E-mail should be a dead standard this day and age. By default it offers no confidentiality or anonymity. Even when you use something like GPG to encrypt the contents of your e-mail the metadata, such as who you communicated with, remains unencrypted. But legacy products like to stick around past their welcome and almost all of us have to deal with e-mail on a daily basis.
This dependency on a legacy product has also been a boon for the State. The snoops working for the State such as the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) love e-mail because it’s easy to surveil. Not only are the messages unencrypted by default but many providers are more than happy to assist federal agencies in their quest to spy on the general population. It was recently revealed that Yahoo has been one of the e-mail providers in the State’s pocket:
Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.
The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.
Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.
Stories like this make me happy that Yahoo has been suffering financially. Most technology companies have at least half heartedly pushed back when the State has demanded all-encompassing surveillance powers. But Yahoo was more than willing to roll up its sleeves and provide the State with everything it asked for. Fortunately, there was at least one decent person in Yahoo during this fiasco. Unfortunately, that person was powerless to stop Yahoo from going through with its dastardly deed:
According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.
I’d say he was well rewarded for standing up for what he believed in. Facebook is raking in cash so he’s almost certainly being paid far better. And while Facebook is a major player in the State’s surveillance apparatus the company has at least shown a willingness to provide customers with secure means of communications by allowing WhatsApp, one of its acquisitions, to implement the Signal protocol and even implemented optional end-to-end encryption in its Messenger app.
This is the point where I’d recommend Yahoo’s users to abandon its e-mail service for a more reputable one. But I doubt anybody reading this is actually using Yahoo’s e-mail service. But if you are a statistical anomaly and still using it you should stop. Yahoo has zero interest in protecting your privacy.
Way to go, Alex Stamos! Sorry to hear that you’ve ended up at horrible Facebook, though. To be sure, cooking the popularity of different stories to tilt the election probably isn’t as awful as being a tool for government snooping the way Yahoo has become.
I have no solution for anonymizing one’s metadata, short of posting messages to a cloud storage site (using Tor or at least a single VPN connection out-of-country) that two or more people access. To anonymize just the data itself, GPG is fine; perhaps better is an innocuous message and a photograph or sound file containing the real data stored steganographically. Governments hate encryption when we peons use it, so why get them riled up?