As you may have noted, I'm a bit peeved at Mr. Putin these days -- so much so that I have decided to wean myself away from Yandex email, a service based in Russia. In many ways, Yandex remains the best email provider in the world: It's free, it's unlimited, they don't ask for a phone number, they offer 10 gigs of free hard drive space, and they let you open messages in a new tab via a right click. For some reason, that's a rare feature these days.
No, I'm not worried that Putin is spying on my communications. I would never recommend using Yandex or any other conventional email service for anything truly sensitive; Protonmail or Tutanota are better for those who feel the need to play secret squirrel. Still, under the circumstances, the idea of routing my blog-related missives through Russia just doesn't seem right.
Finding a replacement was damned difficult, but I've discovered a winner: VIVALDI MAIL, at https://webmail.vivaldi.net. They are located in Iceland, which is very cool (literally and figuratively). Although this is not a service that encrypts messages -- for that, you'll want Protonmail or Tutanota -- Iceland does have some of the strictest secrecy laws on the planet. So there is some extra protection.
The free account gives you five gigs, which may be enough for a decade or so of reasonably heavy usage. The maximum attachment size is 25 mb. You can open messages in multiple tabs, though not so easily as with Yandex. Message formatting is easy. Viewing the headers is easy. You can choose whether or not to see inline images. The interface is clean and attractive. The ultra-easy drag-and-drop attachment system is a huge plus. And they do NOT require a phone number.
For a classical music aficionado, there's really no other choice.
(Check out the performance embedded above. Fabio Biondi. Again: There's really no other choice.)
Although I've never tried the Vivaldi browser, I'm now tempted to check it out. I'll continue to keep tabs on my Yandex account for some time to come, but basically it's da svidahnia Yandex -- and Halló Vivaldi!
Call me old-fashioned, but I don't understand how anyone can discuss 'privacy,' 'security,' and 'webmail' in the same breath. If it's on someone else's hard-drive, it's vulnerable — to seizure, to being hacked, to disappearing arbitrarily. I run my own server, but even if I didn't I'd still use my mail provider as a POP server, a brief way-station for email on its way from the sender to my own PC.
Of course, as I learned a few years ago, offline storage on one's own personal machine doesn't mean the FBI can't simply waltz in and seize it arbitrarily* — but at least that requires an actual, non-hush-hush, search warrant to do so legally. I'd also like to think I'd have a far better chance of noticing someone sneaking through my bedroom on his way to my office than I would of catching the NSA/GSHQ/FSB in the act of mirroring a Gmail server. What I should be doing differently is backing up important data religiously, with a reasonably fresh copy stored offsite, and running Bitlocker or similar whole-drive encryption — if for no other reason than to make it more of a pain in the ass for the feds next time around.**
While I suspect truly private communication is impossible, it is probably approachable among a circumscribed group using common encryption and content encoding. That said, as regards governmental intrusions, the vast majority of email users enjoy what is essentially complete privacy simply by not doing anything of interest to those with the desire and capability to snoop. This may change as AI-driven dragnet programs make it possible to sieve millions of needles out of billions of haystacks, but at the moment the intelligence agencies seemingly can't manage even to monitor the communications of known persons of interest with any sort of dependability.
Unfortunately, the threshold of interesting things is far lower for financially or criminally inspired hacking than for the politically inspired kind — and the barrier to entry provided by most webmail services is orders of magnitude less daunting than the challenge of intercepting or mirroring messages captured in transit. Whether in search of Visa accounts or plans for building a dirty bomb, an experienced hacker will first target one's most vulnerable spot — and in my experience that will almost always be a remotely hosted webmail account.
__________ * In my case, a carbon paper failure — yes, the FBI's seized evidence form still relies on the agent remembering to insert a sheet of carbon paper right-way up — meant I went 90 days without knowing exactly what had been taken. To this date I still don't know exactly why my hardware was taken or in what condition it will be returned — assuming it actually is returned some day.
** Encryption, of course, offers meaningful protection only if the machine in question is not unencrypted when seized. If you leave your PC running, logged in, when you get up to see who on earth could be pounding on your door and shouting so early in the morning, you might as well leave it unencrypted. And I can assure you a Glock pointed between the eyes quickly drowns out any thoughts one may have of running back to shutdown the PC.
posted by maz : 9:29 PM
I see Schindler calling BS on GSHQ tapping Trumpets. I'm calling BS on NSA boy Schindler because we know from John Loftus that 5 eyes spy for each other to get around the rules.