, , , , , , , , , , , , , ,

Some interesting news this way comes, via UWN Thesis (again): StartPage/IXquick is launching its own email service near the end of this month, which I gather has been two years in the making. It also came just before news of the Verizon handover and NSA’s PRISM broke.

What makes this particularly newsworthy is IXquick is promoting StartMail as ‘The World’s Most Private Email’, and as with its search engine, the privacy of its users is a basic design principle. As I understand it, if two people were to communicate through StartMail, both having the software client to encrypt what they send, the emails would be accessible only to them. In other words, emails are encrypted from one communicating party to another, and this solves one of the fundamental security problems intrinsic to most email services.

But this is a short-term fix. We’re still reliant on servers to store, or at least relay, practically all our Internet communications, and often it’s only our connection to those servers that are encrypted – the communications are usually stored in plaintext.
So, Google, Yahoo and perhaps Microsoft routinely scan our personal communications, but that’s not a big deal as it’s just for targeting more relevant ads, right? Well no, because the data’s also being warehoused, handed over to governments and God knows what else. We also don’t know where Google’s obsession with surveillance and data harvesting is leading, the exact reason the National Security Agency is building its giant facility, or what the consequences might eventually be. Get over the idea of the authorities requiring a warrant – the emails aren’t stored on your property.
Sometimes communications are actually being read by someone other than the intended recipient, like that Google engineer who was caught prying into the accounts of several teenagers back in 2010. Sure, there would have been policies and procedures in place, but no technical measures that prevented him breaching them anyway. That same absence of protection exists with practically every major service.

Somewhere along the line most of us have apathetically (and perhaps ignorantly) given up some fundamental rights, and now there’s no expectation of privacy where most email comunication is concerned. A situation that would have been unthinkable 20 years ago.

Where Next
After much thought over the years, I’ve reached the conclusion that only a totally encrypted next generation client-to-client Internet (which I’m sporadically working on) could truly solve this – StartMail is a partial step in that direction.
Solving the technical challenges is the easy part. Countless P2P, encryption and darknet technologies are already out there, but almost none of them offer the same convenience as Google’s services, and neither are they marketed effectively outside the hacker scene. Even Tor is barely mainstream. This will be a huge challenge for the StartMail team, who must either tailor their service to those who aren’t prepared to sacrifice convenience for privacy, or take the lion’s share of those who are already concerned about their privacy.

A Parting Thought
Things aren’t always how they appear in this privacy/surveillance thing, and there are many parties, factions and motives (particularly financial) at work here. Be very careful who you trust.