EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 6 Jan 2019, 05:48 AM   #31
ioneja
Cornerstone of the Community
 
Join Date: Jul 2011
Posts: 528
@BritTim Agreed completely.

@Terry I'm sure that's part of the idea -- I'd like to give the lawmakers the benefit of the doubt for hopefully having good *intentions*, but sadly, in order to get those powers, they've rammed through a law that will do more harm than good.

BTW I've had a chance to look through the law a bit more, and I also re-read FastMail's response (latest blog post here for convenience: https://fastmail.blog/2018/12/21/adv...ill-australia/ ), and I believe that at least for me, FastMail has definitely not responded strongly enough.

First, to their credit, FastMail has at least raised concerns about the bill and submitted their opposition to the bill, plus contacted parliament and started working with other firms to "put forward a united call for sensible amendments to the law." BUT ultimately, FastMail "won't be making changes to [their] technology or policies."

They continue: "Law enforcement has always been able to request information from us through the Telecommunications Act with a lawful warrant. Because we have the ability to decrypt all data, there is no need to make changes that circumvent encryption."

And more: "Every warrant we receive is reviewed by senior staff for legitimacy and scope before data is provided. Each account whose data is requested must be individually identified. Responding for one user does not require us to expose or share the data of our other customers."

So this is all fine and dandy, but their statement doesn't really address the deeper issues IMO... in fact, for me, it just passes over them as if it's business as usual for their legal request process... but indeed things have changed on a fundamental level! There's far more to it.

They don't address how sweeping and profound the changes are and their theoretical and real ramifications. For example, the ease and facility of how the requests are actually different than in the past -- i.e. Technical Assistance Notices (TAN), Technical Capability Notices (TCN), and worst of all, Technical Assistance Requests (TAR), and how the scope and scale of requests has been broadened with *reduced* government accountability and oversight, along with the serious implications of how much power has been granted to those entities that submit the requests.

Not to mention the ambiguous but serious implications of Five Eyes-related intelligence agencies and how they are connected, i.e.: "...assisting the enforcement of the criminal laws in force in a foreign country, so far as those laws relate to serious foreign offences." That's a big deal. Correction. HUGE deal.

Not to mention very strong hush clauses and penalties for whistleblowers -- very few protections! And while the parties who request data, for example, are "supposed" to take into account the impact of a request on ALL parties, guess who actually determines the impact? The requesting party! Bias much? Plus, there is little to no substantive oversight of that, and the requester him/herself can be various entities in law enforcement who can also ultimately decide what requirements the requests have! It's actually stunning to read the scope of this. How it will be carried out is beyond me... in the US it would be tied up in courts for years. For all of our problems over here in the US, at least we're incredibly litigious when it comes to things like this, which can at least put a break on some crazy things for a while.

I even read that they don't even need to initially submit the request in writing if there is an "an imminent risk of serious harm to a person or substantial damage to property" -- they have 48 hours to follow up with a written request. So someone could literally "phone in" a verbal request? What?!? I mean, how lazy (or in a rush) do they have to be that they can't write out their request (and more rightly have an impartial judge sign off on it, yeah right), and create a legal paper trail with signatures on it... at the very least!?! How imminent does the "risk" have to be? WHO decides how "imminent" it is? What mechanism provides real oversight and accountability? Why not just declare martial law? Maybe the parliament has been watching too much Bourne Identity? How lousy is their law enforcement that they are waiting until the very, very, very last second to intervene, such that they can trample right over a basic written chain of authorization that involves actual human rights? I mean, I get a clear and present danger, but good grief, the person they're forcing to do their bidding over the phone probably has to write the request down anyway, so why can't the requesting party? Might cut down on confusion, right? Might cut down on a few mistakes, right? I'm surprised they didn't put in a voice dictation clause. It's just bonkers. And that's nothing compared to what else is in there. We're literally off in some Hollywood movie now with this law. But let's just say I misread all that -- so let's throw that one out... what other goodies are in there?

And, like others have commented here in this thread, the law extends to ANY service that "provides an electronic service that has one or more end-users in Australia" -- and this even applies to device manufacturers and component manufacturers! So this even theoretically impacts all the other TOOLS and INFRASTRUCTURE that FastMail uses! Now in a practical sense I don't know how that would be implemented, but just think about it... the language is so sweeping it goes all the way to "component manufacturers!"

On both philosophical and practical levels, this goes way beyond a response from FastMail where they say that they "won't be making changes to [their] technology or policies." It's an outright assault on the very nature of what their business MEANS and the very building blocks of the services they provide.

I could go on. And some folks might think I'm overreacting. Most won't notice or care. And yes, it's just academic at this point since the practical application has yet to be seen... but then again, the hush provisions are so strong that we actually wouldn't KNOW what is being done TBH. Just read what the requests can actually contain. Carried to one end of the scale of interpretation, it's quite frightening how broad and in some cases vague the law is.

Honestly, the law should never have been passed like this in any sensible democracy. It reads straight out of a totalitarian government's playbook.

And then we can talk about how the law was actually passed, and Labor's caving in to it. I don't even know what to think about what happened.

Anyway, I don't mean to go on and on (and yet, I guess I can't help it, I must be venting). I'm so surprised by what ultimately amounts to a brazen, unrestrained, audacious assault on basic rights of freedom of speech and privacy with a fundamental failure of accountability and fair oversight from a democratic country. The more I look at it, the more I'm floored by it.

As for FastMail, I feel bad for them TBH. It's not their fault. They are just going about their business trying to be a great service provider and they get this bomb lobbed at them. I think their response is very underwhelming and definitely not to the scale of the implications and even the potential unintended side-effects of this law. While their day-to-day operations may not change on the surface... they are now in a whole new ball game in terms of environment, unless this law gets amended right away. One can hope.

Not to mention about what it means down the road for the rest of the world that uses products and services from Australia and offer services sold to Australians! Yikes.

And while in the end, FastMail may choose to do nothing since most people don't know or care what's going on (the apathy problem of our society), FastMail does have to decide what their core mission and philosophy will be going forward. This is IMO a new chapter for FastMail to either make a strong stand against this vast government overreach, or maybe they'll slip into the comfortable (and financially justifiable) position of sitting back and treating it like any other business navigating normal regulations. I mean, even Microsoft and now Google are willing to compromise their own search engine products to satisfy China's censorship requirements, so if big powerful American companies are willing to compromise that much on core values, why should FastMail fight something that is clearly not their fault? They could put on a good show of it, join some digital rights groups and send letters to Parliament, and then write nice little blog posts about it to meet the minimum PR requirements to satisfy 99% of the users, right? It's just business, right?

Well, no. It's not just business IMO. It's a core value of democratic societies to protect certain human rights and due process. Even if we see those very rights being swallowed up by poorly justified, grossly overreaching, terribly worded laws like this, however well intended.

Okay, I'll call it quits on this discussion. There's a lot more. And I'm sure it can be argued in minute detail by legal experts about how I'm wrong about everything. The fact that any legal experts have to go in and parse through this vaguely written mess of a law is tragic by itself, let alone what the real-world implementation may be. At least in the US, civil liberties and digital rights groups would be taking this to the Supreme Court before it could ever be implemented. The fact that Labor crumbled like this and the law was passed with so little friction is a miscarriage of democracy IMO.

Okay, that just about wraps things up on my thoughts. Thanks to anyone who gets this far in my post! :-)

BTW, on a more positive note, I want to once again thank this forum for the great conversations and info... I've always learned a lot from you all over the years, and this is often one of the first places I find out about some of these issues. Much appreciated!

Last edited by ioneja : 6 Jan 2019 at 06:25 AM.
ioneja is offline   Reply With Quote
Old 6 Jan 2019, 11:18 AM   #32
AnneTheAgile
Junior Member
 
Join Date: Dec 2015
Posts: 2
Fastmail vs other mail

@ioneja, I read through all your post and agree this is a huge crossroads.

Partly because of the draconian nature of the non-recourse and potentially vast overreach, I am not convinced that Fastmail would be served by publicly posting all their complaints. Can you imagine the headlines, "Australia company tells Australians they should flout the law" or some such?

What they said was that they already do have plaintext access to our emails and it is used for service on a regular basis, eg search and password reset.

They also said that we can encrypt, did you read all those articles and/or have you done such yourself? I have never tried, and I'm not clear it would be practical for me.

They said they never wanted to offer GPG and now that this comes up I see that they can just say, hey, we didn't even offer it , if customer used our help, it's on the net years ago. Maybe like that bellweather thing - if those posts all about how to do it disappear - watch out.

Fastmail also has in place a system where images are loaded on their machine, not ours, so the IP does not trace back. If that feature changes, then maybe they would have been directed to post [malware] on us.

Imho, we are at a big tipping point on alot of this. Every day I try to do something, eg write emails to Pres. Trump. Have you read Dinesh D'Souza's great books and videos? His topic is not privacy per se but statism. I feel like I see it clearer now.

We need to fix the whole trajectory. There are many, many things to do. Some inroads appear to have been made by Pres. Trump, eg ;
- no TPP which via this very thread and research I found was worse/equal to this Australian law
- no Paris commitment to CO2-tree-fuel tax
- less commitment to world government , which increases the opportunity for experiment, protection of individual rights, and safety in at least corners of the globe
- cross fingers, some resolution to China direct copying and property takings, eg to spy on us.
- similarly Russia's spy operations and malinformation campaigns perhaps will get some heat

A government's proper job is to protect individual rights at home, at work, and abroad.

Socialist governments want to 'do' 'everything' - in other words control our home, work, and play by mob/dictat rule.

More people need to know that difference.
OK now I gave you a soapbox back for your soapbox! I too congratulate you if you read through!

Thank you SO much for everyone's posts about this vital topic.
AnneTheAgile is offline   Reply With Quote
Old 1 Mar 2019, 04:48 PM   #33
FredOnline
The "e" in e-mail
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,165
Moving our privacy advocacy forward to protect Australia and you

https://fastmail.blog/2019/02/28/aabill-and-fastmail/

Quote:
To bring you up to speed, the act, which focuses on services built with end-to-end encryption, allows law enforcement to compel companies to modify their services and intercept data from their customers in its unencrypted form.
FredOnline is offline   Reply With Quote
Old 1 Mar 2019, 09:39 PM   #34
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 442
What I wonder is how this impacts a company, say Protonmail, that is based outside of Australia and may not have any servers or own any infrastructure in Australia? I suspect a company like Apple could be hugely impacted. If a "backdoor" is granted to one country it will eventually be used by every country, and eventually be found out by some bad actor. It is just a matter of time. Fastmail says that this law does not impact them directly because they already hold the keys to unencrypt any emails and they also provide that information to authorities if a warrant is served.
TenFour is offline   Reply With Quote
Old 1 Mar 2019, 10:43 PM   #35
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,221
I wonder if Fastmail could diverge itself into two different companies. One being the site, servers and email data itself, and one being the programmers, programming the interface and the back end. The staff could be employees in Australia, but the data could be managed by another company in another country. Therefore the programmers in Australia could say, "we don't manage the data, we just write the code" and then refer the requests to the country housing the data, in a way, forcing due process to occur...
ChinaLamb is offline   Reply With Quote
Old 2 Mar 2019, 12:03 AM   #36
ioneja
Cornerstone of the Community
 
Join Date: Jul 2011
Posts: 528
Quote:
Originally Posted by FredOnline View Post
Thank you for posting this. Glad to see FM get in there and fight for what's right. It still boggles my mind how these democracies seem hell bent on bad policy... the philosophies are getting deeply embedded in the system now, and law enforcement and democratic governments are on a very slippery slope... Here's the latest in the US -- https://www.tomshardware.com/news/fb...ent,38708.html

Sigh.
ioneja is offline   Reply With Quote
Old 2 Mar 2019, 06:36 AM   #37
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,673
Plus you have Trump...
Terry is offline   Reply With Quote
Old 3 Mar 2019, 12:23 AM   #38
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 442
As has been pointed out, these potential "backdoors" won't really do anything to protect from real terrorists or semi-skilled criminals. There are still plenty of ways to send encrypted messages that are very hard if not impossible to crack in any realistic amount of time. If I'm not mistaken, services like Signal and Protonmail still exist and could be used by Australians just as before. In the US of A it seems like the FBI and others have no shortage of information with which to catch wrongdoers even without enhanced backdoors into private communications. The argument I hear and read seems to be that these things are needed in order to prevent a major terrorist attack like 911, or to catch a mass killer. In reality, there is always a different soft target and another way of doing things, so I really don't think this whack-a-mole approach to stopping crime is going to be effective. It still takes humans to understand and act on all the information flooding in, and resources are not infinite. Hence, judgment calls are made concerning what is important, what action should be taken. In hindsight there was all sorts of information that if pieced together correctly might have alerted someone about the 911 attacks. More information by itself won't really aid law enforcement
TenFour is offline   Reply With Quote
Old 3 Mar 2019, 03:53 PM   #39
radtux
Senior Member
 
Join Date: Nov 2010
Posts: 141
Smile

I have deliberated on this issue very carefully. If not Fastmail, what else?

1) Which service gives you WebDAV access, for example, to store your files?
2) Dropbox integration.
3) Unlimited aliases.
4) Reasonable storage space (some of the plans are overkill for me) but they serve the purpose.

Proton mail has benefitted from the refuge to "privacy enthusiasts", but even their paid plans can't hold a candle to Fastmail.

Customer support has been pretty decent for me, and I haven't found any reason to argue about it. I have been using the web version and hooked to numerous email clients without breaking a sweat. Their android app is better now, and I am excited about the new backend/UI to roll out.

I have a reason to firmly believe that Fastmail is "fighting" on our behalf, but I honestly don't think that a few email newsletters would qualify for an "investigation".

I don't subscribe to "I have nothing to hide argument"; but an individual is tracked on so many levels. Facebook/Google know more about you than your spouses. Cookies/Supercookies/E-tags/Browser profiles (or whatever means) can be used to track you. Apple knows about your sleeping patterns, health details, card spending habits and probably follows you more than Google/Facebook does.

Once you are online, email represents only a part of the problem. Unless there is a verifiable, quantifiable report from Fastmail that I have personally broken any Australian laws, I don't find any reason to shift out.

What are the alternatives, either way?

Runbox? I haven't used them so I wouldn't be able to comment.
Kolab Now? Try getting email support from them, and they are lazy as hell. They will choose to respond when they can and not at all proactive. I haven't had any decent experience with them.
Microsoft 365/G-Suite? Its part of the same problem, unless you believe that someone has to go through loops. If you are targeted, they will merely bug your device, and you'll not even know about it.

Let's wait for the situation to evolve, how things are placed. Those who wish to leave, of course, can go back to much inferior options!
radtux is offline   Reply With Quote
Old 3 Mar 2019, 08:59 PM   #40
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 442
I agree that Fastmail remains a great service and is not yet diminished by the existence of this law, but that doesn't make the law any better. And, yes, many other countries also have terrible laws on privacy, including the USA where I am writing from. I do think there is some safety in numbers when choosing a service. In other words, if you are one of the billions on Gmail or Outlook.com chances are someone will discover a serious security issue or be subject to an attack long before you will be, and you know the company is putting serious resources behind preventing these issues. Fastmail is probably large enough to provide some protection in this regard, but I think you really have no way of knowing with most smaller email providers. In some cases, services appear to be run by one or two people, and it is simply a matter of trust. For all we know, they may read our emails and browse our photos just for kicks! More likely, they are using some wonky software, or have rickety infrastructure, or possibly they just don't care and are not monitoring things closely enough. Witness the recent issue with VFEmail.
TenFour is offline   Reply With Quote
Old 3 Mar 2019, 09:13 PM   #41
radtux
Senior Member
 
Join Date: Nov 2010
Posts: 141
Smile

Fastmail doesn't seem to have "creaky" infrastructure! Though reminds me of Polarismail (!!)

One more reason I choose to stick with Fastmail. Security. It supports every version of Yubikyes, 2 factor authentication, and SMS fall-back. I am pretty happy with the solution.

Fastmail alternatives suck. Gmail is a spam hole. Microsoft screws up the UI (look at outlook.com) and I haven't figured out Kolab Now but they are not going to offer anything "stellar" anyway.
radtux is offline   Reply With Quote
Old 3 Mar 2019, 09:14 PM   #42
radtux
Senior Member
 
Join Date: Nov 2010
Posts: 141
Smile

Fastmail doesn't seem to have "creaky" infrastructure! Though reminds me of Polarismail (!!)

One more reason I choose to stick with Fastmail. Security. It supports every version of Yubikyes, 2 factor authentication, and SMS fall-back. I am pretty happy with the solution.

Fastmail alternatives suck. Gmail is a spam hole. Microsoft screws up the UI (look at outlook.com) and I haven't figured out Kolab Now but they are not going to offer anything "stellar" anyway.
radtux is offline   Reply With Quote
Old 3 Mar 2019, 09:17 PM   #43
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 442
If you want to get worried about Internet security read this Krebs on Security article about DNS hijacking. Check and see if your domain hosts provides DNSSEC and turn it on! Might help.

In my experience, Gmail and Outlook.com are the absolute best at preventing Spam and other bad stuff from reaching your Inbox, and I have used a bunch of other services. I almost never see Spam in my Gmail and I have been using the same account since 2006.
TenFour is offline   Reply With Quote
Old 3 Mar 2019, 09:25 PM   #44
radtux
Senior Member
 
Join Date: Nov 2010
Posts: 141
All bad things than can ever happen to anyone on the Internet, can happen. Hence, "hijacking", click-baits etc are all possible. Can I completely avoid it? How will I ever know that it is being hijacked in the first place?

There are unwritten laws and arguments about getting online in the first place.

Not everyone is technically adept to search for a write up on Brian Krebs. 99% of the demographic doesn't care.

Hence, the chance of Australians prying into my emails (private or whatever) are pretty less and the fact that I use email only for newsletters or official communication now. I'd rather use Telegram/Threema app to share/profess my love or share pictures.

I only think that we should allow alarmist opinons to be sidelined and wait for how Fastmail works on transparency reports and how proactively they inform users about the "breach", if any.
radtux is offline   Reply With Quote
Old 3 Mar 2019, 09:31 PM   #45
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 442
Quote:
I'd rather use Telegram/Threema app to share/profess my love or share pictures.
And then look what happened to Jeff Bezos. Probably the biggest threat to our security and privacy is plain old human error and stupidity. Most email hacks are the result of human engineering--fake emails that trick you into clicking on a link or sharing your password, then boom they are in and have everything. Using something like 2FA can prevent a lot of those issues, but it still depends on us, the users, to use our brains. This is why I think when choosing an email provider that spam filtering is probably the #1 criteria above all else.
TenFour is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:09 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy