Dec 2: Throwback: security — confidentiality, integrity, and availability
Post categories
CEO
This is the second post in the Fastmail Advent 2024 series. The previous post was Dec 1: Mission statement. The next post is Dec 3: On moving house — bringing a new data centre online.
Throwback time! This was the post which inspired our first ever Advent series. All I’ve changed is putting an Oxford comma in the title.
Honestly, very little has changed since then. Even the Wikipedia link is still valid. The James Mickens paper has disappeared, Microsoft’s legendary commitment to backwards compatibility clearly doesn’t extend that far, so if you’re interested you’ll have to get the file from Harvard (pdf). I strongly recommend reading anything he has written.
Integrity
We did an explicit post on integrity in 2014.
I’m going to write a whole separate post in this series about how the data integrity checks we have added over the years have really held up. We haven’t had a major data loss in those 10 years, through many cases of equipment failure and the occasional human error. Designing with data resilience as a key goal has paid off.
Availability
We also wrote an explicit post on availability in 2014.
Sadly we haven’t been with NYI for a while. Miss those guys. We moved to New Jersey, then they sold that data centre to a new provider, and we were there for a while. Our current data centres are in Philadelphia and St Louis.
We did a major data centre move earlier this year. We will write in this series about the experience, some lessons learned about our preparedness, and how the move has improved our resilience against some of the risks out there. Unfortunately, it did lead to some higher levels of downtime during and immediately after the move as things settled.
Confidentiality
Finally the first one everybody thinks about! We wrote about confidentiality in 2014 as well.
The reasoning here is still the same, though a few things have changed. Our data centre structure is a bit different, we handle the networking in-house now and use a single switching infrastructure with VLANs rather than airgapped networks. The legal framework has changed too, Australia now has a Cloud Act agreement with the USA, so we receive requests directly from the USA for investigations of serious crimes by non-Australians.
By far the biggest risk to confidentiality that didn’t exist 10 years ago to the same extent is AI training! It seems that the temptation is for services that are “freemium” to use your data for training their AI models, either without choice or by forcing you to find a well hidden way to opt out.
We aren’t doing any AI, and if we did it would be very carefully and with the only goal being to help our users get better insight into their email. We would use per-user training models, in the same way that we currently create per-user search indexes, ensuring that data is segregated and can’t leak across.
The great thing about having a paid product is that we don’t have split loyalties. Fastmail has been profitable every one of the past 10 years, with no outside investment. We expect to remain so into the future without having to “diversify” into shady shit. We sleep well knowing we run an ethical business, and we’re very grateful to the people who trust us with their email and pay us to keep providing them with the service.
In conclusion, Fastmail has exactly the same attitude to security that we had 10 years ago. It’s important. It’s not a marketing dot-point, it’s table stakes — you have to be secure if you want to be trusted with other people’s precious emails.
Other than the areas where we’re the ones creating new and better standards, we are cautious about adopting new technologies and the latest fads. This has served us very well over the years. Fastmail cares about real security, actionable changes that make things better. We don’t do security theatre. When we do something in the name of security, it’s because it makes a meaningful difference to your risk profile.
See you again tomorrow.