Riseup and the recent email provider closures
August 13, 2013
We have received your emails asking a number of good questions in light of last week’s news about Lavabit and SilentCircle closing down (1). We would like to clearly state that Riseup has never given any user information to any third party. We have never permitted installation of any hardware or software monitoring on any system that we control.
We will do everything in our power to protect the data of social movements and activists, short of extended incarceration. We would rather pull the plug than submit to repressive surveillance by our government, or any government. We are doing everything we can, as quickly as possible, to forge forward with options that would prevent us from having to shut down, in case we are faced with making such a decision. In cooperation with other groups, we are hard at work to develop and deploy a radical new infrastructure that would allow us to provide email in a way that is a thousand times more secure and that would prevent us from having access to any user’s data. We have been working on this for over a year, but we have a lot more work to do before it is finalized.
(1) [en] The Guardian 08-09-13 Lavabit privacy row: second email service closes to prevent spying
Don’t panic. Here are some questions and answers.
Q: Is Riseup working with the NSA?
A: We would rather stop being Riseup before we did that. We are not working with any government agency. We have never simply handed over information when requested, and for years have had a no logging policy. We have fought and won every time anyone has tried to get us to give up information. We have never turned over any user data to any third party, fourth party, fifth party or any party.
Q: But your servers are located in the U.S., doesn’t that mean you have to install backdoors/monitoring/etc?
A: We have no control over our network providers, but we have physical control of our servers, they are not hosted “in the cloud.” This gives us much more physical assurance of the security of our machines. We would not consent to the installation of any external hardware or software on our network and would end the organization rather than install any. However, once our fiber connections leave our space, they could be monitored. This is not new, and has been our assumption from the beginning. When you send an email to someone with an email hosted elsewhere, we have no control over it once it leaves our servers. Also, the US still has better laws for internet providers than in many other countries, including many places in Europe, where there are data retention laws requiring providers to keep logs. The US has no such requirement and it has been our policy for years to not keep any logs.
Q: How is Riseup different than Lavabit and Silent Circle?
A: These were commercial services whose primary mission was to provide paid private email. Riseup is different in that we are a non-profit whose goal is to support activists and keep them safe. Those companies were for-profit businesses, Riseup is in it for social change!
Q: What if someone (like law enforcement) takes Riseup’s servers?
A: They have in the past! This usually happens when they want logs, we tell them that we don’t have any and then they come and take the machine because they don’t believe us and want to see for themselves. However, all of our servers use full disk encryption, which means they cannot see or do anything with the data on the disks without the keys. Nevertheless, we do not keep IP identifying logs, and store as little data as possible on our users. But this is not just Riseup’s responsibility, each user is responsible for limiting the amount of data that Riseup stores for them!
Q: How can I limit the amount of data that Riseup stores for me?
A: There are several ways
Account info: When you applied for an account you provided a little information. After you are approved we don’t need this information anymore and you can clean it up. Login to user.riseup.net and review the information that you have provided there and consider what information you have given us that identifies you. For example, if Obama had a secret email address with Riseup and applied for the address using email@example.com as his alternate email address, it would be a good idea for him to remove firstname.lastname@example.org from his alternate email if he wanted to be able to engage in Constitutionally-protected, anonymous, speech.
But please note: If you do remove your alternate email, and you later lose/forget your password, it will not be possible for us to reset your password. You will be permanently locked out of your account and will not be able to access your emails. You have been warned!
Email: If you are not already, consider using an email client that lets you download email via the POP protocol and deletes it from the server. There is no getting around the mail arriving on Riseup’s server, but if you download it and it’s deleted from the server then Riseup doesn’t have it anymore. But note this does have a downside, using webmail or the IMAP protocol does allow you to check email from more than one computer. If you need that ability, one approach might be to move older email offline to a single computer and just check newer things from multiple locations. Here are some directions for downloading your email: https://help.riseup.net/downloading-email
Lists: one of the nice features of having a mailing list is having a message archive. But if the idea of someone you don’t want getting access to that archive scares you, then it might be better to do without an archive or periodically move the archive to a more secure location. But don’t forget that any subscriber to your list gets a copy of every message, so even if you have the archives removed, there is nothing that prevents subscribers from leaking those messages! More info at: https://help.riseup.net/en/archives#downloading-archives
Ask yourself: where are the important emails, documents, and manifestos of your group stored? Do you have a good place for them for people to find when you are gone and people want to write the history about how you changed the world? If they are only stored in Riseup, that isn’t good. Download them and put them somewhere safer! We are birds, so we like eggs, but we don’t like people putting all their eggs in our basket.
Q: Will Riseup services last forever?
A: While we are committed to doing everything in our power to protect the data of social movements and activists, short of extended incarceration, we would rather pull the plug than submit to repressive surveillance by any government. We would be really sad to see Riseup go, but if we are forced to, we would rather it go away than to betray your trust and compromise the activist community. With this in mind, you should be sure you are prepared in case something does happen, such as downloading and archive your email on your own computer!
Q: What about child porn, drugs, corruption, etc. Would you fight law enforcement requests for users doing these things?
A: Those things violate Riseup’s Terms of Service and, unlike some more “American Libertarian” service providers, we do not exist to provide privacy for doing anything you want. We would close the accounts of people doing those things and the collective may even decide to cooperate with law enforcement rather than set all the servers on fire and destroy the organization, and your email.