit to the way Outlook, Thunderbird, and Apple Mail (the only e-mail clients that have any marketshare) represent IMAP. Those clients represent trees of mailboxes as a folder hierarchy.

While commonly believed, people really need to stop blaming IMAP for Gmail: it's about as silly as claiming using HTTP headers as part of an API specification is impossible because none of IE, Firefox, Chrome, or Safari, allow users to modify the headers in their document-oriented web browsers.


Actually I meant that it's one of Gmail weaknesses that I need a gmail-specific client to use it properly.


I love FastMail's interface and used it for couple of months. Recently, I let my free trial expire and allowed my account to be deleted. Why? Because it's not just about email. Everything, I mean everything, is in my Google account...docs in Drive, 10s of thousands of photos in G+...and it's all integrated so well. Bailing on the email part of the Google suite just adds a layer of disconnect and complexity...it's unfortunately just not worth it to me at this point.


Is there any service like FastMail, with a FastMail-like quality web interface, that offers ActiveSync support?

I don't mind paying a little extra to cover the licensing. But I don't want to be stuck with IMAP again -- the biggest draw for service for me is the "Contacts + Calendar + Tasks + Mail" instant syncing of something like ActiveSync.

Rackspace E-mail comes closest from what I've tried. But being stuck on Outlook Web Access isn't awesome.


While I can't find myself living without push, it's not like ActiveSync is the silver bullet. Contacts in Exchange, for example, are a ridiculous and horrible mess with a limit of three on everything and no custom synced fields.


You can use ActiveSync with Rackspace Email: http://www.rackspace.com/email-hosting/webmail/mobile-phone/


NuevaSync offers push for FastMail. http://www.nuevasync.com/index.html


I've been a Fastmail user for about seven years now, but my reasons for choosing Fastmail had nothing to do with security, it has to do with mobile accessibility.

From the first time I tried Fastmail I noticed that the site was compatible with my mobile devices, which, at the time (2006), was the exception rather than the rule.

When ASA/Opera took the site over, the site quality went down, IMHO, but I still use Fastmail today because it just works.


For the record, the ASA in "Opera Software ASA" is short for Allmennaksjeselskap, the Norwegian term for a public limited company.


Fastmail is nice, but I don't see how it removes the right to complain that Gmail is sneaking ads in as email without warning its users first.



This is not an official source.


I recommend Steve Losh's Homely Mutt for replacing gmails web interface with a local client. http://stevelosh.com/blog/2012/10/the-homely-mutt/

Then this can be combined with an email service that encrypts all incoming emails as they arrive such as Countermail or Lavabit.


The ad messages are under the promotions tab. Who clicks the promotions tab? You can even disable it.

Honestly, if they were interspersing ad messages with my regular mail it would be a big issue. But just like with search, where ads are separated off to the side, the ads here are clearly marked and separated. So I don't see a problem.


I am glad there is a great alternative to Gmail. Somehow somebody has to pay for the service you use. It's either your pocket, or your data, or companies paying for ads. Each service provider can use a different option and it's great for us consumers to have all options on the table.


I just did recently, and I'm very happy with the decision.

Two feature requests though:

1) Push support for iPhone

2) Have my email encrypted on disk (in the unlikely event there's a security hole or a rogue sysadmin or something, I don't want my email copied wholesale by one attacker) -- I'd pay extra for this


The fact that they even offer 200mb and 800mb plans makes it hard for me to take them seriously. Shame.


Some people won't pay $50/year/user for email, I know my parents won't. I had a hell of a time even getting them to move away from ISP provided mail to GApps. Neither of them have managed to use more than 300MB in 3-4 years.

In any case, an account with 8 GB of email storage and 6 GB of file storage (Family account), or 10+2GB (personal account) is still cheaper than Googles 'one plan' service.

Google just aren't interested in marketing GApps to enthusiasts and families.


Huh?

I've had my email address since 1995. I have 5Mb / 6 emails in my Maildir and that's only because I've got lazy recently. I've recieved probably 500,000 emails over the years.

Hoarding email is like recording all your phone conversations and keeping the tapes in your living space. If it's worth keeping, save it elsewhere. If it's not, delete it.


I completely disagree. I've kept every email I've ever received or sent since 1996 (close to a million emails, all searchable/indexed) and it has proved extremely useful over the years to be able to find ancient emails very quickly. I'm sure some large proportion of those emails I will never use, or will never be useful, but space is cheap, and keeping them doesn't hurt at all.


Completely agree. I've been using Gmail since 2005, and it is fantastic being able to simply search and get emails from that long ago when needed.


I've been trying FastMail for the past two months or so and have been very impressed; it's actually better than GMail in many ways. Most importantly to me, it seems to be quite a bit faster than GMail for me.

One problem I've had is with their spam filtering. I've marked everything spammy as Spam (some 800 messages so far), but I can't figure out how to get things marked as non-spam (so that the personal database gets enabled). I've setup auto-non-spam folders and a lot of messages get routed into those, but they're not being counted as non-spam. I've also moved a few messages manually, and they also don't get counted.


I'm interested in quantitative evidence of "faster". I have 1.5GB of mail in gmail that I sync to fastmail and gmail is significantly, noticeably faster for me. Especially search.

I am skeptical of performance claims especially by people (not referring to you, but to the author of the post) who think mail.app is fast. Mail.app needs several seconds to do things that gmail does in 50 milliseconds, like load a thread with 100 posts, or free text search.


If you use a custom Sieve script, you can definitely whitelist certain addresses, domains, subjects, body text, etc. Google "fastmail sieve" for more info on this.

Also, if you haven't talked to support about this, I'd definitely recommend it. They've always been super helpful with me.


Great post; I'd love to try the service but I have over 10 Gigs of content in my current Gmail and can't really justify spending an extra $119.95 a year extra on email. This makes me wish I could though.


So ... you could get FM's "Enhanced" account (10G mail storage + 2G file storage) for $40/yr and then pay $5/G for additional space. It sounds like $50/year, perhaps less, would get you what you need at FM.


Thanks!

That's a lot of email...how much does it cost to store on gmail?


Nothing. The free tier of gmail is now 15GB.


I'm really interested in switching email providers but is there a solution for calendar? I really enjoy my calendar syncing across multiple devices and sharing with my friends and family.

Anyone have some good solutions?


I actually use iCloud because the Google Calendar -> Calendar.app syncing was pretty flakey. Obviously that's a bad choice if you're not all on Apple devices, but if you are I think it works pretty well.

Based on this excellent post (https://kkinder.com/2013/05/21/leaving-googles-silo-alternat...) it seems like there isn't a great drop-in replacement for Google Calendar (except for iCloud).


It's not actually a bad choice at all, though, considering their CalDAV support is best-in-class.


So, is there a market for a hosted email solution with a killer web ui that is not hosted in the US? How about Canada? Just wondering if there is an opportunity here for a non-US startup.


i dont think so. Its not like Reader which was shut down, gmail will operate like it always has and most people wont bother to switch or simply dont know anything about PRISM/NSA etc.

The noise on HN regarding this is extreme because this is a community of people who are really passionate about these topics, most people are not though.


What's the point of switching to an inferior email service if their servers are still under US jurisdiction? Might as well stick with Gmail and suffer the adds and NSA spying.


The point is to not support a company that does things you dont like.

But if you dont feel strongly about issues such as privacy, of course you dont see the point.


That's the thing -- I do feel strongly about privacy. That's why I don't see the point in switching to another US based service. Better to use a European or Asian provider or roll your own.


I just bloody switched to fastmail because I thought it was Australian - and unfortunately I really like it. Gutted to hear it's hosted in USA, kinda negates the point of my effort switching away.


You think Australia isn't a surveillance state?


Not the kind that drones you, mate.



For those like me who can't access the link:

http://web.archive.org/web/20130609020621/www.news.com.au/te...


The "Four Eyes", are USA, Canada, Australia, and England, and are all part of the PRISM program.


I've had a Fastmail account for about 10 years and the spam filtering is nowhere near as good as Gmail. There are some days I'll see 20-30 spam messages in my inbox.


I've heard the same thing, but it hasn't really been a problem for me.

If it was, I'd try http://mailroute.net. Apparently it's supposed to be pretty good at handling spam.


Another alternative is http://www.runbox.com/ - hosted entirely in Norway which has strong privacy laws.


Is Runbox still storing account passwords in plain text?

They looked like a great option but when I set up an account recently they emailed me my username and password in plain text. I cancelled immediately but if they get the security basics right I may look at it again.


Whilst I can't condone the sending off passwords over in plain text, if done at the registration stage it doesn't necessarily mean that they're being stored as plain text.


There is absolutely no reason any service should ever email you back your password.


If you're gonna pay, might as well stick with hushmail.


https://twitter.com/ioerror/status/353955117411737600

>Don't use hushmail. Never use hushmail or suggest it to others - they snitch out their users. Fuck them.


Context?



I actually use gmail's "Priority Inbox" - I'm not into "Inbox Zero", most of my mail I never read. So I like that gmail lets the real human people I talk to regularly pop up into a special zone. I've got my phone set to only make a noise when I get email in Priority Inbox.

So sadly, I think gmail still has what's basically a killer app for me.


Are most of you happy with Fastmail's pricing? I'd really like to switch away from Google apps for my families email needs, but would much rather pay $X for a domain and diskspace, and then create accounts as needed.

The family plan seems overpriced as well, as I'm the only one who needs large disk space, the other 3 accounts don't need so much.


Oops, just noticed that not all accounts need to be the same capacity. That saves a few dollars.


I switched to Fastmail from Google Apps a month or so ago and absolutely love it. Really fast, great web UI and works better with desktop clients than Gmail (none of the weird label issues, duplicate folders, etc). The entire migration process was very smooth too and the support always got back to me within an hour or so.


I did the same thing, also about a month ago. The latest gmail ui updates were bugging me. Now I have all my accounts forwarding to my fastmail account - works great.


Google sure is getting bad press lately !


I find it somewhat disappointing that so many people still rely so heavily on email that they can even become a "power user" of gmail. I check my email a few times a day, and even my work email has gone to once per day. It's an incredible time sink otherwise.


FastMail's (one of) my backup accounts. I don't use it often, so I don't really give out the address, but log in once every few months to confirm it still works.

It's wall to wall spam every time I open it up, stuff I don't ever see in Gmail.

There are tradeoffs....


It seems that these Fastmail guys are primarily charging for storage. My question would be, do they allow to set up many different domains and email addresses inside a single account or is this a one email address/domain per account thing?


An account is only one account, but it can have a number of aliases that varies by plan. https://www.fastmail.fm/pages/fastmail/docs/pricingtbl.html


Yes, you can use as far as I can tell an unlimited number of domains and aliases in a single account. Another plus over Google Apps is that the aliases are domain-specific (as far as I could tell, aliases for Google Apps applied to all domains).


I've been on the "Enhanced" plan for years now and have at least a dozen domains and maybe a dozen and a half email addresses configured. FM will also let you (if not encourage you to) to use its DNS servers instead of your registrar's, but that's up to you. I generally use FM for DNS hosting but you absolutely do _not_ need to do this to host domain mailboxes with them.


Does anyone out there know of something similar to FastMail (or gmail) that is self hosted? I've been dying for a fast, modern webmail app that I can host myself, but everything I've tried is just terrible (by comparison).



But fastmail don't give you calendar and contacts that you can sync to devices...


I've had the same Fastmail account since 2003 -- they were one of the first webmail providers to have strong IMAP support back in the day. It's always been reliable for me with very few outages through the years.


These kind of posts are useless at most. Lets say 2 months from now FastMail is doing 90% of the things the author didn't like. What then? Switch to yahoo and then do another post why I switched to Yahoo?


AdBlock works perfectly well with gmail (my manual filter is mail.google.com##[class="mq"]). For privacy, I have installed "Mymail-Crypt for Gmail", but I know noone who uses pgp.


"Ready to give FastMail a shot? I’d suggest: Moving all your existing email to FastMail."

This is not how you test things. For those prices vs storage I'd rather roll my own if I had to move off Gmail


> MailMate and it's interesting thread hierarchy view.

How is it different from the threaded view that has been present since at least Netscape days?


All the UIs I've seen in the last several years present threads flat (without any hierarchy). If there are other modern mail clients that have this kind of UI, I'd love to see them.



I've actually used Postbox and didn't realize it could do that. Thanks!



I want to see a gmail type application I can run from my own servers, I don't have much faith in the cloud these days.



What is the point when you are sending and receiving unencrypted email anyway...


I think it's fair to assume that HN is a fairly technical community and could manage such a feat on its own, so these: "here is how to switch from [insert Google service] to its competitor" posts strike me as karma-bait (and they do get votes).

As to these ads you're so troubled by:

Twitter ads look like tweets, Facebook ads look like Facebook posts, and of course search ads look like search results, at least in Gmail they have their own designated area. They replace the webclip ads when the "promotions" tab is enabled http://googlesystem.blogspot.com/2013/06/ads-in-gmails-promo...

https://news.ycombinator.com/item?id=6069372

Also quoting some random Marco Arment anti-Google troll as though it has some weight or authority doesn't help your point.


As to these ads you're so troubled by: (...)

Yeah, those are good arguments to avoid using Twitter and Facebook as well.


infinite scroll is not a feature


classic.fastmail.fm




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: