Well you can run your own mail server if you must (an absolute nightmare even if you know what you're doing) and set up pgp with all your co-conspirators, then use k9mail or another desktop client with pgp support to at least automate the cryptography. But short of that a service that makes at least a plausible privacy claim is better th…
Well you can run your own mail server if you must (an absolute nightmare even if you know what you're doing) and set up pgp with all your co-conspirators, then use k9mail or another desktop client with pgp support to at least automate the cryptography. But short of that a service that makes at least a plausible privacy claim is better than one that doesn't. Until demonstrated otherwise protonmail and similar options are a clear improvement over google, yahoo, microsoft, etc and not hard to get going with.
You could have a separate computer that is never connected to the Internet to compose your mail. Encrypt it with a program you write yourself to avoid the legally required back door. Use a thumb drive to transfer the result to the Internet computer where it can be emailed. The recipients move the encrypted email to a similar no-Internet computer to decrypt. Even this isn't foolproof, but I say good enough.
Though all this might motivate a pre-dawn SWAT raid on your home. Just what are you trying to hide?
"U.S. Postal Service Logging All Mail for Law Enforcement"
WASHINGTON — Leslie James Pickering noticed something odd in his mail last September: a handwritten card, apparently delivered by mistake, with instructions for postal workers to pay special attention to the letters and packages sent to his home.
“Show all mail to supv” — supervisor — “for copying prior to going out on the street,” read the card. It included Mr. Pickering’s name, address and the type of mail that needed to be monitored. The word “confidential” was highlighted in green.
“It was a bit of a shock to see it,” said Mr. Pickering, who with his wife owns a small bookstore in Buffalo. More than a decade ago, he was a spokesman for the Earth Liberation Front, a radical environmental group labeled eco-terrorists by the Federal Bureau of Investigation. Postal officials subsequently confirmed they were indeed tracking Mr. Pickering’s mail but told him nothing else."
We don't presently have any evidence that the encryption algorithms used by, e.g., ssh and pgp are compromised. Or rather, there have been a couple that the NSA compromised that were detected and removed. But there's no overt legal force except in a few countries like China and North Korea that attempt to restrict access to true encryption. So you could skip the writing your own encryption software part. You wouldn't want to do that anyway unless you were a top-tier cryptographer, and if you were you'd probably already have a job ... with the NSA or a private data security firm.
You can also be reasonably certain that even if your computer is internet-connected it's not compromised just by virtue of that connection, if you follow the right precautions, which are the same ones you'd use to set up an "air gapped" computer. Air gapping is more about preventing outside attacks.
Not transmitting your stuff over the open internet is not a bad idea though, if you have any concern that it might be decrypted in the future, since you can prevent it being captured and archived that way. Sneaker nets are cool.
Problem with paper mail is nothing whatsoever prevents it from being intercepted in transit, and few cyphers you could implement on paper would survive ten minutes with a cryptographer, other than a handful that are difficult and require a lot of coordination to pull off. You'd be better off mailing encrypted USB drives if you wanted to piggyback on public courier services.
But this is all silly really unless you're a superspy. Like this is over the top if you're an international terrorist. Mostly what you want is to not be casually spied on by spooks, corporations, or any random mail exchange server admin, and end-to-end encryption solves that, which anybody can do with pgp. Encryption at rest solves the problem of the actual physical hardware being confiscated, or a bad actor wherever that hardware is, or the admin who runs your mail service itself, and protonmail (at least allegedly) provides that too.
Correct in all points except the paper encryption. If you strengthen your encryption so that it is unbreakable, as a OTP technically is, it would just attract the wrong kind of attention. Staying in the mainstream is safer.
Also, OTPs would be susceptible to statistical methods.
There's also the issue of transporting shared secrets to the recipients. All public key encryption is way more vulnerable than a symmetric cipher.
The whole issue is really academic. No one with an actual life is going to take the time and care to make their communications secure enough to resist a nation-state's resources. Avoid scrutiny is the best advice I can give.
"Until demonstrated otherwise protonmail and similar options are a clear improvement over google, yahoo, microsoft, etc and not hard to get going with."
That's not how logic works. It's their claim. Now it's yours. PROVE IT.
Well you can run your own mail server if you must (an absolute nightmare even if you know what you're doing) and set up pgp with all your co-conspirators, then use k9mail or another desktop client with pgp support to at least automate the cryptography. But short of that a service that makes at least a plausible privacy claim is better than one that doesn't. Until demonstrated otherwise protonmail and similar options are a clear improvement over google, yahoo, microsoft, etc and not hard to get going with.
You could have a separate computer that is never connected to the Internet to compose your mail. Encrypt it with a program you write yourself to avoid the legally required back door. Use a thumb drive to transfer the result to the Internet computer where it can be emailed. The recipients move the encrypted email to a similar no-Internet computer to decrypt. Even this isn't foolproof, but I say good enough.
Though all this might motivate a pre-dawn SWAT raid on your home. Just what are you trying to hide?
Or you could use traditional paper mail.
"U.S. Postal Service Logging All Mail for Law Enforcement"
WASHINGTON — Leslie James Pickering noticed something odd in his mail last September: a handwritten card, apparently delivered by mistake, with instructions for postal workers to pay special attention to the letters and packages sent to his home.
“Show all mail to supv” — supervisor — “for copying prior to going out on the street,” read the card. It included Mr. Pickering’s name, address and the type of mail that needed to be monitored. The word “confidential” was highlighted in green.
“It was a bit of a shock to see it,” said Mr. Pickering, who with his wife owns a small bookstore in Buffalo. More than a decade ago, he was a spokesman for the Earth Liberation Front, a radical environmental group labeled eco-terrorists by the Federal Bureau of Investigation. Postal officials subsequently confirmed they were indeed tracking Mr. Pickering’s mail but told him nothing else."
https://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html
There is already essentially "no place to hide"
But do they open the mail and read the contents?
This was a thing in the old days -- wax seals helped but only slowed it down -- but it's so labor intensive that it can't be widespread.
They can probably read without even opening the letter knowadays
No, not normally. it's just one of their many tools of observation, and repression.
We don't presently have any evidence that the encryption algorithms used by, e.g., ssh and pgp are compromised. Or rather, there have been a couple that the NSA compromised that were detected and removed. But there's no overt legal force except in a few countries like China and North Korea that attempt to restrict access to true encryption. So you could skip the writing your own encryption software part. You wouldn't want to do that anyway unless you were a top-tier cryptographer, and if you were you'd probably already have a job ... with the NSA or a private data security firm.
You can also be reasonably certain that even if your computer is internet-connected it's not compromised just by virtue of that connection, if you follow the right precautions, which are the same ones you'd use to set up an "air gapped" computer. Air gapping is more about preventing outside attacks.
Not transmitting your stuff over the open internet is not a bad idea though, if you have any concern that it might be decrypted in the future, since you can prevent it being captured and archived that way. Sneaker nets are cool.
Problem with paper mail is nothing whatsoever prevents it from being intercepted in transit, and few cyphers you could implement on paper would survive ten minutes with a cryptographer, other than a handful that are difficult and require a lot of coordination to pull off. You'd be better off mailing encrypted USB drives if you wanted to piggyback on public courier services.
But this is all silly really unless you're a superspy. Like this is over the top if you're an international terrorist. Mostly what you want is to not be casually spied on by spooks, corporations, or any random mail exchange server admin, and end-to-end encryption solves that, which anybody can do with pgp. Encryption at rest solves the problem of the actual physical hardware being confiscated, or a bad actor wherever that hardware is, or the admin who runs your mail service itself, and protonmail (at least allegedly) provides that too.
Correct in all points except the paper encryption. If you strengthen your encryption so that it is unbreakable, as a OTP technically is, it would just attract the wrong kind of attention. Staying in the mainstream is safer.
Also, OTPs would be susceptible to statistical methods.
There's also the issue of transporting shared secrets to the recipients. All public key encryption is way more vulnerable than a symmetric cipher.
The whole issue is really academic. No one with an actual life is going to take the time and care to make their communications secure enough to resist a nation-state's resources. Avoid scrutiny is the best advice I can give.
"Until demonstrated otherwise protonmail and similar options are a clear improvement over google, yahoo, microsoft, etc and not hard to get going with."
That's not how logic works. It's their claim. Now it's yours. PROVE IT.
You cannot.