I just came across these "disturbing facts about proton mail". Let's say, hypothetically, that I administer a small org that now wants to move away from proton.
I guess I should just learn pgp, but that would be a tough sell for any boomer members.
EDIT: thanks for all the responses! It seems like my intuition was correct: email is inherently insecure, and proton is no worse than other email providers insofaras you don't let their marketing cause you to drop your guard. If it's illegal, keep it offline.
This is a huge security issue that was either created because Protonmail is managed by Particle physicists who do not understand computer security
:michael-laugh: they don't lmao holy fuck. No opinion on Protonmail at all, but that's an absolutely true assertion.
In my job I have to assist someone from an academic "digital security" organization from time to time, an org filled with professors who should absolutely be technically savvy since their entire careers are focused on technical security issues. They are just as useless in practical reality as yokels running a dealership who have no exposure to technical issues.
The deal is that the second they stop having to actually do research themselves, they immediately start to become incompetent as the technologies they know phase out. I've interacted closely with professors that genuinely couldn't do their own research if their students quit.
You need to threat model. Proton mail is fine for certain operations and catastrophic for others. You mentioned boomer members. You can put all the effort you want into making sure everyone uses encrypted email. If anyone doesn’t also have their device and home network secure, attackers can grab the stuff in plaintext after it’s decrypted
I found the dude talking with Proton on the subreddit here from before he wrote the article - https://reddit.com/r/ProtonMail/comments/d58cq1/protonmail_questions_and_concerns/
Anyways, it’s…Proton won’t protect you from the govt. Simple as. I use it to prevent corporations like google tbh. I already accept that the govt. has my info.
nice find. Look at this https://protonvpn.com/blog/hongkong/
Very reminiscent of the other CIA controlled program, notepad++. They really go out of their way to support CIA regime change operations. Proton is based in Taiwan and I can guarantee you that Taiwanese companies NEVER rock the boat. I've worked at many companies in Taiwan.Proton is most likely a modern Crypto AG.
I eventually left a lefty regional Discord server because none of the zoomers on it could even conceive of digital security. Unless the people in your group are explicitly technical I think you have a steep hill to climb for any practical solution.
What is your threat model here? You need to figure that out first imo.
I think email will be too difficult to do securely, PGP is difficult. That beings you to IM, in which case I'd say Signal (far easier and more reliable) or some Matrix client (more private).
Signal gets a bad rep sometimes but they have published multiple court orders that show they hold next to no information on their users: https://signal.org/bigbrother/
Its main issue is you need to share phone numbers
I think email will be too difficult to do securely, PGP is difficult. That beings you to IM, in which case I’d say Signal (far easier and more reliable) or some Matrix client (more private).
This is roughly what I'd recommend, though I'd HIGHLY recommend setting up communications in such a way where the server is in the physical custody of the organization. This limits the spies to monitoring data in transit, whereas if you're hosted on something like AWS they can image the machine any time they want without your knowledge and collect data at rest.
PGP is probably the best tool available for email, but as you mentioned it is complex, and it is also not a panacea (however, it is not brain surgery. I recommend everyone learn how it works). I'd save email for correspondence outside the organization (newsletters, media contact, public inquiries, announcements, etc) and handle all internal communication using something that isn't burdened with 50 years of technical debt.
This leads me to recommend a private, non-federated Matrix instance, or something along those lines. Again, running on a machine in the organization's custody, so you can wipe that shit like Hillary Clinton the moment you start feeling suspicious, or spirit it away to an unknown place if the information absolutely must be preserved.
Except they have to furnish metadata to LEAs upon request, which is all that is needed in most cases.
Did you click the link? The metadata they have is:
- The date the account was created
- The last time the user connected to their servers
This is all they provide LEAs when they're told to, because it's all the metadata they have on their users. That's what the link shows.
There's good basis to doubt their claims I use signal, but im still careful
Nothing in that link provides a reason to doubt
their claimsthe proof.Ultimately, there is one thing worth considering: There is a reason why LEAs bypass the messaging app completely, and instead use vulnerbailities in phone software to get the messages instead. It's not Signal you should be careful about, it's everything else.
Lol I show you evidence that signal was funded by extremely shady alphabet agency connected sources, and you show me some sternly worded letters that somehow make federal warrants magically disappear, calling it "the proof".
Listen, I don't know shit. I dont know if the author that i linked, as well as all of his sources, have an axe to grind with signal, or what. I'm just saying I don't trust them and I don't think anyone else should either. I use signal, cautiously.
And yeah, I'm running graphene, I'm aware of phone vulnerabilities and I do what I can. I have friends who know way more about this than I do, but nothing is perfect.
Interestingly the author is the same guy who wrote Lemmy (well, half of the team, it's Dessalines), small world
If you are doing something sensitive, you just have to encrypt the text yourself, and physically hand the keys to whoever needs to receive it, and let them decrypt it outside the email client.
Edward Snowden revealed that the US government cares least about the content of emails. Mr. Snowden revealed the US Law Enforcement cares most about who a person is talking to, the dates & times of the emails, and the subject of the email.
Aside from hosting your own email servers, doing your own encryption, running your own software and personally verifying every email you send to, most of these things are largely unavoidable. It's effectively impossible for a third-party email service/website/software to 100% guarantee against doing script injection/credential and info-harvesting on behalf of a government.
However, some of these are still non-negligible flaws, I am also curious if there is a better provider out there.
Is keybase still in good standing? My college buddies and I used to use keybase/pgp in conjunction with proton mail, but I admit that since ingesting the grill pill that my opsec discipline has diminished
Email is unsecure but if you're just worried about US and related companies and agencies snooping around and don't mind at all if say RU ones snoop on you there's Yandex as an alternative. I think now they require phone for sign ups so its not as easy as it used to be. There's also QQ mail but that has the same issue.
I use Posteo, its 12 euro per year but there weren't any free secure alts that I liked.
Depending on what specific part of privacy you're worried about, self-hosting is probably the best way. You will still have payment info linked to the hosting company, obviously, so your emails will still be tied to you if someone has a warrant, but the content of your inbox will be yours alone, and Google or Microsoft will not have access to it. You'll also have control over things like hiding sender IP from the headers if you know how to set that up.
You can set up an AWS EC2 free tier server that will be more than adequate, and will be free for one year -- if you don't want to give Bezos your money, you could use any VPS host or even dedicated email services, but going with a host like EC2 guarantees you full control. You would need to register a domain name -- this could cost about $10-15 per month or more depending on a number of factors. Using self hosting on your own domain means you can have as many email addresses as you'd like on that domain, and you can also set up a catch-all address so you can have different emails for each service. My annual costs for the hosting are a total of $60/yr with a reserved instance. A bit expensive, but I think it is worth it since this offers some measure of protection from accounts on different services being linked (useful for password leaks if your email is your username), and I've also literally caught my state's DMV leaking my email address to spammers because I've gotten spam on an address I've only given to them.
This is an excellent four-part guide I followed for this. You could also go with something like Mailcow which would be much faster to set up, but which won't give you the same understanding as following the guide will.
https://arstechnica.com/information-technology/2014/02/how-to-run-your-own-e-mail-server-with-your-own-domain-part-1/