[LINK] Avoid Surveillance With Helm, a Home Server Anyone Can Use to Keep Emails Truly Private

Kim Holburn kim at holburn.net
Wed May 1 11:03:31 AEST 2019 

https://theintercept.com/2019/04/30/helm-email-server/

> During a group dinner in a small town in Norway in 2015, at an international conference for investigative journalists, a Ukrainian reporter told me that he used both Gmail and Mail.ru, Russia’s most popular email provider. “Every time I write an email,” he said, “I have to decide if I want Obama to read it, or if I want Putin to read it.”
> 
> It may be hyperbolic to suggest that world leaders personally comb through individual email accounts, but the reporter’s point stands: When you use services like Gmail, Mail.ru, Facebook, Dropbox, Slack, or any other site that stores your data, they will hand your private information to governments when compelled to do so and in some cases, merely when asked. Last year, the Supreme Court ruled that the government usually needs a warrant to access private data held by third-party companies. But even with new legal protection, email remains all too easy for governments to quietly obtain. Many companies, like Facebook, have shared personal information even more widely, with private entities. When your personal data is stored on a company’s servers, as with the email in your Gmail account, there are no technical barriers to the host company sharing it when it sees fit.
> 
> Google provided private information to government agencies around the world more than 60,000 times in 2017, often turning over data from multiple Google accounts at once, according to its transparency report. And that doesn’t include over 100,000 Google accounts from which the company gave data in response to secret orders from the Foreign Intelligence Surveillance Court, a U.S. national security tribunal whose meetings and decisions are kept from the public. Mail.ru doesn’t provide a transparency report, but the situation is no doubt much worse in Russia: All Russian internet companies are required to retain data they collect about their users and to hand it to FSB, a Russian spy agency, if asked.
> 
> Google gave data from over 100,000 accounts in response to secret national security orders — in one year.
> If you want an email account that’s actually private, one solution is to run your own email server from your house. This way, if governments want to secretly ask your email provider for a copy of your inbox, they’ll have to ask you.
> 
> Until now, this hasn’t been a viable option for most people: Not only would you need an extra computer to act as a home email server, but you’d also need enough system administration skills to install, configure, and secure this server. In addition, you’d need to deal with headaches related to your broadband internet provider; such providers typically try to block email servers by interfering with connections to a particular networking channel, port 25, associated with mail delivery. After you solved that problem, you’d need to configure your router to forward inbound email deliveries to your server. Then you’d need to register a domain name where your email address will live, and then point that domain to your email server using a system known as DNS. This is complicated by the fact that most residential internet addresses change on a regular basis. And as much work as it is to initially set up this home email server, it’s even more work to maintain it over time — to promptly install security updates, set up monitoring so you’ll be notified when something breaks, block spam, and avoid getting your server added to spam block lists.
> 
> With the release of Helm, that has changed. Helm is a triangle-shaped personal server that can host email (on your own custom domain name), contacts, calendar, and a file server, and is about as easy to set up as a new smartphone. For being basically a sophisticated product for hosting your most private data — where there are many opportunities to screw up — Helm’s technical choices and business model are surprisingly well-thought-out. All you need is internet access at your home and an iPhone or Android phone to configure it.
> 
> The biggest hurdle prospective users will face, I suspect, is the price: You have to drop $500 to buy Helm to get started, and then pay a $100 per year subscription to continue using its cloud gateway and encrypted backup components.


-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list