Quote:
Originally Posted by TenFour
It has nothing to do with politics.
|
It is directly related to politics in so many ways, this forum is not big enough to cover the issues and history of it. If you're interested, use your favorite search engine to read about the origins and controversies, lobbying groups and proposed revisions to the GDPR, HIPAA, US Privacy Act, GLBA, FISMA, NIST 800-171, CCPA, EU-US Privacy Shield Framework, etc. Also look up basic info about Five Eyes, Nine Eyes, Fourteen Eyes and other similar alliances around the globe along with how those countries execute warrants, gag orders, and how their court systems work re: privacy issues. While you're at it, spend some time looking into the potential upcoming encryption legislation in the US, Australia, and Germany, and the history and reasons behind the banning of certain services and protocols in various countries like China and Russia. That's a good start. Then when you get a chance, take a look at the technical/maths behind how encryption works, from TLS to OpenPGP, symmetric and asymmetric approaches, the standards, algorithms, vulnerabilities, and history of how those work and have been improved and validated and tested and retested and improved over the years, along with open source software and how auditing works.
Quote:
Originally Posted by TenFour
Google and the others want to target ads to you and they do so by gathering information about your online activity.
|
Of course, this isn't in question. This is one side of the story, and if you look into lobbying groups above, and the authors behind some of the proposed legislation around the globe, you'll also see that it is also profoundly related to politics.
But even if it were JUST about Google's business model, why choose to continue to use their services if you know they are building and using and researching and selling a profile about you? An ad blocker will block only the tiniest fraction of the profiles that Google, Microsoft, Facebook, etc., are all building on you. But yes, an ad blocker is a perfectly good small step.
Quote:
Originally Posted by TenFour
By the way, I wouldn't be surprised if using ProtonMail makes you more vulnerable in some ways to snooping. It certainly paints a red marker on you that you are someone who is worried about your privacy and I suspect major governments have ways of getting at your emails if they want to.
|
If any government wants to get a valid court order to get their hands on my emails with my sibling about my travel plans this summer, or what gifts my nieces and nephews might want for their birthdays, those governments can waste the time and resources to do so. At least those plans won't be sitting in a Google profile.
And on a related note, every security expert that I've read has acknowledged that the real bad guys have easy access to far more private communication channels, not to mention tools on the dark web, to carry out their plans. ProtonMail is a "consumer" encryption product that doesn't tolerate illegal activity and they cooperate with valid court orders, just like all the other legit encryption email services (just read their TOS!), so they are not infested and crawling with criminals and evil-doers, and it's just FUD to paint a picture that using such services marks you or makes you a government target. Of course there will always be bad guys using any service, including ProtonMail and GMail and Facebook and FastMail and Yahoo Mail and Tutanota and everything in between. The vast majority of ProtonMail users are normal human beings who want more privacy, and ProtonMail helps them achieve a degree of that. Used wisely with your circle of contacts, so can FastMail and Runbox and any of many paid email providers, using PGP or no PGP. Even just FastMail to FastMail is vastly better than using GMail. Various governments already CAN and WILL get access to what they legally want on those platforms, so the real red flag are people using the dark web and other tools.
And the argument that all email is insecure and therefore all this effort doesn't matter is immaterial to this discussion, because that's a security question, not a privacy question. But if we want to talk security, I'll still take ProtonMail over Google any day. The idea that you need a vast army of private developers versus a small company like ProtonMail is silly -- ProtonMail and similar services benefit from the vast number of developers in the open source community and didn't build their platforms by themselves.
The use of ProtonMail is not a magic wand as I've said, but it can absolutely reduce your footprint, rather than just handing over your content to the processors and peddlers of profiles. Used intelligently with several other approaches like limiting or eliminating social media, using a VPN, etc., etc., you can manage your digital footprints much better and minimize your profiles. No one ever said you could *eliminate* your profile. ProtonMail obviously doesn't suddenly make you go off the grid, no one has suggested that. It's all gradations of privacy. If you're informed about what's going on, you can make better choices about what suits your preferences and needs.
Somehow some people have gained the incorrect impression that ProtonMail is some panacea that solves all their problems. It doesn't. In that I agree with you. It's just one tool, one step. My whole first response in this thread was very much about the shades of privacy. But definitive proclamations that encryption services like ProtonMail are useless and a waste of money are missing what ProtonMail CAN successfully be used for. If you are trying to escape the notice of nation states going after you, then ProtonMail is not the solution. But if you are trying to limit your exposure to the giant profile processing machines, it is a great tool in your arsenal, one among other tools. My first post was quite a bit about gradually expanding your circle of contacts into more private communications as one step in a longer process. And my first point was, if no one uses these kinds of privacy services in your circle, why not be the first person in your circle that tries to make a difference?
Quote:
Originally Posted by TenFour
I do wonder how good security really is at some of these small, supposed privacy-oriented email providers.
|
Again, security is a different discussion, but I'll take an open source audited platform (depending on what encryption service we are referring to, each has different aspects of open source they use and/or have audited), over a closed-source proprietary system that has a long history of data breaches, leaks, "research" in profile algorithms that wind up used in political campaigns, and blanket government surveillance, any day of the week.
Anyway, it's clear we disagree and you are of course more than welcome to keep using services like GMail with all the ad blockers in the world. GMail has tons of features and is a mature, convenient platform, that's why so many people use it. Go for it. That works for you, and demonstrates that people can and do differ on their approaches and reach different conclusions about what really matters. Cheers!