Where is your data?
Last months there was a lot of news about PRISM where Snowden told the people what the capabilities the secret services in America and the UK possess.
This news had a lot of impact but we didn't see a lot of people moving in the Netherlands. Therefore we spoke with NRC Next to see how we could facilitate in making the PRISM issue more touchable to the public. We decided to create a tool for the NRC Next where they where able to investigate email traffic of large Dutch companies. Companies that are processing sensitive and/or private information, assumable also by email.
The result is quite interesting and therefore we decided to make a part of this toolset also available to the public called: whereismydata.nl (waarismijndata.nl, see below).
The tool searches for the domain name servers of your email address' its domain, it will do a check on the location of these server by matching it to the GEOIP database.
NRC Next used a more advanced version of the tools where also WHOIS and Traceroutes where combined to the final conclusions.
Note: not only the location of the mailservers is a risk within PRISM, also the location of the entity and its sysadministration of your mailservers is a risk.
So what to do?
First check where your mailservers are located with our prismdigger:
If your mailservers aren't located in the USA, it still could be an American entity, to be sure: ask your provider.
With our "simple tool" we hope to make it more visable to the public on where your email is being processed. If you have any question, just let us know.