Finally, Debian has ditched OpenPGP for repository signing in favor of Ed25519 with SHA512. This is a step ahead for privacy and security. You can see the article here.
As @anon123@lemmy.ml pointed out, the following issues about PGP are not specifically related to Debian article I linked.
- No authenticated encryption.
- Receiving a signed message means nothing about who sent it to you
- Usability issues with GnuPG
- Discoverability of public keys issue.
- Bad integration with emails.
- No forward secrecy.
There’s usuful documentation about it:
I searched for both ProtonMail and RiseUp features, I not found relevant differences. However, I never used RiseUp, maybe I’ll try.
Nonetheless, Signal minimize the metadata. You can see here they received a subpoena from the United States Attorney’s Office in the Central District of California. However, they only provided two type of data:
The entropy of data collected is very minimal.
it’s not made for anonymity, but it’s still a private application.
In my opinion (just my opinion, so you can skip this part) signal it’s safe to use for 99% of users.
Signal is generally fine, which is why I use it. Strangers is always risky to talk to, though.
ProtonMail is not even close to R!seUp, Disroot, Ctemplar and other providers. ProtonMail only leverages the name of Switzerland to look appealing. You can read on email providers here https://digdeeper.neocities.org/ghost/email.html
Hi. I read the article. Specifically, the section about ProtonMail, RiseUP and disroot. I understand your point. ProtonMail has surely many issues.
–
Sincerely, I’m glad I don’t have to use email for communication, there are better alternatives like E2EE. Even using the most secure email provider your communication still leaks metadata. Actually, also E2EE leaks metadata, but the encryption protocol it’s way better than PGP.
You can see the metadata leaked by element here.
–
A question not related to this topic: there are communities dedicated to Opsec here?
Anyway, good discussion. :)
E2EE is not a protocol. It just means “end to end encryption”. Signal, OpenPGP, Wire, OMEMO, etc all fit the description.
In my understanding E2EE is a protocol.
E2EE seems like a too generic term to be a protocol. Things like UUCP, NNTP, SMTP,IMAP4 are protocols for which RFCs exist. https://tools.ietf.org/rfc/index
Hi, E2EE it’s quite common described as protocol, even on wikipedia or here, for example. However, I understand your point. Thank you for the useful link. :)
Sorry here, but any source you provides shows E2EE as part of the name not as a name itself for the protocol.
To be exact, the first tells Signal protocol all the time or “how Signal provides E2EE” stating that E2EE is an abstract concept and not an encryption protocol.
I think this is a similar misread in a bigger situation that the people believing that LZMA (even when described by people or in the description of the name) is an algorithm, when it is a method (protocol but other kind).
It is a bigger situation because of the reasons why is being misread.
In this last source, shows the same “an E2EE Scheme of Line”. Again, E2EE as a abstract concept in a super-entity, not an encryption protocol.
Edited: maybe the issue is what you understand as protocol.
Protocol here is not the raw abstract concept, in every case the word is being specific toward the specification of an encryption scheme.
I attach a Wikipedia article that is a good basis for it https://en.m.wikipedia.org/wiki/Cryptographic_protocol
Hi, Thank you for helping me to understand. I surely look at the article you linked. :)
WTF
I do not think so, and even on reddit, r/opsec is very vague. For this reason, I have a guide for it https://lemmy.ml/post/34223 and have been trying to bring a change in the privacy community and in the culture to make it a pro libre and pro privacy culture via r/privatelife and c/privatelife.
I have helped a lot of people successfully, and continue to try and help communities and individuals in a hope for a changed future.