On Thu, 20 Jun 2013 18:25:13 +0200 al3xu5 / dotcommon <[email protected]> wrote: > The *ONLY* webmail services (or any web services in general) which > you can trust they are really implemented with free software (this > means *only* the AGPLv3) and really respect your privacy, are those > you run by your own or by people you *personally* know and trust. > > > so far I've only found these functional and apparently reliable > > alternatives: > > Yes... just "apparently". > > Look at Lavabit, for istance: ... > So, my opinion is that there are NO reliable alternatives: we should > run web services ourselves, better if sharing resources and efforsts > with people we can really trust.
In principle, yes; but I think it's most important to first migrate away from services that deliberately violate privacy all the time and believe that it is acceptable to those who at least nominally do not endorse that sort of behavior. I treat trust as a scale; I trust Google zero; I trust myself ten; I trust Lavabit somewhere in between. So, since getting a working mail setup is ungodly complex, it's a good enough compromise for me to use their service for personal correspondence in the interim, while I'm using my personally run services for less sensitive mail like mailing lists. (Less sensitive both for privacy reasons and reliability reasons; I don't care that I miss mail from you as much as I care that I miss mail from my family.) It is also of note that the vast majority of my friends who are just becoming aware of privacy issues with Google and other such services (thanks to this wonderful NSA scandal) have nowhere near the technical capabilities to run their own mail servers, and their brain power is much better spent improving society in ways that they are capable. I cannot yet promise them sufficient reliability with my own service, so to them, I recommend Lavabit. Yes, it requires me to trust them, and my friends will trust them through my endorsement, so if I am wrong, a huge error has occurred. But, as it stands right now, evidence convicts Google of wrongdoing, and has not yet convicted Lavabit of the same. My trust in Lavabit may be flawed; I do not have evidence that suggest they tell the truth on their website. I am willing to take the risk, though, on their promise of asymmetric encryption for users who are willing to pay. Perhaps I am just too susceptible to the propaganda on their website, and my foolishness will be revealed, and my reputation stained forever.
signature.asc
Description: PGP signature
