Fastmail: Staff access to your data
fastmail.comYes, though not routinely... but if you need help with something and we need to see your data for that, our support team will ask for your permission and then take a look for you.
Also: if we have credible evidence that your account has been misbehaving (e.g. spams, scams, etc with the headers that show they originated from your authenticated connection) then we'll investigate to see if you're a bad actor breaking our terms of service or just some poor soul who had their credentials stolen.
And if your account is the subject of an Australian warrant, and a judge has been convinced that there's cause to access your individual data, then we don't place ourselves above the law. We consider ourselves good citizens of the world, and that includes working with law enforcement where they have a warrant.
What we don't do is sell your data or profile you in order to allow you to be targeted by those wishing to exert undue influence based on knowledge gleaned from your private communications. That's the privacy that's being bought and sold by many in the current world, and leading to poor consequences. We stand firm against the sale and manipulation of people's private electronic memory.
We don't snoop on you, but we'll help you fix your account if you mess it up, and we'll get your access back if you forget your password (a friend of mine lost her entire email history when she forgot her password while using one of the heavy encryption services... oops. Security is about availability and integrity as well).
Our support team is on your side, because we only have one paymaster, and that's our customer.
Can you please consider improving the notes function of your product? I really want to have better fastmail integration in my life and not having to rely on a third party app for something as simple as notes would help a lot.
For all their policies, they're still subject to Australia's "NSL" equivalent that requires they disclose data to law enforcement without notifying you, and in the case of certain agencies, without a warrant.
Their servers are also located in the US, so they're accessible to three-letter agencies as well.
I recently switched to a German service. Data can still be silently disclosed but only if there's imminent danger or a judge issues a warrant. Of course the service is covered by GDPR and European regulators as well.
Who’s this German provider and how do they compare in terms of pricing/features/UX to Fastmail?
I use mailbox.org but there's a list of others here: https://thatoneprivacysite.net/email-comparison/#simple-emai...
For me mailbox.org ended up being slightly cheaper.
In terms of features and UX I've found them comparable.
mailbox.org is often recommended to me
Fastmail has a fair Australian presence; my limited understanding is that Australian law forbids secure-by-design encryption pipelines - so someone in Fastmail can read your email.
Whether or not that person works in support is an interesting but somewhat minor detail. It would be advisable not to use an Australian provider for your data if that is important to you.
> my limited understanding is that Australian law forbids secure-by-design encryption pipelines
This understanding is wrong. Secure encryption is perfectly legal, tech media simply likes to overreact to laws without actually reading them.
The underlying law that lead to this widespread misconception requires Australian companies to assist law enforcement in acquiring communications but only when it can be done in such a way that nobody else is affected [0].
The example I usually use to illustrate what this means is:
- The law could potentially compel WhatsApp to add code to their application that checks for a particular hard-coded user ID (i.e. new IDs have to be pushed through the app signing and update process) and when the user with that ID sends or receives a message, a plaintext copy is sent to law enforcement.
- The law could _not_ compel WhatsApp to add a law enforcement key to every message or to otherwise weaken their encryption or security in anyway.
[0]: http://classic.austlii.edu.au/au/legis/cth/consol_act/ta1997...
That doesn't sound secure. What that is describing is that third parties can easily intercept my data. It isn't a huge deal because email is by nature quite insecure; but if I cared about other people reading my emails the law is a bit of a problem. At some point these companies will probably leak data onto the public internet (if the Panama papers can leak, anything can).
Secure by design includes ideas like the pipe forgetting what it transmitted after it finishes transmitting it.
It isn't secure and I wasn't saying it was secure. What I was saying is that the law gives you no less technical protection than you had before the law.
Importantly, the law doesn't compel you to have any interception capabilities. If you publish open-source code with verified and reproducible builds, the government can't really ask you to do anything, as doing so would either alert the people they're targeting or compromise the security of people unrelated to the investigation.
And I don't think this is any different to anywhere else. The FBI for example has been able to gain access to encryption keys in the past so I see no reason why signing keys would be any different.
It's obvious that someone who has to process your stuff in plain, unencrypted form (e.g. for spam filtering) can also access it when debugging etc.
Apparently they have strict policies in place to first ask users for consent first whenever they need to, seems good to me (happy customer of pobox since 1997 / fastmail since 2013).
To me, Fastmail is the option if you want inexpensive, reliable email where there will be ZERO reading of your email by bots to build a marketing profile of you to be sold to whomever wants to buy it. Anyone presenting a legitimate warrant is going to get access to your content and I'm not trying to hide from those people.
Any data that leaves your own device unencrypted can be read by other people. Is that newsworthy?
Support asked me to authorize their access by replying "OK" to an email of them. I asked to know more about this and they said that only trained engineer will access my data, and that they would wait for me to reply OK to their email before to do so...
So, the team is being pretty transparent and explicitly wait for your approval. So, I guess it’s a good point, right?
I think the point is that the permission management is manual, not systematical.
At least it'd be good to have an automated email when someone from support access your data with what data was accessed, when and by whom and for what purpose (i.e. related to your support request).
That's interesting. When I needed help with some emails in 2016, the support staff asked me to move the emails into a folder called "forwebmaster" so that they could look at it.
Any folder called precisely "forwebmaster" gets the content automatically deobfuscated when support view the account. There's probably an interesting blog post in how that's achieved in the JMAP middleware using a reverse index on each blob to allow you to download any attachment that's referenced by those messages as well... but I digress.
The forwebmaster method (legacy names 'r' us) is very useful for debugging issues like display problems with various types of message (often this is an issue with poorly encoded messages where the character set name is invalid or the encoding is broken, and we fix them by adding another hack to our server to detect and repair that particular type of error). We don't explicitly ask for consent to look at forwebmaster, because the process of creating that folder and putting messages in there is an active request for them to be examined.
For more complex issues which require more visibility into the contents of an account, support agents can request full access. For this they need to provide a reason, and that reason describes how they obtained consent or other reasonable grounds for examining this particular account - e.g. evidence of abuse where the determination needs to be made whether to temporarily lock the account as stolen or close it as entirely fraudulent.
thanks for the detailed explanation. Do you think it'd be feasible to add this to Fastmail's help page about Security?
Seems plausible - the support team is in the middle of a revamp of a bunch of the help pages - I'll pop them a ticket.
I don't remember that happening to me back when I had an issue where the dates of all my emails got screwed up (that was kind of my fault, btw). Due to the nature of the problem (and probably most problems that require support), it was obvious they'd need access to help me, though.
I think I remember this one :) I've certainly had a few of that sort come to me, particularly back when I was hacking on the backend server more of the time.