Il giorno giovedì 20/06/2013 10:27:25 CEST Fabian Rodriguez <[email protected]> ha scritto:
> These days I often get this question: "what are the alternatives to > webmail services that don't respect my privacy and aren't implemented > with free software?" > > Short of implementing your own services which is what I'd say is ideal, Right. But I think this is something more than "ideal"... The *ONLY* webmail services (or any web services in general) which you can trust they are really implemented with free software (this means *only* the AGPLv3) and really respect your privacy, are those you run by your own or by people you *personally* know and trust. > so far I've only found these functional and apparently reliable alternatives: Yes... just "apparently". Look at Lavabit, for istance: I could not find any license specification related the software they run on their servers. I could not find any AGPLv3 specification in their webmail login page [1]. I could not find any public repository for downloading the whole soure code of the software they run on their servers... [1] https://lavabit.com/apps/webmail/src/login.php More, their privacy policy [2][3] says: "Lavabit will not release any information related to an individual user *unless legally compelled to do so*. "As a necessity *Lavabit is required to store private information*." "Lavabit will only release private information if legally compelled by the courts in accordance with the United States Constitution." "The most private information we store is Internet e-mail. [...] Incoming e-mail is stored until a user a) issues a command requesting that a message be deleted or b) the user account is terminated." "Only a select number of Lavabit administrators have access to servers that store messages, and all administrators have been trained such that they should never need to access the private e-mail of a user." [2] https://lavabit.com/privacy_policy.html [3] https://lavabit.com/philosophy.html Anyway, suppose we can find some webmail service which is run under the AGPLv3 with all the sources available, and which declare very strog privay policies (say something like: "we do not store any kind of log or cache or uncrypted email, we do not retain anything about you, and we do not let nobody to access to our totally encrypted servers, neither the government nor any corporatione etc."). It sound good... But if you do not personally know (friends) and trust (mutually) people which is running these services... How do you be sure theier servers really run exactly the software you can download? Do they give you a superuser account on these servers? And, how do you be sure they are not NSA agents or similar?... So, my opinion is that there are NO reliable alternatives: we should run web services ourselves, better if sharing resources and efforsts with people we can really trust. Regards A -- al3xu5 / dotcommon Support free software! Join FSF: http://www.fsf.org/jf?referrer=7535 ______________________________________________________________________ Public GPG/PGP key block ID: 1024D/11C70137 Fingerprint: 60F1 B550 3A95 7901 F410 D484 82E7 5377 11C7 0137 Key download: http://bitfreedom.noblogs.org/files/2010/08/dotcommon.asc [ Please, DO NOT send my key to any keyserver! ]
signature.asc
Description: PGP signature
