Ogg wrote (2021-09-07):

Right, really the ONLY secure way to do email is to either
A) build your own secure email server and run it at home on
a physical box.

So the IP address of your mail server and the registrar's domain record points directly to your home address? Not sure if that helps ;-)

Also broadband IPs don't work for mail reliably.

And meta data is still leaky through the other participants mail servers.

or B) no email at all...

Protonmail's response concludes with a reminder/suggestion that
using Tor and the Onion links to Protonmail would avoid the
"problem".

Even the link to the onion address is easy to find on their website. But I think it's mostly a problem of understanding all the technical details of 'security', anonymity, surveillance and the network. Protonmail advertises secure encrypted email and something something privacy (swiss law). Activist thinks their safe.

I wouldn't use e-mail on the open internet in this context.

Use FTN netmail over Tor! ;-) Or some app made for this use case like Briar.

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

Hello Oli!

** On Wednesday 08.09.21 - 05:41, Oli wrote to Ogg:

So the IP address of your mail server and the registrar's
domain record points directly to your home address? Not
sure if that helps ;-)

And meta data is still leaky through the other participants
mail servers.

Yes.. sadly, the typical SMTP headers can reveal quite a bit
about a message.

Even the link to the onion address is easy to find on their
website. But I think it's mostly a problem of understanding
all the technical details of 'security', anonymity,
surveillance and the network. Protonmail advertises secure
encrypted email and something something privacy (swiss
law). Activist thinks their safe.

I wouldn't use e-mail on the open internet in this context.

There is at least one fellow participating in the pgpnet.io
group using Gmail and there's not much meta data in the headers
to pinpoint a location or an identity at all.

Use FTN netmail over Tor! ;-) Or some app made for this use
case like Briar.

Never heard of Briar. Sounds very much like Matrix/Element.
But how can such a thing still work with a "broken internet" as
it claims it can?


--- OpenXP 5.0.50
* Origin: (} Pointy McPointFace (21:4/106.21)

Hello All!

ProtonMail Explains Why It Shared a User's IP Address With
Police

Even a secure email service can't ignore a legally binding
order from Swiss authorities.

By Matthew Humphries
6 Sep 2021, 3:52 p.m.

ProtonMail advertises itself as the world's largest secure
email service, and yet it recently shared the IP address and
device details of a customer with Swiss and French authorities,
which led to an arrest.

https://uk.pcmag.com/old-hosted-email-providers/135500/ protonmail-explains-why-it-shared-a-users-ip-address-with-
police

Also..

https://techcrunch.com/2021/09/06/protonmail-logged-ip-address- of-french-activist-after-order-by-swiss-authorities/

"While ProtonMail didn't cooperate with French authorities,
French police sent a request to Swiss police via Europol to
force the company to obtain the IP address of one of its
users."



--- OpenXP 5.0.50
* Origin: (} Pointy McPointFace (21:4/106.21)

Hello gcubebuddy!

** On Tuesday 07.09.21 - 10:57, gcubebuddy wrote to Ogg:

ProtonMail Explains Why It Shared a User's IP Address
With Police Even a secure email service can't ignore a
legally binding order from Swiss authorities.

Right, really the ONLY secure way to do email is to either
A) build your own secure email server and run it at home on
a physical box. or B) no email at all...

Protonmail's response concludes with a reminder/suggestion that
using Tor and the Onion links to Protonmail would avoid the
"problem".


--- OpenXP 5.0.50
* Origin: (} Pointy McPointFace (21:4/106.21)

Ogg wrote (2021-09-07):

Right, really the ONLY secure way to do email is to either
A) build your own secure email server and run it at home on
a physical box.

So the IP address of your mail server and the registrar's domain record points directly to your home address? Not sure if that helps ;-)

Also broadband IPs don't work for mail reliably.

And meta data is still leaky through the other participants mail servers.

or B) no email at all...

Protonmail's response concludes with a reminder/suggestion that
using Tor and the Onion links to Protonmail would avoid the
"problem".

Even the link to the onion address is easy to find on their website. But I think it's mostly a problem of understanding all the technical details of 'security', anonymity, surveillance and the network. Protonmail advertises secure encrypted email and something something privacy (swiss law). Activist thinks their safe.

I wouldn't use e-mail on the open internet in this context.

Use FTN netmail over Tor! ;-) Or some app made for this use case like Briar.

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

Protonmail's response concludes with a reminder/suggestion that
using Tor and the Onion links to Protonmail would avoid the
"problem".

it makes me wonder how many supeanas have already been issued to Protonmail, and the people who run the signal app. i dont trust any of them. its like having a single point of failure. that failure being litigation from corprate controlled gov agencies. I know that proton is used alot for people who a re insiders that are wanting to come forward from the black OPS UFO programs. however i think the proton / signal systems are already compromised. if not
by legal means, then by NSA hacking.

Thanks
- Gamecube Buddy

telnet --<{bbs.hive32.com:23333}>--

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Hive32 (21:4/129)

Hello Oli!

** On Wednesday 08.09.21 - 05:41, Oli wrote to Ogg:

So the IP address of your mail server and the registrar's
domain record points directly to your home address? Not
sure if that helps ;-)

And meta data is still leaky through the other participants
mail servers.

Yes.. sadly, the typical SMTP headers can reveal quite a bit
about a message.

Even the link to the onion address is easy to find on their
website. But I think it's mostly a problem of understanding
all the technical details of 'security', anonymity,
surveillance and the network. Protonmail advertises secure
encrypted email and something something privacy (swiss
law). Activist thinks their safe.

I wouldn't use e-mail on the open internet in this context.

There is at least one fellow participating in the pgpnet.io
group using Gmail and there's not much meta data in the headers
to pinpoint a location or an identity at all.

Use FTN netmail over Tor! ;-) Or some app made for this use
case like Briar.

Never heard of Briar. Sounds very much like Matrix/Element.
But how can such a thing still work with a "broken internet" as
it claims it can?


--- OpenXP 5.0.50
* Origin: (} Pointy McPointFace (21:4/106.21)

Re: protonmail shares IP address leading to arrest
By: Oli to Ogg on Wed Sep 08 2021 05:41 am

Ogg wrote (2021-09-07):

Right, really the ONLY secure way to do email is to either
A) build your own secure email server and run it at home on
a physical box.

So the IP address of your mail server and the registrar's domain record poin directly to your home address? Not sure if that helps ;-)

Also broadband IPs don't work for mail reliably.

And meta data is still leaky through the other participants mail servers.

or B) no email at all...

Protonmail's response concludes with a reminder/suggestion that
using Tor and the Onion links to Protonmail would avoid the
"problem".

Even the link to the onion address is easy to find on their website. But I think it's mostly a problem of understanding all the technical details of 'security', anonymity, surveillance and the network. Protonmail advertises secure encrypted email and something something privacy (swiss law). Activist thinks their safe.

I wouldn't use e-mail on the open internet in this context.

Use FTN netmail over Tor! ;-) Or some app made for this use case like Briar.

There are email services within the I2P network that interface with the clearnet. I would not advise to use them for talking to clearnet email users (because the system introduces delays on purpose in order to prevent correlation attacks, and because many mainstream email providers flag these services as spam) but they are good for talking to other I2P users.

Then there are things like Bitmessage (that works over Tor) or Retroshare (with suport for both Tor and I2P, and even the ability to bridge darknets to clearnet and viceversa).

I don't think it is feasible at this point to have reasonable confidentiality unless both of the talking parties agree to use some secure, non mainstream platform or system. The dream of sending a message using a secure program and have Grannie Doe read it and reply securely is an unreachable dream because, even if the software existed, being able to use it securely requires proper trainign and understanding on both ends.

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Re: re: protonmail shares IP address leading to arrest
By: gcubebuddy to Ogg on Wed Sep 08 2021 07:03 am

Protonmail's response concludes with a reminder/suggestion that
using Tor and the Onion links to Protonmail would avoid the
"problem".

it makes me wonder how many supeanas have already been issued to Protonmail, and the people who run the signal app. i dont trust any of them. its like having a single point of failure. that failure being litigation from corprat controlled gov agencies. I know that proton is used alot for people who a re insiders that are wanting to come forward from the black OPS UFO programs. however i think the proton / signal systems are already compromised. if not by legal means, then by NSA hacking.

Thanks
- Gamecube Buddy

telnet --<{bbs.hive32.com:23333}>--

I don't think there are technical means to read the conversations going on within a Signal group unless the adecuate decryption keys are in your posession.

However, identifying which people is part of certain group may be possible.

In theory, Signal uses a hashing system so they don't get to see the phone numbers of your contacts, but the hash space is so small that it is bruteforceable, and this weakness is acknowledged by the team.

Which means the content of your conversations is not easy to know, but knowing who your friends are is possible. That is "no bueno".

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

Ogg wrote (2021-09-08):

Use FTN netmail over Tor! ;-) Or some app made for this use
case like Briar.

Never heard of Briar. Sounds very much like Matrix/Element.

But Briar is p2p and Matrix client-server based. I don't know how it compares to Element on the UI level, never used Briar.

But how can such a thing still work with a "broken internet" as
it claims it can?

I think the offline functionality is limited. You can share messages over Bluetooth and wifi with people in the same location. I'm not sure if it even does local mesh routing (I don't think so).

A sophisticated app could send messages over a local mesh routed network and it would hop from nearby device to nearby device until it finds one that acts as a gateway to the internet. I don't know any app that does it (and it would need a bigger user base to work reliably).

Bridgefy was used in the Hong Kong protest. Unfortunately it was never safe to use it for these kind scenarios. That's why you never can trust a closed source software product. They tell you it perfectly protects your privacy and it doesn't:

https://arstechnica.com/features/2020/08/bridgefy-the-app-promoted-for-mass-protests-is-a-privacy-disaster/

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

On 08 Sep 2021, Arelor said the following...

Re: re: protonmail shares IP address leading to arrest
By: gcubebuddy to Ogg on Wed Sep 08 2021 07:03 am

I don't think there are technical means to read the conversations going
on within a Signal group unless the adecuate decryption keys are in your posession.

While this is likely accurate, if you have a nation state that wants access to your Signal conversations, they just need to compromise one of the participants' phones and install a screen scraper. It's not easy, but there's always more than one way to skin a horse.

GreenLFC º e> greenleaderfanclub@protonmail.com
Infosec / Ham / Retro º masto> greenleaderfanclub@distrotoot
Avoids Politics on BBS º gem> gemini.greenleader.xyz

--- Mystic BBS v1.12 A47 2021/08/29 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

While this is likely accurate, if you have a nation state that wants access to your Signal conversations, they just need to compromise one of the participants' phones and install a screen scraper. It's not easy,
but there's always more than one way to skin a horse.

oooh wow ya interesting.... i had no thought about screen captureing it.

Thanks
- Gamecube Buddy

telnet --<{bbs.hive32.com:23333}>--

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Hive32 (21:4/129)

gcubebuddy wrote to Greenlfc <=-

oooh wow ya interesting.... i had no thought about screen captureing
it.

When some people in my company thought they'd use the DRM in Microsoft Office/Exchange to protect emails, they didn't think about people taking a picture of the screen.


... What to increase? What to reduce? What to maintain?
--- MultiMail/DOS v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

Spectre wrote (2021-09-12):

As an aside, last time I did an "upgrade" I was left with a non-bootable system. Whatever it did, the new kernel wouldn't load.. and you'd have to manually load the original kernel.

What distribution do you use?

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

What distribution do you use?

Generally Ubuntu...


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: We know where you live, we're coming round to get you (21:3/101)