So much for using “Secure” email service

I’ve been using ProtonMail since the end of last year. Encrypted and the like. Along with a VPN. All the sudden that domain is being blocked my more and more services. Oh well.

Aside from Russia, which blocked Protonmail in March, which services have blocked its use?

FWIW, I tried several “secure” email methods over the years, PGP, GPG, etc. None were satisfactory because they couldn’t be used by “non-power users”. Newer methods like those used by ProtonMail are easier to use but, historically, the value of encrypted mail is reduced by all the extra attention it receives.

When I considered there would always be copies of everything I ever sent or received in the accounts, and on the servers, of the people/companies with whom I corresponded normally, I decided there is really no difference between the major email providers (Apple, Gmail, Fastmail, etc.)

Today, I use iMessage for the occasional message that I prefer to keep reasonably secure. Anything I consider very sensitive doesn’t travel on the net.

Yeah! Dead drops and double blind handovers is how I get my bills delivered!

eMail was never designed to be secure. Attempts to use the underlying protocols and infrastructure to transmit secure messages have largely been unsuccessful for several reasons. For one, both ends need the same setup of supporting software / add-ons, which for many is too much of a hurdle. Generation and management of keys is also a non-trivial task. Now, deploy this across all your devices…

However, there are multiple strong solutions for encrypting files. While these attachments will be visible in transit, they can be virtually un-crackable by brute force. A long, and ideally random, passphrase will ensure good protection of the contents. Also, not the most practical, but viable for infrequent uses.

As secure messaging goes, Apple’s solution is considered fairly good, but Apples does hold the keys somewhere. Can they be compelled or forced to turn them over? Maybe.

Signal is an option that seems to have done encryption right, but it’s not the most commonly deployed app.

As we have seen time and time again, flaws in security solutions are rarely due to the cryptographic algorithms, but rather errors or oversights in implementation.