#Protonmail is not a #privacy silver bullet.

https://tilde.town/~kzimmermann/articles/protonmail_is_not_silver_bullet.html

Nobody should be surprised when such services share data with law enforcement. After all, they must comply with the jurisdiction they operate in if they want to keep in business. So why so many people still think they can outsource their #encryption and never think about it again?

Post 25 in my #100DaysToOffload challenge

@kzimmermann “What ended up getting Connally was that his ProtonMail email was also registered with his Instagram account using the same exact name. Since Instagram keeps IP address logs on all its users, federal agents were able to ping his IP address to a property that he had previously rented. If Connally had invested in a decent VPN service… law enforcement may have never located him.”

Not, of course, that I’m encouraging breaking the law. Just putting things in perspective. 😄

@dianoetic @kzimmermann #Protonmail has the same vulnerability to subpoena power that #Hushmail has: the server can push malicious javascript that grabs whatever the server admin wants, including but not limited to the private key. There is a defense that's possibly in reach for normies-- running #ElectronMail over Tor, which uses static (potentially reviewed) javascript that's anonymously downloadable.