GMail: why it's not a good thing
This post is an answer to jbfavre post[FR], in which he state that - from a metadata point of view, your safer in the mass and so in gmail for instance than if you self host yourself.
In the conclusion he goes on saying that the best choice would be to hand over your mails to associations or small business - which I might agree (under specific concerns).
But he's not the only one stating that your better with a gmail account than one on your own domain name. manhack and others are also arguing that GMail is best to evade the mass surveillance.
Those person suggest that using GMail, is simple and Google has a lot of cash to invest in security. They're also trying hard to hinder NSA mass collection of data effort, but I think saying that using Google service is a good way to enforce your privacy is an intellectual bias.
I think this idea come from a misconception of what mass surveillance is. Mass surveillance is the intricate surveillance of an entire or substantial part of a population WP.
On the internet, the mass surveillance is done by a systematic collection of all data and metadata, their archiving and indexing and the fact that action and decisions are made on the results those data will show.
In France, there's a specific concern because it's now legal for our government to intercept all the communication and analyze metadata. Then there's a fallacy stating that if we all use the same host and the same encryption, then it's impossible for the state to know who's talking to who and when; opposed to the case where everyone have its own host and its "relatively" easy to know who's speaking to who and when.
It comes from the fact that, if I'm the only one receiving and sending mail from this computer, then you just need to get the TCP handshake to be sure that someone is talking with me. So it would be safer to have some kind of proxy somewhere, to mutualise those connections and to raise the cost of surveillance isn't it?
Except that this answer is valid if and only if you have some conditions: - The proxy is not itself part of a mass surveillance system - The mass surveillance you're trying to hide from does not go further than just getting the TCP protocol of your connexion - Your correspondent also use this sort of mass proxy, or it would be easy to know when he's talking
So, let's see what's the case with gmail.
Is Gmail involved in a mass surveillance system?
The obvious reason would be yes. At least because they can be coerced by the NSA to provide data to the NSA. Even if their was actually few uses of PRISM, the fact that they're forced by law to collaborate is not a good thing.
You would argue that it's just the NSA spying on us, they cannot actually do things to you if your not a US citizen which is false. Because there's at least the Five Eyes coalition, meaning that data gathered on you by the NSA will be shared with other agencies from other government.
Also, I think that saying that NSA mass surveillance has no effect in you is a lack of understanding of what are the impact of mass surveillance, I will not elaborate on that, others are doing that better than me.
But there's also something else that I want to elaborate, and that we miss in the "governments are evil" stance. It's the fact that google is collecting and analysing a lot of data. From your GMail data (and metadata) to your search, video historic, or even the blogs you read. They analyse those data and take actions - to present you more accurately targeted advertisement and search recommendation. Basically, they're doing mass surveillance on their own.
Google is part of the problem. They cannot be a part of the solution to get out of mass surveillance. Sure, they won't kill someone simply based on metadata you'll say. But they're doing something worse, they won't expose you to information that they deems unrelated to your interests, and you won't even notice it.
So yes, Google - and Gmail - is part of a mass surveillance system. They might not be collaborate willingly with governments, but they do it at least for their own profit.
Are the mass surveillance system only targeting IP traffic?
We know - since the exposure of a lot of the NSA nasty stuff - that a lot of government have the capacity to intercept traffic on a global scale. The fact that your traffic goes to a datasilo such as google ones, or goes to your own server at home makes no difference, they're intercepted the same way. What would change is that they would need to get the email metadata from the email you send from gmail, while they do not need to decode them if everyone is on their own box.
They're already doing that. Equipment setup to break TLS, intercept email communication and compromise your endpoint are already used. So they do not get any benefits to going for something lighter. If you send an email from gmail to another gmail account, those natsec agencies can already read it and extract the metadata they need.
And since stuff like Palantir, hacking team or gamma international are all known companies who are selling solutions to our government. Those solution are based on the infection of your endpoint (your smartphone, tyablet or computer) to not bother with breaking the cryptography of your communications.
After all, if they can read what is displayed on your screen, why should they bother intercepting your TLS connection to a hidden service in Tor?
So, thinking that, being alone on your node, is a compromise on your anonymity is apparently wrong. You do not add metadata to the collection they already have (they already get the headers of your emails, no matter what).
Also, there's a last one that nobody thinks about. If everyone is on GMail, then you just need to compromise GMail to get all the ddata you need. Just one company. Yes, hacking into Google is something out of my personal scope, but if you're willing to, you can dot it. It has been done by China before, and I see no reason for things like that not happening again.
Hacking into GMail is just an enormous prize, you get it you can really improve your intelligence. Especially if you stay undetected. Put all one's eggs in one basket generally ends with an omelette. Even if it's a titanium basket.
Applying this principle, I then need to have my correspondent apply it
Because communication is - at least - two ways, if you want to protect and hide a communications, you need to protect both ends of communication. So, applying this means that everyone should get a gmail account, because it's safer for everyone.
I mean, You use GMail and I'm not. I'm running my own mail server. So, you hiding in the crowd does not works, because if I'm getting compromised - and since I do not have Google grade security - you're being compromised too (after all, they'll be able to get metadata of the mail you sent me).
So, for this fallacy to be true, you need everyone have a GMail account. Which will makes things worse because, hey, they're part of the problem - as stated above.
Doing that is exactly than not encrypting data or using Tor because "it would looks suspicious". It does not. Protecting your privacy should not looks suspicious. If you think it is, then it's kind of too late, you've already ate the states toxic memes of security. But let the ones who want to fight them do it.
No, Gmail, Yahoo, Facebook, Twitter, Microsoft or Amazon will not ever be a solution for privacy. They're part of the problem.
However, there is one specific case where GMail might be a not so bad alternative: throw away mails (as suggestsed by OaklandElle. Besides that? No. It will not improve your privacy, quite the other way around.
Solutions? Stop the dragnet and mass surveillance. Which you can do only at societal and political level. And give a try to the [internetcu.be] if you're looking for self hosting, it works. Mostly. It won't give you better security, but you'll definetly have better control. And even if you're still monitored by state, at least you won't be monitored by an advertisement selling company.
[UPDATE] After talking with jbfavre on twitter, it seems that I didn't understoof his point. He did not want to advocate for a massive use of GMail as a way of protecting yourself, but rather for small associative clusters.
I think that it's a good option. Simpler for most people than going full self-hosting, and sufficiently decentralised to hinder the mass collection of data. It's not the ideal choice - but then we cannot asks high risk people to have their data in their home where it will be seized by cops - but it's I think a good trade-off between privacy, ease of use and safety.