EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 27 Dec 2016, 01:34 AM   #1
correo
Junior Member
 
Join Date: Dec 2016
Posts: 10
Fastmail seems almost perfect

I am this close to moving my personal domain to fastmail. I love the technical expertise and security emphasis (esp. regarding spf/dkim/dmarc). The web interface is lightning fast and has awesome functionality. The features (tons of aliases), rock solid stability, honestly a top notch service.

The only reservation I have is that I would like some option to encrypt my Inbox. I believe fastmail says that data is encrypted at rest, but these servers are always up, right? So that seems moot, unless I misunderstand. One of the main reasons I am moving from more mainstream services is to eliminate the possibility of my e-mail provider accessing my mail. I literally don't want them able to read them at all. I have read fastmail's reasoning why they believe it's important to be able to access my mails, but I have no need to search mails on the web interface, or use any of the other organizational features through webmail interface. I use Thunderbird and K-9 Mail on my phone and can search there easily. I would only access through a browser occassionally.

Given that fastmail is in the US & Australia, I would like them to be unable to reveal the contents of my Inbox or any folder to anyone, because it was encrypted.

Maybe someone wants to make my day and tell me that I'm misinformed, and that fastmail cannot access my mails on their server? If so, I will be signing up right away. If not, I will likely go with a mailbox.org or posteo and keep my eye on fastmail to see if they offer this type of feature in the future.

But for sure, a superlative service.
correo is offline   Reply With Quote

Old 27 Dec 2016, 03:15 AM   #2
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
What you are looking for is something that is extremely difficult to provide in a usable form. First, reflect on this: mainstream IMAP mail clients have no facility to automatically decrypt messages dynamically at the client end. A first requirement will be some kind of add-on to handle encryption/decryption. In fact, such a facility does exist: a few PGP products can be set up to automatically encrypt messages when sending, and decrypt them whenever they are read.

As an alternative, you can use an email system where the provider has clients to handle decryption on your computer/tablet/phone. If this is browser-based, it will be insecure. If it is a native application on the device, it can be completely secure, in theory, but good luck in finding a niche service with support for MS Windows, OSX, Android, Linux, iOS and whatever other platforms you might need supported.

Apart from the above, there are some performance costs (and losses in functionality) but only one "tiny" remaining issue. It assumes that everyone else who corresponds with you is willing to use a compatible system. Good luck with that! I am able to communicate with anyone who asks using PGP, but have given up trying to educate others on its benefits. Although not really hard, it seriously affects the usability of ones email system, and is anyway too much trouble for most people, even for transmitting sensitive messages.

Sad to say, for all practical purposes, email communications cannot be made fully secure for general correspondence. If you want a suggestion on what you can do that your correspondents can use when you send them something confidential, you can put the message in an encrypted archive using a widely supported format like ZIP files. You let them have the password. Just do not expect them to send stuff to you that way!
BritTim is offline   Reply With Quote
Old 27 Dec 2016, 03:19 AM   #3
petergh
Master of the @
 
Join Date: Jan 2002
Location: Denmark
Posts: 1,302
You seem to be concerned about two different types of snooping: internal, by Fastmail staff, and external, by government agencies.

As for internal snooping, you are correct that (some) Fastmail staff has the ability to read the contents of the emails stored on the servers. You are also correct that data is stored at rest, so if the CIA/FBI/NSA busts the door at Fastmail's data center(s), they'll get a whole lot of nothing, fast.

As for external snooping, first read this: https://www.fastmail.com/about/privacy.html. If that doesn't put your mind at ease, then you should unfortunately sign up with someone else.
petergh is offline   Reply With Quote
Old 27 Dec 2016, 03:28 AM   #4
petergh
Master of the @
 
Join Date: Jan 2002
Location: Denmark
Posts: 1,302
This talk about PGP reminds me about this op-ed on Ars Technica last week:

http://arstechnica.com/security/2016...ing-up-on-pgp/

One comment, from an editor at AT, had me laughing hard:

http://imgur.com/a/vwWzE

Tragicomical, yes, but mostly comical.

By the way, there's now a counter-op-ed up:

http://arstechnica.com/information-t...t-replace-pgp/
petergh is offline   Reply With Quote
Old 27 Dec 2016, 04:45 AM   #5
correo
Junior Member
 
Join Date: Dec 2016
Posts: 10
Thanks for the feedback!
I definitely understand that email is fundamentally insecure. I'm also familiar with pgp and know how to use it with any provider. Though frankly I'm not super interested in using e2ee very often.

What I'm looking for is something akin to what a couple of providers offer. Some allow you to upload your public pgp key and set all incoming mail to be encrypted with it before it arrives in your inbox. That's fine and accomplishes my goal, but an approach I like better is what posteo allows you to do, which is they encrypt all incoming emails, attachments, meta data, everything, using your account password instead of your public key. The result of this encryption is that you alone can see this content, and the entire contents of your inbox are inaccessible to the email provider or anyone else who doesn't have your password (with posteo) or your private pgp key(with for example mailbox.org).

I respect what fastmail says about their approach to privacy, and I believe them. Nonetheless, if a law enforcement official showed up with a warrant or put a gun to their head, so to speak, they would be capable of turning over my plaintext emails. With the systems I describe from other providers, they are only capable of turning over encrypted data.

Additionally, I have checked out tutanota and proton, whose closed system certainly keeps everything secure, but seems extreme to ask people to abandon their normal platform and follow links just to read an email. I mean after all, I'm not doing anything sensitive, but I do like the idea of my inbox is for my eyes only. I have no illusions of being able to thwart any type of serious, governmental wire tapping situation, nor would that ever be aimed at me.

Anyway, thanks for your input.

p.s. Loved those ars articles, I read them as they were published. Totally pertinent to the discussion.
correo is offline   Reply With Quote
Old 27 Dec 2016, 04:51 AM   #6
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
Quote:
Originally Posted by petergh View Post
This talk about PGP reminds me about this op-ed on Ars Technica last week:

http://arstechnica.com/security/2016...ing-up-on-pgp/

One comment, from an editor at AT, had me laughing hard:

http://imgur.com/a/vwWzE

Tragicomical, yes, but mostly comical.

By the way, there's now a counter-op-ed up:

http://arstechnica.com/information-t...t-replace-pgp/
A fun read. All I will say about all this is that WoT for keys struck me as a pipe dream when I first read about it, and nothing I have seen since convinces me it will ever be a practical general solution. With the rare correspondent willing to use PGP, I just arrange to distribute public keys in a way we both trust. This does not scale, of course, but PGP does not scale: that is its problem.
BritTim is offline   Reply With Quote
Old 27 Dec 2016, 06:43 AM   #7
petergh
Master of the @
 
Join Date: Jan 2002
Location: Denmark
Posts: 1,302
Quote:
Originally Posted by correo View Post
I respect what fastmail says about their approach to privacy, and I believe them. Nonetheless, if a law enforcement official showed up with a warrant or put a gun to their head, so to speak, they would be capable of turning over my plaintext emails. With the systems I describe from other providers, they are only capable of turning over encrypted data.
If a government agency wanted your email that badly, they could and probably would get your email provider to copy all your incoming and outgoing mail silently in the background before storing an encrypted copy in your inbox. You wouldn't be able to tell the difference. Game over.

As long as end-to-end encryption is not employed, your email host has the possibility to see all your incoming and outgoing email at some point. And if they do, so does anyone they (are coerced to) cooperate with. PGP or the like is the only solution to that problem.

Don't know why, but I'm reminded of this. :-)

https://xkcd.com/538/
petergh is offline   Reply With Quote
Old 27 Dec 2016, 07:17 AM   #8
David
Ultimate Contributor
 
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
Quote:
Originally Posted by correo View Post

Given that fastmail is in the US & Australia, I would like them to be unable to reveal the contents of my Inbox or any folder to anyone, because it was encrypted.

Maybe someone wants to make my day and tell me that I'm misinformed, and that fastmail cannot access my mails on their server? If so, I will be signing up right away. If not, I will likely go with a mailbox.org or posteo and keep my eye on fastmail to see if they offer this type of feature in the future.

But for sure, a superlative service.
You say (in your opening post) that you are close to moving your domain name over to Fastmail. That being the case, you are surely aware of the limitations of the service.

Do you really expect Fastmail to make major changes (that many do not want) just for you?

It is my opinion that you are using this thread as a ploy (to get what you want) while stirring everyone up, under the facade of posting a compliment.
David is offline   Reply With Quote
Old 27 Dec 2016, 10:21 AM   #9
Glendon CDN
Member
 
Join Date: Feb 2004
Location: Markham, ON Canada
Posts: 80
Sounds to me, Correo, that you should be taking a look at ProtonMail.com As I understand it, end to end encryption, mail stored in Switzerland which is about as far from the reach of legalized snooping as end users can get. A basic account is free; upgraded accounts are a bit more expensive than Fastmail but may not be needed depending on your mail volume. ProtonMail is only available as a web app on the Mac desktop. It has an excellent iOS app. The website will have information on use with other operating systems.

Last edited by Glendon CDN : 27 Dec 2016 at 10:45 AM.
Glendon CDN is offline   Reply With Quote
Old 27 Dec 2016, 10:33 AM   #10
emoore
Essential Contributor
 
Join Date: Apr 2002
Posts: 280
There have been several requests that the Enigmail add-on for Thunderbird support encrypting the existing contents of the inbox. It didn't make it to either the "developers to-do list" or the "feature wishlist for v2.0".

https://sourceforge.net/p/enigmail/f...read/b0940ad0/

There is a IMAPCrypt utility that supposedly lets you encrypt the contents of an existing IMAP folder using Gnu Privacy Guard (GPG). I ran across another project that uses gpgit to do the encryption and pipe2imap to upload the encrypted message.

https://www.chrisleephd.us/projects/imapcrypt.html

https://www.grepular.com/Automatical...g_Email_Part_2

Last edited by emoore : 27 Dec 2016 at 10:51 AM.
emoore is offline   Reply With Quote
Old 27 Dec 2016, 04:21 PM   #11
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
Quote:
Originally Posted by correo View Post
What I'm looking for is something akin to what a couple of providers offer. Some allow you to upload your public pgp key and set all incoming mail to be encrypted with it before it arrives in your inbox. That's fine and accomplishes my goal, but an approach I like better is what posteo allows you to do, which is they encrypt all incoming emails, attachments, meta data, everything, using your account password instead of your public key. The result of this encryption is that you alone can see this content, and the entire contents of your inbox are inaccessible to the email provider or anyone else who doesn't have your password (with posteo) or your private pgp key(with for example mailbox.org)
Personally, I would not assume either of these methods is keeping your mail confidential from either security agencies or an untrusted mail provider.

Unless the message is protected with strong encryption from the time it leaves your client, the big security agencies should be assumed to have a copy of it intercepted while in transit. There are a number of MitM mechanisms they can use for this. As for your mail provider, even if they claim no copy of your password is retained by them, how do you know this is true? Even using an asynchronous encryption method like PGP, you only have the mail provider's word that it is used.
BritTim is offline   Reply With Quote
Old 28 Dec 2016, 03:14 AM   #12
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 371
I wholeheartedly agree with the points made here by BritTim and petergh. The reality is that just about any provider that claims to provide secure encryption of your email inbox is ultimately just giving you "security theatre" in the classic sense. It's a feel-good solution for everybody who is obsessed with the idea of encryption without understanding the nuances of how Internet email technology — or even proper encryption — actually works.

The very nature of SMTP and MTA/MDA processes is that the messages must live in plaintext on the systems at some point. Now, it's theoretically possible for that to occur only in a protected memcache, but there are still many points of vulnerability in such a design, and I'd honestly want to see very detailed, in-depth technical analyses on how this is all done before I'd truly trust such a system.

Similarly, the minute a provider supports IMAP or POP retrieval of email, the MUA enters into the equation, and suddenly you're dealing with another plaintext attack vector. While it would be theoretically possible for an IMAP client to decrypt messages with a symmetric or asymmetric system after download, there is basically no major group of email clients that provide any standard support for this at all, so it's unlikely to see buy-in from any provider. Ultimately, such an idea is niche at best right now.

Even providers that use webmail services rather than standard IMAP/POP protocols have their own issues to wrestle with, and requires very careful design to ensure that your keys are not being disclosed to any server-side processes. It's not an insurmountable problem, of course — many file-based services like SpiderOak and Sync.com have managed to a address it, but it's also not trivial to design properly.

Finally, consider that any system that uses symmetric encryption (e.g. your account password) and allows you to change a forgotten account password will by necessity have a vulnerable point of access. If you can change your account password without knowing the original one, then so can the provider.

In addition to the normal design and engineering challenges that often leave wide holes for hackers, there are many points of access that a law enforcement agency or bad actor within the company can take advantage of to get access to your data even in the best designed system, as it's just a limitation of how email technology works.

The problem is not that email providers like FastMail are unwilling to provide robust encryption solutions — the reality is that they're just not capable of doing it properly, and wisely don't want to contribute to "feel-good security theatre" that doesn't actually help anybody at the end of the day.

Honestly, at the end of the day your best option if you're that concerned about securing your inbox is to either not leave it online at all — use POP to download all of your mail and file it locally on your own computer, or move messages from your IMAP INBOX to local folders in your mail client — or simply run your own mail server that remains under your own control.
jhollington is offline   Reply With Quote
Old 28 Dec 2016, 03:43 AM   #13
TheJapanese
Member
 
Join Date: Apr 2016
Posts: 67
In my opinion FastMail has a big advantage over mailbox.org or Posteo, Protonmail etc.

FastMail has app-specific passwords (and with different restrictions). Much better than any other provider.

Don't want, that my routers firmware knows my private mail-password, etc.

I really like mailbox.org and it's Open Xchange System behind. But only one password for an account seems to be outdated.
TheJapanese is offline   Reply With Quote
Old 28 Dec 2016, 04:30 AM   #14
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
From my point of view, running your own server from your house or using POP with a conventional email client is the least secure method of using email. A few years ago a burglar pulled out the security alarm telephone wires, broke in through a rear door, and stole my PC. It was an all-in-one PC with a large screen, so the thief probably thought it was a television. They stole the wrong power supply, so my guess is that they threw it away when they couldn't get it to power up. If I had used the default (retrieve all messages and delete them from server) POP3 with an email client, all of my stored email would have been permanently lost. A similar situation would result if your hard drive failed and you didn't have a recent backup. Of course, all of my friends who have their passwords on Post-It notes on the side of their PC monitor are in real peril if someone breaks into their residence.

I think that many people improperly consider the risk of various events. My guess is that the risk of an improper government request for your messages is several orders of magnitude less than your PC hard drive failing, a fire burning up your PC, or a thief or family member stealing your PC. I trust the reliability and security of my Fastmail email store much more than anything I could manage myself at my house.

Bill
n5bb is offline   Reply With Quote
Old 28 Dec 2016, 05:30 AM   #15
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 371
Quote:
Originally Posted by n5bb View Post
I think that many people improperly consider the risk of various events. My guess is that the risk of an improper government request for your messages is several orders of magnitude less than your PC hard drive failing, a fire burning up your PC, or a thief or family member stealing your PC. I trust the reliability and security of my Fastmail email store much more than anything I could manage myself at my house.
I agree completely. I've run my own mail server on and off over the course of several years and keep coming back to FastMail as it just makes far more sense to outsource it than having to deal with it myself.

My reasons for running my own server were always more about certain features that I could deploy myself that other providers don't have (Sieve editheader and proper iOS push support were two really big ones, not to mention some enhanced server-side folder rule scripting on the message stores for auto-filing). iOS push is something that FastMail implemented last year, and did a really good job of it, and it was at that point that I decided I could live without the other features in favour of the stability and reliability that FastMail provides. I've been telling my colleagues for years that, compared to most other mainstream providers, FastMail offers almost all of the features you'd want from running your own server anyway, and it's pretty much true for all but the most esoteric advanced features.

Even leaving aside all of the risks n5bb mentions — in my case I run multiple, encrypted backups both on-site and off-site, use IMAP to pull down all of my email to two client workstations, and used full-disk encryption on the server — you're also left having to keep up with the latest security updates, deal with the issues of hardening your server, and of course you're a victim of the stability of your own Internet connection, which for most people is just a typical home-grade connection. I'm fairly confident that a professional service provider like FastMail is going to be far more on top of creating a secure computing environment than anything that I want to be bothered looking after on a regular basis.

Last edited by jhollington : 28 Dec 2016 at 05:39 AM.
jhollington is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 09:43 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy