Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: I'm done with Gmail (a.k.a. NSA-Mail). What's the best alternative?
9 points by flavmartins on Oct 31, 2013 | hide | past | favorite | 11 comments
With the NSA infiltrating Google and Yahoo. I'm ready to drop Gmail. What's the best alternative?



If by best you mean stopping the NSA from getting your communication, the best alternative is paper letters in an envelope or face to face speech away from any devices like your phone or laptop that can be hacked.

Any and all email providers can be subverted (and probably are). You could run your own email, but most email and all metadata is cleartext in transit. You could use encrypted email, but except for the one or two of your friends who would put up with encryption, all your comms are going out clear on the open internet.

You can secure specific communication between specific pairs, but as a practical matter you cannot secure email today because almost no one you know will cooperate with you. If you were to reverse engineer email and the internet you would have to conclude that it was designed for surveillance.

If it really matters, don't use the internet or the phone.

P.S. I use fastmail.


Ah, but paper letters are delivered by the USPS, and thus not secure against NSA spying ether.


The only reason internet surveillance is a problem is that it's easy to automate and doesn't leave evidence that's easy to spot.

Metadata on a physical letter is easy to collect without evidence of tampering, and the USPS takes photos of letters to make delivery easy. They supposedly delete the images. I assume they share the images with the NSA.

The contents of a letter in an envelope are harder to spy on, because it's a manual process and you leave evidence of tampering unless you're really good and careful. But really good and careful takes even longer.

If you're a specific target, then they'll get what they want. But if you're an average unsuspected person, a letter is just too much trouble to spy on, and I think they probably don't do mass surveillance on the inside of enveloped letters.


* Prepare 100 (or whatever) onetime pads using truly random events.

* Prepare a metadata sheet indicating the serial number of each of those one time pads.

* Hand both over in a face to face meeting (you keep a copy of metadata and one time pads).

* Indicate the serial number of the onetime pad used in your letter and encode the rest of your letter using that onetime pad and post the letter.

* Destroy your one time pad and your corresponding party also destroys his/her copy in an irretrievable fashion.

This all assuming nobody else gets to see the onetime pad except you both.


Yes, but that requires meeting in person. If you want to go that far, just use PGP + OCR + Air Gap.

Much simpler.


It's pointless to jump to another webmail provider. You will still be at someone else's mercy.

A VPS is better, but only slightly better, for the same reason.

If you really care about privacy, buy a low-end server and install Roundcube (or Mailpile when it's ready for production).


mailpile looks NICE! I'll have to keep checking on it.


In the future, perhaps the Dark Mail Alliance mentioned earlier on HN: https://news.ycombinator.com/item?id=6642106


If you want a non-US service: runbox.com


lavabit before it went down. As of now, PGP.

Privacy is dead, long live security!


PGP is the best option, but makes it harder for the recipient. Perhaps added security = added hassle, and there's no way around that.

Here's how to protect GDrive files: https://news.ycombinator.com/item?id=6644888




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: