Teddy Smith wrote: > you read google's privacy policy. > > personally, i think two good free places for e-mail are lavabit.com and > riseup.net. > > maybe our friend roy lanek knows of other suitable places? ;) > > Not to sound tinfoil, but I would trust Google _far_ more than I would > trust riseup. With it's political agenda it's most definitely > compromised, and if it isn't now, it will be the instant the FBI can say > some ELF member uses it. Google may log everything, but that means that > google's logging a _lot_, and you won't be drawn under suspicion just by > using it. Good anonymity comes from blending into a crowd, and riseup > won't let you do that.
(Full Disclosure: I know some people involved in Riseup Labs, etc.) Riseup goes out of their way to not log data. They maintain patches to free software programs[0] to ensure that their software isn't logging. In addition, they contribute these patches back to the community. Because they do not log, that means that short of a specific wiretap, there isn't data for someone to fetch from their machines. Furthermore, I think it's out of line for you to say that Riseup is compromised. Riseup has some really talented administrators and many of them are active in the free software community. Obviously, no one is perfect and everyone can be compromised when specific resources can be allocated. I still object to you promoting the idea that they're compromised. Do you have any specific proof of this? Or are you just speculating that they're a high value target and thus they are clearly owned? If that's the case, it's pretty hilarious to imagine that Riseup is of greater value to an attacker than all of Gmail. While it's true that you might be lost in the noise when you generally use Gmail, your mail is scanned for content and context as part of their normal service. When you do arouse suspicion (either internally or externally), Google isn't going to fight a subpoena or a gag order; Riseup most certainly will. And they're proactive (see that bit about not logging in the first place) about their fighting. > As always, this won't matter if you only use the account with encrypted > content. However, a lot of activists I've talked to think that the fact > that riseup uses SSL means "the account is encrypted", so I don't think > that'll be popular anytime soon. I disagree. I think that if you're sending encrypted email, you still have a massively unknown quantity with gmail or other commercial email providers. Riseup also uses a lot of disk crypto and while it's imperfect[1], it's probably going to help if they decide to take a stand or if the search is illegal. Regards, Jacob [0] http://riseuplabs.org/privacy/ [1] http://citp.princeton.edu/memory/
