- 5 hours
Anything that isn’t encrypted at the message level will be accessible in plaintext at some point on a mail provider’s hardware.
Secure protocols only ensure that mail gets to the mail provider and leaves again without someone else reading the message on the wire. On the server, there is no such protection.
Take a look at any mail message’s headers for
Received. Any server that added a header, and maybe a few others besides, had full access to the plain text of the whole message.A good provider might have encrypted volumes in case a server is stolen, but while those volumes are live, messages on there are effectively plain text.
This is an unavoidable fact.
For many years, I had access to hundreds if not thousands of customer mailboxes but neither I nor my colleagues had any need or desire to go snooping, and I expect we would have been sued out of existence had we done so, contracts or otherwise.
The closest I ever got was when trying to help a customer determine what was happening to messages being sent from a third party. I was able to confirm that messages from that third party were indeed landing in the mailbox (literally
grepping for theFrom:header in newly arrived messages) and then confirming that the message had been collected by something outside our network.Then we had to go through the usual customer-side troubleshooting, like other things that might be picking up the mail, junk mail collection systems, message rules and so on.
A few customers were uncomfortable as and when they realised we were able to see all their mail. They got an abridged version of the above and were told about the benefits of things like PGP or having their own mail server to reduce the chance for snooping.
A_norny_mousse@piefed.zipEnglish
12 hoursit looked as if they (porovider) might have been reading the emails.
The IT manager exploded and confronted them. The response was chilling:
“I’m not saying we do - but we could. It’s in the contract. You should read the fine print, especially the unilateral amendment from two years ago.”.
“Unilateral agreement” here means that they send you a message saying “We’ve updated our TOS” and if you don’t reply otherwise, you agreed.
Horror story.
BTW:
All of this happened before the GDPR era, when certain practices could still slip through.
- solrize@lemmy.mlEnglish10 hours
This is like those AI slop youtube channels where they make up stories about celebrities with a suspicious lack of details. Sorry this needs names and specifics.
- brsrklf@jlai.luEnglish12 hours
Oh shit, was halfway through when they mentioned being in EU. Don’t think it could happen (legally) in my country because we’ve got a privacy agency that’s quite older than GDPR (and one of its precursors). But it’s worrying.
rmuk@feddit.ukEnglish
13 hoursIn the UK we had the Data Protection Act before GDPR, but it was so full of words like “reasonable” and “appropriate” and “balanced” that is was basically homeopathic; I wouldn’t be at all surprised if this story was from the UK. I’m so glad GDPR got in before Brexit.
Hund@feddit.nuEnglish
15 hoursWhen shit like this happens it’s your responsibility to call these shitheads out.
- Smaile@lemmy.caEnglish12 hours
Company people don’t give a shit about what they sign off on and make it other people’s problem. His first mistake was assuming people carried enough to actually do their job and not Fuck over their own company.
- HobbitFoot @thelemmy.clubEnglish5 hours
Or they may not understand the implications of what they are agreeing to.
- Sims@lemmy.mlEnglish13 hours
…but but, free fighting for existence in ‘markets’ is great and gives prosperity and freedom for all ???
/s




