The email is encrypted and this provides privacy. It's absolutely fuck that the company was compelled to track ip info for an account but I suppose the other option would be to defy the swiss legal system and subsequently be forced out of business.
To me what this truly highlights is that if you truly wish to be anonymous... Well don't actually expect to be. A dedicated enough adversary with enough power will be able to untangle the threads. Best you can do is understand the difference between privacy, being anonymous, and security and work towards each as needed. Know your tools.
Yes if you need email. Protons encryption keeps others from reading your mail(proton included) and tor keeps your ip from them(anonymous) of course both these could be breached in plenty of ways (using a phone number traceable to you to sign up for proton maybe, using a email name you've used before, etc)
Email is broadly speaking not a very secure communication anyway because it has to somehow identify you to give you messages. But tor + encrypted email attempts to solve both privacy and anonymous better than just email.
Proton has an onion site. Use it for more anonymous access. Still expect a powerful enemy to find you but it'll be harder.
A VPN will also obfuscate your IP, though the VPN also has to be non-subpoenable (or follow through on promises of not keeping logs) to really help you out.
That's true in theory but does require you to place absolute trust in a company motivated to stay in business. Additionally having no way to verify their no log policy makes trust harder. Great for torrents; less great for genuine security.
Generally that was my initial thought. But I'm not convinced now. There seems to be some specific use cases (tor is blocked and bridges aren't working) but outside of that it seems uncertain that increased security or anonymity is gained.
Good write up talking about it generally here that I found informative. And an overview of various ways they might be combined here that isn't quite so negative on adding a vpn.
But I agree with you that framing anything in online security as an absolute either or is a bad idea. It depends on your specific threat model and needs. Which requires a fairly deep understanding. Which sucks since who has time or technical skill enough for that. Not most people. Thus marketing saying "hey this is the one thing you need to be safe."
The email is encrypted and this provides privacy. It's absolutely fuck that the company was compelled to track ip info for an account but I suppose the other option would be to defy the swiss legal system and subsequently be forced out of business.
To me what this truly highlights is that if you truly wish to be anonymous... Well don't actually expect to be. A dedicated enough adversary with enough power will be able to untangle the threads. Best you can do is understand the difference between privacy, being anonymous, and security and work towards each as needed. Know your tools.
Use Tor.
Protonmail+tor?
Yes if you need email. Protons encryption keeps others from reading your mail(proton included) and tor keeps your ip from them(anonymous) of course both these could be breached in plenty of ways (using a phone number traceable to you to sign up for proton maybe, using a email name you've used before, etc)
Email is broadly speaking not a very secure communication anyway because it has to somehow identify you to give you messages. But tor + encrypted email attempts to solve both privacy and anonymous better than just email.
Proton has an onion site. Use it for more anonymous access. Still expect a powerful enemy to find you but it'll be harder.
Deep packet inspection.
Allows them to see you using Tor and block it, but not to connect you to the website you're accessing. It's also circumventable.
A VPN will also obfuscate your IP, though the VPN also has to be non-subpoenable (or follow through on promises of not keeping logs) to really help you out.
That's true in theory but does require you to place absolute trust in a company motivated to stay in business. Additionally having no way to verify their no log policy makes trust harder. Great for torrents; less great for genuine security.
True, though Tor can also be compromised
Of course. I'd say it's harder than serving a binding court order or targeting one company that you know has much sensitive data.
Actually I guess we shouldn't frame this as an either/or. Tor with a VPN is probably best, so long as you find one compatible.
Generally that was my initial thought. But I'm not convinced now. There seems to be some specific use cases (tor is blocked and bridges aren't working) but outside of that it seems uncertain that increased security or anonymity is gained.
Good write up talking about it generally here that I found informative. And an overview of various ways they might be combined here that isn't quite so negative on adding a vpn.
But I agree with you that framing anything in online security as an absolute either or is a bad idea. It depends on your specific threat model and needs. Which requires a fairly deep understanding. Which sucks since who has time or technical skill enough for that. Not most people. Thus marketing saying "hey this is the one thing you need to be safe."