Join 3,424 readers in helping fund MetaFilter (Hide)


Secure archive for Gmail
April 17, 2013 4:23 PM   Subscribe

I'm an avid user of Gmail and other Google services, but I'm increasingly uncomfortable keeping my entire email history on someone else's servers. Can I keep a week's worth of messages on the server and encrypt everything else? What are some other Gmail privacy compromises?

A good privacy compromise in Chrome has been limiting my history to one week—I've found that I rarely look for anything older. I find Google Now extremely useful, but I'd like to keep it on a need-to-know basis, too. I use archive, search, and priority inbox a lot, and I've basically abandoned tags and all other organizational tools.

If I could have all the ponies I wanted, I'd like a "secure archive" button that encrypts stored messages and decrypts them on login so I could still use search (something like disk encryption), or some way to PGP encrypt incoming messages. I do not expect Google to roll out this feature any time soon.

What are some possible compromises and technical solutions here? If I keep only a week's worth of messages on the server, is there a good tool for searching locally archived messages on my machine? (I'm an OS X user.) Can I even configure an IMAP client this way? Is this a waste of time that will give me a fake sense of privacy? I'm open to both easy off the shelf solutions and more technical ones involving some programming—a Gmail client with a secure archive is something I'd like enough to consider making it myself.
posted by ecmendenhall to Computers & Internet (7 answers total) 11 users marked this as a favorite
 
Yes, unless you're main worry is someone getting the password to your Google account, this is a waste of time that will give you a fake sense of privacy. If you're not encrypting email you send, and the people who email you aren't encrypting what they send you, it's passing through dozens of machines as clear text before it ends up on Google's servers. This is the world we live in.

But yes, you can do this. The simplest, least-automated way is probably to set up your Gmail account in Mail.app, the standard Mac Mail client, and just move messages older than a week onto folders your Mac and deleting the archived copies in the Gmail account (which you can do from within Mail.app).
posted by caek at 4:48 PM on April 17, 2013 [2 favorites]


I'm not convinced that Google deletes your e-mails from their servers if you delete them. Someone else might know better, but I would guess they remain on Google's servers, maybe "anonymized" so that Google can scan them for patterns in customer data.

If you can set up your own mail server (or a server you trust), you might be able to have it encrypt everything it gets with your PGP key then forward it onto your Gmail, then Google will have never seen an unencrypted version of your e-mail.
posted by 0x006DB0 at 5:32 PM on April 17, 2013


My money would be on what 0x006DB0 said. They have so much disk space, why should they ever delete anything?
posted by nostrada at 6:43 PM on April 17, 2013


You should assume that anything that goes into a gmail box is stored forever. Even if deleted, Google has all kinds of backups. And as caek points out above, email is no more secure than a post card. Any computer involved in passing the message from the sender to you (and there are lots of them!) can read and potentially copy the complete text of the email.

The only thing you gain by deleting email out of your account is that if someone were to steal your password they'd only have access to the last week of your email.
posted by JDHarper at 7:56 PM on April 17, 2013 [1 favorite]


What are you worried about? Google? Or some unknown intruder? As others have said it is too late to worry about Google, they already have your stuff.
posted by epo at 3:12 AM on April 18, 2013


I agree with others about Google's possible data retention, so the horses are already out of the barn on that one.

For privacy concerns from outsiders, I would check your authorized applications in your Google/G+ security settings. I would also choose a strong password, change it every so often and enable 2-factor authentication through a smart phone and get used to creating application-specific passwords.

For archiving mail off line, my solution (based on the fact that I use CrashPlan+ - the paid version - for offline backups and have paid for the high end, unlimited storage plan) is to use Thunderbird or some other POP3 email client to take a private archive of GMail to a local computer (make sure you set the POP3 client and Google to leave messages on the server) and set the CrashPlan backup client up to backup the POP3 email client's local message file directories to the cloud. CrashPlan encrypts backups so that keeps that part secure enough.

If you didn't have an offsite backup plan you could also backup to an encrypted hard drive or use something like TrueCrypt to encrypt a logical file container and put your Pop3 client's local storage in there.
posted by kalessin at 10:03 AM on April 18, 2013


Thanks, everyone.

The party line from Google is that "residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our backup systems for an additional period of time." There's a little more in this Quora answer. "Additional period of time" is not really defined, so I agree it's best to assume everything is stored forever and this is a pretty silly idea.

But if you really want to do this, here's the solution that worked for me on Mountain Lion:
  1. Create an encrypted sparse disk image at least as big as your Gmail quota. This size is an upper bound—it will only use as much space as the data it actually contains.
  2. Configure Mail.app for Gmail. This and this are good guides to some of the tweaks necessary to get your local mailboxes and Gmail labels connected correctly. Make sure Mail is saving local copies (I think this is the default).
  3. Once Mail finishes syncing, back up ~/Library/Mail/ somewhere safe, then copy the contents to the encrypted image.
  4. Symlink the default mail directory to the encrypted image's mount point in /Volumes/ (ln -s /Volumes/[Name of volume] ~/Library/Mail). All your Mail data is now stored in the encrypted volume, and new data will be added there.
  5. Add the encrypted volume to System Preferences>Users & Groups>Login Items. It will mount automatically when you log in.
  6. In Mail, create a new local mailbox to contain your offline archive. configure a Smart Mailbox with whatever time- and content-based rules you'd like. I created a "To Archive" box that catches all messages older than two weeks that aren't starred in Gmail or already in the offline archive.
  7. Copy everything in "To Archive" to your offline archive. The Mail UI doesn't give any indication that it's actually moving the files, but you can find a progress bar in Window>Activity.
  8. Back up all the Mail data again. Now you can delete everything in "To Archive." It will be moved to Trash on the Gmail server.
  9. Open Gmail in the browser and empty the Trash. Congratulations! Your old messages are no longer accessible to you from Gmail, and are stored only in Google data centers all over the world, the local machines of everyone you've ever emailed, and a big building near Bluffdale, UT.

This works well so far—I can use Gmail, Sparrow, and all my old devices exactly as I used to, and Mail.app as an archive tool. Unfortunately, there's no good way to automate moving messages from a smart mailbox offline, but it comes pretty close to what I wanted.
posted by ecmendenhall at 5:48 PM on April 18, 2013 [1 favorite]


« Older Recently, I have been having a...   |  For the past 8 months or so, s... Newer »
This thread is closed to new comments.