Domestic vs. International Email Service for Security and Privacy

Discussion in 'privacy technology' started by cb474, Apr 30, 2015.

  1. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    325
    This may be a bit of U.S. centric question.

    Generally it seems people think there is an advantage to using a email service (or VPN for that matter) not within one's own country, because it is not subject to the court orders of the place where one lives. Hence, Tutanota, Countermail, or Protonmail might be preferable for someone not in in Germany, Sweden, or Switzerland, respectively. These countries are also often considered to have better privacy laws.

    However, I was watching the interview with Edward Snowden on John Oliver's "Last Week Tonight" (yes it's embarrassing this is the only venue interested in interviewing Snowden these days) and he said a few things that might make the strategy of an overseas email service less than desirable.

    According to Snowden, any time an electronic communication travels outside of the U.S. jurisdiction it is or can be (one way or another) intercepted by the NSA and it's partners and archived. This includes, apparently, if you send an email from someone in the U.S. to someone in the U.S., but it goes through an overseas server. He said, even if you did it with a U.S. service, like Gmail, and that information was temporarily moved to a server somewhere else in the world (as part of Google's backend functioning) it would then be intercepted.

    So it seems for email that is not encrypted (as most of us have to do all the time, since few people use encryption) people in the U.S. would potentially be better off with a solely U.S. based email service. At least it would be subject to requiring a court order before it's intercepted (assuming the NSA isn't just illegally collecting the information anyway). Whereas apparently letting a transmission leave the U.S. jurisdiction that does not need to, by using an overseas email service, means it's automatically intercepted regardless.

    In other words, for someone in the U.S., using Tutanota, Countermail, or Protonmail, for non-encrypted communications, makes them less private and just sets those communications up to be intercepted and archived.

    What do people think? Is this a downside to these email services for people in the U.S.?
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Few thoughts:
    There is no guarantee that NSA and co. would not intercept your mail even if it never leaves your country. So it's better to assume that they could and they will.
    Even if email itself is not encrypted communication route delivering it might be. Let's say you use google mail. If I remember correctly they said they would encrypt all their backend communication happening between their servers. So if you send your email from gmail account to another gmail account, mail probably won't leave their network. Even if it is transmitted over some foreign server all communication would be encrypted and NSA would have to break that encryption to get to your mail. OTOH if Google gets a court order to disclose your mail, they would have to oblige. In that situation encrypted mail would help as even Google couldn't hand them unencrypted mail.
    I don't know what is current situations with other email providers that you've mentioned regarding encryption.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    There are no good answers, and it's a choose-your-poison thing! The Internet doesn't make for easy mapping to national boundaries, and in any case, for good reasons, the provider may back up or load balance on servers in another country. Regarding bad ways, the TLAs both can and do change routes, and it's quite possible to route stuff via another country and back again, or use a cable that traverses a boundary and tap it there. Or get their buddies in one of the X-eyes to do it for them, no questions asked. IMO, the laws making the national/international distinction are a nonsense for many reasons and do not even protect national interest. What they do do is provide multitudinous loopholes for the TLAs.

    The alternative is to rely on encrypted email, and the practices and laws of the countries they have offices in. Because many of these services are new, and rely on new implementations, we do not know how solid they are, presumably they will improve with time. There's also the issue that, by using them, you are automatically suspect. I don't think it makes you less private assuming the encryption works, because what you have to compare it against is an openly readable postcard equivalent, even if they are claiming not to read it.

    To some extent, the answer to this depends on your objectives, as you note, using Google might be OK because it (nominally) requires a court order. But they would also presumably respond to court orders from any other country they have offices in. There are quite a lot of advantages in using services which have ephemeral messages too, in practice.

    Even when you've improved the communications aspect, there's still the (probably bigger) issue of how much you trust your mail archive security, and equivalent security/privacy capabilities of your correspondents.
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592

    After reading your post I find I totally agree with the reasoning.

    For me, I actually have two internet worlds and I never mix them, OR the machines that access them!! My "family guy" world, uses everyday ISP connections with personal email and banking secured as any other prudent homeowner using sandbox, AV, etc.... In fact I go beyond normal homeowner because its so simple, and yet I am clearly not trying to protect against "5 eyes" while in this mode. I use common security such as two factor on banking and email but I wouldn't pretend its anything but keeping "punks" out of my space. Solid disk backups allow me to restore and refresh in minutes and I do it as a precaution several times a year. That's the family world.

    The other world requires more caution and complete resolve to protocol. Worst allowed case is psuedo-anonymity on isolated machines.

    Now I know you don't really care about my two internet worlds but I present them because your email worlds should be similar - in my opinion. You are not going to have Grandma, siblings, etc.. show any interest in "cloak" encryption. Most of your everyday friends will refuse to use PGP or anything that creates a hassle for their internet surfing. Its the same with a sandbox, AV, etc... They will be the first to complain when they take a hit, but even then they won't change their habits at all. So in your family/everyday world of emails you protect yourself just as I do with my family world computer use. A good bet is to ASSUME your friends are going to do something stupid and careless with anything you transmit to them. I am not a negative person but I have been burned by making any assumption other than the one I just presented. Suggest you think about it.

    I look for others with fervor about security ideas, and those that demonstrate prowess and concern for privacy and anonymity. Many of us here do that. Wilders has some great members and we can all learn alot from each other. Eventually I may end up PMing someone hoping to exchange a PGP key so that even PM's are ours alone. I do that at a fair number of sites. Emails from within this world are all individually encrypted and meta data (e.g. subject lines) is stripped away. What I see posted and interactions with other members gives strong clues about how securely exchanges will go if a relationship is formed.

    I really don't trust any provider to protect me (although there are some good ones around). I'ld rather trust myself with email anonymity. For those reading this post; there are many folks out there that are willing to "work at" anonymity during communication exchanges. Those are the ones that have your back while you have theirs. The others might not belong in that world. Just post and have fun here at Wilder's for those.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I consider what I'd say under questioning (with my attorney present, Insha'Allah). If there's an answer that's straightforward and not problematic, I just encrypt. For example, in the course of my true-name consulting work, I might be corresponding with a client under a strict protective order. Otherwise, and always when I'm using pseudonyms, I always anonymize and encrypt. That's because I know that using encryption flags me as suspect.
     
  6. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Be careful with those hot keywords before the NSA and FBI label this a terrorist recruitment site!! Even linuxquestions.org earned the distinction
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I was going to say "Dog willing" or whatever, but hey, I was feeling fey ;)

    Anyway, at this point, isn't "mirimir" enough of a keyword on it's own?

    Edit: what happened with linuxquestions.org?

    A quick google yielded no joy :(
     
    Last edited: Apr 30, 2015
  8. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    325
    Thanks to everyone for the thoughts on this question.

    Yes, I understand the benefits of encryption and anonymization practices. But my question is really about the unencrypted email that we all have to send all the time to friends, families, people we work with, etc., because as Palancar notes they just can't be bothered with anything that's even a bit of a hassle (though I did get one friend to start using TextSecure with me!).

    So with unencrypted email, I'm wondering if there really is any benefit to an overseas email account, like Tutanota, Countermail, Protonmail. I was thinking of using one of these services for basic everyday unencrpyted email (as I said, with friends, etc., also receipts for online purchases and so on). I thought it might be more private and secure. My emails are encrypted on their servers (except Protonmail, for now), they're not subject to U.S. court orders, they have better privacy laws in their countries of residence.

    But if you look at the Snowden interview with Oliver, he makes it sound like as soon as an email leaves the U.S., it's archived by the NSA. There's nothing in the emails in question that I need to worry about. But just as a matter of general privacy, I'd like to think that all of my everday emails are not be stored and filed en masse by the U.S. government forever. So I wouldn't want the choice of Tutanota, Countermail, or Protonmail to actually ensure that by default that my emails are definitely being intercepted and archived, just because they travel to an extra-U.S. server. What's the point of a secure, encrypted, private email service overseas, if the email has already been intercepted before it got there?

    That's why I thought, perhaps a U.S. based email service might be better. Yes they will give up your email in response to a court order. But I really don't think that's going to happen to me. So perhaps my emails aren't automatically already archived by the NSA by staying in the U.S. Indeed, a service like Tutanota, etc., where the email is encrypted on the server and they can't decrypt it, but based in the U.S., would potentially mean that the government had to come to me with the court order and at least I'd know something is up.

    I suppose the counter argument would be that even intra-U.S. emails are being intercepted illegally and it's hopeless and doesn't matter where your email server is for non-encrypted email. On the other hand, as a counter-counter-argument, if it's on a server in a country that won't respond to a U.S. court order, then maybe your emails are being read/scanned, but it would be harder to drag you into a legitimate legal process.

    In the end, my question is, is there any benefit to Tutanota, Countermail, or Protonmail for unencrypted email, by virtue of being outside the U.S. and encrypted on their servers? Or is it actually worse than just using some service soley based in the U.S. where emails have some chance of never crossing the border and being intercepted? Maybe this whole overseas, outside U.S. jurisdiction thing, when it comes to unencrypted email, it just security theater we're playing on ourselves.
     
  9. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Last edited by a moderator: May 1, 2015
  10. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    An important thing to point out that the US and the EU (and Switzerland) have mutual legal assistance treaties in order to thwart this sort of maneuvering. If you want to avoid a US subpoena to your email account, go with a service in Russia, China, or somewhere else that has the ~ Snipped as per TOS ~ to stand up to the US. Maybe yandex.ru but that's a bit too mainstream. But then you're exposed to surveillance in those countries which is probably at least as prevalent. You could run your own mail server on VPS in the Seychelles or someplace offshore if you want to go really overboard.

    Just another recommendation- unseen.is is a great encrypted email service out of Iceland, which has better privacy protections than continental Europe.
     
    Last edited by a moderator: May 1, 2015
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    @cb474 - If you're prepared for corporate surveillance, isn't unencrypted Gmail (over TLS) going to be the best bet since my understanding is that this is most likely to be acceptable to friends & family etc., and require a warrant if it's government (US or otherwise). Google has - if you believe the public statements - taken steps to exclude the back-end NSA interception, so they nominally have to come to the front door and knock. Personally, I'd take corporate mass surveillance over government (I want neither) because I understand the motives of the corporate entities a bit better (they want profit and will not kill the golden goose if they can help it) - whereas government appears blithely unconcerned with iatrogenics and has the ability to lock you up (at minimum) - at times apparently without any judicial restraint.

    Using encrypted email - wherever its based, my understanding is that they will deem it suspicious regardless of source/destination - is liable to attract attention and possible storage/hassle - so you do a mirimir, and anonomise and encrypt, another persona, more hassle and expense. And even harder to find correspondents who have the same level of expertise and operational security mindset.

    @Palancar - I have the same feeling about secure email as I did when email first came out (yes, I remember that far back!) It was hard getting anyone to talk to then (I still have no friends...), and the same is true of encrypted/private email now. My personal view and objective is to pressure for corporates to encrypt all communications in transit and at rest, whoever they are, because I think that will establish the common basis and solid set of tools for doing so. After the Sony debacle, and whatever your data uses, I cannot see how Directors of companies are meeting their fiduciary duties to shareholders without taking steps to secure/encrypt everything by default (in transit and at rest), and this would include email. In countries that have Data protection laws, I believe it's also imperative for the guidance they give to companies mandate such encryption. While I do this for my company, it's a devil's own job to get any of my correspondents to do it, that even includes accountants, lawyers, patent agents etc. Even getting them to accept an encrypted zip is a major achievement. And I know of companies that deal with education matters and child records and they don't encrypt email. They all should, it should be wall-to-wall, and not even thinking about categories, do it all. Then we'd all be more secure, not only the securocrats in their cosy jobs.

    If/when the corporate world gets its act together, then it will be much easier/more anonymous to use encrypted email yourself. Of course, I never wanted to take such steps - it's a regal violation of my Tos. The deal I used to accept was that I would communicate openly so that the authorities could read my stuff if they had a warrant and reasonable suspicion, and emphatically that they would not abuse that by mass data collection, storage and algorithmic analysis of the data. Wrong and foolish on so many levels. But here we are. A weaponised backbone. And they have brought on themselves the very thing they say now that they fear: communications going dark on them I can't think of a better incentive for services providing high quality, easy to use, secure communications than mass surveilling everyone so that they feel they have to protect themselves.

    @mirimir the use of Suspicious Words nicely illustrates the disaster of data mining, the costs of false positives and the real, damaging chilling effects of what the blighters are doing.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Last edited: May 1, 2015
  13. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    As far as email on a public service like gmail is concerned, expect it to public in some form or another, trust no one. Anything going through such servers could potentially be read by a 3rd party at some time or another. It might be a hacker, the NSA is just one possibility. The best thing is to be conscious of that and not say anything stupid or anything you really want to be private when using such services.

    The only way to have a email service you can trust is to set up your own email server and encryption. No third party can every be completely trusted. These days it can be done on a Raspberry PI. You can also buy a domain name and use a hosting provider to set it up. Not quite as safe but better than Gmail or Yahoo or even a more trusted provider. The problem is that this takes some technical chops and isn't for everyone.


    This just came up and it is kind of pertinent to this:

    http://torrentfreak.com/torrents-are-good-for-a-quarter-of-all-encrypted-traffic-150501/

    It brings up something that has occurred to me regarding being flagged for using encryption. For blending in and either not drawing too much attention or having the attention be in the wrong direction, it might be best to burn a lot of bandwidth with torrents or streaming. Then you get flagged as one of the vast majority who might be jumping over geo barriers to watch Netflix or the BBC or pirating copyrighted content at worst but not as a potential criminal or terrorist worthy of more attention from a government agency.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Maybe, but MSE [see https://wiki.vuze.com/w/Message_Stream_Encryption] is easily distinguished from other encrypted protocols.
     
  15. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    I think what we need is a really good email client that by default, automatically creates a key pair for the user, sends the public key with every email, checks incoming mail for attached public keys, automatically installs them, and automatically uses them.
    That way the user needs to do nothing out of the ordinary nor learn anything about encryption, then all we need to do is encourage everyone we know to use that email client.
     
  16. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    325
    @krustytheclown2 It's not really the subpoena issue I'm concerned about, in practice, with unencrypted email. It's a nice plus to address that issue, but not my top priority. I don't really see myself every being served with one. I'm just interested in my own personal privacy for the sake of, well, my own personal privacy. So what I don't really like is the idea that all of my email is being collected and archived forever, by the government, just because it crosses the border. That's why I thought, perhaps services like Tutanota, Countermail, and Protonmail, for unencrypted email, my actually cause that email to be more subject to scurtiny and archiving, not less so. Do people agree with this assessment?

    @deBoetie I guess corporate surveillence bothers me just as much as government. In part because I don't think I'm of any interest to the government, but I know Google wants to scan and analyze all of my email and web traffic. I guess my question is, would an independent U.S. based email service (if there are any decent ones) be better for unencrypted email, because (depending on the service) they won't be surveilling my email and because by keeping the email within the U.S. it won't be subject to mass government surveillance (assuming, of course, that's not being done illegally anyway)? Or is there no real benefit and I may as well go ahead and use Tutanota, etc., for their other benefits?

    So this is a real, what is the least bad option, type of question. People have provided a lot of good thoughts on the general issues raised by my question. But I'm still not sure anyone has really taken a position on the question of international vs domestic email services for unencrypted email, except those who suggest running one's own email server, which is a good idea, but I don't think I'm going to do that.

    Thanks again to everyone for the thoughts, so far.
     
  17. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    166
    I to have been researching VPN's, private e-mail, and other privacy tech, there are so many mixed messages out there making it confusing as heck and hard to know what is paranoia based and what is real.

    Examples I have come across;

    Get an American based VPN due to no data retention.

    No don't get an American based one due to FBI and NSA get a European one where they have nojurisdiction.

    No don't get a European one they retain data, their versions of the FBI, CIA and NSA do the same thing their US counterparts do which makes it even worse.

    Use a VPN and connect to Tor for greater privacy.

    No don't use Tor it has been comprised by governments all over the world, just visiting the Tor site to download it gets you on government surveillance lists.

    Don't use a VPN that has been around a while are likely Government ran honeypots thus the reason why they never get shut down or are subjected to warrants.

    Get a VPN that has a no log policy.

    No does not matter, advertising "no logs" is a scam to make you feel safe, it is not possible to run one without logs so anyone that says they don't are lying up front.

    A VPN company can say they are based in Switzerland or Columbia or virtually anywhere, but most do not have a physical presence at those locations. Instead they rent their servers from 3rd party companies based in those countries who are compliant with rules, laws, and mandates in their own countries. As such will likely keep logs regardless if the VPN company (renter) does not. The very fact that VPN's do this means they do not have physical 24/7 control over those servers which leaves your data exposed.

    Same has been said of encrypted e-mail services;

    Get a a US based one due to no data retention.

    No don't get an US based one the NSA and other alphabet groups have covertly made US e-mail companies install spyware on their systems or split their data stream so that copies of e-mail data is sent to their servers in real time.

    Don't get a European based one due to data retention, their US alphabet counter parts do the same thing and with data retention makes it even easier for them.

    It is enough to make one want to bang their head through a wall.
     
  18. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    And if the whole data stream is through a VPN and the encrypted messages mixed with bit torrent are in one big encrypted data stream?

    I wasn't thinking of bit torrent clients that encrypt, only of passing such traffic though a VPN tunnel along with everything else.
     
  19. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    @cb474 Well I'd say that there's a non-zero chance that you've been selected for NSA data collection simply by virtue of the fact that you've visited this site and posted on this forum, or for using a VPN or Tor to do so, or ever visiting the sites of those email providers. Trying to stay private is a big "Hey look at me, I'm trying to hide!" to the NSA, and so you can assume that any email you send that isn't encrypted and isn't sent while connected to a VPN is now going to be archived ;)
     
  20. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Bit of a false dilemma since there are providers outside of those regions- Boleh in Malaysia, iVPN in Gibraltar (although that may just be an offshore company while the owners/employees actually work in Europe...), several services in Canada, Iceland, Russia, Hong Kong, etc. Switzerland is not in the EU so no mandatory data retention, I think. What's likely more important than the actual VPN provider is the data center where it's hosted, ideally use servers only in those countries I mentioned earlier.

    The idea that mirimir and others here stress is chaining multiple VPN's based in different jurisdictions, nothing is ever 100% bulletproof but it's probably the closest you'll come. And if you want to download Tor, do it over a VPN connection and only access Tor through a VPN. Bottom line is that one VPN is probably private enough for 99% of people, two or three is good enough for most of the remaining 1%, and unless you're hacking the Pentagon or whatever that's important enough, you're going to be perfectly fine with that setup.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    The NSA apparently strives to analyze and archive all encrypted email. But yes, using one of those secure email services probably gives your stuff top priority.
    US residents who forgo encryption and use domestic email services probably do attract less attention from the NSA. But that's a very brittle sort of security by obscurity. I suspect that everything in the US grid gets at least a low-level keyword scan. Steganographically hiding encrypted attachments would be the lowest profile method.
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    @Socio

    Those are tough questions, for sure. There are unknowables and trade-offs. You're limited to what you read and hear about VPNs, JonDonym and Tor. Maybe you can learn more through testing. And taking steps to hide -- such as using VPN services, especially those in unfriendly countries, or using Tor or JonDonym -- attracts attention.

    My solution is to attract the minimum amount of attention by starting with popular VPN services that are marketed to BitTorrent users. I don't talk about them here, for obvious reasons. Then I construct nested chains of VPN services, gradually shifting toward ones that are less popular and more focused on privacy. Then I add one in an unfriendly jurisdiction, and finally back out to one with a clean US exit (for best site compatibility). Or for "anonymous" work, I instead add Tor to the chain. Sometimes JonDonym too.
     
  23. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I haven't had much time to spend here at Wilders in the last year or so. It's amazing how much changes, yet so many of the solutions still remain the same. This is normal with anything when there's no real breakthroughs. My solution that I have advocated for years.

    Public WiFi connected to a free, unregistered VPN or a simple proxy.
    If your communications are very sensitive, don't use the same public WiFi twice.
    If possible, connect from outside the place of business, home, park, etc.
    Change free email addresses once every 2 or 3 months - never use them again.
    If needed, get in on the prepaid phone deals where you can get a few minutes and a cheap phone for as little as $5. Stock up.
    (these can be used for email verification) then toss the phone.

    Nothing is free, but I honestly think your privacy can be protected by the measures outlined above in a better way than signing-up and trusting VPN's with their "no-log" claims.
     
    Last edited: May 2, 2015
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    @LockBox

    That's also a good strategy, and I've used it sometimes. But it's mostly impractical for me, because I live in a rural area, almost off the grid, where there aren't many public WiFi APs. I'd be spending most of my time driving. But if I were living in a major urban center, I would consider it.
     
  25. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I wouldn't get too caught up in the whole "use in this country cause of these laws, don't in this country cause of these laws" thing. It can help to an extent, but we need security that exists indepedant of the laws of any one country, because our internet traffic goes all over the globe. You'd also be making the assumption that everyone will follow those laws, which we know is all open for their own interpretation (meaning don't bank on laws to protect data in this age)

    I stopped being caught up with the whole "If you use the best stuff, then they'll be paying extra attention". But with that, I also believe in "Compartmentalize and sanitize" as others have mentioned in this thread, and as mentioned here: https://firstlook.org/theintercept/2015/01/28/how-to-leak-to-the-intercept/ It's just easier to simplify having a vanilla family/everyday mundane setup and then a more private secure setup.

    The issue is though when you're learning and transitioning. Your vanilla internet traffic is going to start getting muddied with searches about secure email, or VPNs or Tor, whatever. Or web accounts that already have your IP, or other information. I just think it'd be very hard, short of abandoning all of your old accounts and switching ISPs, to actually have such a clean slate to work from with no crossover. And then maintaining that zero-crossover for the years to come. (we're all imperfect)

    So I personally don't worry about it. More and more people are trying out new secure/private software and services especially after the Snowden stuff. There's just far more to gain by learning and mucking about with all this stuff than there is to be spooked into not. And also for me anyway, I really don't have any traffic anyone would ever be interested in- I take a full, Greenwald, "people also have locks on their bathroom doors" approach. It's a boundaries and limits thing, and I plan to do the best I can to set my boundaries. https://en.wikipedia.org/wiki/Personal_boundaries
     
Loading...