it is called HAVE YOU BEEN SCROOGLED

Discuss Avant Browser. Do not post support requests, bug reports, suggestions for new or improved features, etc. here. Put those in the Help, Bug Reports, and Requests forums, respectively.

Moderators: Support Staff², Support Staff, AvantGuard, Developer

Post Reply
User avatar
AXEMAN
Avantic Elite
Avantic Elite
Posts: 1606
Joined: Thu Jan 24, 2008 12:55 am
Windows Version: WIN 7 64 BIT
Avant Version: THE LATEST
IE Version: 9

it is called HAVE YOU BEEN SCROOGLED

Post by AXEMAN » Fri Feb 15, 2013 7:06 pm


mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Re: it is called HAVE YOU BEEN SCROOGLED

Post by mbrazil » Fri Feb 15, 2013 9:06 pm

Anybody that's concerned about the privacy of their email, and everybody should be, should not use any of the webmail sites, like gmail, outlook.com, yahoo, etc. Personally, I have a very strong dislike for webmail, and it's not just privacy concerns that make me feel that way. If you want to do as much as possible to protect the privacy of your emails, register a domain, find a reputable company to host it, and use only a POP3/SMTP email client and your domain accounts to send and receive email. Also, make sure the company that you choose to host your domain provides a secure connection (SSL) for both incoming (POP3) and outgoing (SMTP) messages and that you have your email client on your PC (and any other device you use to send and receive email) set to use SSL for both.

I have found it useful for certain purposes to have some webmail accounts (gmail, outlook.com, yahoo, etc.), but I mostly avoid using them, and I almost NEVER send mail using any of them. I only give out the addresses for any of the webmail accounts to people or companies that I don't want to have my domain account address, and I don't use the webmail interface to send or read email. You can set up any of the webmail accounts to forward messages they receive to your domain account so that you receive all of your email from all of your accounts in your email client on your PC or other device you use to check mail. This way, you don't have to check the webmail accounts regularly or at all. You can also set up the webmail accounts in your email client so that you can respond to messages you receive at a webmail address by sending from the webmail address. This is useful if you want to reply to a message without making your domain account address visible to the recipient (be aware of the risk of doing this, though, and don't put any information you want to protect in these emails).

BTW, AXE, you do realize that the video at that link is a Microsoft commercial, don't you? It makes it sound like Google has thousands of employees sitting at their desks reading every email everybody with a gmail account sends or receives. That would require them to have tens of thousands of employees to do only that and would cost them more than they could possibly get back by using the contents of the email to provide targeted ads. Obviously, Microsoft is right that the content of all the mail handled by the gmail servers is scanned and used to send targeted ads, but that doesn't mean that any person at Google actually reads any of your email. Targeted ads may be a nuisance to some people, but they are easily ignored, and the ads themselves are not a privacy risk. Shame on Microsoft for using scare tactics and innuendo in their commercial. Shame on Google for not posting a notice that their computers are going to scan your email, not telling you that they're going to show you ads based on the content, and for not providing a way to opt in or out of the scanning and the ads. These practices (both Microsoft's and Google's) are not illegal, however.

I gave outlook.com a try a week or so ago, just to see what it's like, and there were things about it that drove me crazy. I had no intention of continuing to use it anyway. In many ways, I liked it better than gmail, but like I said, some parts of it drove me crazy, and webmail is just not a good idea.

User avatar
hornakapopolis
AvantGuard
AvantGuard
Posts: 11321
Joined: Thu Jul 31, 2003 2:09 pm
Windows Version: Windows 10 Pro 64
Avant Version: 2015
Default engine: Chrome
IE Version: 11
Skin: Stickers
Location: Ohio, USA
Contact:

Re: it is called HAVE YOU BEEN SCROOGLED

Post by hornakapopolis » Fri Feb 15, 2013 11:34 pm

mbrazil, do you mind if I ask what domain host you use?

mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Re: it is called HAVE YOU BEEN SCROOGLED

Post by mbrazil » Sat Feb 16, 2013 2:44 am

hornakapopolis wrote:mbrazil, do you mind if I ask what domain host you use?
It's arvixe. http://www.arvixe.com. I've used them to host my domain for approximately four years, and I've been very satisfied with them. There have been almost no outages, they upgrade their servers and/or add new ones before they become overloaded, their tech support is excellent with very quick response, and their pricing is competitive. Overall I'd say I have no complaints about arvixe at all.

The domain host I used before arvixe was sold to a Canadian company, and after that, I had to make an international call if I needed to contact them. There was also a bit of a language barrier, as they are located in Quebec, and many of their employees' primary language was French.

User avatar
hornakapopolis
AvantGuard
AvantGuard
Posts: 11321
Joined: Thu Jul 31, 2003 2:09 pm
Windows Version: Windows 10 Pro 64
Avant Version: 2015
Default engine: Chrome
IE Version: 11
Skin: Stickers
Location: Ohio, USA
Contact:

Re: it is called HAVE YOU BEEN SCROOGLED

Post by hornakapopolis » Sat Feb 16, 2013 2:07 pm

I guess I'm just a little confused as to how what you're doing is protecting your e-mail security. The webmail interfaces for these providers accesses the mail server in the same way as your client, so unless you're not getting that webmail connection securely (and I don't know of any that don't), there's no difference. Arvixe uses Squirrelmail, Horde, & RoundCube. I've used the first two before years ago and they were secure connection then. I've never used RoundCube, but again, an https connection for these is pretty standard these days. The mail is sitting on a mail server. The webmail is an interface just like your client. (By the way, though, thanks for that name. I'm going to check them out. I just renewed my hosting, which went up last year. It might be a few months before I get the time to look into it, but if Arvixe does any sort of referral promotion, I might be in touch, if you don't mind.)

I remember a conversation between two acquaintances a few years ago where the argument was made that your ISP's mail is your most secure options because your pipeline is directly from their server to your computer. At the time though, I think the conversation was started by the news that some major ISP had just outsourced their mail, meaning in that case, it was jumping from server to server to get to you just like any of the 3rd party providers.

But, tying this into the "Scroogled" thing, the other thing to notice AXEMAN is what they say at the end "We don't go through your e-mail to sell ads." You have to figure out what the issue is to you. Is it that your mail is electronically scanned or is it that your mail is electronically scanned to generate ads? If you don't like your mail being electronically (and I am going to keep saying "electronically" to stress the point) scanned, you should ask your mail provider, ISP, and host to turn of spam filtering. How do you think that works? It's not by detecting the faint smell of canned pseudo-meat upon entering the mail server. And that's why Microsoft added the to sell ads to the end of their little tagline. Because they, too, go through your mail. Keep in mind that Google is, primarily, an ad company. That's what they do... they sell ads. That's why GMail is free. It's why I have three domains running Microsoft Office replacements for free. It's why you don't pay for Maps, Calendar, Picasa, Talk, Voice, Wallet, Google+, Android.

That's what I don't like about these line of ads. They're disingenuous. The only argument they can legitimately make here is the purpose of scanning the e-mail and that's not the idea they're trying to convey to people watching it. I had the same problem when they did this last year online, but now these ads are running on television where normal people not understanding how things work can see them. It just seems really tacky to me.

User avatar
AXEMAN
Avantic Elite
Avantic Elite
Posts: 1606
Joined: Thu Jan 24, 2008 12:55 am
Windows Version: WIN 7 64 BIT
Avant Version: THE LATEST
IE Version: 9

Re: it is called HAVE YOU BEEN SCROOGLED

Post by AXEMAN » Sat Feb 16, 2013 6:27 pm

Guys i just saw it thats what it called. I know what it was mike. i just thought others might enjoy seeing it .IT WAS JUST A COPY AND PASTE I HAVE NO OPINION ON THE DAM SUBJECT :think:

User avatar
hornakapopolis
AvantGuard
AvantGuard
Posts: 11321
Joined: Thu Jul 31, 2003 2:09 pm
Windows Version: Windows 10 Pro 64
Avant Version: 2015
Default engine: Chrome
IE Version: 11
Skin: Stickers
Location: Ohio, USA
Contact:

Re: it is called HAVE YOU BEEN SCROOGLED

Post by hornakapopolis » Sun Feb 17, 2013 12:16 am

No one said you did

mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Re: it is called HAVE YOU BEEN SCROOGLED

Post by mbrazil » Mon Feb 18, 2013 4:00 am

hornakapopolis wrote:I guess I'm just a little confused as to how what you're doing is protecting your e-mail security. The webmail interfaces for these providers accesses the mail server in the same way as your client, so unless you're not getting that webmail connection securely (and I don't know of any that don't), there's no difference.
It seems likely that Google's servers are a larger and more attractive hacking target than the mail servers at hosting companies, most of which are much less well known than Google. I wasn't trying to intimate that Google is inherently less secure than arvixe or any other hosting company I'm aware of. I also was responding to the concept of Google's servers scanning customers' email to develop leads for targeted ads. If someone feels that their privacy is being invaded by that practice, that it reduces the security of their email, or they are simply annoyed by the ads, the best way to avoid the practice is to avoid using gmail, outlook.com, etc. Hosting companies are not likely to adopt these practices, since it would probably be very damaging to their core business.

You are correct regarding SSL and HTTPS, but I wasn't referring just to security while mail is being transmitted from your PC to or from the server, from server to server, or to login security. You are protected to a similar degree by either of these security protocols, but as I mentioned earlier, there are bound to be many more attempts to hack into gmail, outlook.com, yahoo mail, etc., than there are at comparatively small companies like arvixe and many other hosting companies. Once the email exists only on my PC (and probably the sender's PC), the potential for hacking is reduced even further. Not having your email out there on a widely known company's server for long periods provides an extra measure of protection by reducing the window of vulnerability.
hornakapopolis wrote:Arvixe uses Squirrelmail, Horde, & RoundCube. I've used the first two 5years ago and they were secure connection then. I've never used RoundCube, but again, an https connection for these is pretty standard these days. The mail is sitting on a mail server.
The only time I use one of these (Horde is my preference) is when I need to do maintenance on individual email accounts under my domain (delete old messages left on the server, look for possible false positives in the spam folder, etc.). As I said, I don't like the webmail interface in general, regardless of which one it is.
hornakapopolis wrote:The webmail is an interface just like your client.
While the webmail client is an interface to the content on the mail server, and so is my POP3 email client, there is at least one significant difference -- when I use a mail client running on my computer, messages are downloaded in bulk, and once they're downloaded, they are deleted from the server, as long as I have it set that way. (There are a couple of accounts where I allow copies to be kept on the server at the user's request, which is why I have to use Horde to clean up old messages occasionally.) If you have it set up this way, and you have your email client set to check mail frequently, incoming mail doesn't remain on the server for long, even when you aren't actively working with email. This significantly reduces the window of vulnerability during which your messages could be read, copied, and/or altered by a person or bot that successfully penetrates the hosting company's server. There is no way to duplicate this protection scenario when using a webmail interface.

I wasn't trying to say that there's a night-and-day difference in email security between webmail and local email clients, but there are some differences, and if security is a major concern, the differences can be important. Also, what started this thread was the "scroogled" ad, and if email scanning for ad targeting is a concern, you have to avoid the big webmail providers (google, etc.).
hornakapopolis wrote:(By the way, though, thanks for that name. I'm going to check them out. I just renewed my hosting, which went up last year. It might be a few months before I get the time to look into it, but if Arvixe does any sort of referral promotion, I might be in touch, if you don't mind.)
Of course. No problem at all.

User avatar
hornakapopolis
AvantGuard
AvantGuard
Posts: 11321
Joined: Thu Jul 31, 2003 2:09 pm
Windows Version: Windows 10 Pro 64
Avant Version: 2015
Default engine: Chrome
IE Version: 11
Skin: Stickers
Location: Ohio, USA
Contact:

Re: it is called HAVE YOU BEEN SCROOGLED

Post by hornakapopolis » Mon Feb 18, 2013 3:22 pm

Ah... your practice makes a little more sense now. You'll understand my confusion, though, since it was all brought up in the context of mail being scanned, webmail was the only thing addressed, and using POP to remove messages from the server wasn't mentioned. Image Image

In the context of the conversation, though, seeing if your mail provider can not use their spam filter on your account seems to me to be the only option for anyone not wanting their mail scanned. I'd doubt a provider would even do that.

As for concerns of it sitting on the server, it's seems a personally encrypted route would be the way to go

mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Re: it is called HAVE YOU BEEN SCROOGLED

Post by mbrazil » Tue Feb 19, 2013 3:00 am

The last three domain hosts I've used, including Arvixe, provide the ability to enable or disable the server's antispam filter for your domain via the domain control panel. I expect that, for most people who are concerned about mail scanning, a spam filter running on the server is much less of an issue than a mail provider scanning for leads for targeted ads.

I'm personally not that concerned about mail scanning by software on the server for relatively benign purposes, like targeted ads. Unfortunately, though, scanning for other less benign purposes is not something that's easily detected unless the results of the scanning become evident, and then you're forced into damage-control mode instead of preemptive measures. I'm much more concerned about things like malware that mines for personal information to facilitate identity theft or other illegal purposes getting onto mail servers, and then there's the possibility of scanning by government agencies. Unfortunately, if either of these types of scans is taking place, you're not likely to find out about it unless those responsible for the scanning obtain something they can use to steal from you or otherwise do you harm. I have nothing to hide from government agencies in the US (federal or state), but being the subject of covert scans is still something to be avoided, and my privacy is very important to me. I just don't consider targeted ads to be a serious violation of my privacy.

I continue to have my own domain for email for a number of other reasons, including having more flexibility in account naming, the ability to configure mail filters, forwarders, etc. on the server for the entire domain and for individual accounts, not having to deal with delays relating to page loading when reading mail, a smaller likelihood of server outages or other online delays that would prevent me from reading mail whenever I want to, and greater granularity in the management of all aspects of email handling both on the server and on my local PC. For example, you mentioned the three webmail clients available at arvixe. While these three choices give you some options and some flexibility, there are many POP3 clients (including quite a few free ones) available to use on your own PCs, and most of these provide greater configurability and more user options than webmail clients tend to have. While I am retired and no longer own a business, I still provide and manage email accounts for several family members and some friends.

On a related topic, I also use stunnel (https://www.stunnel.org/index.html) on my PC and most family members' PCs to provide an SSL encryption wrapper between our local POP3 clients and the arvixe mail server to provide additional security when receiving or sending email. I also use OpenDNS's DNS servers and their free OpenDNSCrypt client to protect DNS inquiries originating from our computers from being surveiled and to avoid DNS poisoning exploits. While all this is a little complicated to set up and fine tune initially, it's not much trouble to administer once you get it working the way it should.

Computer security is never 100% effective, but these additional steps combined with ongoing vigilance and effective anti-malware and firewall software on our PCs and the built-in firewalls in our routers give me quite a bit of confidence that I'm doing as much as I can to protect our security while not exceeding our budgetary limits.

Post Reply