Are you a journalist, activist or whistleblower in need of an anonymous email account that doesn't require a personally identifiable recovery email address or phone number?
@rmbolger I've considered this, but there's a lot of moving parts, and as a hobbyist, this all comes out of my pocket. I just renewed my annual hosting in February, too. I put the call out in January asking folks if they had any recommendations, and no one did (obviously I don't have much reach as a mastodon user).
I've managed to get my paws on "Dark Wire" by @josephcox, a great new book telling the incredible true story of how the FBI launched a fake encrypted messaging service and spied on the communications of the world's most notorious criminal gangs.
Did someone say #encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk #surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df
#EU#Spain#Catalonia#Cybersecurity#Privacy#Encryption#Wire#Proton: "As part of an investigation into people involved in the pro-independence movement in Catalonia, the Spanish police obtained information from the encrypted services Wire and Proton, which helped the authorities identify a pseudonymous activist, according to court documents obtained by TechCrunch.
Earlier this year, the Spanish police Guardia Civil sent legal requests through Swiss police to Wire and Proton, which are both based in Switzerland. The Guardia Civil requested any identifying information related to accounts on the two companies’ respective platforms. Wire responded providing the email address used to register the Wire account, which was a Protonmail address. Proton responded providing the recovery email for that Protonmail account, which was an iCloud email address, according to the documents.
In the request, which listed “organised crime” and “terrorism” as the nature of the investigation, Spanish police wrote that it wanted to “find out who were the perpetrators of the facts taking place in the street riots in Catalonia in 2019.”"
Jetzt keine (doofe) Sprüche, dass veganer Tofu nicht schmeckt und seltsam wäre, es geht um IT-Sicherheit! ;)
»Freie Terraform-Alternative – Opentofu ermöglicht "state encryption":
Seit über zehn Jahren klagen Terraform-Nutzer über unverschlüsselte state files. Version 1.7 der freien Alternative Opentofu bietet nun optionale Verschlüsselung an.«
Has anyone had to deal with #Imperva? For some goddamned reason they've backslid and will no longer accept 4096-bit #encryption certificates and demand 2048-bit certs again.
@kubikpixel the user didn't practice great secops and put in an apple email as the recovery address. Swiss law requires proton to give up that decryptable recovery address. It's then #apple who handed over name, address and phone number. But apparently that doesn't make a good headline
@martijn Yes, Switzerland collects more data than anywhere else in Europe. Every provider is obliged to keep the collected data (IP & Co.) for 6 months. But very few people outside of Switzerland are aware of this, which is why they are sold as neutral and equally secure 🤐
#e2ee is a goal, not a promise. As far back as I can remember, forums like those supporting #Enigmail and #gpg were staffed with volunteers from the privacy community who repeatedly insisted on answering questions, like, "Is <this> (whatever this might be) totally secure?" with stock questions like, "What is it that you consider 'totally secure?" or answers such as, "Secure is a relative term, nothing is completely secure, how secure do you need your mission's communications to be?"
Phrases such as, reasonably secure should be indicators of how ridiculous it is to assume that any secure platform isEVERcompletely, and totally secure.
That begs the question, "Exactly how secure do you require your communications to be?" The answer is always, ... relative.
Which means that you should always believe Ellen Ripley when she says, "Be afraid. Be very afraid!"
My experience is that state actors won't even try to decrypt your communications. That's old school - and a horribly inefficient use of resources. They'll come after you with a keylogger or manufactured legal nightmares or torture - to either or both sides of the communication; depending on the perceived value of your secret.
It all comes down to 4 fundamental questions:
What is the value of your secret to you
What resources do you have available to protect it
What is the perceived value of your secret to your adversary
What resources do they have available to divulge it
#CyberSecurity#VPNs#Encryption: "Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then."