63 comments

[ 4.6 ms ] story [ 115 ms ] thread
Is Office 365 any better - or am I stuck running my own mail server if I really want privacy?
Fastmail
That does not answer his question, whether Office365 is better for privacy or not.
I was going to recommend Fastmail as well. I'm a paying customer and very happy with it.
Just don't miss a payment or your email address will be up for grabs again. :)
Absolutely not. Fastmail is an Australian company and is subject to one of the most intrusive digital surveillance requirements in the Western world. And thanks to the Five Eyes framework, easily shared among intelligence agencies.

They do not compete on Privacy at all in my opinion. So then the choice comes down to price, features and economic viability of the organisation. I think price and features they are on par with Office 365, well at least for individuals not for enterprises.

But in terms economic longevity I think Microsoft wins hands down. Fastmail might be days away from bankruptcy, none of us would know as it is private company. I would rather have my personal email, that is the glue to modern life, with a Trillion dollar company than with a relatively new minnow.

You could try Protonmail. It's secure and supports GPG out of the box.

They have a free tier that they run as a "charity case". As with anything where your data _isn't_ the price, they have paid tiers too.

I realize that doesn't answer your question about 365, but I meant to simply let you know there are good privacy friendly paid services too :)
Office 365 is a paid product, so I would hope so. I also don't recall them trying to be your personal assistant.

A first step to the answer to that question would probably be to compare all the terms and contracts.

If you really really want your privacy you're better off running your own. But then a lot of your contacts probably use a provider you didn't trust hosting your email, so there goes a large chunk of that privacy again...

No data in the hands of a third party custodian is secure.

You need to delete your mail in less than 30 days, and store content you want to preserve in your home.

That's a little much to say. Because setting up a good secure sever isn't trivial.
Actually it can be. There are free archiving solutions for personal use. I run Mailarchiva [0] at home and it's fantastic for archiving mail and completely free for personal use. Encrypted on disk and you don't need to run it all the time if you don't want. Just fire up the VM for a few hours a month to archive the delta. Has been flawless for me so far and the archive searching is very fast.

[0] https://www.mailarchiva.com/

How does it deal with spam filtering? This is something I understood to be a problem, along with security.
This is archiving, not a replacement for a mail server. This way you can delete all mail from your provider >30 days, for example, and still keep searchable copies off net. It's a nice middle ground and, yes, Google would still have seen all of your mail - however it wouldn't have access to it long term.
As someone who ran a significant email service for several years and dealt with many variations of discovery requests, no it isn’t.

Nobody said that you need to run a mail server, just keep your data in your possession.

If you are worried about privacy with respect to your data, you only have limited protection for 180 days if it is on the providers server. (See Stored Communications Act)

In the US, the 4th amendment ensures that you are “secure in their persons, houses, papers, and effects”. But when you put your papers or effects in the hands of a third party who isn’t your attorney, you lose much of those rights.

GMail IMO is the most honest of these services, as they are very clear that your privacy is limited in scope. Fastmail, Protonmail, etc imply things that are not as meaningful as one may think.

See: https://en.m.wikipedia.org/wiki/Third-party_doctrine

You can also pay for GSuite for your own domains for better controls and support levels.

A 3rd-party will never be as private as running your own mail server but that's not exactly easy either these days.

For the record, I have a paid business GSuite account for our household, and my purchase history was out there as well.
I have a paid business gsuite for my personal mail also, but my purchase history was blank. Weird.

I actually would like to turn it on if I could... I have labels and filters set up on Gmail to try and do the same thing but having google do it for me would be great.

> You can also pay for GSuite for your own domains for better controls and support levels.

As a reseller of GSuite I can tell you this is plainly wrong. Support is virtually nonexistent for paid GSuite (by this I mean, it's the same outsourced team with no escalation path to anyone in engineering). Avoid at all costs for a business.

Thanks for the input but we run on Gsuite and haven't had a single problem compared to Office 365 which locked us out repeatedly because some rep in some outsourced support center wasn't available.

The reality is every provider is both good and bad, and you're unlikely to get any major support unless you're the CTO of a major corporation.

There's a big difference in moving from one provider to another (and having less problems) vs claiming that there's better support to be had with the paid version of gmail (compared to it's free offering).
I can't think of any product or service where you dont get better support after paying. Can you?
Question: do you expect escalation to a member of the engineering team as part of standard support for any piece of large enterprise software? Like Microsoft, Oracle etc?
No.

The small engineering team of 5 people can't properly deal with more than say 1 support request per day (since any request getting to that level is almost certain to require adding/modifying a feature or the way the product works).

Gmail has 1 billion users. That means fewer than 1 in 3 million people can have a support request that gets through to the engineering team without overwhelming them.

Mail-in-a-box user here. It's incredibly easy to set up your own email server these days, yes, but it's practically impossible to have your emails pass the Gmail/Outlook/etc spam filters and actually arrive at your recipient's inbox.
Hmm, that's really curious to me. Once I had DMARC, DKIM, SPF set up properly, I only had an issue with my IP being on a spamhhaus blocklist.

Super easy to remove from the blocklists.

What is spam filtering and deliverability like?
mailinabox doesn't really have any, but mailcow's is great. RSPAMD is really easy to use.

I am not entirely sure what you mean by delivery?

if you “really” want privacy, you must use e2e encryption eg pgp.

i’m pretty sure that’s not what you meant, so you need to clarify your question.

I recommend Posteo. They've been great to me so far. They are 12 euro a year and run on renewable energy plus have sane privacy standards. All payments are anonymous according to their website. But GPG will always be king for privacy.
I work for Microsoft but not on any O365, Outlook.com, or advertising team.

Outlook.com (free public service) does not scan emails for ads - I filed a support ticket for asking about this year's ago.

Additionally, if you pay for O365 (Home or Personal, maybe just Home?) and use the same Microsoft account for email (via Outlook.com) then no ads are displayed at all.

I'm paying $48 for Microsoft Hosted Exchange with my own domain and am very happy about it. Exchange pushes to Mac, iPhone and iPad, good sync, no ads or similar shenanigans. It's just badly marketed but here it is for those who are interested: https://products.office.com/en-us/exchange/exchange-online
This is silly. Of course Google still has your purchase information if you haven't deleted the email. It's like complaining your email search index can't be deleted without deleting the indexed emails.
They already deleted the emails. From the article

> When I click on an individual purchase and try to remove it — it says I can do this by deleting the email, after all — it just redirects to my inbox and not to the original email message for me to delete, since that email no longer exists.

As the top comment already noted, the email still exists in Trash, where messages get removed 30 days after they are deleted unless the user manually empties their trash. Emails in trash are obviously still indexed. (They show up when I search for "in:trash".) There are multiple other people who have said that deleting emails removes them from their purchase history.
In the test, the trash was certainly emptied; otherwise, the links to the emails would’ve worked.
That sounds pretty illegal over here in Europe.

Or did they fix it for European users?

Edit: Why am I being downvoted for asking this question?

Sounds vague... What law are you referring to? Why would it be illegal? Is that reasonable in this case?

Please don't comment about the voting on comments. https://news.ycombinator.com/newsguidelines.html

The parent is probably referring to GDPR.
> What law are you referring to?

GDPR. It requires that the person whose personal data is processed must give explicit permission about what data is processed and allow the purpose for which the data is processed. And it must be possible at any time to withdraw that permission and to delete the data.

At least as far as I understand those rules, ianal.

> It requires that the person whose personal data is processed must give explicit permission about what data is processed

> and allow the purpose for which the data is processed.

> And it must be possible at any time to withdraw that permission

> and to delete the data.

No it doesn't.

There are several lawful bases for storing and processing data. User permission is only one of those bases. It's usually not the best one to use. https://ico.org.uk/for-organisations/gdpr-resources/lawful-b...

Sounds normal to me.

Is there any company that deletes their customers' purchase histories?

And doesn't the IRS prescribe that this kind of information should be in the books?

This is not the purchase history of Google product/services, it's anything you buy and use your gmail address. Example, if you use your gmail account for Amazon, your entire purchase history will be stored by Google and you can't delete it.

And yours isn't the first comment in this thread who's question can be answered if they bothered reading the article. Some are quick to defend the actions of a corporation.

> Example, if you use your gmail account for Amazon, your entire purchase history will be stored by Google and you can't delete it.

not anymore. amazon has stopped putting product information in notification emails for just this reason. Notifications are now generic, “your order confirmation” etc. you have to login to amazon to discover the order that was confirmed etc. makes email receipts much less useful but avoids the 3rd party privacy issue.

and also, TFA is wrong. if you delete the email AND empty the trash, or wait 30 days for auto-empty, the purchase is forgotten by gmail.

even with this in mind, amazon chose to remove specifics from their notifications.

EDIT: except for the first 1click notification.

Amazon still lists the first item of a purchase for me (e.g. an order of X and Y shows up as "X and 1 other item"). Google then lists that on my purchases page.
gmail can also stay open for months without session expiration.
This sounds weird. When CNBC broke the story a month back, I'd :

1. gone around deleting every invoice from my GMail inbox

2. Noticed it wasn't getting removed after waiting for 24 hours.

3. Reached out to the reporter mentioning google might be not deleting it properly.

4. Waiting a couple more days and calling off the alarm when google did finally delete it.

I wrote about it at https://captnemo.in/blog/2019/06/01/cleaning-google-purchase.... My purchase history still shows 0 results, more than a month after my cleaning spree.

3 weeks still sounds too long for this information to linger around.

With all these we deleted it... we promise... does anyone not believe that they have that list stored there with your e-mail address attached to it and now you can't see it?
If anything, I’m more afraid of instant frictionless deletes - in my experience, they’re almost always implemented by setting a “this is totally deleted” flag and then scheduling a job to do the actual deletion. (Not that this is inherently an evil practice! In many contexts, users expect to be able to fix accidental deletions and will get really mad if they can’t.)
I always assume there's a backup somewhere in Google or Facebook that's old as hell but has the old emails, I would assume some of these places have cold storage options for backing up legacy data, but then again, there's the time myspace wiped a bunch of old data and nobody seemed to have cared.

Surprised to this day that many other sites have shut down, but MySpace keeps on kicking.

Probably, but they don't need the original emails. They've already mined it for pertinent personal data and stored the resulting, secret, proprietary information about you in a different place.
I can assure you that Google goes to great lengths to ensure ancient backups of your user data do not still exist.

No backup of user data exists more than 30 days there, typically less.

The reporter never says they deleted the e-mails from their trash, and the "3 week" time period is less than the 30 days it takes for the trash to automatically empty.

I wouldn't be surprised if that's the entire, innocent, explanation here.

(I still think you should be able to turn off purchase history separately...)

If it was in the trash, then the link to the email the system provided should probably have still worked instead of redirecting him to the inbox
I have worked at well known tech companies and I personally dealt with some less-valuable-but-still-PII. We didn't store the PII because we cared about exploiting it or because we wanted to somehow sell this data to outsiders, that's not how we made our money. We took and continue to take the security and privacy of our customers very seriously. We made sure we were GDPR compliant as well.

Instead, the small PII we had was used for fraud signals and for logging/debugging. Very frequently we would get complaints about things not working and we would have to go digging through logs to figure out exactly what happened, and without that data it was hard to figure out exactly what happened if something went wrong.

Most of the data was TTLed in our logs between 7 to 90 days so that took care of most of the issues. Other data that got logged into a data warehouse needs to be deleted via Spark jobs, which takes several days to scour all the data.

Like I said, the companies I've worked at don't need user data for its primary product and even then it took time to fully delete a user's data upon request, so I can imagine it taking a lot of time for a company like Google where extensive use of user's data is widespread throughout the company.

Yes but did they go in and perm delete the Trash label/folder? They still are alive for 30 days. Three weeks is inside that window.

>It also says you can delete this log by deleting the email, but three weeks after we deleted all email, the list is still there.

Yes, otherwise the links to the emails would’ve worked.
The links don't work for trashed messages. They lead to a page that says "the requested conversation has been deleted" and links to the inbox.
I’ve seen this happen as well.

There’s purchases I’ve deleted emails (and emptied the trash for) only for it to still be in the purchase list. Clicking on the purchase does not lead to the email.

Similarly, I believe the gmail search cache also has some lingering cache issues. There are emails referenced in the drop down in search that I’ve long deleted.

It is frustrating

What does 'deleted' even mean? Deleting an email from all sources is non-trivial.