FastMail's servers are in the US: what this means for you.

[robn]

We spent a little bit of time over the last few days writing up our position on having servers in the US. Here you go:

http://blog.fastmail.fm/2013/10/07/f...means-for-you/

[kijinbear]

Wonderful! It's great to know that you're doing everything you can to make life difficult for excessively inquisitive folks.

Quote:

There are of course other avenues available to obtain your data . . . Ultimately though, our opinion is that these kinds of attacks are no different to any other hacking attempt.

I agree wholeheartedly. If a bunch of agents barged into the datacenter and started pulling hard drives out of your servers without your permission, that would be no different from common robbery and the same security measures (such as chassis-intrusion sensors and full-disk encryption) would be effective against both.

Please keep up the good work! I trust that you will do your best to keep our data safe from attacks of all kinds, whether by rogue governments or by private hackers, whether against your physical hardware or against your software stack.

As a non-US user, I would still appreciate it if you could keep exploring other jurisdictions. Nonetheless, I understand this this is more easily said than done, and I will not even consider closing my 2 FM accounts even if all your servers remained just where they are.

[muppetandchums]

Delusional.

Your article fails to address WHY your servers are located in the USA. Don't tell me you've got them in a bomb proof bunker in Maryland at a discount rental ?

If you believe Australian Law protects you from the NSA and the Federales you need to consider sacking your Security Architect and your Legal Counsel or better, get them into rehab pronto.

Let me supply you with a few pointers

http://www.theguardian.com/world/201...ance-questions

https://www.eff.org/nsa-spying/how-it-works

http://www.techdirt.com/articles/201...s-doesnt.shtml

http://www.wired.com/threatlevel/201...vabit-snowden/

There is no accounting for dumb.....never thought I'd see such collective stupidity in fellow Australians.

M&C

[muppetandchums]

https://news.ycombinator.com/item?id=6506536

[robn]

Thanks for posting the link to the HN thread, where I've been posting for the last few hours to try and address all the concerns that came up.

In particular, this portion of the thread will interest you:

https://news.ycombinator.com/item?id=6506626

[ioneja]

Thank you guys for posting that -- it's clear a lot of thought has gone into your decision making process.

I totally understand balancing the risks, benefits, etc., and your explanation is reasonable and much appreciated BUT, for the record, as a multiple-account paying customer, I would STILL like you to please set up a NEW server farm in a better jurisdiction so I have the OPTION of moving some or all of my accounts over there.

Just do it gradually... but I think you may be surprised how many folks around the world will sign up. The US has a very bad reputation right now (deservedly so!)... and this coming from a US citizen. Having another jurisdiction as an option could really boost FM in many ways. Even as a symbolic gesture, it could have a very positive impact.

You could even look at it as just a big marketing expense. By default, you'll get some great PR, boost foreign subscriptions, and cover yourself in the event that the US gets even WORSE that it is now. I'd call that a win-win.

I did read that HN link and I am relieved you are still considering setting up servers in another jurisdiction. Please consider this solitary multiple-account customer from the US as a strong vote for that action.

[qwertz123456]

Rob, something that isn't quite as related, but still on the topic of security.

https://emailprivacytester.com/

Of course some of the stuff can be blocked via FM interface and the email client, but maybe it's something for your product management as some ideas to increase privacy as well

[qwertz123456]

Quote:

Originally Posted by ioneja

You could even look at it as just a big marketing expense. By default, you'll get some great PR, boost foreign subscriptions, and cover yourself in the event that the US gets even WORSE that it is now. I'd call that a win-win.

I did read that HN link and I am relieved you are still considering setting up servers in another jurisdiction. Please consider this solitary multiple-account customer from the US as a strong vote for that action.

I agree. Would it hurt to do a kickstarter campaign? Even if that doesn't work, still good marketing

[ioneja]

Forgot to mention, BTW, as I stated in another thread, I will PRE-PAY to move some or all of my accounts if you were to open up in another jurisdiction. Just sayin'.

Just imagine how great your marketing can be, starting with a fantastic press release that almost every tech blogger on the planet will pick up. You'll probably even get CNN or other mainstream news coverage if you do this sooner, rather than later. Headline: AUSTRALIAN VISIONARY EMAIL PROVIDER FASTMAIL OPENS NEW DATACENTER FOR PRIVACY-CONSCIOUS CUSTOMERS!

[ioneja]

Quote:

Originally Posted by qwertz123456

Would it hurt to do a kickstarter campaign?

Count me in for a kickstarter campaign. That just might work. Plus, it's zero risk, since if FM didn't reach their funding goal, no one would have to pay anything, and FM would still reap some benefit of the PR generated during the campaign.

[qwertz123456]

Darn, these FM customers....so passionate about email

[ioneja]

Quote:

Originally Posted by qwertz123456

Darn, these FM customers....so passionate about email

Haha! I don't know the FM team personally, but they really seem like good guys trying to provide an honest product and are trying to do right by us. They have never given me pause, except for a few issues years ago that they actually resolved... if anything, that gives me more confidence in them.

Now that they have been unleashed from Opera and actually own their own company again, they have a chance to really thrive in new ways. Someone has to do it -- email as a general service has been mutated by Google, Microsoft, Yahoo, etc... and people need a refuge from the crapfest that has happened in the email world -- we are more than just a "profile" that gets sold to the highest advertising bidder! That's just for starters.

Also for the record, I do have paid accounts at other providers that I like and respect, and I also wish them the best of luck and would support them if they chose a step like this. However, I see that as unlikely: one of them is US-based, for example, and I can't remotely imagine how they could go overseas without a massive, disruptive business model change.

Those other providers I trust are not in the unique technical and operational position that FM is in -- FM could actually pull it off... FM already operates their server farm remotely... why not add another data center? FM has a real opportunity to shine here, and frankly, they deserve it IMO.

[robn]

Thanks for the love, we appreciate it. Especially today, its been a busy six-odd hours since that post went up! The response has been loud, and mostly positive, which is quite lovely

We're hearing you loud and clear on the alternate datacentre option. I think its been discussed at least once a day in the office for the last couple of weeks, and probably every few days before that. I can't commit to anything, but I promise this forum will know as soon as there's anything to report.

[kijinbear]

Quote:

Originally Posted by ioneja

I will PRE-PAY to move some or all of my accounts if you were to open up in another jurisdiction. Just sayin'.

For those wondering what's so difficult about buying a few more servers and putting your account in some place like Switzerland:

It is extremely difficult to have email to the same domain delivered to different places depending on the username.

If you use one of the more popular domains, like fastmail.fm and fastmail.net, it will be nearly impossible for FastMail to host your account in a different jurisdiction without moving all users to the new location. After all, they'll have to point their MX records at the new location, and that will affect all users of that domain.

Even if only POP3/IMAP and the web interface were served from the new location, all incoming mail will have to go through their U.S. servers if that's where the MX record with the highest priority points to. I don't think that will be acceptable to most people who wish to avoid the U.S. for privacy/political reasons.

The only reliable way to operate an email service from multiple locations is to segregate the domains so that some are served exclusively from the U.S. and others are served exclusively from the new location. Since FastMail already has lots of users on all their domains, and since not all users are going to want to switch countries, this is going to be very difficult.

For people who use their own domains, it will probably be easier to provide alternate MX records, but in the current architecture every Enhanced account needs to have at least one alias at one of FastMail's own domains. (Family & Business accounts might be more suitable for migration.)

It might even be easier to move all the servers at once than to operate the same domain from multiple locations.

But FastMail has a bunch of very competent engineers working for it, so I wouldn't be surprised if they came up with an ingenious solution to this problem.

[robn]

Quote:

Originally Posted by qwertz123456

Rob, something that isn't quite as related, but still on the topic of security.

https://emailprivacytester.com/

Of course some of the stuff can be blocked via FM interface and the email client, but maybe it's something for your product management as some ideas to increase privacy as well

Cute little tool. With the standard (modern/ajax) interface it didn't trip any of the tests, and only two (CSS background and IMG tag) after "show images" was clicked. I'm pretty happy with that!