Browse By

IxQuick and StartPage Are Starting An Email Service More Secure Than Gmail

Gmail sure is convenient. I know. I’ve used it for many years. Google brings so many services together through its account, it’s easy to slide into doing practically everything on Google’s systems: Not just writing emails, but setting up family and professional calendars, writing manuscripts, calculating home budgets and taxes, uploading photographs, sharing videos, reading the news, buying stuff, searching for information…

Pretty soon, Google gets into every part of your life, and it all seems to have no cost.

That’s an illusion. The cost of using Google services is actually quite high.

Every supposedly free service that Google offers includes software that tracks your activity, and saves a record of what you’ve done in Google’s databases, where Google employees can read through it at will. Your emails are read by others’ eyes. People you don’t know watch your supposedly private videos. Documents you wanted to be confidential are available for people at Google to read – and to use for commercial purposes.

It doesn’t matter if you delete the things you’ve uploaded to Google’s systems. Google keeps them anyway.

smartmailThe hidden cost of Google’s services doesn’t end there. Once Google has your private papers, pictures, and videos, military spies have them too. The PRISM military Internet spying program is sucking huge amounts of Google user data out of Google’s servers on a daily basis, so that spies over at the Pentagon can sift through Americans’ private communications, or send them over to domestic agents for perusal.

Not so long ago, we warned about some of the dangers of Google’s data mining systems, and recommended some alternatives. Among those alternatives was, a search engine that uses Google, but sets up a screen between users and the Google search system, preventing Google search from logging users’ IP addresses for the purposes of data mining.

StartPage is now positioning itself against Google as the secure search alternative. They write, “StartPage and its sister search engine Ixquick have in their 14-year history never provided a single byte of user data to the US government, or any other government or agency. Not under PRISM, nor under any other program in the US, nor under any program anywhere in the world. We are not like Yahoo, Facebook, Google, Apple, Skype, or the other US companies who got caught up in the web of PRISM surveillance.”

Ah, but couldn’t the Obama Administration simply serve StartPage with one of the National Security Letters created under the Patriot Act? No, because StartPage isn’t based in the United States. “Our company is based in The Netherlands, Europe. US jurisdiction does not apply to us, at least not directly. Any request or demand from ANY government (including the US) to deliver user data, will be thoroughly checked by our lawyers, and we will not comply unless the law which actually applies to us would undeniably require it from us. And even in that hypothetical situation, we refer to our first point; we don’t even have any user data to give. We will never cooperate with voluntary spying programs like PRISM,” StartPage explains.

Now, IxQuick, the people behind StartPage, are preparing StartMail, an email system that will offer user privacy as well – of a sort.

The StartMail system, which will soon enter Beta testing, will not engage in data mining of the sort that has become pervasive in Gmail. The emails will be encrypted using (“PGP encryption”)… and it all sounds great… until one realizes that the federal spy agencies have the expertise to overcome any kind of encryption system that is used in commercial systems.

In the abstract, StartMail seems like a timely idea. In practice, I’m skeptical that NSA cyberspies can be kept out of any email system.

Techies, I’m asking for your help in understanding these issues. Could StartMail actually be made sustainably secure from the government’s online spies? Is StartPage really only secure for now because it’s too small at the moment to catch the attention of Big Brother?

5 thoughts on “IxQuick and StartPage Are Starting An Email Service More Secure Than Gmail”

  1. Bill says:

    PGP encryption is pretty darn good but, as you suspect, it can be broken if one brings a helluva lot of CPU power to the task…and NSA has many times a helluva lot of CPU power. That said, there are millions, maybe billions, of PGP-encrypted messages flying around the intertubes daily; security folks I’ve spoken with argue that it would be impractical even for the NSA to try to crack them all on a routine basis. I personally believe it is safe to assume that NSA would only invest the effort in cracking PGPs from high-value targets, which most of us ain’t.

    As a user of PGP myself (for a few of my most confidential business communications, I can say that it’s kind-of a PITA, since both you and your recipient must have it implemented. When you need it that’s OK, but when you don’t it’s not worth the trouble. You can implement it yourself on your machine, you don’t need a third party such as StartMail (though perhaps they have a friendly and more transparent implementation? I need to check on that).

    I think the downside of StartMail is that, in the Netherlands, they’re not only beyond the reach of the U.S. gummint, they’re also beyond your reach, too. So if they do in fact start screwing around with your stuff you have zero legal recourse, unless you can afford to pursue a court case in the Netherlands. That said though, I’ll admit that I’m looking for an alternative to El Goog. It has infiltrated deeper into my life than I like. I’ll probably take a look at StartMail; thanks for the tip.

    As for people spying on my browsing habits, that I couldn’t care less about, unless somebody steals my credit card number (yet again). I run both Ghostery (excellent!) and AdBlock Plus (just OK) on my browser, which gives me sufficient freedom from advertisements and tracking by marketers. They’re completely transparent and they work. And I keep third-party cookies turned off. On my DSL service my IP address changes frequently enough that nobody’s going to learn much about me by logging it.

    One thing that I think (but can’t prove) is a good idea is this: whenever I’m required to register in order to do something on the web, I will usually try to lie my head off — made-up name, address, phone, email, age etc. Obviously this won’t work when you’re buying something that will be shipped to you, or when you have to activate your account through a confirmation email sent to you. But surprisingly often it works just fine. The more it looks like there’s a couple hundred people at your IP address, the less anyone can associate with you individually. Garbage in, garbage out.

  2. Tom says:

    Good one Bill. Thanks.

  3. Jim Cook says:

    Hushmail asserted an identity as a private e-mail service, but drew ire when the US gov’t asked for information on its users and Hushmail handed it over.

  4. Ev G. Scott says:

    I am wondering when your email is going to become a reality. Anxious to try it. Along with gmail, I have incrediMail and it will not send at least
    half of my mail. Most frustrating. es

  5. qqqqqqq says:

    “…federal spy agencies have the expertise to overcome any kind of encryption system that is used in commercial systems.”

    What evidence is there to support that claim? Most of the compromises to user security achieved by the NSA (so far uncovered) are not through special technological prowess, but special privileges granted, back doors, or other confidential vulnerabilities – that is, collusion with tech companies. Example:,2817,2428642,00.asp

    Strong encryption still requires tremendous resources to crack. Bill makes a valuable point that it would be impossible for the NSA to try to crack every strongly-encrypted message that floats by. But claiming the NSA has sufficient CPU power, and leaving it at that, could be misleading. For example, GnuPG, based on the OpenPGP standard, uses RSA to generate a maximum key size of 4096 bits. This is widely regarded by cryptologists as being sufficient to keep data safe for at least the next two or three decades (barring any world-shattering mathematical discoveries).

Leave a Reply

Your email address will not be published. Required fields are marked *

Psst... what kind of person doesn't support pacifism?

Fight the Republican beast!