Yale Switching To Gmail, Not Without Opposition 439
PwnSnake writes "While it makes sense for small (and large) corporations to move to Gmail, something seems amiss when a top private university decides to hand everything over to Google. Although most in that community seem to welcome the change, several organizations on campus have joined forces to call for a transparent process and get students and faculty thinking about the downsides of the switch. The problem is choice (users can already forward mail to Gmail; it doesn't make sense to force that option and not have a backup or opt-out mail server)."
Having gone there... (Score:5, Interesting)
I was a grad student there, and most of the people I knew hated the Horde webmail interface. I practically never used it, since I've always set up IMAP.
My current university also outsources most of their student e-mail services to Google... again, I almost always access it through IMAP. The main downside I've run into is that the university version of Gmail doesn't have access to Labs features that you get with regular Gmail.
Re:Having gone there... (Score:5, Interesting)
Re: (Score:2, Informative)
Same but... (Score:2)
Of course, my main objective to universities switching to Google has nothing to do with functionality. GMail is proprietary software, and universities should not be locking themselves
Re: (Score:2)
Even if they used free software. You'd still be trusting anyone Google trusts with your email.
Re: (Score:3, Informative)
Google's IMAP implementation is horrible, to the point of only barely being usable.
Um, no? I have 3 Gmail accounts all accessed through IMAP and they all work perfectly and always have. Making a blanket statement about an entire implementation is completely groundless. YOU may have problems, and I know it would suck, but GMail works perfectly fine for 99% of people.
Re: (Score:3, Informative)
Re:Same but... (Score:5, Insightful)
Gmail does not implement IMAP standard correctly. ... Gmail sends the responses to some queries out of order - this behaviour is formally correct but is not what some IMAP clients expect.
So Gmail is correctly implemented but the clients aren't and you blame Gmail?
Re:Having gone there... (Score:5, Insightful)
Kids these days. When I was at school, everyone used Pine and we were content.
Re:Having gone there... (Score:5, Funny)
Kids your days... /var/spool/mail/$USER
When I was at school, everyone used vi
Re:Having gone there... (Score:4, Insightful)
For anyone who prefers their email format in text as opposed to html or rich text, it still isn't bad. :) But I think I'll stick with a GUI.
What I don't understand is how the article poster could possibly make the statement that Google Mail is good for large corporations. If I were a large (or even small) corporation, I wouldn't want any of my email messages, many of which likely containing proprietary information, being stored on another corporations mail servers. That's not only giving you a fair chance to shoot yourself in the foot, it is like asking for a marksman to shoot you in the foot for you.
RIM's Blackberry is so popular because RIM can't tell what you are emailing. It doesn't store your email. Your company still uses its own mail servers, and anything that goes through RIM's servers is not staged, and is encrypted so only your company knows what your business is. Fat chance data mining Google will encrypt mail so that they can't tell what it says.
Re: (Score:2)
Well, _that_ explains a lot. No one trained by using Horde as their primary mail server should be considered trained to run a competent, large scale mail service. It was a poorly integrated mass of difficult to install demoware 5 years ago, and I've seen and heard no evidence to indicate that it has improved.
Re: (Score:3, Informative)
Having also attended graduate school there, I was shocked and dismayed by the childish and incompetent atmosphere in Yale's IT services. Prestigious the university may be, but the IT facilities they provide for students are dismal. That Yale ITS are still unable to effectively manage an email system, to the point where it has become easier to cut them out of the l
Re: (Score:3, Informative)
At many schools there is not much relationship between the CS department and IT, or more accurately, the relationship is often hostile. Years ago when I was at Stanford in spite of the presence of an excellent CS department IT was antedeluvian.
University IT thinks it's 1994 (Score:5, Informative)
Re: (Score:2, Interesting)
But, I do feel sorry for the people who still use the interface: it's a freaking Java applet
It almost certainly isn't the IT dept (Score:3, Insightful)
The IT dept will have a budget. That budget is set by whoever controls the finances. If the person controlling the finances thinks you are only worth 40Mb of storage, then that's all the IT dept will give you.
If you want more, then bitch to whomever controls the finances. There is almost certainly no point bitching to IT because they can only go to the finance people and say give us more money. The people controlling the money aren't feeling the pain so why should they spend the money?
BTW, this isn't just f
Re: (Score:2)
Maybe the problem is with those sending the attachments. Especially if they are sending the same thing to multiple people at once...
Re: (Score:3, Insightful)
Re: (Score:2, Troll)
God, I wish my university would do this. We have 40MB account limits and professors routinely send out 10MB worth of attachments. Sure, you can forward it all to gmail (and who doesn't) [...]
I thought I'd point out something that most students are unaware of: When you sign up for your own @gmail.com account, you give up ownership of your email. It's in the use agreement.
This is an important point, because when the university makes an agreement with Google, there's a whole legal process behind it. The university retains the ownership over the email; Google is just the provider. That's how we did it at our university.
Here's the distinction: Did Google (or Yahoo, or Microsoft, or any other webmail
Re: (Score:3, Informative)
When you sign up for your own @gmail.com account, you give up ownership of your email. It's in the use agreement.
Can you quote the exact part of the TOS / privacy policy that says this?
The closest I can find is:
http://www.google.com/accounts/TOS?hl=en [google.com]
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
... and the GMail privacy policy further limits what they say they'll do with your messages.
This is the real world of research (Score:2)
What kind of sadist sends 10MB attachments?
Anybody doing research.
Seriously, I've had 30MB attachments show up. 10MB is nothing when you're talking about a research paper written in MS Word.
Before you tell us how they should be using a magical free alternative to Word that produces tiny files yet has all the same capabilities, these papers have to be read by management types at the sponsoring organizations (often the Federal government) so sending them anything other than a Word document is out.
Re: (Score:2)
Oh, word will work just fine for most things - but you still have to know how to embed images properly. Large files are still large files, but at that point the proper way to deal with them is to use a server to host the file, not actually send it as an attachment.
I can understand the issue though. With the need for Windows to move closer to the Apple paradigm of hiding everything about a file from the user except the given name, people have stopped looking at their data before they send it. Actually, I sh
Re: (Score:3, Insightful)
Thank you for being pedantic - there's nothing wrong with sending a Word file over email. It has no major advantages or disadvantages these days for file size (older versions would store uncompressed images, which led to horrible file sizes - today you can tell it to only store the part you need, at the output resolution you need).
That's funny about your TA. He must be an idiot - unless you sent him a file which couldn't be read on his system at all. I can open an ascii file in Word just fine. I can even s
Re: (Score:2)
There is nothing wrong with sending 30MB attachments in 2010. A 40mb account limit is ludicrous. You can very easily get a 30MB docx file even with properly embedded images. You apparently don't understand the scope and complexity of research documents, nor do you understand that network connectivity at most research institutions makes 30MB attachments easy to send. If you want to forward a document to another researcher than posting it on a sharepoint site (or something similar) does not always make se
Re: (Score:3, Informative)
I feel duty bound to mention RFC4217 FTP/TLS. FTP's biggest problem is that firewall vendors hate it.
But for transferring large files point-to-point, you can't do better than rsync over SSH -- with its ability to resume partial transfers.
News flash: you'll never make everyone happy. (Score:3, Informative)
Re:News flash: you'll never make everyone happy. (Score:5, Insightful)
If you bothered to read the second link (like that'd happen but whatever), it isn't as much a staunch "we never want to use Gmail" as a request for more transparency/information about what the agreements and options being discussed/setup by Yale's IT administration and Google. It includes requests for more information on such things as where the data is going to be stored, why Google is 'generously' providing this service free of charge and without advertisements (i.e., how much privacy/rights do you have with your e-mails), what happens if Google changes their mind down the road and wants to start charging Yale, and a few other similar concerns.
Re:News flash: you'll never make everyone happy. (Score:5, Informative)
It includes requests for more information on such things as where the data is going to be stored, why Google is 'generously' providing this service free of charge and without advertisements (i.e., how much privacy/rights do you have with your e-mails)
Privacy concerns for Google apps in general are addressed here:
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762 [google.com]
It always amazes me when people talk as if people are Google are casually browsing through your email, gossiping about your personal secrets.
Re:News flash: you'll never make everyone happy. (Score:5, Interesting)
I looked at that FAQ, and it says that Google employees will never have access to your email unless access is explicitly grated by your admin. It also says, in the same answer, that Google employees may delete things which violate their ToS, which seems to directly contradict this (how can they delete things without write access, how can they know it violates the ToS without read access?). The answer about whether they complied with EU data protection laws was a very round-about way of saying 'no'.
What did I not see on that page:
It always amazes me when people read a puff-piece full of buzzwords and devoid of any content, yet come away completely reassured.
Re: (Score:3, Insightful)
I looked at that FAQ, and it says that Google employees will never have access to your email unless access is explicitly grated by your admin. It also says, in the same answer, that Google employees may delete things which violate their ToS, which seems to directly contradict this (how can they delete things without write access, how can they know it violates the ToS without read access?).
Last I checked, programs were way better at virus scanning than humans.
Re: (Score:2)
That's what Google claim is the case. Is there actually an entity of the planet that exclusivly follows their published polices.
It always amazes me when people talk as if people are Google are casually browsing through your email, gossiping about your personal secrets.
The kind of people who are interested in finding out secrets are rarely doing so randomly. They are more
Re:News flash: you'll never make everyone happy. (Score:5, Insightful)
Neither have I personally audited anything about my bank, Anonymous Coward. Yet I still trust it with all my money.
Re:News flash: you'll never make everyone happy. (Score:5, Insightful)
... and on "why offer it for free".
Google's reasons for offering Google Apps for Education as a free service are their own. But we can guess.
1: Many university students are going to become high fliers in business. Giving them warm-and-fuzzy feelings about Google Apps is building the long term market for Google Apps.
2: Education is a "good cause". Maybe someone in Google just likes the idea of helping good causes. Or more cynically, it's good PR.
Re: (Score:3, Insightful)
Re:News flash: you'll never make everyone happy. (Score:4, Funny)
maybe they should form a committee to discuss the forming of a committee to discuss how to go about deciding whether to use gmail? that seems to be the way these things work.
They Need To (Score:4, Insightful)
When I was with their dept of psychiatry at the med school, they had terrible problems with constantly infected and reinfecting machines, both theirs and customers'. They had good admins, but couldn't keep up. With email farmed out, perhaps they can tackle the problem now.
In other news (Score:5, Funny)
Harvard, just to spite Yale, has switched its mail system over to Yahoo! Mail. Also, 3 MIT students are currently being investigated for breaking into the accounts of the presidents of both universities and sending out notices to their entire university saying that the cafeteria systems at their universities had recently added a free bar.
Open University also switching (Score:2, Informative)
Buzz? (Score:2, Flamebait)
Maybe someone better informed than I could say whether or not if using Gmail corporate services would also expose you to randomly-applied 'great ideas' such as the screwup that is Buzz?
I would hope not...
Re:Buzz? (Score:5, Informative)
Maybe someone better informed than I could say whether or not if using Gmail corporate services would also expose you to randomly-applied 'great ideas' such as the screwup that is Buzz?
In a word, No.
When my university moved to GMail, the central IT folks get to administer the university GMail system. [Disclaimer: I work in our central IT, but am not part of the GMail team, although I am in the same overall unit.] That means the university central IT gets to choose what new add-ons our users get access to. So, central IT gets to be the gatekeeper for new stuff that appears in Labs, or new bolt-ons like Buzz. In our university, I believe we use a pretty vanilla GMail. This is (mainly) to help with support issues, but privacy concerns like Buzz probably play into this too.
Incidentally, it's the same with corporations that use GMail, IIRC. Except in that case, the corporation is paying $$$ to Google to be hosted on GMail. But the corporate IT staff still manage the featureset for things like Labs and Buzz.
Welcome to "gov"mail (Score:2, Insightful)
You would think Yale having all the Skull and Bones types someone would know about not trusting mail servers.
After China are the terms "off-site" and Google "maintain it" of any real use to US academia?
FireGPG (Score:5, Insightful)
You don't like your email being read by someone else? Then why are you sending it as a postcard? And if you don't care about that then who cares if Google reads it and sells the information to advertisers?
FireGPG and others make encrypting webmail easy, and PGP/GPG and SMIME have been integrated into most mail clients for years.
Re:FireGPG (Score:4, Insightful)
The way I see it, the chief problem with encrypting your email is that it requires that others have the necessary decryptions software installed and are familiar enough with the software to use it.
I'd encrypt all my email if I could have confidence that the intended recipient could decrypt it transparently. In my opinion, we need better support for encryption in software and better public key infrastructure. What we have now works, but it's ultimately it's a bit ugly and unfriendly when really it needs to be virtually transparent. I wish I were a badass programmer so I could fix this sort of thing.
Re: (Score:2)
Re: (Score:2)
You think Yale wouldn't give data off their own on-site servers to the NSA, if they came waving court orders?
Up in arms? Really? (Score:2, Interesting)
It's a service. Just like the phone company, janitorial services, accounting, and insurance.
The students and faculty don't clamor for input and transparency on which payroll company the university uses to issue paychecks and work/study payments, and there's something they use every day. Sounds to me like this is a lesson to be learned for a bunch of college brats who can't adjust to change.
No problems involving choice (Score:2)
Comment removed (Score:3, Informative)
Nothing amiss about it (Score:2)
Re:Nothing amiss about it (Score:5, Insightful)
There are a number of good reasons for *not* hosting your own email.
None of this precludes the fact that there are compliance and privacy issues surrounding email. FERPA, HIPPA, GLB, SOX, and Privacy Act may all apply. It's not an easy decision. There are at least as many factors supporting retained hosting. Outsourcing student email hosting can make a lot of sense. I don't recommend outsourcing faculty/staff email for an educational institution, but there are certainly a lot of reasons to consider it.
short sighted (Score:2, Interesting)
Inline answers (Score:2)
All university email addresses through Gmail also have .edu addresses.
* Google could change privacy settings in the future. Imagine that external parties could buy lists of "names" or "grades".
As with any contract, if a company decides to change its policies, you can renegotiate or go with another. Other companies (aka Microsoft et al) will have migrati
reasons why gmail isn't the best idea (Score:5, Insightful)
I'm an IT manager at a major University.
okay... so the thing is, everyone loves gmail. They love it because it's a pretty, intuitive interface, they have good spam filtering, it's free, plenty of storage, hugely distributed servers for good and reliable performance, nifty features, lots of happy fun time. Why *wouldn't* you switch your whole IT mail system to gmail?
You wouldn't do it because google's entire business model is based on profiting from the content of your data. Mining that
data for targeted advertising (yes, even if they're not displaying ads in your gmail, they are mining your data for useful stuff to sell to advertisers), gleaning useful tidbits about your behavior and buying practices, etc., etc. They *own*
the content of your email.
If you are working on potentially profitable research, you'd be insane to collaborate on it through google.
If you are handling privacy-sensitive data (such as student records), you'd be insane to communicate that data
through google.
If you are handling any other sensitive information (like passwords to financial accounts, potentially embarrassing
internal memos, career- or relationship- destroying office gossip), you'd be insane to communicate it through google.
GOOGLE READS YOUR EMAIL. When you sign up with google, you AGREE TO LET THEM DO IT FOR FUN AND PROFIT.
They are providing this service for free -- if something goes wrong and they lose a bunch of your data, they'll have
a minor public relations black eye and move on. You'll be out a bunch of valuable data. You can't fire anyone,
you can't take tangible measures to make sure it doesn't happen again (or that it doesn't happen in the first place), etc.
There are lots of reasons NOT to take your IT mail to google. It's mostly about data security, privacy, and accountability.
You are surrendering all of that when you go to google. If those things aren't important to you, then by all means, switch to google.
And I'm not saying this just because I'm not anxious to have my job outsourced. I'm saying it because after 20 years of
being responsible for this sort of data, giving it to google is one of the worst things you could do with it. It's not all about "Easy interface, low cost", but unfortunately anyone who ISN'T responsible for managing the data only sees those two things.
Oh, yeah... and universities don't generally prioritize storage/systems/personnel for student email. TFA talks about saving 12 TB of space, which these days I could install new (and reliably) for well under $10k, if someone was willing to spend the money on it.
If google provided free software to run a webmail system locally, now THAT's something I could get behind. THAT is what
Universities should be trying to get google to provide. Let them provide the interface, and let your local guys set it up and manage the data, keep the storage servers local.
YMMV, especially if your local IT guys just suck. :)
Re:reasons why gmail isn't the best idea (Score:5, Insightful)
GOOGLE READS YOUR EMAIL. When you sign up with google, you AGREE TO LET THEM DO IT FOR FUN AND PROFIT.
For any reasonable definition of "read" this is simply not true.
They have a privacy policy. http://www.google.com/privacypolicy.html [google.com]
I guess some people are really bothered that a robot picks some keywords out of your mail and updates some stats. I'm not in the least.
Re: (Score:3, Informative)
Google is not open on what keywords they search on,
True.
nor do they place any limits on what they will use the results for.
False. The privacy policy is quite explicit about what they will use the results for.
I am absolutely shocked that a university would risk the students this way.
Except that it's been noted (since I wrote the GP comment) that for Google Apps, including Google Apps for Education, email data is not mined, so that's all moot.
Re:reasons why gmail isn't the best idea (Score:5, Insightful)
Sounds to me like one BOFH that has been using his spare time reading student emails for juicy stuff is not happy that he no longer gets to read 'private' emails of his users.
I get the feeling that there is a greater risk of private emails being read by an administrator than by google.
Re: (Score:3, Informative)
I'm a system analyst for a major community college network. Most of what you say is not true. Many of the privacy concerns have been ironed out with other schools, and if they aren't already reflected in Google's policies, schools can choose to negotiate additional things with Google (access to the bulk data, audits of account access, etc..). And being a leader like this, if it ever did get out that Google was reading sensitive research data (or anything for that matter), it would destroy their reputatio
Non-unique. (Score:4, Interesting)
All of the issues they're clamoring over are completely non-unique. The simple fact that Google is giving Yale their Google Mail service for free is an advantage that cannot be glossed over in one sentence (as these authors did) for the following reasons:
This doesn't include the fact that no system, regardless of how well it's put together, is immune to the occassional outage. One can argue that administrators don't have much control over fixing an outage on Google's turf, but they have shown consistently that they can get everything back in working order extremely quickly. Plus, being able to manage millions of accounts (which include calendaring and contact storage for almost every account) while retaining extremely reliable levels of uptime is impressive.
I think the only reason why large-scale corporations haven't considered doing the same is to retain compliance. (Legal would never allow it).
We did this (Score:5, Informative)
I work for a higher-ed institution that's in the Big Ten. We recently provided GMail on campus, to all faculty, students, and staff. It was a remarkably easy transition for us to make. Here's how we did it:
Opt-in.
Really, that was it. We said, "Here's the GMail system that we arranged through Google and the University. If you want to move to GMail, please do - here's a link to make that happen. If you prefer to remain on the existing University email system, that's fine, we aren't taking that away and we're still committed in supporting the University system."
It's worked out well. As of last week, our overall adoption rate is 26% across faculty and staff (I don't have the student numbers) with several colleges and departments already at 100%. Overall, students opted in very quickly. Our outliers have been staff and faculty - this is likely because moving to GMail is a change, and change can be scary. (Note you can use the web interface, or access GMail using POP/IMAP.)
It's not entirely opt-in, though. Incoming students are not given an option - they'll be issued a University GMail account by default. The goal is that over the next 4 years, we'll gradually have all student accounts move to GMail automatically. (But as I said, students tended to opt-in very quickly.)
Re: (Score:2)
Our University only keeps its general Unix server running because some staff and faculty members still use 'elm' (or maybe 'pine') to read their email.
I think everyone is off the BSD command line mailer now though.
Opt out? (Score:2, Insightful)
Opt-out? It's a private email service. You can opt out by not using it. Forward the mail to some other email account.
That like saying, I want to opt-out of Starbucks coffee.
Join the Real World (Score:2)
Assuming that Yale isn't blocking access for other mail services, I fail to see how this is any different. Use the yale.edu account for school related matters, and get your own acco
Why not? (Score:3, Insightful)
When one of the top public universities already switched?
Email at UVa: Account Choices [virginia.edu]
Account choices:
- Students: Microsoft Live and/or Gmail
- Alumni: Gmail
- Faculty/Staff/Special cases: Exchange and/or CMS (former mail system)
It's probably cheaper to outsource e-mail providers, but UVA still maintains control of the @virginia.edu domain and forwards e-mail to Live or G-mail.
easy solution (Score:3, Interesting)
of course it makes sense (Score:3, Insightful)
The problem is choice (users can already forward mail to Gmail; it doesn't make sense to force that option and not have a backup or opt-out mail server)."
the difference is that they won't have to manage / maintain campus mail servers. they won't have to field support calls related to email problems.
My Ivy-League university uses Windows Live (Score:3, Funny)
...at least for the arts and sciences college. Like a good Slashdotter, I'm in engineering, which hosts their own mail (we even get a proper mailspool on our Unix home-directory). We have Pine or IMAP, or basically whatever we want.
Meanwhile "they" have Live Hotmail. I feel just terrible for them, and I'm embarrassed we're even doing such a thing.
In short, Yale - it could be worse.
They should ask SUNY Buffalo for tips (Score:3, Interesting)
Re:chillaxinate, broheims (Score:5, Insightful)
Ugh, idiots.
Re: (Score:2, Flamebait)
Anyone ignorant of the possible problems of things like this need to become educated.
Go on, give us a few. Avoid ones that are easily mitigated.
Re:chillaxinate, broheims (Score:5, Insightful)
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using GMail, because it involves sending privileged information to a third party corporation and, in this case, a corporation that has a vested interest in using the information they're gathering.
Outside of that, many people like to protect their own privacy.
Re:chillaxinate, broheims (Score:4, Informative)
You're just making up what Google does with that data.
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762 [google.com]
Re:chillaxinate, broheims (Score:5, Insightful)
I work for a higher-ed institution, and we recently provided a university-sponsored GMail option. We heard this issue about sending private data via GMail, from some folks in our health departments.
Our response was: why are you emailing anything with private data in it!?
Email of any kind, whether run locally at the department level, institution-wide at the central IT level, or outsourced to someplace like Google ... Email is an inherently insecure transport method. You don't send private data over the Internet. Period.
So, let me amend your statement:
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using email, because it involves sending privileged information over the Internet.
Re: (Score:3)
Are you quite mad? I seriously hope you don't really have a job in IT. Email was invented by academics as a means to share information with other academics. Telling them not to use it is the most ridiculous thing I have ever heard.
Departments with sensitive information should be using mail clients with GPG, and running their own PKI, but at least by running your own email servers you have more control (eg limit logins to campus IP addresses and provide VPN for remote login).
Phillip.
Re: (Score:2)
I know it's bad form to reply to your own post, but I'd like to pre-apologise for suggesting you shouldn't work in IT. You are entitled to your own opinions. I strongly disagree, however, that simply dismissing email as insecure is an excuse for not properly mitigating risks for those that do use email to send private information.
Phillip.
Re: (Score:2)
It does not involve sending data over the internet when it's only intra-institution within an institution that runs its own mail servers. Even with HIPAA, it still makes perfect sense for co-workers to email each other at their work addresses. And this is in fact the rule that many hospitals (and research universities use): privileged information may only be sent to email addresses within the institution.
Re: (Score:2)
Really? So if I run an email server that doesn't route outside of the local network and is encrypted on the local network is that more insecure than any other form of communication? Paper can be misdelivered, conversations can be overheard, etc.
Re: email security (Score:5, Insightful)
Email is an inherently insecure transport method.
This statement was true in the mid 90's. It is no longer universally true.
Using techniques such as opportunistic SMTP over TLS [wikipedia.org], a.k.a. SMTPS, it is possible to provide link-level encryption of email without requiring any special configuration on the part of the end user. This setup is more common than you think, especially in universities. I would estimate that about half of all US universities already deploy SMTPS. Email traveling over SSL/TLS is not that bad from a security point of view -- the only way to intercept it is to compromise a mail server or one of the end users' machines, and if a hacker has that level of access, you have much bigger problems than email.
SMTPS will not encrypt the link between the MUA and the MTA. For that, the end user needs to explicitly configure IMAPS or POP3S. However, this link is one of the easiest links in the chain to secure, even without cryptography. Ethernet switches (not hubs) and physical access control will prevent the vast majority of local sniffing attacks, and WPA2 is good enough for WiFi links.
You don't send private data over the Internet. Period.
I disagree with this statement. At the very least, it is almost impossible to function in modern society without sending private data over the Internet in some form. For example, if you never send your credit card number over the internet, then e-commerce is almost impossible, and if a merchant subscribed to this philosophy, he would not remain in business. As another example, you almost certainly had to send your slashdot password over the internet in order to log in, and you probably consider it to be private (if not, feel free to tell me what it is).
I agree that you should never send unencrypted private data over the Internet, but I would stop well short of recommending a complete ban on sending even encrypted private data, which is what you seem to be saying.
Re: email security (Score:5, Insightful)
Using techniques such as opportunistic SMTP over TLS [wikipedia.org], a.k.a. SMTPS, it is possible to provide link-level encryption of email without requiring any special configuration on the part of the end user.
That definitely helps, but on the other hand you don't know all of what happens to email in transit. If I send you an email, I might know that my server is pretty secure, but I don't really know how many servers the mail will be routed though, what the security policies might be on those servers, or even whether they might be compromised. And then I don't know whether you're using encryption for SMTP/IMAP on your client end.
So while I might say you can secure email within your organization pretty well, once it's going over the Internet, email isn't very secure-- not unless you're using something like GPG.
Re: (Score:3, Interesting)
You can know quite a bit, if you take the time to look.
You can find out how many servers your outbound mail always goes through by sending a message to yourself at an external email a
Re: (Score:2)
I'd imagine lots of organisations are using email where their clients only communicate with the mail server using SSL (either via webmail or SSL encryption of standard transports like IMAP and SMTP or MAPI).
Those organisations may well treat their internal email as being secure. I believe there are plenty of hospitals use email to send patient information between DRs and staff. I'd expect they only do so because they consider their internal email to be secure.
Re: (Score:2, Interesting)
They're still more reliable than anything most other people can accomplish.
Re:Gmail also occasionally goes down (Score:5, Insightful)
Tell me, please: what is almost impossible about running a distributed mail server cluster for a few tens of thousands of users and 100% cluster uptime? This has been a common achievement implemented using VAXclusters in academia since the '80s, so I'm curious as to what's gone wrong with engineering ability since then.
I get this impression sometimes that people think 100% availability via "cloud" distributed computing is an invention of this century. The only thing that's new is assuming that all but a few large corporations are sufficiently competent to do something that local IT was expected to do: then with expensive, hard-to-replace machines.
Re:Gmail also occasionally goes down (Score:4, Insightful)
It's pretty easy to create a robust mail server cluster.
It's significantly more difficult to do it at the price Google is offering.
Re:Gmail also occasionally goes down (Score:5, Interesting)
It's called outsourcing, contractors and management.
I work at a University that has recently outsourced their student e-mail to GMail. The University IT group has really bad management. There is a CIO, 3 Vice Presidents and 5 directors for an IT group roughly 300 people with 70% of them being contractors. Each group within the IT group (Exchange, Unix, NT, Mail, Helpdesk, Networking...) has their own 1 or 2 managers.
Of course when it's time to look for a solution, the contractors love to propose their 'appliances' and 'do-it-all software' with 'vendors' and 'partners' because their contracting companies are being sponsored by those companies. That's why we have Exchange with Quest Extensions ($25000/server for a piece of software that only SHOWS the flow of e-mail on a pretty screen), NetApp storage at $5/GB/year, PeopleSoft, Microsoft SMS/WSUS with Quest Extensions (so you can attempt to use WSUS on a Mac bound to Active Directory and Novell Linux bound to Active Directory - Solaris and Debian what's that), some random companies DHCP server appliances - $2500 for a piece of hardware that only does DHCP based on the open source dhcpd, a paid version of SysLog (the actual open source syslog-ng software) with licensing based on logs per hour.
Management thinks that this is normal and the way to do business. Of course their overhead is so large that hardly anybody uses their services as it is cheaper to get your own sysadmin and invest in hardware. So University IT supports about 20 of the smallest departments - those that are too small to pay for a single sysadmin, they need about 200 people to do that job (the other 100 are in networking, server admins and telephone)
Re: (Score:3, Insightful)
I work at a University that has recently outsourced their student e-mail to GMail. The University IT group has really bad management. There is a CIO, 3 Vice Presidents and 5 directors for an IT group roughly 300 people with 70% of them being contractors. Each group within the IT group (Exchange, Unix, NT, Mail, Helpdesk, Networking...) has their own 1 or 2 managers.
I'd pretty much agree with this. The trend of University outsourcing is the result of symptoms caused by bad management. As you describe, the management will have become bloated and influenced by consultants with deep conflicts of interest.
The money is being wasted on these managers and consultants, and that is where the budget cuts need to be made - not in actually providing services to students. Also, a couple of excellent IT admins and some commodity hardware is cheaper than a dozen pen-pushers!
(Also, I
Re: (Score:3, Insightful)
Tell me, please: what is almost impossible about running a distributed mail server cluster for a few tens of thousands of users and 100% cluster uptime? This has been a common achievement implemented using VAXclusters in academia since the '80s, so I'm curious as to what's gone wrong with engineering ability since then.
The GP didn't say "uptime", he said "reliable". Those two words are not the same.
If the users aren't checking their email because the interface blows, then it's not a reliable way to get a me
Re: (Score:2)
A state-of-the-art interface is a modern IMAP mail client. GMail is a horrible bodge, although if you want to make do with using HTML to access mail, don't complain about the principle when your actual problem is the particular web interface(s) chosen. There are dozens of alternatives to choose from, your administrator could install several, and you even have the option of implementing/deploying an independent front end yourself, which merely talks IMAP to your chosen server.
Personally, I /hate/ complex Jav
Re: (Score:3, Insightful)
GMail is a horrible bodge [...]
Subjective. I had my own mail server. I ditched it years ago for GMail, because in my own subjective view there wasn't an SMTP/POP/IMAP client with as useful a user interface.
Maybe nowadays there are better local mail applications available - but I have absolutely no complaints about GMail from a usability perspective.
Re: (Score:3, Interesting)
Besides, it's a deplorable state of affairs when a university can't muster the resources to at least operate an on-site forwarding mail server.
According to TFA, it's going to save 12GB of on site storage per student. If I was a university IT manager and a corporation offered me that *for free*, I'd bite their hand off.
Whoever you are, why spend money when there's an alternative?
Re: (Score:3, Interesting)
It's not free. As you point out, Google is a corporation and they don't do things unless they expect to get something out of it. What Google is getting is a LOT of information about Yale students, staff and faculty.
Re: (Score:3, Insightful)
They mine it for ad targeting. And that's all.
I think the main things they get out of it is PR, and graduates with a positive experience of Google Apps.
Re: (Score:2)
Re: (Score:2)
If only the service came with some sort of assurances about privacy.
Oh, here they are:
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762 [google.com]
Re: (Score:2)
Not sure what your expectations are, or what the policy of your school is, but in any sort of litigation or suspicion of academic malfeasance, or even internal disputes within departments it's been my experience that just as in most corporations your university email is fair game and not covered by anything like the protections of third-party email or regular mail.
Re: (Score:2)
If you're just forwarding mail, you're going to have constant support issues because of SPF causing student's mail to end up in the spam bucket.
You'll need a couple of members of staff to deal with those queries, and all the other queries from people who say someone sent an email but it didn't arrive. Two staff members plus their associated costs will set the university back $100k a piece. If you want to support your forwarding mail server 24x7 that's going to need 4 staff.
Now your small amount of hardware
Re: (Score:2)
I think you misunderstand what a monopoly is. Or you're being wilfully broad with the word.
There is nothing to stop anyone else offering a competing service. To be able to offer it free, they'd probably need to be another giant corporation - but MS, Yahoo, IBM could all do this if they wanted to.
There is no lock-in on Google's side.
Re: (Score:2)
As opposed to now, when your choices for email are 1) Yale's in-house email 2) n/a
Except that in both cases, there's nothing to stop you using any of the other webmail services, either free or paid.
Re: (Score:2, Interesting)
1) GMail. 2) n.a.
3) Chose another university.
Seriously. The university chose the food management company, the cleaning contractors, and the security guard service. They also chose the e-mail contractors.
Like the undergrads care about e-mail privacy while they're simultaneously posting their frat party pictures to FB.
should have complained to dean of your college (Score:4, Interesting)
If the schools email system failed to properly send your class assignments and you didnt receive emails properly,
you should have contacted the university and appealed your grade. At the very least the university would have
allowed you to retake the class without cost or GPA penalty. You couldnt have been the only person in school this happened to.
You may still be able to appeal if nothing else to just get the F removed from your transcript(I assume to retook the course).
If you kept your emails since then you can print out your email directory where the old emails are missing.