I made a Proton mail account and opted out of the backup email part. I saved my password and did everything correctly and still couldn't get back in. I'll try again to recreate what happened and why but I'm not giving them a backup email address. 🤷🏻♂️
For what purpose? For protecting your communications from malicious actors in foreign countries? Maybe. For keeping your communications private from illegal government searches? Nope.
I wouldn't trust any app for the second purpose that I or someone I trust has read through the code to ensure there is no backdoor and no copies of the encryption key sent somewhere and stored.
I'm not really familiar with Signal or Proton Mail, but encryption as a service is kinda oxymoronic. The way to make encryption secure is to not have the service involved in the encryption in the first place. I guarantee that if the FBI went to Proton mail and said "we demand you search all email for certain keywords or phrases or from this address and give us the data" that they would get it.
For real, secure, encryption it doesn't matter what email you use. Use gmail, who cares. The encryption and decryption would take place on your phone and gmail sees gibberish random letters. You'd just need an app designed to encrypt and decrypt the messages with a pre-shared key you setup with the other person ahead of time. Since Google doesn't have your encryption key then they can't read your email. The government can come threaten to shutdown Google if they don't decrypt your email, but it will be impossible because they don't have the key. The only way to decrypt the email would be to obtain your phone or the other persons phone and open the app. No other way as long as you didnt write the key down and leave on your desk and they raid your house and find it.
I don't know of such an app, but it probably does exist because it wouldn't be hard to make. Just have to make sure you trust the person who wrote it. Would be easy for them to put in a backdoor that sends the key and your data somewhere.
My problem is that I don't even trust the hardware itself. How do we know there isn't some kind of spy software installed on all of it? I'm not trying to pretend to be an expert here, I legitimately don't know. But if that's possible, then it won't help you to encrypt your message using software. You would want a separate offline device to encrypt the message and then you would type the already encrypted message in yourself.
But in any event my thought is that sensitive communication should be minimal over the internet and can probably hide in plain sight through regular services (just use coded language in what looks like an ordinary e-mail that's not trying to hide).
Total moron here with tech though so I don't know.
You could use a firewall to monitor traffic and see if there's any unexpected traffic, but yes, you're right, don't know what backdoor could be on hardware or in the OS. There are rooted versions of phone OS and android has open source variations so there is a pretty reasonable to say if there were people would have found them.
Pede who sounds like they know what they are talking about:
(1) Signal - Yea or Nay (2) Proton Mail - Yea or Nay
If not, then what?
I made a Proton mail account and opted out of the backup email part. I saved my password and did everything correctly and still couldn't get back in. I'll try again to recreate what happened and why but I'm not giving them a backup email address. 🤷🏻♂️
For what purpose? For protecting your communications from malicious actors in foreign countries? Maybe. For keeping your communications private from illegal government searches? Nope.
I wouldn't trust any app for the second purpose that I or someone I trust has read through the code to ensure there is no backdoor and no copies of the encryption key sent somewhere and stored.
I'm not really familiar with Signal or Proton Mail, but encryption as a service is kinda oxymoronic. The way to make encryption secure is to not have the service involved in the encryption in the first place. I guarantee that if the FBI went to Proton mail and said "we demand you search all email for certain keywords or phrases or from this address and give us the data" that they would get it.
For real, secure, encryption it doesn't matter what email you use. Use gmail, who cares. The encryption and decryption would take place on your phone and gmail sees gibberish random letters. You'd just need an app designed to encrypt and decrypt the messages with a pre-shared key you setup with the other person ahead of time. Since Google doesn't have your encryption key then they can't read your email. The government can come threaten to shutdown Google if they don't decrypt your email, but it will be impossible because they don't have the key. The only way to decrypt the email would be to obtain your phone or the other persons phone and open the app. No other way as long as you didnt write the key down and leave on your desk and they raid your house and find it.
I don't know of such an app, but it probably does exist because it wouldn't be hard to make. Just have to make sure you trust the person who wrote it. Would be easy for them to put in a backdoor that sends the key and your data somewhere.
Thanks for reply. I know nothing except surface level tech knowledge. I built my PC and have a Steam account -- tech résumé complete.
My problem is that I don't even trust the hardware itself. How do we know there isn't some kind of spy software installed on all of it? I'm not trying to pretend to be an expert here, I legitimately don't know. But if that's possible, then it won't help you to encrypt your message using software. You would want a separate offline device to encrypt the message and then you would type the already encrypted message in yourself.
But in any event my thought is that sensitive communication should be minimal over the internet and can probably hide in plain sight through regular services (just use coded language in what looks like an ordinary e-mail that's not trying to hide).
Total moron here with tech though so I don't know.
You could use a firewall to monitor traffic and see if there's any unexpected traffic, but yes, you're right, don't know what backdoor could be on hardware or in the OS. There are rooted versions of phone OS and android has open source variations so there is a pretty reasonable to say if there were people would have found them.