I guess my days as a paying customer of FastMail are coming to an end. I don’t expect to ever become a legitimate target of Australian law enforcement, but there is always abuse.
Agreed, which sucks because no other service out there is better at their prices. And I have everything important tied to that address. I have never been to Australia and don't ever plan to, but the fact that any government can legally plant data on my account and then try to prosecute me for it is scary as hell. Given that Australia and the US are part of the "Five Eyes", it's not a stretch to believe they can construct a case out of planted evidence and push it to the FBI as a joint investigation.
Stop allowing email providers to control the domain of your email. Buy a $10/year domain and point it at GitHub pages (so it gains some trustworthiness). Send your email to that domain, and point the MX records at a mail provider (Fastmail or GMail or ProtonMail, doesn't matter).
I own several domains, and I have two valid email addresses at two personal domains hosted with a small US hosting provider, but I don't want those to end up in spammer lists so I use them sparingly. For a main email address I'm better off with a large email-focused provider that has tools to handle all the spam that builds up from an address used for online purchases and forum/social accounts, and as I mentioned Fastmail has the absolute best tools for managing all of that. Gmail is not an option, nor Microsoft.
When people say use your own domain, they mean use your own domain at the email provider of your choice. You don't miss out on any of their tools by using your own domain.
I get that, and as I said Fastmail has the best tools for managing email, so since none of the other major email providers have the features I want it wouldn’t do me any good to move my own domains to any of them. I’m sorry if that wasn’t clear in my previous message.
I have heard back from our privacy team and I’d love to share their responce to your query:
Thanks for reaching out to us about the recent bill in Australia. We love that our customers care about their digital rights and want to find out more about how companies are looking after their information.
Your data is held in datacentres in the US, but we require all requests for access to customer content to be served through Australia where our company is headquartered.
The police can't intercept, access or modify your messages without us receiving a warrant, and we take our duty of care seriously. Fastmail responds to well formed warrants only and challenges requests for access that are inappropriate, either in scope (not adequately targeted), or depth (asking for information that seems out of proportion to what's being investigated). We will continue to do so, for any legislation that applies to us both now and in the future.
The new bill still doesn't allow 'trawling' for suspicious data: they can't request access to a wide variety of accounts hoping they'll come across something of interest. They need to have a particular account under suspicion and something that gives them grounds for that suspicion, and the offence in question needs to be suitably severe to be worth the intrusion.
Where we are permitted under a warrant, we will notify the accountholder of the access request, and due to our existing measures to help customers stay aware of any hackers compromising their account, police can't also enter your account without leaving evidence you can see.
What this means for you: Fastmail remains a privacy-first provider. We will comply with our legislated duties, while taking care to ensure that we do not act unless compelled by law and that all legislated preconditions have been properly satisfied. Your data remains under your control and you can rest comfortably knowing that your account won't get caught up in a surveillance net.
Please let me know if you have any other questions.
Sincerely,
I’ve escalated your ticket to our privacy team, who is best suited to assist with this issue. You can expect to receive an update in approximately two business days.
I thank you for your patience as we work to get this addressed for you.
10 minutes? The 30-60 seconds Runbox (Norwegian) takes to deliver 2FA or other types of confirmation emails already bug me. Not enough time to do something else, plenty of time to overthink my choice in email provider.
Privately (Runbox is my employer's provider) I run my own server and desktop notifications of new mail are often faster than the page loads where it was triggered. Maybe I'm spoiled.
TIL Fastmail is an Australian company. I wonder if this bill applies to data hosted outside of Australia for international clients by a company based in Australia?
I'd really like to know what they have to say about this.
As far as I know, Fastmail has been backdoored for a few years now by Australian government (and hence I assume the USA, too). It is Fastmail’s biggest disadvantage, in my opinion.
While that may be true (and I'm sort of disappointed to find this out), I don't think there's any server _at all_ that I'd trust if I'm worried about certain governments snooping in on my email. That level of communication would prompt me to use PGP.
Being able to tamper is a game changer and would cause me to end my subscription. As far as I know, the US government does not explicitly condone that...yet.
I recommend reading the actual law before panicking. The article is pretty exaggerated. There is still judicial oversight to protect you from abuse, making this the same as most other laws in most western democracies.
You're probably right. Although seeing it in context, those news coming from Australia suggest a very slippery slope where "There is still ..." might not be true sometime soon. On the one hand it could be negativity bias, on the other hand there's also the fear Australia is being used as an experiment and the rest of the Five Eyes will follow suit.
That is quite possibly the case, and we should never cease to be vigilant. But that said, we were worried about the same slippery slope 20 years ago, and at least in my country it is less worrisome now than then.
It seems to me that Australia is lagging behind more than being an experiment, considering they're still talking about encryption laws etc. But perhaps the US is as well?
