[rik]

Here is my progress on taking back my email.

For those with the technical know-how, here is my new secure setup.

Postfix (mta)
Dovecot (lda, imaps, pop3s)
spamd, clamav
https
OwnCloud (over https)
tinydns (over https)

The above are the tools I use. Many different combos exist that would do exactly the same job.

For email redundancy:
Imapsync is syncing from one server to another. If one machine goes down, my users can login to the backup server temporarily to manage their mail.

If you don't want to spend any money on certs, use SSL self-signed ssl certs with 2048 bit encryption.

No more google, yahoo, Microsoft, and certainly this is not good news for the nsa.

I'm currently working on adding OpenPGP.org to the imap client.

To get off Skype or public phone system, look into:

Jitsi (secure skype alternative)
ostel.co (encrypted phone calls)
OSTN

All my setup costs me $19/year for hosting.

What I've done is to make it impossible for the nsa to sit between me and my isp and grab my messages. But if the nsa can't snoop on your email as the email travels around, it can still compel your isp to allow access to your saved data. This is true. But:

1. It'd have to do that on an individual bases, instead of just hoovering up every data as it passes through the wire.

2. if you're really interested in privacy, you won't be hosting your servers in the US. To have full control of your servers, make sure all the servers are in a place like Switzerland. Switzerland doesn’t do things like seize servers or record conversations.

I'm aware that only a very tiny minority of people are capable of pulling a setup like this off on their own. But at least people need to be informed that they can take back their email from the surveilance state if they choose to.

You often hear naive individuals say...

1. I have nothing to hide, so why worry if the government is spying on me?
-- Remind me never to do business with idiots like these.
-- Everybody has something to hide. Unless you never ever do business online. Also, it's nobody's business but yours what you have in your email. Period.
-- Since you have nothing to hide, would you let your government search your home without a warrant? That is the same thing as letting government have access to your email without your knowledge.
-- How do you know who is looking at your email on the other end? It could be your foe.
-- Imagine you're a reporter, with confidential sources. You're saying it's fine for govt to just grab your sources?

2. Hey, the nsa can get into my email anyway, so why even try to fight it?
-- Not true. Email can be made private and secure. My solution provides end-to-end encryption, which effectively thwarts nsa's MITM theft.

3. I trust government to do the right thing.
-- Really? Government does a lot of things wrong. You forget that govt is just people.

4. Secure email makes it impossible to surveil criminals.
-- He who gives up his rights for security, would have neither.
-- How many real criminals have been caught by Obama's global spying?
-- Is Angela Merkel a criminal? Is Mexico's president a criminal? Why is your govt spying on them?

5. It's all a waste of time. The nsa can break any encrypted message.
-- Not true. I have not heard of AES being broken. The real guarantee we have that any of these crypto systems are secure is that the CIA wouldn't use them if the NSA could break them. FYI, government agencies spy against each other too.

6. But the spy agency, nsa can try backdoor ways like attacking certificates.
-- The cert authorities have a credibility to uphold. AES is used for global banking, business, medical and government records. If there were a backdoor in aes, and that backdoor were discovered, commerce would be broken.
-- We'd revisit this topic when the nsa has built its quantum computer, that could potentially break any encryption.

The bottom line is that you can use the web securely at next to no cost. The big boys (yahoo, google, MS, etc) can no longer be trusted, so no need to surrender your privacy to them. Pretty much all the services they provide can be privately run by you, on servers you control.

[Harmattan]

A list of secure alternatives for mail, cloud and voice communications? This is interesting, thank you!

That being said, I did not go that far for those. I am personally focusing on avoiding automated data collection as I tend to think that if the NSA or others really want to investigate me they will manage to compromise my devices anyway. Besides very few of my interlocutors have secured their end point and anyway I have to use Microsoft OS and products for professional reasons (worse than Linux but I would not trust the latter either, see Heartbleed). For those reasons I let my hosting provider administer the email service and use their own certificate. When I need secrecy, there is OpenPGP. And the only cloud service I use is subversion, which is hosted on this hosted server ; I am afraid of fire at my home or hard drive failure more than the NSA stealing my source codes.

Finally I would like to share some well-known tools to avoid automated data collection :
* Firefox: it has many addins and they are allowed to block requests before they are sent (in Chrome they can only hide html elements, not preemptively block requests).
* RequestPolicy, which blocks all third-party requests by default. In practice this can replace adblock and noscript.
* Self-destruct cookies (clears cookies as soon as you leave a page).
* Flashblock.
* Startpage to replace Google (claim to not collect data, located in netherlands, use Google under the hood for the pros without the cons).
* A VPN. Be aware that VPN keep logs, though (bar a few ones like iPredator but iPredator is probably under heavy surveillance and may therefore have been infiltrated) and are probably submitted to the same rules as cable operators. Choose country accordingly.

[Ummon]

Thanks

[Rich]

Finally I would like to share some well-known tools to avoid automated data collection :
* Firefox: it has many addins and they are allowed to block requests before they are sent (in Chrome they can only hide html elements, not pre-emptively block requests).

I understand the executive that got forced out was the programmer. God it didn't take long for them to start dumbing down the interface. Maybe I should check chromium out or I might go over to Konqueror. If I had time I'd create my create my own browser on top of an engine. I wouldn't write the rendering engine. But I've got so many other things to do.

In general I think privacy is dead. However computing power will allow any of us to become storers and analysers of big data. An individual or small group has the potential power of an old state spying service.

[keso]

I think it is much simpler than this...The NSA is simply doing data mining for marketing companies. Just look at the restrictions: The NSA can't do certain things with the data, fine, but they can turn it over to a private company, or have it, somehow, leak.

Browsing history? I bet that amazon.com wants that.

Private business having the government do its work, just to help it. It's war profiteering, at a different level.