Re: Protonmail and 'Swiss privacy' remind me of Operation Rubicon.

On 22/04/2024 07:05 SugarBug <3883@sugar.bug> wrote:

@firefly@neon.nightbulb.net
 
Protonmail reminds me of Operation Rubicon.
 
Propagandists and useful idiots routinely pump Proton Mail as a champion of privacy. They will post links to articles in which some agency or foreign government has requested Proton Mail to hand over user data. Then the article will position 'Swiss privacy laws' as saving the day. This smells of mockingbird media agitprop meant to generate interest in Protonmail. If enough such articles are circulated, the gullible will believe they are protected by 'Swiss privacy' then flock to Protonmail as their 'privacy savior'.
 
Everything you need to know about so-called 'Swiss Privacy' we learned decades ago from Operation Thesaurus, AKA, Operation Rubicon. We learned that CIA operations and black budget banking are actually headquartered in the Swiss underground.
 
Operation Rubicon
https://en.wikipedia.org/wiki/Operation_Rubicon
 
Crypto AG
https://en.wikipedia.org/wiki/Crypto_AG
 
If you trust any third-party server to protect your privacy, you're a rube. If you trust Proton Mail to protect your privacy, you're a rube getting 'crossed' by the Swiss Rubi-con. Either you own your keys and your data on your computer or else you have no privacy. Someone else's promise that your data will be 'encrypted' so they can't decipher it is a hollow pledge. If you send any form of plaintext to a remote server, no matter how much they claim to encrypt it, you have zero assurance of data privacy. If you use an email server, even if you use end-to-end encryption, you have zero metadata privacy. Anyone can see WHO you are talking to even if they can't see the talk itself. Criminals and spooks are generally more interested in _who_ you talk to over _what_ you say. The _who_ is the most important piece of knowledge for their operations.
 
When using email for encrypted messages is always better for both parties to use their own email servers. Even better than that is to use a encrypted messenger through a Tor hidden service. The encrypted messenger must NOT rely on the Tor keys for the security of the encryption, but must first encrypt it using secret keys _before_ sending the data over the Tor network. Even with Tor, metadata unmasking is possible through monitoring and traffic correlation attacks. If you are a whistleblower or an at-risk person it is still far safer to send coded messages by other channels.
 

I agree 100%. Use PGP or S/MIME on your own computer. Anyone that uses online encrypted e-mail services is a dunce.