I really don’t know that much about cybersecurity, and I was wondering if it’s possible to have a completely secure email (that I could also use for some social media). And what makes some emails more secure than others? And even if I do use a secure email, could someone track me through my IP address anyway if they really wanted to dox me?
I guess, where should I go if I want to learn about basic cybersecurity? Sorry if this is a lot, I'm not really sure where to start learning about it :ohnoes:
Completely secure email: no, because email is not a secure protocol to begin with (it's very old, from before this was an essential concern).
IP address: it just gives a general area, but even that can be enough to doxx you. Like if I know you live in some US State and I want to doxx you for some reason, I know I can limit my search to that state specifically.
The only way to mitigate that is using a VPN which will hide you from weirdos online, but not from the feds. If the feds want to know your browsing history they will contact your VPN who will be forced to comply to a court order, or will do it because they're feds too, like ProtonMail giving out email headers to the German police (PM is based in Switzerland and had no reason to comply).
The most secure way of communicating is not communicating. Be careful what you let out online and think twice before sharing that picture of your meal at a restaurant or telling people where you went on vacation.
in defense of proton, because they are one of my faves despite this event - I believe this is what you're talking about: https://www.pcmag.com/news/protonmail-explains-why-it-shared-a-users-ip-address-with-police
It sounds like they got a legally binding warrant from Europol. They did hand over the info, but their policy afterwards seems to indicate that they care - they told their userbase to use tor if they genuinely need to preserve all of their privacy details, and they also host an onion version of protonmail. That seems like non-fed behavior. I think there's simply no way to never have to turn information over to feds if you're offering a public facing cloud service, but as a matter of degrees past that, I think they're one of the least bad ones in terms of privacy transgressions.