'Today' considers data retention and IMP
Ben Laurie
ukcrypto at chiark.greenend.org.uk
Fri, 09 Jan 2009 13:23:52 +0000
Richard Clayton wrote:
>> For example I use one Gmail account as web mail using https: and
>> another via my desktop client using SMTP over SSL (which is the
>> default for GMail I think).
>
> Since Google is in California, they are not bound to preserve anything
> (albeit the concept of Google not recording things is so unlikely, that
> you should assume that they log a great deal, including content, and
> keep it for long periods... read your agreement with them!)
I should point out that since Google provides mail _storage_ it would be
a bit silly if we didn't store the content!
> However, that's part of the point of IMP ... once "black boxes" exist at
> ISPs then it is trivial to detect the traffic data ... viz: that you
> connected to Google, and then to estimate the size of the email that was
> transferred. If you don't actually use https: but only log in securely
> and thereafter work in the clear (very common for real webmail systems,
> see UKCrypto passim)
GMail now offers HTTPS-only access. Go to "Settings" and the option is
at the bottom of the "General" tab.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff