Oddbean new post about | logout
 https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ 
 there is no comparisson between crypto ag and proton. proton's encryption is client side, and their crypto code is open source https://protonmail.com/blog/openpgpjs-3-release/
is 3rd party audited and can be independently verified.
https://proton.me/blog/is-protonmail-trustworthy 
 No your keys no your data

And...


"unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned " 
 don't quote half a quote to make a point. here's the rest

"...are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in MEMORY (i.e. it is not persistent), and then encrypted and written to disk. We do not possess the technical ability to scan the content of the messages after they have been encrypted."

mullvad has gone ram only for similar purposes as data stored in ram is temporary and not persistent.

using pgp or encrypted messages for private conversations is essential. if you don't anyone can read the contents of said messages. this is not a revelation, it's common sense and a problem proton solves as transparently as possible. 
 You are so naive,👋 
 and you don't understand how tech works. have fun calling every privacy-focused service a gov owned honeypot. oh, and i guess you also think ed snowden is naive too huh? you know, since he uses and recommends both tor and signal and all. later 🤙🏻 
 Imagine calling one of the actually legitimate opsec experts on Nostr naïve. 

🙄 
 Why do you guys get pulled into the fake accounts engaging?
Just take 2 seconds to look at the source & you should know it’s a purely shitposting account. 
Be better. 
 Because random normies see this stuff and get turned off to tech that would actually benefit them. 

The only way to counter bad speech is more speech and all that jazz. 
 Nah. And stop worrying so much about normies. They’re normies for a reason. 
The world needs ditch diggers too. 
 thx fren. unfortunately, i deal with people like this all the time. they give actual opsec/infosec professionals a bad name by spewing baseless fearmongering that really does nothing but scare people into apathy 
 I have very strong feelings about people giving security advice online, especially generalized advice. My faith in you was built by validating what you said through research and my own experience multiple times. So far, you’ve been batting 1000. 

I deeply appreciate that you take time to form context based on threat model of the individual, and explaining the tradeoffs between services honestly. 

One size fits all cybersecurity is worse than no cybersecurity imo. There are very few things (2FA over SMS is bad) that apply to everyone equally. 

Conspiracy theories are the worst though. That’s not even true information taken out of context - that’s just made up shit misleading people. 
 💯! well said. good on you for doing the research. and thank you for the complement 
 Here here for @Ava 
 I am an expert - starter pack


Best services: Protonmail, Tutanota, Signal👏

And nostr... nightmare regarding privacy...
 
 Please don't call yourself opsec expert.  
 Expert... we are fucked😐 
 Protonmail is NOT privacy focused.
More privacy oriented is using Gmail with Delta Chat or just with email clients + gpg (you own keys) 
 And Signal can be another CryptoAG 
 "Greg Miller of The Washington Post reveals the hidden history of Crypto AG, a Swiss firm that sold encryption technology to 120 countries — but was secretly owned by the CIA for decades."

120 countries... experts😆 independently verified😆


 
 DAVIES: Wow. It's also remarkable, you learned in this material that you got access to, that that the German and American agencies brought in some corporate partners to help with the technology - Siemens in the case of the Germans, Motorola in the case of the Americans. Did these private companies know they were assisting in spying?

MILLER: Absolutely (laughter). I mean, there are detailed accounts in these documents of conversations with these massive companies. Hey, we are running this secret operation out of Switzerland. We're having trouble with this certain device. It's not working very well. We're trying to make our transition into a new technology. Can you help us out with this? They're may not be read into all the details of the operation, but they are - it's clear to those companies that they are working hand-in-glove with the CIA, NSA and the BND.