The Only Email System The NSA Can't Access

a reply to: purplemer

Awesome. I'm switching to Protonmail right away! Thank you a zillion times over I've been hacked so many times I almost thought I was the girl in the back room passed out drunk everyone was going to score on.

My last note leads me to another point about government. How can any government expect loyalty from its civilians if it is constantly throwing their lives into turmoil and ignoring their rights?

This is some good information. While I have nothin to hide I would prefer not to have the NSA snooping through my stuff.

Thanks for the pointer.

It makes absolutely no difference if it's encrypted. If there's a KeyLogger or Remote Access Trojan on the computer your sending from, everything you type can be intercepted before it gets encrypted and you send the e-mail. If they have the tech to intercept your e-mail, they probably have the tech to slip a KeyLogger or RAT into your system anyway.

Lol.... you got it poster above!!!

Did you write every single piece of I/o code your machine uses?

Do you also have analog means of physically sniffing all traffic coming from every I/o device on your machine?

Is all of your hardware and wiring did rated to resist "tempest" threats? ( getting rid of your CRT won't protect you muahah)

Oh and are you physically using a DNS workaround?

Yup didn't think so.....

Because most of you let anything that asks on your system auto update .... don't feel bad I don't do most of this either however I KNOW my system is compromised and act accordingly. I've also suffered from this having my work stolen files strangely missing hell I've even had the displeasure of more than a dozen separate times read an article about general dynamics land systems or etc are developing this or that that I was working on....

Now if it happened once or twice .... even 4 times I could shrug it off, but over a dozen separate ideas? Just not buying that.
Do not take any of this statement to mean I believe I am special or even All that bright. I assure you I figured out long ago that everyone's mom says their kid is special.

That's what frightened me actually.... I am nothing special nor dangerous yet my communications and personal projects are obviously not just logged, but then potentially valuable insights and ideas are plucked from this and distributed to relevant parties....

Scary

What would be be most wise, juridically; based in Switzerland or Iceland?

a reply to: TXRabbit

Not true. They scan them without opening them. Easy peasy. But they would certainly like you to believe it's secure.

a reply to: Snarl
No, the .ch domain is Swiss.

If governments were capable of cracking all encryption, why do they create legislation that requires people disclose passwords when requested or they go to jail ? ... wikipedia.org/wiki/Key_disclosure_law

It is true to say given enough time any encryption can be cracked by a brute-force attack,
but the amount of time required to crack a 20 character alphanumeric* password is longer than the lifespan of the sun ...
www.grc.com/haystack.htm

[ * using upper and lower case letters ]

It sounds great, but I am the paranoid type... It sounds great but how'd you know they are co-opted or won't be infiltrated at some point? Then all they do is have a "sorftware upgrade" and bam they see everything...

I just think, if I were in gov and wanted to spy on people, the first place I'd look is tor, irc, and email companies like this!

So I dunno, just thought I would share the little voice in my mind. Lol

The bottom line is American companies are willing to trade your privacy for money. If nothing else, it is time to turn away from those that think nothing of your right of privacy.

Sure, there is never any guarantee, but I trust the Swiss.

If you have a choice do you choose doing business with those who profit and expose you or those who respect your god given right to a private life?

a reply to: purplemer

The only reliable way to avoid snooping is disconnecting from Internet.

There is no such thing as secure email. Email of all types can be intercepted. Even if encrypted, the automated decoders will read it. An encrypted mail actually increasing the chances of interception. Better way is to hide the message in a normal text email message.

NWO is based on universal snooping. This is their guiding philosophy. So anybody wishing for privacy under NWO is haboring false hopes.

originally posted by: TXRabbit
The only messaging system that the NSA can't monitor?

The western world's snail mail is electronically sorted these days, the machine can be set up to eject any letter the NSA wants to have a look at.

Is the source code opened for the masses or for private eyes only ?

The emails may be stored in switzerland it will not make a difference.

a reply to: TheMasterOne

Good encryption is based on the fact that the algorithms etc are public so anyone can have a look and see if its secure (bring own propeller hat and nerd glasses).

The guys running this service:

A) Are almost clueless about security / encryption
B) Are scammers
C) Work for a three letter agency who is behind of the service as suggested by Sparky63.

Here is why:

1) They say:

We use only the most secure implementations of AES, RSA, along with OpenPGP.

Which in combination with the webmail thing reads as:

We create a public/private PGP key pair for you.
We will store them both in our servers encrypted using RSA by a password you set.
When you connect to the service and introduce your second password our awesome java script will decrypt the private key and will use it to read and write new emails.

The catch here is that as of today there are some doubts about RSA... just a random example:

www.reuters.com..." target="_blank" class="postlink">Exclusive: NSA infiltrated RSA security more deeply than thought - study

If/when the RSA part of the puzzle is solved, the rest does not matter anymore.

But even if NSA is unable to really break AES-256, there is another problem with it: password length, and the fact that ppl doesn't usually use 32 bytes passwords.

So the otherwise more secure PGP is rendered insecure by the application of these guys.

Then there are some other buzz words and technology mixup that seem to be there just to impress:

Everything in the systems of these guys in encrypted a lot of times even the HDs of the servers...
Why do they need to encrypt again if the emails are already encrypted by their owner?
Who enters the encryption passwords on the servers?
Why encrypting the hard drive if they are so well protected by the Swiss legislation?

Server side integrity checks...
Those server side security checks, are also checked? I mean if someone would get access to their super encrypted server and modify the open source code they are using but did not seem to have publish for public review, she would also modify the security checks... wouldn't she?

Swiss SSL... First time I hear of it... I bet it's a lot better than American SSL, and way better than African SSL... The Swiss one, for sure is invulnerable to things like the The Heartbleed Bug. Wait! SSL is a protocol and being initially developed by Netscape I think it should be called "Netscapian SSL". Meh.. what do I know, I don't have friends at CERN.

My recommendation for those who want encrypted email is just to read abot OpenPGP, install Thunderbird with the right plugin and enjoy free, secure emails. On Android you can use K-Mail and APG, both free as well.


Bonus content:

The ProtonMail Threat Model

1) Compromised User
OK, nice that they acknowledge this one.

2) Man-in-the-Middle (MITM) Attacks
So MITM, is not rare, is a very rare attack... far more attack that can tipically only be executed by a strong adversary... yeah like someone running a sniffer on the open wifi spot you are using, oh no... the government.

3. Unauthorized backdoor... so you'd think the attacker would try to modify the application to gain user's second password, right? They don't. There scenario is that he would send "bad encryption code to get unencrypted data". If the attacker had studied the same materials they did I wouldn't worry too much about him, really.
"The odds of this being successfully executed is indeed quite low."
Indeed... I think they are null.

Ok, they think about everything, they even: "blocked the username [email protected]"

Come on... these guys are a joke.

originally posted by: engvbany
If governments were capable of cracking all encryption, why do they create legislation that requires people disclose passwords when requested or they go to jail ? ... wikipedia.org/wiki/Key_disclosure_law



It is true to say given enough time any encryption can be cracked by a brute-force attack,

but the amount of time required to crack a 20 character alphanumeric* password is longer than the lifespan of the sun ...

www.grc.com/haystack.htm



[ * using upper and lower case letters ]

To make us 'believe' it's not possible to crack everything, they force us to give our passwords. If we don't, you can be assured that it won't stop the government getting it.

If they said outright : You don't have to use encryption or anything like that because we can crack anything that you can generate, do you think the response from the public would be positive? No, so they make us believe they can't do it.

I agree with you that it's quicker to get the password from the user than to crack it, but it's always an option if the info they want to get is that important. The time frame we get on cracking a 20 alphanumeric password is for common computers. We don't even have a clue what they have to crack those encryptions. Maybe they got a way to reverse engineer any type of encryption. I'm pretty sure it wont take that long...

Peace out

a reply to: grey580 I have Verizon email and It is encrypted I use to be able to use a packet capture app to find lost password in packets that were in plain text , now it is encrypted.

So its out of the NSA's grubby hands?

Why does the NSA "Approve" encryption? Why do they limit the bitness of encryption?

Take it form an IT professional - I've been doing this for 15 years, 8 in the Army. There is no hiding what so ever on the internet. I say again you cannot hide what you do online. Whatever you may be thinking there is a counter.

I don't buy this..... Anything can be hacked. If someone is smart enough to build something there is some one else that exists or will exist that will break it. Plus the little conspiracy theorist in me says what better way for the NSA to make sure that people who are worried about the NSA getting in their email then getting people to build something like this... The only safe thing is abstinence .... just like pregnancy and sex. If your worried about security and NSA getting info on you then stop putting stuff that you don't want then to see online...