Article <20240602111722.1279e423@fedora>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <20240602111722.1279e423@fedora>

Deutsch English Français Italiano

<20240602111722.1279e423@fedora>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!feeds.phibee-telecom.net!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Edward Teach <hackbeard@linuxmail.org>
Newsgroups: sci.crypt,alt.privacy.anon-server
Subject: Re: Protonmail and 'Swiss privacy' remind me of Operation Rubicon.
Date: Sun, 2 Jun 2024 11:17:22 +0100
Organization: A noiseless patient Spider
Lines: 80
Message-ID: <20240602111722.1279e423@fedora>
References: <d222eca70ea6b2e9a763257229c781d5$1@sybershock.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 02 Jun 2024 12:17:23 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="10d90ded8ef9c89ef4b496553e36982b";
	logging-data="3479869"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/KT2uIgUKB3KiOQreBl1eNSW7oCUhlXD8="
Cancel-Lock: sha1:7kcNapQ7MbAGMIv9LdHdfHp4Xw4=
X-Newsreader: Claws Mail 4.2.0 (GTK 3.24.42; x86_64-redhat-linux-gnu)
Bytes: 5128

On Mon, 22 Apr 2024 07:05:43 -0500
SugarBug <3883@sugar.bug> wrote:

> @firefly@neon.nightbulb.net
> 
> Protonmail reminds me of Operation Rubicon.
> 
> Propagandists and useful idiots routinely pump Proton Mail as a
> champion of privacy. They will post links to articles in which some
> agency or foreign government has requested Proton Mail to hand over
> user data. Then the article will position 'Swiss privacy laws' as
> saving the day. This smells of mockingbird media agitprop meant to
> generate interest in Protonmail. If enough such articles are
> circulated, the gullible will believe they are protected by 'Swiss
> privacy' then flock to Protonmail as their 'privacy savior'.
> 
> Everything you need to know about so-called 'Swiss Privacy' we
> learned decades ago from Operation Thesaurus, AKA, Operation Rubicon.
> We learned that CIA operations and black budget banking are actually
> headquartered in the Swiss underground.
> 
> Operation Rubicon
> https://en.wikipedia.org/wiki/Operation_Rubicon
> 
> Crypto AG
> https://en.wikipedia.org/wiki/Crypto_AG
> 
> If you trust any third-party server to protect your privacy, you're a
> rube. If you trust Proton Mail to protect your privacy, you're a rube
> getting 'crossed' by the Swiss Rubi-con. Either you own your keys and
> your data on your computer or else you have no privacy. Someone
> else's promise that your data will be 'encrypted' so they can't
> decipher it is a hollow pledge. If you send any form of plaintext to
> a remote server, no matter how much they claim to encrypt it, you
> have zero assurance of data privacy. If you use an email server, even
> if you use end-to-end encryption, you have zero metadata privacy.
> Anyone can see WHO you are talking to even if they can't see the talk
> itself. Criminals and spooks are generally more interested in _who_
> you talk to over _what_ you say. The _who_ is the most important
> piece of knowledge for their operations.
> 
> When using email for encrypted messages is always better for both
> parties to use their own email servers. Even better than that is to
> use a encrypted messenger through a Tor hidden service. The encrypted
> messenger must NOT rely on the Tor keys for the security of the
> encryption, but must first encrypt it using secret keys _before_
> sending the data over the Tor network. Even with Tor, metadata
> unmasking is possible through monitoring and traffic correlation
> attacks. If you are a whistleblower or an at-risk person it is still
> far safer to send coded messages by other channels.
> 
> If you rely on Protonmail and similar services for high-risk
> communications you are taking a dangerous risk.
> 
> Watch the phan boiz rage outlet!
> 
> #Cryptography #Cryptology #Encryption #Crypto #Protonmail #CryptoAG
> #Switzerland #CIA
> 

@SugarBug
Much of what you say is perfectly valid.  That said, there are
intermediate steps that people can take....not getting to complete
anonymity or perfect privacy.....but a step or two better than nothing!
(1) Anonymity.  You can use mail addresses from MAIL.COM.  When you do
this you also need to make sure that these mail addresses are only used
from public places (say internet cafes) so that both the email address
and the IP address are not linked to a single person.  Of course the 
RECIPIENT email address(es) might give the game away!
(2) Privacy.  I'm always amused when people talk about "public key
infrastructure", say PGP and the like.  Any group of people can set up
a Diffie/Hellman protocol.  With this in place EVERY MESSAGE gets a
random throwaway shared secret encryption key.  There are no published
keys anywhere....the keys are calculated when needed and then destroyed.
(3) E2EE.  Any group using items #1 and #2 are giving the snoops MUCH
more work.  Of course, snooping will not be impossible......but it
might be made very difficult, both on the privacy side and on the
anonymity side.....and without huge amounts of heavy lifting for the
users.