@firefly@neon.nightbulb.net

Protonmail reminds me of Operation Rubicon.

Propagandists and useful idiots routinely pump Proton Mail as a champion of privacy. They will post links to articles in which some agency or foreign government has requested Proton Mail to hand over user data. Then the article will position 'Swiss privacy laws' as saving the day. This smells of mockingbird media agitprop meant to generate interest in Protonmail. If enough such articles are circulated, the gullible will believe they are protected by 'Swiss privacy' then flock to Protonmail as their 'privacy savior'.

Everything you need to know about so-called 'Swiss Privacy' we learned decades ago from Operation Thesaurus, AKA, Operation Rubicon. We learned that CIA operations and black budget banking are actually headquartered in the Swiss underground.

Operation Rubicon
https://en.wikipedia.org/wiki/Operation_Rubicon

Crypto AG
https://en.wikipedia.org/wiki/Crypto_AG

If you trust any third-party server to protect your privacy, you're a rube. If you trust Proton Mail to protect your privacy, you're a rube getting 'crossed' by the Swiss Rubi-con. Either you own your keys and your data on your computer or else you have no privacy. Someone else's promise that your data will be 'encrypted' so they can't decipher it is a hollow pledge. If you send any form of plaintext to a remote server, no matter how much they claim to encrypt it, you have zero assurance of data privacy. If you use an email server, even if you use end-to-end encryption, you have zero metadata privacy. Anyone can see WHO you are talking to even if they can't see the talk itself. Criminals and spooks are generally more interested in _who_ you talk to over _what_ you say. The _who_ is the most important piece of knowledge for their operations.

When using email for encrypted messages is always better for both parties to use their own email servers. Even better than that is to use a encrypted messenger through a Tor hidden service. The encrypted messenger must NOT rely on the Tor keys for the security of the encryption, but must first encrypt it using secret keys _before_ sending the data over the Tor network. Even with Tor, metadata unmasking is possible through monitoring and traffic correlation attacks. If you are a whistleblower or an at-risk person it is still far safer to send coded messages by other channels.

If you rely on Protonmail and similar services for high-risk communications you are taking a dangerous risk.

Watch the phan boiz rage outlet!

#Cryptography #Cryptology #Encryption #Crypto #Protonmail #CryptoAG #Switzerland #CIA

--
www.sybershock.com | sci.crypt | alt.sources.crypto | alt.lite.bulb

On Mon 22 Apr 2024 3:05 pm, SugarBug wrote:
> If you trust any third-party server to protect your privacy, you're a rube.
If you trust electronic comms you're a rube. Security is offline.

On Mon, 22 Apr 2024 17:07:19 +0000, Anonymous wrote:

> Security is offline.

And knowing whom you're dealing with.

--
Cri-Cri

Anonymous <nobody@yamn.paranoici.org> wrote:
>On Mon 22 Apr 2024 3:05 pm, SugarBug wrote:

>> If you trust any third-party server to protect your privacy, you're a rube.
> If you trust electronic comms you're a rube. Security is offline.

I doubt it. Offline, which means non-virtual interaction by
exchanging physical media, inevitably leaves much more traces than
electronic communication, to be exact asynchronous anonymous onion
routing as done with a combination of Tor & Mixmaster / YAMN. Just
think of fingerprints or DNA contamination of communication media, the
kind of paper, ink or printer and toner you use, the postoffice that
took delivery of your letter and so on. And I've no idea how to
create an anonymous real world reply channel as offered by our
nymservers. No, provided that your device isn't compromised anonymous
remailing is the best we have, state of the art in this field.

On a sunny day (Mon, 22 Apr 2024 22:12:13 +0100) it happened Yamn Remailer
<noreply@mixmin.net> wrote in <20240422.221213.b8e85811@mixmin.net>:

>Anonymous <nobody@yamn.paranoici.org> wrote:
>>On Mon 22 Apr 2024 3:05 pm, SugarBug wrote:
>
>>> If you trust any third-party server to protect your privacy, you're a rube.
>> If you trust electronic comms you're a rube. Security is offline.
>
>I doubt it. Offline, which means non-virtual interaction by
>exchanging physical media, inevitably leaves much more traces than
>electronic communication, to be exact asynchronous anonymous onion
>routing as done with a combination of Tor & Mixmaster / YAMN. Just
>think of fingerprints or DNA contamination of communication media, the
>kind of paper, ink or printer and toner you use, the postoffice that
>took delivery of your letter and so on. And I've no idea how to
>create an anonymous real world reply channel as offered by our
>nymservers. No, provided that your device isn't compromised anonymous
>remailing is the best we have, state of the art in this field.

With 2 TB micro SD cards homing pigeons are good for lots of data in a short time.
Of course adversaries can target the pigeon holders,
The next step is to add the info to the DNA of animals...
or just to the regular mail or objects as contamination..
;-)

On Tue, 23 Apr 2024 06:44:23 GMT, Jan Panteltje wrote:

> With 2 TB micro SD cards homing pigeons are good for lots of data in a
> short time.

Slower: Growing trees in the form of a QR code? ;)

--
Cri-Cri

On Mon, 22 Apr 2024 07:05:43 -0500
SugarBug <3883@sugar.bug> wrote:

> @firefly@neon.nightbulb.net
>
> Protonmail reminds me of Operation Rubicon.
>
> Propagandists and useful idiots routinely pump Proton Mail as a
> champion of privacy. They will post links to articles in which some
> agency or foreign government has requested Proton Mail to hand over
> user data. Then the article will position 'Swiss privacy laws' as
> saving the day. This smells of mockingbird media agitprop meant to
> generate interest in Protonmail. If enough such articles are
> circulated, the gullible will believe they are protected by 'Swiss
> privacy' then flock to Protonmail as their 'privacy savior'.
>
> Everything you need to know about so-called 'Swiss Privacy' we
> learned decades ago from Operation Thesaurus, AKA, Operation Rubicon.
> We learned that CIA operations and black budget banking are actually
> headquartered in the Swiss underground.
>
> Operation Rubicon
> https://en.wikipedia.org/wiki/Operation_Rubicon
>
> Crypto AG
> https://en.wikipedia.org/wiki/Crypto_AG
>
> If you trust any third-party server to protect your privacy, you're a
> rube. If you trust Proton Mail to protect your privacy, you're a rube
> getting 'crossed' by the Swiss Rubi-con. Either you own your keys and
> your data on your computer or else you have no privacy. Someone
> else's promise that your data will be 'encrypted' so they can't
> decipher it is a hollow pledge. If you send any form of plaintext to
> a remote server, no matter how much they claim to encrypt it, you
> have zero assurance of data privacy. If you use an email server, even
> if you use end-to-end encryption, you have zero metadata privacy.
> Anyone can see WHO you are talking to even if they can't see the talk
> itself. Criminals and spooks are generally more interested in _who_
> you talk to over _what_ you say. The _who_ is the most important
> piece of knowledge for their operations.
>
> When using email for encrypted messages is always better for both
> parties to use their own email servers. Even better than that is to
> use a encrypted messenger through a Tor hidden service. The encrypted
> messenger must NOT rely on the Tor keys for the security of the
> encryption, but must first encrypt it using secret keys _before_
> sending the data over the Tor network. Even with Tor, metadata
> unmasking is possible through monitoring and traffic correlation
> attacks. If you are a whistleblower or an at-risk person it is still
> far safer to send coded messages by other channels.
>
> If you rely on Protonmail and similar services for high-risk
> communications you are taking a dangerous risk.
>
> Watch the phan boiz rage outlet!
>
> #Cryptography #Cryptology #Encryption #Crypto #Protonmail #CryptoAG
> #Switzerland #CIA
>

@SugarBug
Much of what you say is perfectly valid. That said, there are
intermediate steps that people can take....not getting to complete
anonymity or perfect privacy.....but a step or two better than nothing!
(1) Anonymity. You can use mail addresses from MAIL.COM. When you do
this you also need to make sure that these mail addresses are only used
from public places (say internet cafes) so that both the email address
and the IP address are not linked to a single person. Of course the
RECIPIENT email address(es) might give the game away!
(2) Privacy. I'm always amused when people talk about "public key
infrastructure", say PGP and the like. Any group of people can set up
a Diffie/Hellman protocol. With this in place EVERY MESSAGE gets a
random throwaway shared secret encryption key. There are no published
keys anywhere....the keys are calculated when needed and then destroyed.
(3) E2EE. Any group using items #1 and #2 are giving the snoops MUCH
more work. Of course, snooping will not be impossible......but it
might be made very difficult, both on the privacy side and on the
anonymity side.....and without huge amounts of heavy lifting for the
users.

On 22/04/2024 07:05 SugarBug <3883@sugar.bug> wrote:
> @firefly@neon.nightbulb.net
>
> Protonmail reminds me of Operation Rubicon.
>
> Propagandists and useful idiots routinely pump Proton Mail as a champion of privacy. They will post links to articles in which some agency or foreign government has requested Proton Mail to hand over user data. Then the article will position 'Swiss privacy laws' as saving the day. This smells of mockingbird media agitprop meant to generate interest in Protonmail. If enough such articles are circulated, the gullible will believe they are protected by 'Swiss privacy' then flock to Protonmail as their 'privacy savior'.
>
> Everything you need to know about so-called 'Swiss Privacy' we learned decades ago from Operation Thesaurus, AKA, Operation Rubicon. We learned that CIA operations and black budget banking are actually headquartered in the Swiss underground.
>
> Operation Rubicon
> https://en.wikipedia.org/wiki/Operation_Rubicon
>
> Crypto AG
> https://en.wikipedia.org/wiki/Crypto_AG
>
> If you trust any third-party server to protect your privacy, you're a rube. If you trust Proton Mail to protect your privacy, you're a rube getting 'crossed' by the Swiss Rubi-con. Either you own your keys and your data on your computer or else you have no privacy. Someone else's promise that your data will be 'encrypted' so they can't decipher it is a hollow pledge. If you send any form of plaintext to a remote server, no matter how much they claim to encrypt it, you have zero assurance of data privacy. If you use an email server, even if you use end-to-end encryption, you have zero metadata privacy. Anyone can see WHO you are talking to even if they can't see the talk itself. Criminals and spooks are generally more interested in _who_ you talk to over _what_ you say. The _who_ is the most important piece of knowledge for their operations.
>
> When using email for encrypted messages is always better for both parties to use their own email servers. Even better than that is to use a encrypted messenger through a Tor hidden service. The encrypted messenger must NOT rely on the Tor keys for the security of the encryption, but must first encrypt it using secret keys _before_ sending the data over the Tor network. Even with Tor, metadata unmasking is possible through monitoring and traffic correlation attacks. If you are a whistleblower or an at-risk person it is still far safer to send coded messages by other channels.
>

I agree 100%. Use PGP or S/MIME on your own computer. Anyone that uses online encrypted e-mail services is a dunce.

Edward Teach <hackbeard@linuxmail.org> wrote:
>On Mon, 22 Apr 2024 07:05:43 -0500
>SugarBug <3883@sugar.bug> wrote:
>
>> @firefly@neon.nightbulb.net
>>
>> Protonmail reminds me of Operation Rubicon.
>>
>> Propagandists and useful idiots routinely pump Proton Mail as a
>> champion of privacy. They will post links to articles in which some
>> agency or foreign government has requested Proton Mail to hand over
>> user data. Then the article will position 'Swiss privacy laws' as
>> saving the day. This smells of mockingbird media agitprop meant to
>> generate interest in Protonmail. If enough such articles are
>> circulated, the gullible will believe they are protected by 'Swiss
>> privacy' then flock to Protonmail as their 'privacy savior'.
>>
>> Everything you need to know about so-called 'Swiss Privacy' we
>> learned decades ago from Operation Thesaurus, AKA, Operation Rubicon.
>> We learned that CIA operations and black budget banking are actually
>> headquartered in the Swiss underground.
>>
>> Operation Rubicon
>> https://en.wikipedia.org/wiki/Operation_Rubicon
>>
>> Crypto AG
>> https://en.wikipedia.org/wiki/Crypto_AG
>>
>> If you trust any third-party server to protect your privacy, you're a
>> rube. If you trust Proton Mail to protect your privacy, you're a rube
>> getting 'crossed' by the Swiss Rubi-con. Either you own your keys and
>> your data on your computer or else you have no privacy. Someone
>> else's promise that your data will be 'encrypted' so they can't
>> decipher it is a hollow pledge. If you send any form of plaintext to
>> a remote server, no matter how much they claim to encrypt it, you
>> have zero assurance of data privacy. If you use an email server, even
>> if you use end-to-end encryption, you have zero metadata privacy.
>> Anyone can see WHO you are talking to even if they can't see the talk
>> itself. Criminals and spooks are generally more interested in _who_
>> you talk to over _what_ you say. The _who_ is the most important
>> piece of knowledge for their operations.
>>
>> When using email for encrypted messages is always better for both
>> parties to use their own email servers. Even better than that is to
>> use a encrypted messenger through a Tor hidden service. The encrypted
>> messenger must NOT rely on the Tor keys for the security of the
>> encryption, but must first encrypt it using secret keys _before_
>> sending the data over the Tor network. Even with Tor, metadata
>> unmasking is possible through monitoring and traffic correlation
>> attacks. If you are a whistleblower or an at-risk person it is still
>> far safer to send coded messages by other channels.
>>
>> If you rely on Protonmail and similar services for high-risk
>> communications you are taking a dangerous risk.
>>
>> Watch the phan boiz rage outlet!
>>
>> #Cryptography #Cryptology #Encryption #Crypto #Protonmail #CryptoAG
>> #Switzerland #CIA
>>
>
>@SugarBug
>Much of what you say is perfectly valid. That said, there are
>intermediate steps that people can take....not getting to complete
>anonymity or perfect privacy.....but a step or two better than nothing!
>(1) Anonymity. You can use mail addresses from MAIL.COM. When you do
>this you also need to make sure that these mail addresses are only used
>from public places (say internet cafes) so that both the email address
>and the IP address are not linked to a single person. Of course the
>RECIPIENT email address(es) might give the game away!

For that purpose we do have nymservers, controlled through anonymous
remailers.

>(2) Privacy. I'm always amused when people talk about "public key
>infrastructure", say PGP and the like. Any group of people can set up
>a Diffie/Hellman protocol. With this in place EVERY MESSAGE gets a
>random throwaway shared secret encryption key. There are no published
>keys anywhere....the keys are calculated when needed and then destroyed.

How will you implement DH key negotiations while preserving the
anonymity of both participants?

>(3) E2EE. Any group using items #1 and #2 are giving the snoops MUCH
>more work. Of course, snooping will not be impossible......but it
>might be made very difficult, both on the privacy side and on the
>anonymity side.....and without huge amounts of heavy lifting for the
>users.

Let each participant set up an anonymous mail account at a nymserver,
exchange public keys with the initial mail message and from then on use
Whole-Message-Encryption. Problem solved.

Have a look at the Wikipedia section about anonymous remailing
(https://en.wikipedia.org/wiki/Anonymous_remailer), which currently is
no more than an empty shell and urgently needs an update adding all the
software projects this still most secure and universally applicable
method of anonymous communication bases on (Mixmaster, YAMN,
Quicksilver, OmniMix).

https://en.wikipedia.org/wiki/Mixmaster_anonymous_remailer

| Original author(s) Lance Cottrell
| Developer(s) Len Sassaman and Peter Palfrader
| Stable release 3.0 / March 3, 2008
| Type Anonymous remailer
| Website http://mixmaster.sourceforge.net/

e.g. makes you think that anonymous remailing is dead, which is dead
wrong. Mixmaster continues to work great, in addition we now have the
YAMN network, and there's client software, that allows a seamless
integration into your e-mailing workflow.

There's a comprehensive link list at https://danner-net.de/omd.htm#d05.

With these tools at hand implementing the Chaumian Mix network strategy
and onion routing there's no reason to rely on the integrity of any
service provider. So better stay away from all these dubious con men
and their questionable promises.

A Remailer User <remailer-user@somewhere.invalid> wrote:

> Edward Teach <hackbeard@linuxmail.org> wrote:

>> Much of what you say is perfectly valid. That said, there are
>> intermediate steps that people can take....not getting to complete
>> anonymity or perfect privacy.....but a step or two better than nothing!
>> (1) Anonymity. You can use mail addresses from MAIL.COM. When you do
>> this you also need to make sure that these mail addresses are only used
>> from public places (say internet cafes) so that both the email address
>> and the IP address are not linked to a single person. Of course the
>> RECIPIENT email address(es) might give the game away!
>
> For that purpose we do have nymservers, controlled through anonymous
> remailers.
>
>> (2) Privacy. I'm always amused when people talk about "public key
>> infrastructure", say PGP and the like. Any group of people can set up
>> a Diffie/Hellman protocol. With this in place EVERY MESSAGE gets a
>> random throwaway shared secret encryption key. There are no published
>> keys anywhere....the keys are calculated when needed and then destroyed.
>
> How will you implement DH key negotiations while preserving the
> anonymity of both participants?
>
>> (3) E2EE. Any group using items #1 and #2 are giving the snoops MUCH
>> more work. Of course, snooping will not be impossible......but it
>> might be made very difficult, both on the privacy side and on the
>> anonymity side.....and without huge amounts of heavy lifting for the
>> users.
>
> Let each participant set up an anonymous mail account at a nymserver,
> exchange public keys with the initial mail message and from then on use
> Whole-Message-Encryption. Problem solved.
>
>
> Have a look at the Wikipedia section about anonymous remailing
> (https://en.wikipedia.org/wiki/Anonymous_remailer), which currently is
> no more than an empty shell and urgently needs an update adding all the
> software projects this still most secure and universally applicable
> method of anonymous communication bases on (Mixmaster, YAMN,
> Quicksilver, OmniMix).
>
> https://en.wikipedia.org/wiki/Mixmaster_anonymous_remailer
>
> | Original author(s) Lance Cottrell
> | Developer(s) Len Sassaman and Peter Palfrader
> | Stable release 3.0 / March 3, 2008
> | Type Anonymous remailer
> | Website http://mixmaster.sourceforge.net/
>
> e.g. makes you think that anonymous remailing is dead, which is dead
> wrong. Mixmaster continues to work great, in addition we now have the
> YAMN network, and there's client software, that allows a seamless
> integration into your e-mailing workflow.

Are you aware of
http://en.wikipedia.org/w/index.php?title=Anonymous_remailer&diff=prev&oldid=260821642

There's obviously someone who aims at dampening awareness of anonymous
remailing, which makes it even more attractive, at least to me.

Anyone out there with a Wikipedia account willing to update the remailer
section with contents we put together here? For years nobody took steps
against such blandant censorship. Isn't it time to put things straight?