Also automatic PGP Encryption for messaging on orders
↑View previous replies…
- Joined
- Oct 1, 2023
- Messages
- 9
- Reaction score
- 5
- Points
- 3
- By JankyCoyote
Ew! No! This is a bad idea. It requires a third party to hold your private key which means if that third party is ever breached (law enforcement action, black hat hackers, turncoat employee, etc.) anyone and everyone who used the service has their private key compromised. Always ALWAYS encrypt your communications yourself on your own hardware and avoid anybody who does not (because if they get compromised, your communications with them are also compromised.
- Language
- 🇺🇸
- Joined
- Oct 17, 2023
- Messages
- 87
- Reaction score
- 98
- Points
- 18
- Deals
- 21
they can have acces to the server and encrypted message ,but with my private key and pass. i decrypt the message in my offline app .The message wich i decrypted it will never reach autorithies because only i can see the message in a simple text document and i never save in my perssistent storage .
Maybe i didn t understang very well and i appologize .
And i don t want to beleive the are people that decrypts their messages online and also i don t want to beleive that someone could create their PGP online .
Always use an Amnesia operating system , I'm not a professional in this case ,but i think if you search enough to make yourself a good OPSEC you will find a lot of details that can help you a lot . BE Safe bros!
Maybe i didn t understang very well and i appologize .
And i don t want to beleive the are people that decrypts their messages online and also i don t want to beleive that someone could create their PGP online .
Always use an Amnesia operating system , I'm not a professional in this case ,but i think if you search enough to make yourself a good OPSEC you will find a lot of details that can help you a lot . BE Safe bros!
- Joined
- Jun 24, 2021
- Messages
- 1,643
- Solutions
- 2
- Reaction score
- 1,748
- Points
- 113
- Deals
- 666
- By HEISENBERG
-
29 Feb
What's the point of this? Law enforcement will still read everything they need to if they find the servers. The problem with encrypting data online is that encrypted data is transmitted to the server already encrypted. If you send unencrypted data to the server and encrypt it on the server, it means that anyone with physical access to the server can intercept the unencrypted packets.
↑View previous replies…
- Joined
- Oct 1, 2023
- Messages
- 9
- Reaction score
- 5
- Points
- 3
Enabling auto-encription (like ProtonMail does) requires you to share your private key with the server. LE actually prefers this because it gives them a single target to gain access to numerous (anybody who used the auto-encrypt service) private keys and, by extention, access to anything sent or recived by, and even ability to pose as, the original owner of the keys. It's a horrible idea and should never be implemented. You should ALWAYS encrypt on your own hardware and avoid anybody who does not.
- Joined
- Jun 24, 2021
- Messages
- 1,643
- Solutions
- 2
- Reaction score
- 1,748
- Points
- 113
- Deals
- 666
- By HEISENBERG
-
03 Mar
Then what is the point of encryption if the server owner owns all the private and public keys? Who is the data encrypted from?
The question is rhetorical. It is unequivocal that in any implementation of text encryption "on the fly" using PGP is not safe for anyone.
The question is rhetorical. It is unequivocal that in any implementation of text encryption "on the fly" using PGP is not safe for anyone.
- Joined
- Oct 1, 2023
- Messages
- 9
- Reaction score
- 5
- Points
- 3
Precicely! It's the same reason having an email exchange with anyone who uses ProtonMail is so frowned upon. Since they offer auto-encryption, you can't tell if the other party is using proper opsec and encrypting on their own hardware, or if they are using auto-encryption, putting the entire conversation at risk of exposure if LE ever takes an interest in Proton's servers.
And, yes, I'm spelling that out for anyone else who's reading. I can't imagine it would be new information to you.
And, yes, I'm spelling that out for anyone else who's reading. I can't imagine it would be new information to you.
- Language
- 🇺🇸
- Joined
- Apr 1, 2023
- Messages
- 62
- Reaction score
- 43
- Points
- 18
- Joined
- Jun 24, 2021
- Messages
- 1,643
- Solutions
- 2
- Reaction score
- 1,748
- Points
- 113
- Deals
- 666
- By HEISENBERG
-
07 Mar
Proton cooperates with law enforcement agencies and makes no secret of the fact that it passes user data to them if they receive such a request. Who decided that this is a safe way to exchange messages?
- Joined
- Oct 1, 2023
- Messages
- 9
- Reaction score
- 5
- Points
- 3
Lets assume you (Agent1) have amazing op-sec on your end. Agent1 encrypts/decrypts using only their own hardware and are the only one who has access to their private key. Agent1 is talking to someone (Agent2) who uses Proton. Agent2 has decided to use the auto-encrypt feature that Proton offers. Agent2 comes to the attenttion of LE for possible illegal dealings, so LE files a legal request with Proton for any information they have on Agent2. Proton complies and sends them all stored information they have. This includes the private encryption key and any stored emails. Using Agent2's private key they can now read the entire conversation Agent2 had with Agent1. In fact, since LE now has Agent2's private key, they can pose as Agent2 to try and build a case against Agent1.
This gets even worse if LE decides to simply seize Proton's servers, giving them access to anobody's (who used the auto-encrypt feature) private keys and conversations. This has happened with a couple marketplaces already (LE seized the marketplace and continued to run it as an exit scam both to steal money and get as much user information as possible).
Because Proton encourages users to practice poor op-sec (use their auto-encrypt feature) it is simply a good idea to avoid exchanging emails with people who use Proton accounts, even if you don't use it yourself.
This gets even worse if LE decides to simply seize Proton's servers, giving them access to anobody's (who used the auto-encrypt feature) private keys and conversations. This has happened with a couple marketplaces already (LE seized the marketplace and continued to run it as an exit scam both to steal money and get as much user information as possible).
Because Proton encourages users to practice poor op-sec (use their auto-encrypt feature) it is simply a good idea to avoid exchanging emails with people who use Proton accounts, even if you don't use it yourself.
Last edited:
- Language
- 🇺🇸
- Joined
- Oct 17, 2023
- Messages
- 87
- Reaction score
- 98
- Points
- 18
- Deals
- 21
- Language
- 🇺🇸
- Joined
- May 27, 2023
- Messages
- 33
- Reaction score
- 19
- Points
- 8
what about simply using services that allow you to create notes which self-destruct after opening once?
for sending shipping details of course
for sending shipping details of course