> We love that our customers care about their digital rights and want to find out more about how companies are looking after their information.

Ugh.

> The police can't intercept, access or modify your messages without us receiving a warrant

So, unlike virtually every other democracy, Australia has granted law enforcement power to surreptitiously modify data owned by others.[1]

> Fastmail remains a privacy-first provider

Does not seem possible unless they move operations to a more privacy-respecting country.

[1] https://news.ycombinator.com/item?id=28364140

My understanding is that the new law still requires a warrant, but that the warrant can be granted by an administrative tribunal rather than a judge - so technically what Fastmail are saying here about only acting on a warrant would be correct.

As per the response from Fastmail, it does still require targeting; the intent of the law appears to be to 'take over' an account and use it to catch conspirators, e.g. "we caught Timmy red-handed planning a terror attack, let's log in as him and tell his co-conspirators to come meet us somewhere, then arrest them all".

Whether or not that's what it will be used for is another question, and a valid concern.

I don't understand the fuss over Fastmail and it being located in Australia on HN.

What is your threat model? What adversaries are you fighting against?

My adversaries are corporations. I don't want Google or Microsoft to know every service I register to, every bill I receive, my income, all my contacts, all my pictures. Fastmail works perfectly fine for this (up to the point where you contact someone who uses Google or Microsoft emails, etc...) and it's perfectly fine for them to advertise themselves as privacy focused.

Is your adversary the government? Unless you're a journalist or dissident you aren't doing what's necessary to protect yourself from the government anyway. Of course security isn't black and white so if you can have a secure-against-the-gov email provider that's good but let's be realistic the government is already recording all of your communications and has much easier access points to your confidential data than your email.

I come at this from a data security point of view. I honestly don't care if police want to read my data. If some knocked on my door with a warrant, I'd gladly decrypt my drives. I have nothing illegal on them.

What I do have a problem with is anti-encryption laws weakening the security of my services. Hackers are getting better and better. Nation states are DDoSing services that I use, and leaking the details.

Police wanting backdoors means that real end-to-end encryption isn't even an option. This opens me up to vectors of attack from people I don't even know, who are desperate for my money or identity.

For that reason, my threat model includes corporations and government. Although, if asked to decrypt my data in person and hand it over, I will with no issues.

As a German living in Australia, I'm absolutely shocked how no one cares about privacy here at all. Every bill basically just passes and there isn't any opposition. I consider any data I store in Australia as compromised.

The lack of opposition is a consequence of the concentration of traditional media in Australia. News Corp owns 70% of the print media and they will never strongly criticise the (right wing) Liberal party as long as that party does what Rupert Murdoch tells them to do. They will, however, relentlessly bash the Labor party, so that party has been playing the "small target" and never doing anything that would allow News Corp to criticise them.

A lot of the other media is owned by Fairfax-Nine, which again has ties to the Liberal party (e.g. Peter Costello) and similar remarks apply.

As an Australian, how concerned should we be about this authoritarian trend?

I've heard people saying that Australia is used as a test-bed for government policy. I've also heard the creep of China could be the cause of this trend.

I've seen how quickly a functioning country can dissolve (Syria, Ukraine, Hong Kong). Just how concerned should we be about this? And apart from voting, is there any kind of action that can be taken?

Looking from NZ you look like you're on a theocratic fascist heading. Ballot box seems to have failed, protest becoming illegal, country becoming intellectual backwater (libs seem to hate all science and arts). No Australians I know want to touch polics as people who are in are so vindictive. Sorry, don't have answers, only a looming sense of dread.

Doesn't matter - Fastmail's response is just PR bunk.

Two big isues:

- Fastmail pays taxes to the Australian government. By supporting Fastmail, you are supporting this lunacy indirectly.

- Their rebuttal revolves around requiring a warrant for any of this, but what good is that if the process if flimsy and there is basically no friction/verification involved in obtaining a warrant?

I am a long time customer and I love Fastmail's service. But Australia has just gone nuts, and I think this is the last straw. I'll be working on a plan to slowly migrate elsewhere.

What alternatives are you considering?

>Your data remains under your control

You don't own what you cannot protect. Your reputation certainly doesn't remain under your control under these laws, the combined power of assuming your identity means police can engineer your voice and send it on to someone else who has every right to publish it. This flies in the face of everything just if juries are asked to unravel multi levels of deepfakes tailor made by law officials to intimidate or incriminate.

I'm a paying Protonmail customer. The main unique selling point of Protonmail for me is their encrypted inbox. I've looked into Fastmail, and even though what they say in this thread is on point, I just presume that by using their services that your emails are plaintext'd in their data centers, ready to be spied upon. (There's no evidence that your Fastmail emails are looked at by government agencies, and I keep an open mind on that)

>> Where we are permitted under a warrant, we will notify the accountholder of the access request

I can't imagine the warrant allowing account holder to be notified.

So let me see if I have this right - Fastmail will give the Australian government access to your private correspondence, but only if said government proves to Fastmail that you've been involved in a crime?

So their default position is to give access - with checks and balances, but still to give access.

Why must the default be that governments get access? That's NEVER gone well in the past, why should now be any different?

I think you'll find that the AFP can indeed intercept and modify someones data in transit without notifying the host.

"can't intercept, access or modify your messages without us receiving a warrant" come on, they already can.

I cant imagine that they will phone up a data host and ask them to modify say an email.

Why would anyone pick FastMail over, say, Proton Mail which is in a far less compromised locale? Really, I wouldn't trust the output of my /dev/random to an Australian company at this point just on the basis of their hostile laws.

I'm likely woefully uninformed on this, so I'd like to ask for some information. Last I heard/looked (many years ago), Proton was just webmail-only, I think. Can it actually do all the same things Fastmail can, as in IMAP/SMTP access, catch-all addressing (*@mydomain.tld routes to realaddr@mydomain.tld; I'm the only user and own the entire domain, allowing me to do stuff like linkedin@my.tld, pizzahut@my.tld, apple@my.tld and so on; so I know who's up to shady sh!t), MX records for a custom domain, built-in spam filtering, custom user-editable rules, 2fa, per-app passwords, and so on?

Because if it's got close to 1:1 feature parity (or better) I might consider a switch once my existing paid plan is up.

IMAP/SMTP isn’t really possible because it’s not E2E encrypted. You must use a protonmail client, or use their bridge application which encrypts/decrypts mail as it arrives/leaves your computer via IMAP/SMTP.

Protonmail has IMAP if you're a paying subscriber.

They don’t mention IMAP in the pricing page.

You're right. I thought Protonmail Bridge was IMAP support, but it isn't.

If you care about privacy, use a provider in a country with strong privacy laws. If you don't care, just use Gmail or Microsoft? I really don't see where Fastmail fits in here, unless you're Australian.

IMAP/JMAP.

Stopped reading, to wipe the vomit off my keyboard at "Reaching out".