Main Area and Open Discussion > Living Room
Migrating from Google Gmail.com to Microsoft Outlook.com
wraith808:
Remember: "It's not only the cream that rises to the top."-40hz (December 13, 2013, 05:49 PM)
--- End quote ---
Are you trying not to say shit floats?
-Stoic Joker (December 13, 2013, 06:57 PM)
--- End quote ---
(see attachment in previous post)
Uh...pork fat, Ren! Pork fat floats on beans!
-app103 (December 13, 2013, 07:05 PM)
--- End quote ---
Vurbal:
Just a couple points...
1. It's true SMTP's messaging is insecure but that's why it's now standard to use TSL/SSL to secure the communication. You should avoid any email provider which doesn't have strict (required) TSL/SSL implemented. I know Gmail does and AFAIK so do Outlook.com and Yahoo Mail.
2. SMTP represents a relatively small attack surface. Intercepting outgoing messages during transmission is the least efficient way to read your email unless you are being targeted specifically and individually. Actually even if you are personally targeted it's far more likely the attack will be in the form of malware which intercepts the message at the application layer or some other strategy which operates on the psychological (ie user) layer.
3. You should assume all your incoming email, and potentially also outgoing, is scanned by any and all public email services. How they scan it and what they scan for will vary but at the very least there will be a virus scan so you can guarantee they're accessing every message and every attachment individually.
4. If you're in the US you should assume any email stored for more than 6 months is available to any and all government agencies without a warrant. That is the standard interpretation of the ECPA (Electronic Communications Privacy Act) based on judicial precedents established when public email servers were pretty much useless for long term storage. One appeals court (don't remember which district) has a slightly different precedent. They ruled that if those emails (older than 6 months) were copies of messages you also downloaded and stored on your computer they were considered backups and subject to standard Fourth Amendment protection.
5. Anything sensitive you store on a third party server should not be considered secure unless you have taken measures to independently encrypt it. In other words don't rely on the same third party (including software they've provided) to both store and encrypt your data. That represents a single point of failure and avoiding those is a basic tenet of good security.
This last point is the most important IMO - although probably the least relevant to the original discussion. But since it's probably one of the most common mistakes people make I'm going to climb on my soapbox anyway. When in doubt the question should never be whether you're paranoid. It should be whether you're paranoid enough.
Carol Haynes:
Afraid I filter everything through Google - I get a lot of mail (most of which I don't get round to reading) and GMail's spam filter is one of the best. (Athough recently I have noticed an increase in false positives). I filter out adverts so I am not bothered by the nonsense served up - but I don't really care if an automated system wants to scan my email to target me for specific ads - at the end of the day those ads are filtered out anyway. By definition any service reads your email in one way or another - even if they don't make use of the info - if only to provide spam filtering, so nothing is really private.
Don't really care that much about privacy too much - most email is not that private anyway - but at least Google are up front. I don't trust MS or Yahoo to tell you the truth until they are likely to get caught. And Yahoo just sucks as a service - ironic since it is now MS too! I have been waiting from Yahoo to disappear into Bing and Outlook.com ... seems MS want to give the illusion of choice.
Ironically most of my email is actually filtered through my own server but I find GMail a handy place to do it all. I do daily backups offline.
Re. SSL/TLS - isn't it all an illusion anyway - it is secure to and from the provider (and only possibly at the other person's end) but in the middle there isn't any secure layer? Or am I missing something?
Vurbal:
Afraid I filter everything through Google - I get a lot of mail (most of which I don't get round to reading) and GMail's spam filter is one of the best. (Athough recently I have noticed an increase in false positives). I filter out adverts so I am not bothered by the nonsense served up - but I don't really care if an automated system wants to scan my email to target me for specific ads - at the end of the day those ads are filtered out anyway. By definition any service reads your email in one way or another - even if they don't make use of the info - if only to provide spam filtering, so nothing is really private.
Don't really care that much about privacy too much - most email is not that private anyway - but at least Google are up front. I don't trust MS or Yahoo to tell you the truth until they are likely to get caught. And Yahoo just sucks as a service - ironic since it is now MS too! I have been waiting from Yahoo to disappear into Bing and Outlook.com ... seems MS want to give the illusion of choice.
Ironically most of my email is actually filtered through my own server but I find GMail a handy place to do it all. I do daily backups offline.-Carol Haynes (December 16, 2013, 07:15 AM)
--- End quote ---
That's pretty much my take on it as well. My primary email account is through Gmail for more or less the same reasons you mention plus the use of 2 factor authentication.
Re. SSL/TLS - isn't it all an illusion anyway - it is secure to and from the provider (and only possibly at the other person's end) but in the middle there isn't any secure layer? Or am I missing something?
--- End quote ---
I wouldn't say it's an illusion but it's definitely an incomplete solution. There's no way to guarantee intermediate security between email servers or between the recipient's server and client. At best you may be able to count on some measure of security between servers on your provider's internal network. As I mentioned previously it's public knowledge that Google (finally) uses encryption for those connections and Microsoft did their usual song and dance about it before eventually announcing they will be implementing something in the future.
And of course none of that prevents a government from ordering an email provider from simply handing over whatever information they want.
40hz:
^Or (in the USA) for a judge to order you to decrypt an email, disk drive, or file.
You can be jailed for "contempt of court" far more easily than you can for committing a real criminal offense.
:-\
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version