1. 33
  1.  

  2. 14

    This list seems to be based on a super Frankenstein’d, incompletely applied threat model.

    There is a very real privacy concern to be had giving google access to every detail of your life. Addressing that threat does not necessitate making choices based on whether the global intelligence community can achieve access into your data — and less than skillfully applied that probably makes your overall security posture worse.

    1. 1

      I agree that mentioning of the 5/9/14/howevermany eyes is unnecessary, and also not helpful. It’s not like if your data is stored on a server in a non-participating country that it somehow makes you more secure. All of that data still ends up traveling through the same routers on its way to you.

      1. 1

        If you’re going to put a whole lot of effort into switching away from Google, you might as well do it properly and move to actually secure services.

        1. 11

          In a long list of ways, Google is the most secure service. For some things (i.e. privacy) they’re not ideal, but moving to other services almost certainly involves security compromises (to gain something you lose something).

          Again, it all goes back to what your threat model is.

          1. 3

            Google is only the most secure service if you are fully onboard with their business model. Their business model is privacy violating at the most fundamental level, in terms of behavioral surplus futures. Whatever your specific threat model it then becomes subject to the opacity of Google’s auction process.

            1. -1

              Running everything yourself is much more secure than Google, which happily hands over data to the NSA when asked.

              1. 6

                which happily hands over data to the NSA when asked.

                Emphasis mine.

                As someone who don’t like Google anymore I still think this is still plain wrong I think and I’ll give reasons why:

                • Google is known to have put serious effort into countermeasures against wiretaps.

                • Google is known to be challenging NSA and others where possible.

                • and for the best reason that exist in a capitalist society: it is bad for their business if people think they happily hand over data to the NSA.

                • (and FWIW I guess a number of Googlers took offense to the smiley in the leaked NSA slides)

                Also, for most people running their own services isn’t more secure, and can in many cases be even less secure, even against NSA. I’ll explain that as well:

                Things you get for free with Google and other big cloud providers:

                • physical security
                • patching
                • monitoring
                • legal (yep, for the selfish business reasons mentioned above they actually challenge requests for data)
                1. -8

                  “Security” is not an absolute value; it is meaningless without a threat model.

                  You have demonstrated that you are well out of your league here. Quiet down, listen and learn.

                  1. 6

                    You have demonstrated that you are well out of your league here. Quiet down, listen and learn.

                    Wow, that seems an incredibly uncalled for level of incivility, even for lobsters.

                    1. 9

                      Yeah, that was definitely going off the deep end.

                      There’s an appropriate level of criticism here, and this ain’t it.

                      /u/friendly - I apologise unreservedly for that comment.

                      1. 2

                        Thankfully this attitude is not common here.

                      2. -1

                        You’re lucky I’m intentionally being very friendly on lobsters at the moment, or this reply would be a lot less polite.

                        The idea that security is ‘meaningless without a threat model’ is just a meme: one of those ideas people read somewhere that sounds good and so they repeat it ad nauseum without stopping and thinking critically about what it means. It doesn’t matter whether it’s true or how true it is! It’s not actually relevant to what we’re discussing.

                        Rather than repeating something you’ve read in an article that you think sounds good, without tying it to what I said in any way, and then making a totally unnecessary and very rude patronising remark, I suggest you actually respond to what I said directly.

                        Running everything yourself (for example, running your own mail server) is for a start more secure than using Google’s services, given that we already know that Google inspects all the data you give them. Google reads your emails. What more do you actually need to know to judge whether Gmail is as secure as running your own mail server. If you run your own mail server, only you can read your emails. If you use Gmail, then you can read your emails and third parties can too. That’s less secure. This is actually quite a simple concept.

                        1. 10

                          if I protect my house by getting the biggest strongest door out there, but the burglars turn up with a brick they throw though my window, then my “security” was useless as my threat model was way off. The concept of threat modelling is most certainly not a “meme”.

                          Lots of people get hacked when they self-host, because it requires quite some knowledge not everyone has and even if you do, it’s easy to make mistakes. Just self-hosting does not make anything automatically secure, and it also won’t protect you from “tne NSA”: you’ll still be obliged to follow laws etc. Besides, the distributed nature of email/SMTP makes it hard to protect from this anyway: chances are most of your emails will still be routes through a US server.

                          All services “read my emails” to some degree as that’s pretty much a requirement for processing them. This doesn’t necessarily say anything about security or privacy.

                          1. -2

                            if I protect my house by getting the biggest strongest door out there, but the burglars turn up with a brick they throw though my window, then my “security” was useless as my threat model was way off. The concept of threat modelling is most certainly not a “meme”.

                            No, it isn’t. But repeating the concept over and over again as an ‘argument’ without actually tying it to what you’re responding to is a meme. It’s not okay to just say “security is meaningless without a threat model” and expect the conversation to be over without justifying that it’s actually a response to what the person is saying. It’s just a stock phrase being repeated by someone that doesn’t really understand what it means or where it’s relevant, as far as I can tell.

                            I’m not even saying that it is necessarily irrelevant here. But just saying it doesn’t justify it being relevant. I don’t like this trend I see more and more of here of acting like this is reddit or HN where you can just drop pithy one-liners and people upvote you when you haven’t actually said anything meaningful.

                            1. 5

                              It’s not like your comment was especially detailed or overflowing with nuance. Short abrupt one-line comments with blanket statements tend to elicit the same kind of replies.

                          2. 8

                            yeah, but what does “more secure” mean? When people say threat model, they are just talking about what “more secure” means in a certain context. It’s not exactly infosec dogma…. There is no singular axis of more/less secure

                            1. 7

                              “Secure” is a vague term in this context. Giving google and their partners access to your e-mails is not a security issue, I would expect that all to be written down in their ToS and similar documents. It is bad for your privacy and anonymity, definitely.

                              But I suspect google would be better prepared for a 3rd party that is attempting to hack their servers and forcefully obtain your e-mails than you or any other single individual are. I think that’s also what @ec and others are referring to. Moving away from Google is definitely a good decision to get back (some of) your privacy. Security wise, it really depends on where you are moving to.

                              1. 3

                                Google hands over its users’ data to the American government and through the Five Eyes agreement and similar agreements to many of the governments of the western world. That is not a ‘privacy’ issue it’s a security issue.

                              2. 7

                                Running my own email is not more secure against data loss (unless you also have multi-point off-site backups, encrypted, with the crypto keys stored securely).

                                It’s also not more secure against email delivery failures causing you to lose business (a much bigger issue for me than google reading them).

                                Neither is it more secure against your abusive spouse accessing your emails (or destroying the hardware).

                                Finally, anytime you communicate with a gmail user, google is reading your emails anyways - so to improve your security you also need your mail client to check whether the recipients MX records resolve to a google-controlled IP range.

                                That’s what “irrelevant without a threat model” means.

                                I’ve nearly finished de-googling everything in my life. Doing it in a way that preserves the security properties I care about is very hard work.

                                1. 2

                                  It’s also not more secure against email delivery failures causing you to lose business

                                  Eh, I’ve run my own email and did gmail side by side for years. I lost more legitimate emails to google’s spam filter false positives than to server down.

                                  Remember that email is designed to be resilient against delivery failures, designed in the days of temporary dial-up connections. If a server is down, it just queues the message and tries again later. If it still doesn’t work, it notifies the sender that the message failed. Not everyone will try to contact you another way when that happens…. but surely more than people whose messages just disappeared into a spam filter.

                                  1. 1

                                    I’ve been on Fastmail for years now. I regularly check my spam folder; in almost four years I have had one false positive.

                                    When I briefly tried running my own, google randomly stopped accepting my mail after a little while (hence briefly).

                                    I’m glad you have had a good experience with it; I haven’t found it as good a use of my recreational sysadmin time as other things (plex, vscode-over-http, youtube-dl automation, repo hosting etc).

                    2. 3

                      Related list: https://prism-break.org/

                      1. [Comment removed by author]

                          1. 1

                            I had a domain there and was raving about the DNS interface as being the best one I’d ever used. Then 2019? they changed the website and the new one is just as horrible as everyone else’s and so I’m not a paying customer anymore (but mostly because I gave up the domain I had there, but before the redesign I was nearly close to moving all my domains there) - also their incident with the data loss not too long ago. Not the thing itself, but the responses to customers on Twitter.. argh