You should make a difference between demotivating and disagreeing to blind
faith in "free" as a synonym of "safe".
Nobody here says that "free" is synonymous with "safe" (again: good work at
not "putting words into other people's mouth"!). "Free" is a necessary
condition to "security", not a sufficient condition (hence not "synonymous").
Because security must be against the authors of the software too (not a
theoretical threat given the back doors that have been discovered in many
popular proprietary software programs). Even if we only consider third-party
attacks, the so-called "security through obscurity" is a bad practice.
Taking every possible precaution is absolutely necessary.
No, it is not "absolutely necessary". The necessary precautions depend on
your threat model.
But one should remember that this includes also going down to the lowest
Do you have "your own network, completely isolated from the Internet" (as you
wrote)? Of course not: it is not a practical solution. Yet, you use it to
discard practical solutions that are sufficient for the vast majority of the
That does not mean better solutions, including security improvements at lower
levels (e.g., works to evade management engines), should not be sought.
You can still live with that level of (in)security but if you don't get
"tracked" it is because you are lucky, not because you are really safe. And
lucky means - not specifically targeted. Once you become a target (which is
not impossible) - good luck with your "free software recommendations".
Edward Snowden successfully exchanged emails with Laura Poitras and Glenn
Greenwald (both specifically targeted) without raising flags at the NSA. Not
merely because they were lucky but because they used GPG on top of Tails
Perfect security does not exist. We all agree. That does not mean security
recommendations (including using free software) are useless, that, in the
end, it is only luck if your were not caught. It is a perfect solution
This means: a service provide who can proof that their systems are free from
malware on firmware level (at least to the currently possible level) and for
which there is a verifiable proof that their systems don't use any software
whatsoever which may indirectly provide data to NSA.
You cannot know what the service provider runs or does. It is impossible to
know that. It may lie. And it may *directly* provide data to the NSA, e.g.,
through the PRISM program. And you do not deserve the control of the servers
you do not own.
Without that just a note on someone's site "we use only free ethical
software" is just marketing through wishful thinking.
It makes no difference for the server's users. Nobody pretended the opposite
I have also shown specific video which shows that they do care about removing
That is good for Google. It makes no difference for the users of Google
I also explained that switching the mail server doesn't really add any
privacy as long as on the other side of the wire you are communicating with
someone who is part of the PRISM or who uses a system with security issues
explained above. These are all actual irrevocable facts.
So what? Users should keep on using GMail like you do? Doing so, your
interlocutors who chose another provider, not part of the PRISM program, do
not have privacy. Because of you. How is that good?
That is your problem - you believe in things, you don't look at facts. And
you make conclusions about "logical manner" based on the illusions you
We look at facts. For instance, Snowden's story show that end-to-end
encryption on a free software operating system provides, in practice, a
pretty good privacy. You discard that fact through a conspiracy theory
(Snowden would be "a deliberately created figure"), based on nothing.