Even when I use to use protonmail, we always PGP encrypted the text even if there really wasn’t anything incriminating either. Always assume everything is insecure, it’s really the only way to protect yourself.
If PGP was a government op then why did the government investigate Phil Zimmermann for creating the software?
PGP has been audited to death by security researchers (mostly people use the open source GPG, IIRC), and the crypto primitives used nowadays are not the original ones anyways. Beyond that, it’s also used for government communications and so a backdoor would be a huge security risk for them.
? I’d love to read more. I haven’t been following PGP stuff for years now but I’d still be interested
Trusting a company to be truly secure is, unfortunately, a terrible idea. They exist in a world where they can be compelled to cooperate or be shut down. They’ll make the choice that continues to make some money.
Also any claim of no logging may as well be marketing nonsense. There’s no way to verify it, logs have to be kept to some extent atleast for a little while to allow functionality, and adversaries may compel or compromise and thus create logs.
I thought ProtonMail was some kind of CIA honeypot.
Been wondering lately if the folks who tell us shit like “we don’t log your IP” are instead keeping a hash of the IP, which a dedicated actor (like a state intelligence apparatus, or law enforcement) could probably combine with other sources to out you.
The IPv4 address space is small enough where hashing is effectively useless. Though a bigger concern IMO is DDOS mitigation services like Cloudfare. It doesn’t matter if websites log or not if half of the internet is using the same reverse-proxy service.
DDOS mitigation services like Cloudfare
Hexbear using Cloudflare
:side-eye-1: :side-eye-2:
Lol if it makes you feel any better it’s basically impossible to be anonymous on the internet anymore, so we’re fucked anyway
Been wondering lately if the folks who tell us shit like “we don’t log your IP” are instead keeping a hash of the IP, which a dedicated actor (like a state intelligence apparatus, or law enforcement) could probably combine with other sources to out you.
Good thing this site is open source so we don’t have to wonder.
Well yeah, of course. Otherwise there’d be more of us here who could build cool shit. My point is that it’s all there for anyone to vet who has put in the time to learn how.
@LeninWeave linked to a good example of when we’ve noticed stuff and brought it to the devs / admins: https://hexbear.net/post/127316
If you’ve got any proof hexbear is hashing all the IPs of everyone and storing them, then please make a post about it because I think we’d all want to know.
:france-cool:
