Oddbean new post about | logout
 i smell bullshit. this author clearly has an agenda to spread fud conspiracy theories, going all the way back to ww2 to try and link signal to the cia is a ridiculous stretch. #signal is not an asset of the us gov because the gov provided money to the otf (open technology fund). whisper systems received this funding along with several other non-profits. this article has a dangerous agenda of fearmongering and biased conjecture

nostr:nevent1qqswgeqf7t67lwc48g7m9kd5m5v9exhl9zp67q5ccy9p3udav4t62kspzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgq3qrenaud65zug8r570ndztde2xhk206z3v50a5mwa3kp2xshy3zmjqxpqqqqqqzj8axjp 
 *open 
 use simplex
use signal
use tor
https://image.nostr.build/64c760307f90350f3cae2a2d49d4387ec8131406e7d87819364e32b66ae35202.jpg
nostr:nevent1qqsrm4ky6n57gzu93xmf43mlywdftwjvwecgumeey8euafc08f8nz0spzemhxue69uhkzarvv9ejumn0wd68ytnvv9hxgq3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqzs4yt8t 
 And I2p 
 https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ 
 there is no comparisson between crypto ag and proton. proton's encryption is client side, and their crypto code is open source https://protonmail.com/blog/openpgpjs-3-release/
is 3rd party audited and can be independently verified.
https://proton.me/blog/is-protonmail-trustworthy 
 No your keys no your data

And...


"unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned " 
 don't quote half a quote to make a point. here's the rest

"...are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in MEMORY (i.e. it is not persistent), and then encrypted and written to disk. We do not possess the technical ability to scan the content of the messages after they have been encrypted."

mullvad has gone ram only for similar purposes as data stored in ram is temporary and not persistent.

using pgp or encrypted messages for private conversations is essential. if you don't anyone can read the contents of said messages. this is not a revelation, it's common sense and a problem proton solves as transparently as possible. 
 You are so naive,👋 
 and you don't understand how tech works. have fun calling every privacy-focused service a gov owned honeypot. oh, and i guess you also think ed snowden is naive too huh? you know, since he uses and recommends both tor and signal and all. later 🤙🏻 
 Imagine calling one of the actually legitimate opsec experts on Nostr naïve. 

🙄 
 Why do you guys get pulled into the fake accounts engaging?
Just take 2 seconds to look at the source & you should know it’s a purely shitposting account. 
Be better. 
 Because random normies see this stuff and get turned off to tech that would actually benefit them. 

The only way to counter bad speech is more speech and all that jazz. 
 Nah. And stop worrying so much about normies. They’re normies for a reason. 
The world needs ditch diggers too. 
 thx fren. unfortunately, i deal with people like this all the time. they give actual opsec/infosec professionals a bad name by spewing baseless fearmongering that really does nothing but scare people into apathy 
 I have very strong feelings about people giving security advice online, especially generalized advice. My faith in you was built by validating what you said through research and my own experience multiple times. So far, you’ve been batting 1000. 

I deeply appreciate that you take time to form context based on threat model of the individual, and explaining the tradeoffs between services honestly. 

One size fits all cybersecurity is worse than no cybersecurity imo. There are very few things (2FA over SMS is bad) that apply to everyone equally. 

Conspiracy theories are the worst though. That’s not even true information taken out of context - that’s just made up shit misleading people. 
 💯! well said. good on you for doing the research. and thank you for the complement 
 Here here for @Ava 
 I am an expert - starter pack


Best services: Protonmail, Tutanota, Signal👏

And nostr... nightmare regarding privacy...
 
 Please don't call yourself opsec expert.  
 Expert... we are fucked😐 
 Protonmail is NOT privacy focused.
More privacy oriented is using Gmail with Delta Chat or just with email clients + gpg (you own keys) 
 And Signal can be another CryptoAG 
 "Greg Miller of The Washington Post reveals the hidden history of Crypto AG, a Swiss firm that sold encryption technology to 120 countries — but was secretly owned by the CIA for decades."

120 countries... experts😆 independently verified😆


 
 DAVIES: Wow. It's also remarkable, you learned in this material that you got access to, that that the German and American agencies brought in some corporate partners to help with the technology - Siemens in the case of the Germans, Motorola in the case of the Americans. Did these private companies know they were assisting in spying?

MILLER: Absolutely (laughter). I mean, there are detailed accounts in these documents of conversations with these massive companies. Hey, we are running this secret operation out of Switzerland. We're having trouble with this certain device. It's not working very well. We're trying to make our transition into a new technology. Can you help us out with this? They're may not be read into all the details of the operation, but they are - it's clear to those companies that they are working hand-in-glove with the CIA, NSA and the BND. 
 "RFE/RL broadcasts in 27 languages to 23 countries.[11] The organization has been headquartered in Prague, Czech Republic, since 1995, and has 21 local bureaus with over 500 core staff and 1,300 stringers and freelancers in countries throughout their broadcast region. In addition, it has 680 employees at its headquarters and corporate office in Washington, D.C."

They have www within Tor too.😃🤔


https://www.rferlo2zxgv23tct66v45s5mecftol5vod3hf4rqbipfp46fqu2q56ad.onion/