Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"is inherently more secure than one that sells your eyeballs to advertisers in exchange for giving you free stuff. "

Not necessarily, and in fact this case I would disagree.

I trust Google's security 10x more than that of FastMail.

The 'advertising company' reaps in billions of $ with which they can get all sorts of good engineers for 0-day research, exploits, updates.

They have a lot more of a reputation to defend.

Without hard evidence, I suggest that Google is probably 'more secure' than FastMail. Certainly more than 'Mom and Pop Mail'.

Except for the bit where they read my email and advertise to me on that basis, which is admittedly an ugly tradeoff.



gary_0 seems to be using "security" to mean "sureness of their continued existence", as in "food security". I don't think there's any question that Gmail is more secure in the computing sense.

> Except for the bit where they read my email and advertise to me on that basis, which is admittedly an ugly tradeoff.

Iirc, Google reads your email, but explicitly says they do not use what they read to personalize your ads.


For me, the likelihood of getting locked out without recourse should also be included.


So what’s the reason for reading it then?


Probably the relevant bit:

> To provide you features like smart inbox categories, Smart Compose, and spam detection, we use Gmail data to provide a more intelligent email experience and keep you safe. - https://support.google.com/mail/answer/10434152?hl=en

Famously, a while back, at some Google subdomain, you could see a list of all of your payments extracted from your emails, but I'm not sure that still exists.


Ah that makes sense, thanks


> I trust Google's security 10x more than that of FastMail.

I trust Google security to protect Google, not me. For example by blocking my account.

> They have a lot more of a reputation to defend.

Actually no, if Fastmail pulled the shit that Google does, they'd be out of business.


> I trust Google security to protect Google, not me. For example by blocking my account.

Any company will protect itself first. As they say in the VPN world, "nobody here is going to jail for your $5/month".


> I suggest that Google is probably 'more secure' than FastMail

The overused phrase "more secure" doesn't mean anything without context.

To evaluate the security of anything you first need to identify all the threat models that concern you (and perhaps call out the ones you don't care about). Then evaluate each solution against every threat you identified.

For instance for the threat of the vendor itself sabotaging my access to my account, I'll score FastMail far better then gmail.


On the other hand, if FastMail has a more focused product, less surface area for exploits.


>> Except for the bit where they read my email and advertise to me on that basis, which is admittedly an ugly tradeoff.

If you are paying for google apps this is not a trade-off. I dislike how (as a paying) customer they continually push me towards google-only <everything> but they don't require it.


> They have a lot more of a reputation to defend.

that didnt stop them from having vulnerabilities in gmail that allowed anyone to fake the dkim verification and pretend to be the CEO of google, which they then ignored until someone did in fact do this, to prove it :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: