Re: [libreplanet-discuss] Alternatives to non-freedom-friendly webmail services?

[al3xu5 / dotcommon]

Il giorno giovedì 20/06/2013 10:27:25 CEST
Fabian Rodriguez <magicfab@member.fsf.org> ha scritto:

> These days I often get this question: "what are the alternatives to
> webmail services that don't respect my privacy and aren't implemented
> with free software?"
> 
> Short of implementing your own services which is what I'd say is ideal,

Right. But I think this is something more than "ideal"... 

The *ONLY* webmail services (or any web services in general) which you can
trust they are really implemented with free software (this means *only* the
AGPLv3) and really respect your privacy, are those you run by your own or by
people you *personally* know and trust.

> so far I've only found these functional and apparently reliable alternatives:

Yes... just "apparently".

Look at Lavabit, for istance:

I could not find any license specification related the software they run on
their servers. I could not find any AGPLv3 specification in their webmail login
page [1]. I could not find any public repository for downloading the whole
soure code of the software they run on their servers...
[1] https://lavabit.com/apps/webmail/src/login.php

More, their privacy policy [2][3] says:
"Lavabit will not release any information related to an individual user *unless
legally compelled to do so*.
"As a necessity *Lavabit is required to store private information*."
"Lavabit will only release private information if legally compelled by the
courts in accordance with the United States Constitution."
"The most private information we store is Internet e-mail. [...] Incoming
e-mail is stored until a user a) issues a command requesting that a message be
deleted or b) the user account is terminated."
"Only a select number of Lavabit administrators have access to servers that
store messages, and all administrators have been trained such that they should
never need to access the private e-mail of a user."
[2] https://lavabit.com/privacy_policy.html
[3] https://lavabit.com/philosophy.html


Anyway, suppose we can find some webmail service which is run under the AGPLv3
with all the sources available, and which declare very strog privay policies
(say something like: "we do not store any kind of log or cache or uncrypted
email, we do not retain anything about you, and we do not let nobody to access
to our totally encrypted servers, neither the government nor any corporatione
etc."). It sound good... 
But if you do not personally know (friends) and trust (mutually) people which
is running these services... How do you be sure theier servers really run
exactly the software you can download? Do they give you a superuser account on
these servers? And, how do you be sure they are not NSA agents or similar?...


So, my opinion is that there are NO reliable alternatives: we should run web
services ourselves, better if sharing resources and efforsts with people we can
really trust.

Regards
A

-- 
al3xu5 / dotcommon
Support free software! Join FSF: http://www.fsf.org/jf?referrer=7535
______________________________________________________________________
Public GPG/PGP key block
ID:           1024D/11C70137
Fingerprint:  60F1 B550 3A95 7901 F410  D484 82E7 5377 11C7 0137
Key download: http://bitfreedom.noblogs.org/files/2010/08/dotcommon.asc
[ Please, DO NOT send my key to any keyserver! ]

signature.asc
Description: PGP signature