22·
1 year agoidk about Skiff, but Proton also tells to e2ee mails to/from outside if they‘re using PGP…
Varen
- 0 Posts
- 10 Comments
Joined 1 year ago
Cake day: July 9th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Didn‘t knew that exists, awesome. Checking it out for sure :)
wish I could upvote this more than just once
agreed on that, but I think, before that would be, don’t try to threaten ppl on the internet and don’t expect to be anonymous by just using a private service. I mean, the mail might be encrypted, but the recipient gets it, can read it and can show it to anyone else.
still: private ≠ anonymous
can you elaborate?
and the other one regarding the clima activist:
https://protonmail.com/blog/climate-activist-arrest/
let me quote from reddit (https://www.reddit.com/r/ProtonMail/comments/15luwua/comment/jvd0fz9/?utm_source=share&utm_medium=web2x&context=3):
The article doesn’t link the original court filing or discuss what actually happened, and from the title alone, is rather misleading.
The actual warrant can be found here and has the important missing details: https://drive.proton.me/urls/57QC5F26BW#nseYl6ICaQHm
The only data we could provide (in response to a binding Swiss legal order), was the user’s recovery email address, which the user added himself, and is optional to begin with.
Unfortunately, said user also used that recovery address to create a Twitter account, and Twitter turned over his phone number and IP address. So probably not the smartest move if you want to threaten public officials.
Coincidentally, this case again proves that Proton Mail’s encryption cannot be bypassed by law enforcement.
You had to dig deep to get a news from 2021. and still, private doesn‘t mean anonymous, idk why everyone relates the both.
And still, no news here, Proton explained this case several times and they‘ve been pretty transparent.
9·1 year agothe Cert just confirms, that the domain your accessing is belonging to who owns it. When you signup for a cert at LetsEncrypt, you have to run a script on the source, which confirms as your domain.
You wouldn’t be able to get a Cert for e.g. amazon.com - because you wouldn’t be able to run that specific script on the source and so LetsEncrypt couldn’t confirm if that domain really is yours or not. And that’s as well the reason, why not trust everyone,
Teach.