Our valued sponsor

Proton VPN helps to gain back the freedom in Hong Kong for private mail and Internet activity.

In technology there is no 100% secure system:

- It may be for the first weeks or months until there is somebody/something smart enough to break it, in the most complicated and smart way or the most stupid simple way that nobody ever think about it.
- Most of the patterns are, they are attacked continuously when they become popular and suddenly all the attacks stop and next is "business as usual", "bad guys" are in, and no matter how many fixes and changes or upgrades, they are well structured and organized to get their access back. Yes proton email is being attacked several times in the past and the successful ones probably are not the ones sitting in a basement or dormitories, they are well funded and organized and they are not into getting popular and being recognized by the world. For them there are many methods to attack infrastructure and sometimes they don't even need to target the end user front end service.
- Proton email and later vpn services have a lot of attention in the last years "for their good security"; good guys "fighting the system and trying to publish the true" are there, bad guys are there, others doing other things (bad or good) are also there, etc... information is power... do you have any data that needs to be kept with the highest security levels and only "you" should access? "welcome to proton email and vpn services ;)" -> lets jump into conspiracy
- Millionaires psychopaths looking for more power, groups of people with money looking for power, governments looking for power and control, government organizations looking for power and control, trying to stay one step ahead, catching secrets... what will stop them to create an email service for anybody "very secure"?, reputation can be created in some way, just have patience in 2 or 3 years, maybe less or more.
- Want to make it more credible?, locate it in a country that is stable, has relatively good laws and outside of the "bad America", .... After all you are just creating a service where people place their information and where in the backend you have control of everything.
- Those kinds of organizations or people don't have any problems hiding behind institutions like CERN or MIT or others. Same approach as creating the correct organization or structure for your new company ;)
- Auditors?, Laws?, PII Data?, Compliance?, Encryption in transit and at rest?, MFA?, you name it!, all these in your new service?, ha!, in IT and with automation you can setup pressing 1 button to enable compliance in all these, and also pressing another button to disable only the necessary and get access. Sometimes you don't even need to get access to all, you just code and setup analytics or ML/AI algorithms and the tools will tell you which accounts have "strange" uncommon things depending on what you are looking for (key words, patterns, strings, image recognition, algorithms for this, algorithms for that).
- They design it, they develop it and they implement it in production. They say a lot of things like maybe they use open source software (the community backs them), maybe they use a recognized enterprise software vendor, is anybody able to get access and prove it? is all just trust <- auditors?, will they review thousands lines of code?, yeah sure.... code quality and code security tools? <- they don't detect malicious application functionality, by the way who is going to find this and then judge that is malicious in your application logic "backend processes"?
- There are very high probabilities that it can be a honeypot trap and with the intention to use the information found in those accounts in benefit of different agendas, or just control, user profiling, secrets,...., and if there are actions to execute they are quietly and without attract too much attention in most cases, if not they will lose reputation and credibility in their precious honeypot trap, because people may realize this if is public.
- Just one more time, information is power -> secure email accounts have information, secure network traffic (vpn's) also have information. <- There is also classification of information, of course there is always somebody or some organization willing to pay for certain classified secret information found, personal or not, to monetize, to control, to get advantage, to track, to hide, to punish....

By the way I also have my email account in proton email :D:D:D to keep my false sense of security and be part of the nerd security cool vibe.

What are your thoughts on TOR?
 
What are your thoughts on TOR?
TOR may be a good tool, but you will need to combine it with others tools.... there were rumours around that TOR "is infected", in code, and/or in some of the nodes in the tor network; it began as a good project, but as everything that is good, soon or later is infected/infiltrated, controlled and watched.

What is interesting is that a very high percentage of the people still believe that "traditional" encryption is the only way, the only path, the absolute solution, and probably for most of us it is :D.
Have somebody ever ask why everything that needs to be secure needs to be in the way of "encryption"?, why we don't have a 2nd option as good as "encryption" but not encryption?, What if somebody/something can control or.....

If you search at this kind of information around, the trends, "the possibilities", "the ideas that comment that "in theory you could...", powerful organisations or powerful countries fighting to have the fastest supercomputers in the world, fastest supercomputers in the world may be able to unencrypt on the fly (until some defined bit encryption number), at some moment and with new ideas intel cpus are becoming a limitation to implement this ideas, so they jump into quantum computing, something that google, ibm, some universties and "the" previously mentioned are already experimenting <- they are playing in a different league while for us is still science fiction.

Funny thing is that AWS cloud services, Azure cloud services, IBM Cloud and Google Cloud services are already offering this quantum computing service and is open to the public.

and can be related to security and encryption :)
 
  • Like
Reactions: tacokai
Funny thing is that AWS cloud services, Azure cloud services, IBM Cloud and Google Cloud services are already offering this quantum computing service and is open to the public.
beside you are going totally off topic then you mention large corporations known to give information's to all governments by default.

ProtonVPN and ProtonMail may not be the most secure if you are a hard core terrorist or it may be, who knows. At least I trust them more then any US company.
 
  • Like
Reactions: nomad999
One thing to keep in mind is if you are a target, they will find a way to capture the encrypted traffic with the hope of being able to decrypt it later when advance in quantum computers allows it.
At the moment quantum computers can't do s**t in this case but at the rate of technological evolution this might change within our lifespan (very unlikely though).