I like everything about Fastmail, but they're Australian and Australia seems to be one of the worst jurisdictions when it comes to data privacy. See this thread:
https://news.ycombinator.com/item?id=18654434
Absolutely not. Fastmail is an Australian company and is subject to one of the most intrusive digital surveillance requirements in the Western world. And thanks to the Five Eyes framework, easily shared among intelligence agencies.
They do not compete on Privacy at all in my opinion. So then the choice comes down to price, features and economic viability of the organisation. I think price and features they are on par with Office 365, well at least for individuals not for enterprises.
But in terms economic longevity I think Microsoft wins hands down. Fastmail might be days away from bankruptcy, none of us would know as it is private company. I would rather have my personal email, that is the glue to modern life, with a Trillion dollar company than with a relatively new minnow.
Office 365 is a paid product, so I would hope so. I also don't recall them trying to be your personal assistant.
A first step to the answer to that question would probably be to compare all the terms and contracts.
If you really really want your privacy you're better off running your own. But then a lot of your contacts probably use a provider you didn't trust hosting your email, so there goes a large chunk of that privacy again...
Actually it can be. There are free archiving solutions for personal use. I run Mailarchiva [0] at home and it's fantastic for archiving mail and completely free for personal use. Encrypted on disk and you don't need to run it all the time if you don't want. Just fire up the VM for a few hours a month to archive the delta. Has been flawless for me so far and the archive searching is very fast.
This is archiving, not a replacement for a mail server. This way you can delete all mail from your provider >30 days, for example, and still keep searchable copies off net. It's a nice middle ground and, yes, Google would still have seen all of your mail - however it wouldn't have access to it long term.
As someone who ran a significant email service for several years and dealt with many variations of discovery requests, no it isn’t.
Nobody said that you need to run a mail server, just keep your data in your possession.
If you are worried about privacy with respect to your data, you only have limited protection for 180 days if it is on the providers server. (See Stored Communications Act)
In the US, the 4th amendment ensures that you are “secure in their persons, houses, papers, and effects”. But when you put your papers or effects in the hands of a third party who isn’t your attorney, you lose much of those rights.
GMail IMO is the most honest of these services, as they are very clear that your privacy is limited in scope. Fastmail, Protonmail, etc imply things that are not as meaningful as one may think.
I have a paid business gsuite for my personal mail also, but my purchase history was blank. Weird.
I actually would like to turn it on if I could... I have labels and filters set up on Gmail to try and do the same thing but having google do it for me would be great.
> You can also pay for GSuite for your own domains for better controls and support levels.
As a reseller of GSuite I can tell you this is plainly wrong. Support is virtually nonexistent for paid GSuite (by this I mean, it's the same outsourced team with no escalation path to anyone in engineering). Avoid at all costs for a business.
Thanks for the input but we run on Gsuite and haven't had a single problem compared to Office 365 which locked us out repeatedly because some rep in some outsourced support center wasn't available.
The reality is every provider is both good and bad, and you're unlikely to get any major support unless you're the CTO of a major corporation.
There's a big difference in moving from one provider to another (and having less problems) vs claiming that there's better support to be had with the paid version of gmail (compared to it's free offering).
Question: do you expect escalation to a member of the engineering team as part of standard support for any piece of large enterprise software? Like Microsoft, Oracle etc?
The small engineering team of 5 people can't properly deal with more than say 1 support request per day (since any request getting to that level is almost certain to require adding/modifying a feature or the way the product works).
Gmail has 1 billion users. That means fewer than 1 in 3 million people can have a support request that gets through to the engineering team without overwhelming them.
Mail-in-a-box user here. It's incredibly easy to set up your own email server these days, yes, but it's practically impossible to have your emails pass the Gmail/Outlook/etc spam filters and actually arrive at your recipient's inbox.
I recommend Posteo.
They've been great to me so far. They are 12 euro a year and run on renewable energy plus have sane privacy standards. All payments are anonymous according to their website. But GPG will always be king for privacy.
I work for Microsoft but not on any O365, Outlook.com, or advertising team.
Outlook.com (free public service) does not scan emails for ads - I filed a support ticket for asking about this year's ago.
Additionally, if you pay for O365 (Home or Personal, maybe just Home?) and use the same Microsoft account for email (via Outlook.com) then no ads are displayed at all.
I'm paying $48 for Microsoft Hosted Exchange with my own domain and am very happy about it. Exchange pushes to Mac, iPhone and iPad, good sync, no ads or similar shenanigans.
It's just badly marketed but here it is for those who are interested:
https://products.office.com/en-us/exchange/exchange-online
This is silly. Of course Google still has your purchase information if you haven't deleted the email. It's like complaining your email search index can't be deleted without deleting the indexed emails.
> When I click on an individual purchase and try to remove it — it says I can do this by deleting the email, after all — it just redirects to my inbox and not to the original email message for me to delete, since that email no longer exists.
As the top comment already noted, the email still exists in Trash, where messages get removed 30 days after they are deleted unless the user manually empties their trash. Emails in trash are obviously still indexed. (They show up when I search for "in:trash".) There are multiple other people who have said that deleting emails removes them from their purchase history.
GDPR. It requires that the person whose personal data is processed must give explicit permission about what data is processed and allow the purpose for which the data is processed. And it must be possible at any time to withdraw that permission and to delete the data.
At least as far as I understand those rules, ianal.
This is not the purchase history of Google product/services, it's anything you buy and use your gmail address. Example, if you use your gmail account for Amazon, your entire purchase history will be stored by Google and you can't delete it.
And yours isn't the first comment in this thread who's question can be answered if they bothered reading the article. Some are quick to defend the actions of a corporation.
> Example, if you use your gmail account for Amazon, your entire purchase history will be stored by Google and you can't delete it.
not anymore. amazon has stopped putting product information in notification emails for just this reason. Notifications are now generic, “your order confirmation” etc. you have to login to amazon to discover the order that was confirmed etc. makes email receipts much less useful but avoids the 3rd party privacy issue.
and also, TFA is wrong. if you delete the email AND empty the trash, or wait 30 days for auto-empty, the purchase is forgotten by gmail.
even with this in mind, amazon chose to remove specifics from their notifications.
Amazon still lists the first item of a purchase for me (e.g. an order of X and Y shows up as "X and 1 other item"). Google then lists that on my purchases page.
With all these we deleted it... we promise... does anyone not believe that they have that list stored there with your e-mail address attached to it and now you can't see it?
If anything, I’m more afraid of instant frictionless deletes - in my experience, they’re almost always implemented by setting a “this is totally deleted” flag and then scheduling a job to do the actual deletion. (Not that this is inherently an evil practice! In many contexts, users expect to be able to fix accidental deletions and will get really mad if they can’t.)
I always assume there's a backup somewhere in Google or Facebook that's old as hell but has the old emails, I would assume some of these places have cold storage options for backing up legacy data, but then again, there's the time myspace wiped a bunch of old data and nobody seemed to have cared.
Surprised to this day that many other sites have shut down, but MySpace keeps on kicking.
Probably, but they don't need the original emails. They've already mined it for pertinent personal data and stored the resulting, secret, proprietary information about you in a different place.
The reporter never says they deleted the e-mails from their trash, and the "3 week" time period is less than the 30 days it takes for the trash to automatically empty.
I wouldn't be surprised if that's the entire, innocent, explanation here.
(I still think you should be able to turn off purchase history separately...)
I have worked at well known tech companies and I personally dealt with some less-valuable-but-still-PII. We didn't store the PII because we cared about exploiting it or because we wanted to somehow sell this data to outsiders, that's not how we made our money. We took and continue to take the security and privacy of our customers very seriously. We made sure we were GDPR compliant as well.
Instead, the small PII we had was used for fraud signals and for logging/debugging. Very frequently we would get complaints about things not working and we would have to go digging through logs to figure out exactly what happened, and without that data it was hard to figure out exactly what happened if something went wrong.
Most of the data was TTLed in our logs between 7 to 90 days so that took care of most of the issues. Other data that got logged into a data warehouse needs to be deleted via Spark jobs, which takes several days to scour all the data.
Like I said, the companies I've worked at don't need user data for its primary product and even then it took time to fully delete a user's data upon request, so I can imagine it taking a lot of time for a company like Google where extensive use of user's data is widespread throughout the company.
There’s purchases I’ve deleted emails (and emptied the trash for) only for it to still be in the purchase list. Clicking on the purchase does not lead to the email.
Similarly, I believe the gmail search cache also has some lingering cache issues. There are emails referenced in the drop down in search that I’ve long deleted.
63 comments
[ 4.6 ms ] story [ 115 ms ] threadThey do not compete on Privacy at all in my opinion. So then the choice comes down to price, features and economic viability of the organisation. I think price and features they are on par with Office 365, well at least for individuals not for enterprises.
But in terms economic longevity I think Microsoft wins hands down. Fastmail might be days away from bankruptcy, none of us would know as it is private company. I would rather have my personal email, that is the glue to modern life, with a Trillion dollar company than with a relatively new minnow.
They have a free tier that they run as a "charity case". As with anything where your data _isn't_ the price, they have paid tiers too.
A first step to the answer to that question would probably be to compare all the terms and contracts.
If you really really want your privacy you're better off running your own. But then a lot of your contacts probably use a provider you didn't trust hosting your email, so there goes a large chunk of that privacy again...
You need to delete your mail in less than 30 days, and store content you want to preserve in your home.
[0] https://www.mailarchiva.com/
Nobody said that you need to run a mail server, just keep your data in your possession.
If you are worried about privacy with respect to your data, you only have limited protection for 180 days if it is on the providers server. (See Stored Communications Act)
In the US, the 4th amendment ensures that you are “secure in their persons, houses, papers, and effects”. But when you put your papers or effects in the hands of a third party who isn’t your attorney, you lose much of those rights.
GMail IMO is the most honest of these services, as they are very clear that your privacy is limited in scope. Fastmail, Protonmail, etc imply things that are not as meaningful as one may think.
See: https://en.m.wikipedia.org/wiki/Third-party_doctrine
A 3rd-party will never be as private as running your own mail server but that's not exactly easy either these days.
I actually would like to turn it on if I could... I have labels and filters set up on Gmail to try and do the same thing but having google do it for me would be great.
As a reseller of GSuite I can tell you this is plainly wrong. Support is virtually nonexistent for paid GSuite (by this I mean, it's the same outsourced team with no escalation path to anyone in engineering). Avoid at all costs for a business.
The reality is every provider is both good and bad, and you're unlikely to get any major support unless you're the CTO of a major corporation.
The small engineering team of 5 people can't properly deal with more than say 1 support request per day (since any request getting to that level is almost certain to require adding/modifying a feature or the way the product works).
Gmail has 1 billion users. That means fewer than 1 in 3 million people can have a support request that gets through to the engineering team without overwhelming them.
Super easy to remove from the blocklists.
I am not entirely sure what you mean by delivery?
i’m pretty sure that’s not what you meant, so you need to clarify your question.
Outlook.com (free public service) does not scan emails for ads - I filed a support ticket for asking about this year's ago.
Additionally, if you pay for O365 (Home or Personal, maybe just Home?) and use the same Microsoft account for email (via Outlook.com) then no ads are displayed at all.
> When I click on an individual purchase and try to remove it — it says I can do this by deleting the email, after all — it just redirects to my inbox and not to the original email message for me to delete, since that email no longer exists.
Or did they fix it for European users?
Edit: Why am I being downvoted for asking this question?
Please don't comment about the voting on comments. https://news.ycombinator.com/newsguidelines.html
GDPR. It requires that the person whose personal data is processed must give explicit permission about what data is processed and allow the purpose for which the data is processed. And it must be possible at any time to withdraw that permission and to delete the data.
At least as far as I understand those rules, ianal.
> and allow the purpose for which the data is processed.
> And it must be possible at any time to withdraw that permission
> and to delete the data.
No it doesn't.
There are several lawful bases for storing and processing data. User permission is only one of those bases. It's usually not the best one to use. https://ico.org.uk/for-organisations/gdpr-resources/lawful-b...
Is there any company that deletes their customers' purchase histories?
And doesn't the IRS prescribe that this kind of information should be in the books?
And yours isn't the first comment in this thread who's question can be answered if they bothered reading the article. Some are quick to defend the actions of a corporation.
not anymore. amazon has stopped putting product information in notification emails for just this reason. Notifications are now generic, “your order confirmation” etc. you have to login to amazon to discover the order that was confirmed etc. makes email receipts much less useful but avoids the 3rd party privacy issue.
and also, TFA is wrong. if you delete the email AND empty the trash, or wait 30 days for auto-empty, the purchase is forgotten by gmail.
even with this in mind, amazon chose to remove specifics from their notifications.
EDIT: except for the first 1click notification.
1. gone around deleting every invoice from my GMail inbox
2. Noticed it wasn't getting removed after waiting for 24 hours.
3. Reached out to the reporter mentioning google might be not deleting it properly.
4. Waiting a couple more days and calling off the alarm when google did finally delete it.
I wrote about it at https://captnemo.in/blog/2019/06/01/cleaning-google-purchase.... My purchase history still shows 0 results, more than a month after my cleaning spree.
3 weeks still sounds too long for this information to linger around.
Surprised to this day that many other sites have shut down, but MySpace keeps on kicking.
No backup of user data exists more than 30 days there, typically less.
I wouldn't be surprised if that's the entire, innocent, explanation here.
(I still think you should be able to turn off purchase history separately...)
Instead, the small PII we had was used for fraud signals and for logging/debugging. Very frequently we would get complaints about things not working and we would have to go digging through logs to figure out exactly what happened, and without that data it was hard to figure out exactly what happened if something went wrong.
Most of the data was TTLed in our logs between 7 to 90 days so that took care of most of the issues. Other data that got logged into a data warehouse needs to be deleted via Spark jobs, which takes several days to scour all the data.
Like I said, the companies I've worked at don't need user data for its primary product and even then it took time to fully delete a user's data upon request, so I can imagine it taking a lot of time for a company like Google where extensive use of user's data is widespread throughout the company.
>It also says you can delete this log by deleting the email, but three weeks after we deleted all email, the list is still there.
There’s purchases I’ve deleted emails (and emptied the trash for) only for it to still be in the purchase list. Clicking on the purchase does not lead to the email.
Similarly, I believe the gmail search cache also has some lingering cache issues. There are emails referenced in the drop down in search that I’ve long deleted.
It is frustrating