I really don’t know that much about cybersecurity, and I was wondering if it’s possible to have a completely secure email (that I could also use for some social media). And what makes some emails more secure than others? And even if I do use a secure email, could someone track me through my IP address anyway if they really wanted to dox me?
I guess, where should I go if I want to learn about basic cybersecurity? Sorry if this is a lot, I'm not really sure where to start learning about it :ohnoes:
the problem with genuinely secure email is that you can only talk to people using the same protocol as you. encrypted messages require a client that can decrypt them and worse, most providers that give encrypted message support only do so for messages sent to other users of the same platform. conversely, if you're talking to other tech savvy people, you can use whatever mail service you like and just encrypt your messages.
I'm not aware of any means to protect email metadata. you can configure a local mail server to not send the client ip but the receiving server will still know which mail server was used to send the message. also, running a mail server is unreasonably hard, especially because email wasn't designed to handle a mail server being down in a reasonable way. you can straight up lose messages to the ether if you're not careful.
my advice is to use something like tutanota or protonmail only for communication that can't happen by some other means and to use something like matrix for everything else. if it's an even remotely spicy conversation, don't send emails about it.
write a letter by hand or with a mechanical typewritter, place black tissue paper on either side of the paper, fold those three papers into an envelope, seal the envelope, seal it again with wax and a hand carved stamp, post the letter
this is the most secure method of communication.
Completely secure email: no, because email is not a secure protocol to begin with (it's very old, from before this was an essential concern).
IP address: it just gives a general area, but even that can be enough to doxx you. Like if I know you live in some US State and I want to doxx you for some reason, I know I can limit my search to that state specifically.
The only way to mitigate that is using a VPN which will hide you from weirdos online, but not from the feds. If the feds want to know your browsing history they will contact your VPN who will be forced to comply to a court order, or will do it because they're feds too, like ProtonMail giving out email headers to the German police (PM is based in Switzerland and had no reason to comply).
The most secure way of communicating is not communicating. Be careful what you let out online and think twice before sharing that picture of your meal at a restaurant or telling people where you went on vacation.
in defense of proton, because they are one of my faves despite this event - I believe this is what you're talking about: https://www.pcmag.com/news/protonmail-explains-why-it-shared-a-users-ip-address-with-police
It sounds like they got a legally binding warrant from Europol. They did hand over the info, but their policy afterwards seems to indicate that they care - they told their userbase to use tor if they genuinely need to preserve all of their privacy details, and they also host an onion version of protonmail. That seems like non-fed behavior. I think there's simply no way to never have to turn information over to feds if you're offering a public facing cloud service, but as a matter of degrees past that, I think they're one of the least bad ones in terms of privacy transgressions.
silent_water's response is really good. More can be said if you can describe what your objective is. The unfortunate thing about cyber security is it's really just a culmination of techniques and info, many of them disparate from each other, or at times irrelevant to what you're trying to do in the moment.
If u have to ask then ppl cant dox ur address through ur ip address the most they can get is a general region which probably isnt even that accurate The only thing I can think of is it shows who ur isp is and they called them and were/pretended to be the police or something to get ur subscriber info
Why when I open a private browser window on firefox and type "Where am I" is google able to drop a pin precisely on my house? This is on a laptop running linux with no GPS
I just tried it on mine that has a similar set up with my vpn off but in a private browser and the pin isnt even close someone smarter than me can probably weigh in if the thread is still active
I suppose there's a chance that the pin for my entire area just so happens to be there, but I suspect my ISP is to blame somehow. It's a small-ish local operation where I get gigabit symmetrical for <$50 a month. I can't really complain too much.