Part of the issue is that the bar for subversive activities in the eyes of western law enforcement seems to be getting lower and lower. I don't know the specifics of this case, but it seems many authorities are also not shy about using these methods to identify and track peaceful protesters as well.
while i agree this is a problem, this is something that isn't to blame on protonmail (or any other company following the law). This is something that should be changed through politics/lawmaking.
Honest question, because I've been asking it of myself: what do you expect from such a service?
I basically decided to just give up. Email is an insecure protocol and there's not much that can be done about it. Choosing a "secure" email provider feels like choosing a "secure" VPN provider: it's impossible to verify the provider's claims so it's a kind of security theatre.
It's impossible to choose a "secure" email provider, unfortunately.
Email can't guarantee E2EE without a block cipher tool like GPG. Even if your provider stores and transmits only encrypted email data, once sent it does not maintain that guarantee while being passed by another entity's MTA.
If you email google, google gets to do whatever googly stuff it would like to do with its algorithm.
If you email exchange, roundcube, ISP, hotmail, it could wind up being archived to tape, or simply be sitting for a long time in some unencrypted mail spool, maybe in a public cloud.
If you selfhost, you would be forgiven if you find you have made a mistake or simply got pwned.
I've never selfhosted email, but I understand it is a lot of work to set up if you aren't familiar, and while maintenance is okay once you get rolling, there are occasional emergencies or hiccups that require intervention.
Aside from being much slower, regular mail is quite better since you can easily inspect the envelope for evidence of tampering, while email will be imperceptibly copied.
> Even if your provider stores and transmits only encrypted email data, once sent it does not maintain that guarantee while being passed by another entity's MTA.
What? If Alice encrypts an email to Bob, using Bob's PGP key on her laptop, then it doesn't matter how many MTAs that email passes through, the email stays encrypted at every hop.
> it could wind up being archived to tape
I guess you're saying that an encrypted email could travel through a provider that keeps a copy of it in the hopes that quantum computers will one day be cheaply available enough that they can crack the private key and read the email.
That seems expensive (and illegal) for a company to do just on a whim (assuming the sender and recipient are periodically deleting old emails), and I'd like to think that a judge would turn down a request for a warrant that covers data that won't be readable for a decade or more.
Yes, you have to bring your block cipher unless you are 100% sure all the MTAs are using your e2ee scheme.
>I guess you're saying that an encrypted email could travel through a provider that keeps a copy of it in the hopes that quantum computers will one day be cheaply available enough that they can crack
No, I'm saying when you send the email, the next MTA might not use encrypted transport and any mailbox/mail spool/cache might not store the data encrypted in any way.
You can of course get E2EE if you use GPG (you always could), but if somebody doesn't know how to use GPG or uses it wrong, that is problematic.
You can also just broadcast your gpg block message via public/ham radio or even hire a skywriter to spend his day tracing out your GPG cyphertext as a huge QR code in the sky :-)
> I basically decided to just give up. Email is an insecure protocol and there's not much that can be done about it. Choosing a "secure" email provider feels like choosing a "secure" VPN provider: it's impossible to verify the provider's claims so it's a kind of security theatre.
Notionally, I would imagine something that looks like "email" and acts like "e-mail" (to the end user) could eventually exist that provides the same (conceptual) security that the Signal protocol provides (and perhaps a hosting provider option that's the same level of user confidentiality that we get the Signal foundation), although you're correct that foundationally it would be a different protocol. Backwards-compatibility would be required, at least for seamless transition (perhaps represented as "secure" and "plaintext")
Wasn't Ladar Levison (the individual behind Lavabit) working on something like this? https://darkmail.info/
A number of features I expect from e-mail seem rather between hard up to impossible to achieve if you insist on the "your server cannot be trusted, either" model of operations, though:
- The ability to login from multiple devices (using both dedicated clients and webmail) and subsequently being able to immediately access all my old messages, too.
- Global filtering, tagging, folders, read/unread tracking etc.
- Full-text search that doesn't require downloading all messages to your local device beforehand.
For this specific issue, find a provider that can be accessed through Tor.
But if you want truly private and secure communication, you'll have to forget about email. Even with encryption there's still way too much metadata floating around that can identify you.
I agree that one should not use it for private comms. But many people have to use it, and they would rather not use a provider like MS or Google. For those people, mailbox.org is a good offering (IMO).
Your own self-hosted service on rented server / cloud instance?
AFAIU (IANAL!!!) you can refuse to give evidences against yourself in most jurisdictions.
I don't thinks that dedicated server provider (like Hetzner) or cloud provider (like Digital Ocean or Vultr) stores traffic logs with enough details to be useful in such case.
You can't be compelled to incriminate yourself, but your server provider can very much be compelled to give access to the server. And once the server is physically compromised the battle is lost, anyway, but in that case probably with a larger papertrail leading to you.
One expensive but possible option would be to build a server yourself with sufficient traps to shut off when it's tapered with. Then set it up with full disk encryption and put it in a shared rack.
Dedicated server (with standard hardware) can be prepared to be almost tamper-protected, for almost everything realistic attacks. Yes, it will be prone to freeze memory (physical freeze, with liquid nitrogen or liquid helium), but I don't think that it is what police in any country will do.
But as sibling comment mention, it can be seen as destroying of evidences in many jurisdictions :-(
What would be the benefit of being in a shared rack? Wouldn't the service provider still know which physical system is yours if you only rented a 1/2/3U space? (Or is there an advantage at a network layer?)
The shared part is only for pricing, since renting a full rack for a single server is a bit overkill :)
Going for a rack has the advantage that you own the hardware and can install the anti-tamper measures so that the server can't be turned against you. Anonymity wise, renting a server makes things a lot easier.
In most jurisdictions you can refuse to testify against yourself but you are still required to give up all physical evidence against yourself if an appropriate warrant requests them, the immunity only applies to things in your mind.
Things like hiding or destroying evidence of a crime generally are separate crimes of which you can be convicted even if you're acquitted of the original crime (e.g. burying a corpse in the woods or throwing a gun in the river).
Destruction of evidence with the intent to hide it from prosecution also may enable so called 'adverse inference' where essentially the jury/judge can assume that the destroyed evidence actually showed what the prosecution intended to find there. For example, if you're being prosecuted for possession of child sexual abuse material, there's a warrant for your hard drive, but it gets fully destroyed because you have rigged some device to destroy it (and the prosecution proves that you did that with the intent to destroy evidence) then the court may take it as a fact that the hard drive did indeed contain CSAM and treat it as sufficient evidence to convict you.
In short, self-hosted service on a rented service does not provide much protection.
Anything that you access using thunderbird with GPG configured?
It gives no worse privacy guarantees than protonmail and possibly way better - because if you use protonmail through a web client and they get a court order to serve you a "special" client that forwards your certificate you won't notice it.
One option not mentioned yet is Posteo. They don't keep your IP and strip it in case your mail client sets it in the headers. They also don't take any personal identification for signup or billing (you can even send them letters with money to pay for a mailbox).
I don't know what came of it, but they've been told by the German constitutional court that their approach ("we're using NAT, we don't know the IP on the actual server") doesn't fly and does not protect them from complying with a court order.
