• firefly@neon.nightbulb.net
    link
    fedilink
    arrow-up
    6
    ·
    8 months ago

    Everything you need to know about so-called ‘Swiss Privacy’ we learned decades ago from Operation Thesaurus, AKA, Operation Rubicon. We learned that CIA operations and black budget banking are actually headquartered in the Swiss underground.

    Operation Rubicon
    https://en.wikipedia.org/wiki/Operation_Rubicon

    Crypto AG
    https://en.wikipedia.org/wiki/Crypto_AG

    If you trust any third-party server to protect your privacy, you’re a rube. If you trust Proton Mail to protect your privacy, you’re a rube getting ‘crossed’ by the Swiss Rubi-con. Either you own your keys and your data on your computer or else you have no privacy. Someone else’s promise that your data will be ‘encrypted’ so they can’t decipher it is a hollow pledge. If you send any form of plaintext to a remote server, no matter how much they claim to encrypt it, you have zero assurance of data privacy.

    Watch the phan boiz rage outlet!

    #Cryptography #Cryptology #Encryption #Crypto #Protonmail #CryptoAG #Switzerland #CIA

    • Doods@infosec.pub
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      So what should we do then? switch to something else? Host our own email service?

      I really don’t know.

      • firefly@neon.nightbulb.net
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        It depends upon your security needs and risk assessment.

        Are you a whistleblower?

        Are you handling confidential business, financial or legal communication?

        Are you being monitored by state agents?

        Are you sharing love letters with someone?

        Are you discussing or transferring confidential records?

        You have to look at and assess your use case before you can decide on a solution.

        No matter what your risks are, every solution should ALWAYS include end-to-end encryption in which the parties own and control their own encryption keys and identity on their own devices, not in the cloud.

        That is the baseline. Then depending on your situation there are other factors and solutions to consider on top of the baseline.

        When you own and control your encryption keys on your own device, then no third party can turn over your keys to a hostile entity. If you encryption is dependent upon a third party, they own your encryption and you have zero security, no matter how much they promise you.

        Here are a few secure communication software examples for consideration:

        Onionshare: https://onionshare.org/
        Retroshare: https://retroshare.cc/
        Bitmessage: https://bitmessage.org