Stunningly bad privacy law just passed in Australia - what does it mean for FastMail?

[TheJapanese]

Much better privacy laws.

In US everyone from gov does access the servers. Especially if you are non American citizen you have nearly no rights concerning privacy laws.

In EU it’s not that easy.

[bipbop]

Quote:

Originally Posted by TheJapanese

It's getting very silent concerning Fastmail and the AABill...

What are your thoughts? Are you still using Fastmail (which is one of the best mail-services)?

Still using them for now.. But I've been, and am, looking at alternatives, and it's 50/50 whether I migrate to another. I agree it's one of the best. And of course, this situation isn't the fault of FM. Still, it is what it is.

[TheJapanese]

Quote:

Originally Posted by bipbop

Still using them for now.. But I've been, and am, looking at alternatives, and it's 50/50 whether I migrate to another. I agree it's one of the best. And of course, this situation isn't the fault of FM. Still, it is what it is.

Yes - actually best mail provider I know... And I know, it's not their fault... But Australian company and US Servers
Sadly they made the jump away from EU Servers

[ChinaLamb]

I still maintain that there's additional risk to using a service that's explicitly encrypted and exists solely for the privacy of it's users. You draw attention to yourself and the more eyes are on you, the more creative people get with trying to get access to your data.

Fast mail has been a great service provider that exists not primarily to provide servitors, but to provide great email service. Privacy is not the central marketing point, never was.

In my opinion, after working in countries throughout Asia and with people in the middle East, Western governments accessing the server data is not my primary concern.

Phishing protection, two factor security using physical keys is the most important security defence. Increasingly, security sms codes and even 6 digit authenticator codes are being intercepted and used to access email of journalists and other actors in the region. We've moved to physical keys as a result. Thank you fast mail for providing this!

The single most important issue is physical device security. Stolen devices necessitate that encryption is used on the device. Alone with good passwords protecting the device.

The methods hostile governments outside the West are using, is less and less hacking into email servers, but gaining access to individual computers and handheld devices. Unfortunately, most people I know make it all too easy to let these foreign actors Access their devices.... Facial recognition is just one horribly insecure method. Police point phone at your face, and they have it unlocked. Simple, done. Face unlock is the worst "security" method ever. Fingerprints are easy too. Police grab your hand, extend your finger and tough your finger to the sensor.

[TenFour]

For most of us the biggest real danger is phishing and other trick emails. Protection starts with spam and junk filtering. If state-level entities want your secrets there is no defense.

[bipbop]

Quote:

Originally Posted by ChinaLamb

I still maintain that there's additional risk to using a service that's explicitly encrypted and exists solely for the privacy of it's users. You draw attention to yourself and the more eyes are on you, the more creative people get with trying to get access to your data.

This is specifically about the Australian privacy law. I simply have a problem with using a service that must abide such a draconian law.

Quote:

Fast mail gas been a great service provider that exists not primarily to provide servitors, but to provide great email service. Privacy is not the main marketing point, never was.

In my opinion, after working in countries throughout Asia and with people in the middle East, Western governments accessing the server data is not my primary concern.

It's a matter of principle for me. The Australian govt has gone too far.

Quote:

Phishing protection, two factor security using physical keys is the most important security defence. Increasingly, security sms codes and even 6 digit authenticator codes are being intercepted and used to access email of journalists and other actors in the region. We've moved to physical keys as a result. Thank you fast mail for providing this!

Those do not protect you from the Australian govt. They can literally force Fastmail to give them backdoor access, and Fastmail isn't even allowed to inform customers about it

Quote:

The single most important issue is physical device security. Stolen devices necessitate that encryption is used on the device. Alone with good passwords protecting the device.

The methods hostile governments outside the West are using, is less and less hacking into email servers, but gaining access to individual computers and handheld devices. Unfortunately, most people I know make it all too easy to let these foreign actors Access their devices.... Facial recognition is just one horribly insecure method. Police point phone at your face, and they have it unlocked. Simple, done. Face unlock is the worst "security" method ever. Fingerprints are easy too. Police grab your hand, extend your finger and tough your finger to the sensor.

The same happens regularly in the US. I consider the US government hostile too. And don't get me started on what they do outside the US.

[janusz]

Quote:

Originally Posted by ChinaLamb

Facial recognition is just one horribly insecure method. Police point phone at your face, and they have it unlocked. Simple, done. Face unlock is the worst "security" method ever. Fingerprints are easy too. Police grab your hand, extend your finger and tough your finger to the sensor.

Facial recognition and fingerprints are optional, aren't they?

[ChinaLamb]

Quote:

Originally Posted by janusz

Facial recognition and fingerprints are optional, aren't they?

Absolutely, I'm just telling you how we see government interference, and the things we're dealing with, much more so than warrants through the official channels. There's so much more to talk about, what we're seeing, and what's happening. But mainly the greatest danger is physical access, and gaining physical access to devices.

[TheJapanese]

Quote:

Originally Posted by ChinaLamb

... and gaining physical access to devices.

You're right... And Fastmail with it's app-specific passwords is quite good there. But nevertheless the location of data/company also plays a role.

Maybe they will open an datacenter within Europe again? Many US companies are doing this in near future (if not already been done).

[bipbop]

Quote:

Originally Posted by TheJapanese

You're right... And Fastmail with it's app-specific passwords is quite good there. But nevertheless the location of data/company also plays a role.

Maybe they will open an datacenter within Europe again? Many US companies are doing this in near future (if not already been done).

I would think a relatively small company such as Fastmail, rents, rather than owns datacenters. In the case of the US, they seem to be using a company called NYI, which offers "Mission-Critical Hybrid IT Solutions".

[TheJapanese]

They’re not that small as you think they are.

Fastmail is one of the biggest mail-providers worldwide.

There are a lot smaller providers who have own servers (Posteo, ProtonMail, Mailbox.org,...)

[bipbop]

Quote:

Originally Posted by TheJapanese

They’re not that small as you think they are.

Fastmail is one of the biggest mail-providers worldwide.

Not big enough to have their own datacenter in New York, apparently. Are they really one of the biggest mail-providers worldwide? Do you have the sources to back that up?

Quote:

There are a lot smaller providers who have own servers (Posteo, ProtonMail, Mailbox.org,...)

"Datacenter" implies a step up from owning a few servers.

[TheJapanese]

How big is Fastmail?
They do have more than 110.000 external domains under their control.

Another one: https://www.marketjournal.co.uk/emai...-amazon/15264/

Own datacenter:
ProtonMail and Mailbox.org do have own datacenters under their Control. Not only rented servers.
They’re a lot smaller companies at all.

[bipbop]

Quote:

Originally Posted by TheJapanese

How big is Fastmail?
They do have more than 110.000 external domains under their control.

Another one: https://www.marketjournal.co.uk/emai...-amazon/15264/

Own datacenter:
ProtonMail and Mailbox.org do have own datacenters under their Control. Not only rented servers.
They’re a lot smaller companies at all.

Unfortunately that URL doesn't say anything about Fastmail's buiness size, but I guess you downloaded the report? I don't feel like registering to get it. If you could give some key figures, it would be appreciated.

110.000 domains isn't that much. Even if you should count 1 for each customer (I have several, so do many others), it's only 110.000 people/orgs. I would think the vast majority of Fastmail's customers are people who don't own domains.

[Berenburger]

Quote:

Originally Posted by bipbop

Unfortunately that URL doesn't say anything about Fastmail's buiness size, but I guess you downloaded the report? I don't feel like registering to get it. If you could give some key figures, it would be appreciated.

That report costs $ 3900,=.