Is Protonmail Safe for Security and Privacy?
HTML-код
- Опубликовано: 26 сен 2024
- Is Protonmail a safe email platform for security and privacy?
This video explains the risks of emails in general and then discusses the specifics of Protonmail (which are the same as Tutanota, Startmail and other privacy email platforms). Are you in fact made safer by these platforms?
Would Snowden or John McAfee use these email platforms? Let's find out.
What is the safest email option?
Please follow me on Odysee! (Previously LBRY.tv)
odysee.com/$/i...
--------------------------
I'm the Internet Privacy Guy. I'm a public interest technologist. I'm here to educate. You are losing your Internet privacy and Internet security every day if you don't fight for it. Your data is collected with endless permanent data mining. Learn about a TOR router, a VPN , antivirus, spyware, firewalls, IP address, wifi triangulation, data privacy regulation, backups and tech tools, and evading mass surveillance from NSA, CIA, FBI. Learn how to be anonymous on the Internet so you are not profiled. Learn to speak freely with pseudo anonymity. Learn more about the dangers of the inernet and the dangers of social media, dangers of email.
I like alternative communication technology like Amateur Radio and data communications using Analog. I'm a licensed HAM operator.
Contact Rob on the Brax.Me App (@robbraxman) for encrypted conversations (open source platform)
Support this channel on Patreon! www.patreon.co...
bytzVPN.com Premium VPN with Cloud-Based TOR Routing
whatthezuck.net Cybersecurity Reference
brax.me Privacy Focused Social Media - Open Source - Encrypted Communications
brax.me/home/rob Store for BytzVPN, BraxWifi Router, Privacy Phones, and merchandise
Follow me on Twitter / robbraxmantech
![Tee Grizzley - Blow for Blow (feat. J. Cole) [Official Video]](http://i.ytimg.com/vi/wNLN5xsx5dc/mqdefault.jpg)
I will dedicate the live stream this coming Friday 8pm Pacific to analyzing the many choices you can make with email. There are too many possibilities in email and it depends on how much risk you accept.
Hi braxman, i have an offtopic question, long ago i'ved learned that Tor is nasa or i cannot recall, who is in charge with the tor encryption, and they track your traffic, any knowledge ?
Oh thanks for the informational video again! Awesome as always!
FYI For the Live video Don't feed the Trolls! Don't waste time Explaining Yourself! Just make sure to Inform people what method works for secure email. Like say Thunderbird with Encryption Spam Blocking Add-ons etc.
That's exactly What People Need to Research and Know Right Now! So a walk through of the installation process what precautions to take what to add what not to add, how to encrypt even attachments and make the security as tight as possible and what protocol and ports to use and follow etc! That will be Highly Appreciated By all!
Because Short Term Memory Loss or Empty Ego having people will not want to watch or jump out if too many confusing things said in a single 2-3+hour video! Again reminder "Don't Feed the Trolls" Different email encrypted messengers decentralized networks heck even Brax.me do videos how to secure Share create room/blog?! That way People will Know What is possible or not give inputs what's missing etc.
Options maybe different live videos or normal half hour videos might be preferable to gain more reach as well as concentrate and retain single topic or program/option etc! And yeah I'm doing the maximum sharing liking everywhere I can, BTW views counts likes doesn't seem to show. They're reversing the clicks so Yeah keep that in mind too don't think people are not liking watching or sharing your videos!
I have no problem with your/any long informative videos if thoroughly explains the process etc on how to go about things regarding any particular task, platform, tech, etc. Not good for anyone unaware to do guess work! Not following secure protocols is worse!
But I know how the general audience who actually given your simple explanations should be the targeted audience spending time to know more, and I bet they see 2:30 3 hours means they'll split and might not spend time given limited technical knowhow!
Though we forget that them not following what we do by correctly following instructions and information, understanding the concept, doing the secure settings, they not only put themselves but most importantly put our phones etc in grave danger!
I'm Busy Grappling with Govt and Fake News Media because again put a Bunch of EVIDENCE audios call records of the FAKE news Media who got Business Account fake subscribers Manipulation of their VIDEOS Fake News into people's feeds recommended etc!
So They're losing their Minds already! Ask Sundar Pitchai if he wants to come on a live Interview with You and Me! Oh we'll ask Snowden and Maybe Assange from Prison for NO COGNIZABLE federal offense yet Confined under No Grounds with information of Swiss Bank Details of Politicians Industrialists etc, and Yep Like Steven Segal from the Onion Movie I can BRAVELY STATE, "I don't think They Have The BALLS!
Yep Listed in Courts Cases National&International for Death Penalty, Courts, Police DGP, Commissioner Police, Cybercrime and ZuckytheZucker owned Zuckbook and WhatsApp Yesterday Commissioner Caught double tick blue today FAKE NEWS Polimer Claimed NO MORE multiple forwards to keep rumours?🤔 Dafuq?! With their own Call records and How they Failed to Put the News! No forwards option for People claimed from zucking 290 to 276 to then 5 because you know only 1280+contacts, NOW claimed only 1 exactly after them who got cash business WhatsApp account free from politicians etc with RUclips too caught Royally with time-line and proof when why and how and for what reason, they did get all these freebies and exposure too by aiding&abetting Criminals, I tell people forward the Undeniable Irrefutable EVIDENCE Facts and this BS Done Today by them!
And most importantly, Illegitimate Govt FAKE EXTENSION of Lockdown till April End just like I predicted! That is Because Month of May is The Time the #PEDOGATE #POLITICALCOUP CORRUPT ILLEGITIMATE GOVTS SLAVE PUPPET KANGAROO BANANA COURTS Close down in MAY, and All joined together and involved in the Criminal Conspiracy, Panicking and Hopelessly Trying Hard by Hook or by Crook to Save Their A55es from Zucking Death Penalty or a Public SmashDown!
PUBLIC HANGING&EXECUTION ORDERS filed like I said Union of India and Rest of the World, Contempt of Court&Humanity, So Failure of Courts Automatically Means Citizens Perform the Execution of Prosecuted Punishments for the Convicts regardless of Social Societal Legal Judicial Financial Governmental Standing/Status because Constitutional Civil&Human Rights Crimes&Violations Obstruction of Justice! So I will be Needing the Help of Security Experts Hackers etc to Catch the Illegal&Criminal Hacking done by Illegitimate Govts and Intel under Fake Secret Laws and FISA BS lists! They're Guilty so They Can Quite Frankly go Zuck Themselves for all I care!
You keep them coming! If they mess with you switch over Lbry or start telecasts in Brax.me itself all the more zucking Secure than this Illegal&Criminal Censorship Shutting Down Channels Videos Hiding Critical Court Public EVIDENCE Videos Cabal Deep State Owned and Controlled Worthless Zucks People's Creative Intellectual Property humping money A-Holes!
There comes a time when you just have to Say Zuck You, I Can't Bend Over Be a Slave when you Use My Content, Earned Through My Cases Went from CEO G00GL3 to A7pha8et at the Cost of A Baby's and REPRESENTATIVE of the People🇮🇳🌍LIVES!
All join together and State,
ZUCK YOU ZUCK&G00&73&Bez05&J@ck,
WE REFUSE TO Be a PART ACCOMPLICES of Your PERVERSIONS and CRIMES & INJUSTICES we cannot and Will Not Silence the ABSOLUTE TRUTH FACTS&EVIDENCE!
Where ever it is valued spend your time There Folks Stop Riding the Horse That Has Nails in its saddle and Stabbing Your Balls! It will be appreciated and more useful where the Truth and Critical Information Not Illegally&Criminally Censored Ghosted Shadow Banned Whatever!
Truth Alone Triumphs!
Justice Shall Prevail! Cheers and See You Around Soon Dear Fellow Citizens!
TOR is an open source platform with volunteer servers. So no, it cannot be controlled by the national zucking agency.. But it is true that some of the servers are nza. However, that doesn't mean they can identify you. Though I'm sure they're trying
setting up your own server is the best option of all the bad options (since there is no good option). VPS or metal is fine. You control the credentials of the device.
Should review one of the docker email server setups for those of us who self host... The devil is in the configuration details, of course. We can all contribute, since its all open source, and make the default config hardened.
I can't tell you enough how much I love that you have made up a new curse word "Zucking"
I noticed that as well...Rob has made himself immortal by coming up with a Cursing Meme!
I had a good cuckle at that too
"you got zucked" or "jack boot dorsey"
Zucking. :}
Zigga
I dumped all of my google, facebook, firefox, etc. crap when they openly endorsed and utilized mass censorship.
Why did you dump Firefox?
@@thedetective8150
What shall I use instead? thank you
@@Peppymoke Brave is quite nice, also Opera if you're in a pinch.
Same here.
I even also dropped safari and switched to brave and opera but I feel like opera is safer than brave.
@@ralphjosephrjm326 Opera was always one step ahead of all other browsers. They invented "tabbed browsing", "undo close tabs" and the "quick dial" homepage.
Just When I thought I had a tiny grasp of knowledge before watching your channel makes me feel really stupid now. Your channel is imperative for everyday people.
I hope people realize the difference. I try to go deeper with my more advanced knowledge
They will lure us in anyway! Just don't make it too easy for them!
Yeah, Rob is pretty darned experienced. He's brilliant.
And YES... there's much more to email than the average person would think.
Hey well said and Mr brax is so humble. He doesn't let his intelligence obscure his compassion for folks like me that wants and is trying to learn.
Glad I have been a law-abiding citizen. I would have been caught otherwise using email.
I just don't want to support google
I'm with you! Lol. and Ironically, we're both here, using a google product to research alternatives.
@@UnframeofMind Using the enemy's own weapons against him
Boycotting google is a good first step. The internet turns out to be quite a treacherous place afterall.
@@UnframeofMind well yes use an adblocker
over the past year ive switched to brave browser, signal messaging, protonmail for emails, duckduckgo for search engine due to the crazy censorship/propoganda of google, and data collection from social media
I can’t believe I haven’t run into your channel earlier!!! These are some of the most informative videos I have seen on privacy and cyber security. Keep them coming, I’ll keep watching.
Awesome! Thank you!
Me too. I just recently discovered him
@@robbraxmantech Thank you for letting us know!
Thank you for letting us know!
Like you but a year late, Im also amazed I havent come across this channel until now. Makes one wonder.
He's right on! Rob, I sense you're a believer in Yeshua. Keep on towards intimacy with Him!
Almost all modern MTA's use TLS for SMTP. The initial connection is plain text, but after STARTTLS the communication is in fact encrypted.
teeheee...lol
Rob completely ignored that.
Was just about to come here to comment this
Exactly the point I'm raising with him, and with MTA-STS, it can be enforced not just requested.
Most people with whom I communicate on the Internet are technically not capable of setting up and maintaining secure channels of communication. Some of them may talk about privacy, but then turn around and spill their guts on Facebook, Twitter, and other social media. I think it is largely a lost cause.
like telling people masks are pointless
Fair point
In some respects, I think that many people talk about privacy, only because it's fashionable, but will actively seek out convenience or a minute of distraction as a tradeoff to actual privacy. There was an experiment done about 5-6 years ago about what it takes for people to sell their privacy. Most of them would tell you to pound sand if you just ask them outright. But they willingly trade it for access to a fart sound app, angry birds, or a flashlight app. They also found that in reality, people would give away their most intimate secrets for $5 free dollars in a new account. The dirty little secret is that you just shouldn't remind them that's what they are doing, because that would be embarrassing.
If I'm radically honest, I think we live a time preceding a grand separation/divergence. Where people will be sorted out by their intentions, desires and level of consciousness.
I don't think all "will make it", whatever it is, that's going to happen. But indisputably shit has started to happen and it's only accelerating.
Such an era has been prophesied many millenia ago in various traditions. You may think what you may of those, but that doesn't change the fact that such things have been stated...
@@tribuneband1965 masks aren’t pointless, I don’t like how the American government went against their own constitution, and there isn’t any feud from it
I like protonmail. I like way it sounds - proton - positive charge.
I like tachyon mail. Because email from the future!
wrr
@@capnnukasun810 I like banana mail. It's bendy, and always to scale!
Do you prefer one car over another because of the colour of its paint?
The strong implication here is that because SMTP wasn't built to support encryption, it isn't used between MTAs. It's true an unencrypted inter-MTA transfer is entirely compatible with SMTP. But we have had a number of standards since well before this video was recorded that make it practical for MTAs to not only use encryption but to require it from their peers. MTA-STS, with us since 2018, is one such. Of course, the existence of a standard doesn't do you any good if it's not used, but ProtonMail *does* use MTA-STS, and has since before this video was published. This seems like a tempest in a teapot, but ears open to how I'm wrong.
Time to ditch big techs.
I am glad 52,000 people have watched this. We knew this intuitively in the early 90's, when I was on the forefront of PGP adoption, but half a decade later no one cared anymore. I think you've shown why we should still care.
I think why people don't care is because they are ordinary folks like you and me. The only t*rrorists are made-up.
@@twong689 Who said anything about terrorists? I'm not worried about terrorists. I'm worried about "ordinary folks" reading my emails. Or federal agencies. I was then, and I am now, which is why I hardly use email anymore. Encrypt everything.
@@moonbastic My point is the terrorists are false flags, inside job that aims to surveil everyone . Same goes with Covid for the vaccine. I am also concerned about emails.
i thought everyone used tor and pgp...hmmm..i need to get out more
What about gpg? Same? Better?worse? In your opinion
Wow, mind blowing! I love your videos sir, and I'm a student and will pursue my career in cyberspace security after completing the School. The way you explain the issues, it's root cause and the solution, I'd never find on any channel.
As a network Engineer I have learned something that’s invaluable. Thank you
He is great!
I follow him from Europe!
There are other RUclipsrs like him?
Sure, you learned how email use to be done. Now, after the initial transaction email is encrypted in transition with a variation of TLS 1.2 called STARTTLS and has been for a long while. Most MTAs wont even accept unencrypted traffic. I really wonder why he left that important information out.
Thank you Bob for your help. Generally I now realise that outside of being majorly Tech savvy, there is next door to nothing we can do to keep out data private. I guess that except for receiving relatively innocuous stuff, stay off the email if you want to keep your thoughts private.
We all talk too much anyhow. said the curmudgeon.
Use whatever email service you like and If you want privacy, encrypt your messages with PGP. The receiver will need to use PGP to decrypt your message.
This man deserves millions of subscribers!
Yes
Can't believe I just found your channel. The RUclips algo has been good at hiding it.
It was on recommended videos for me :X
Dear MR. Braxman Ur absolutely awesom I'm just a regular dude from Quebec and I find privacy and security to be of utmost importance for the future of humanity and you deliver powerful messages accompanied by hi level education which you offer with amazing mastery do thank you my talents include voice over and logo art design etc in a basic but inspired way and should you ever need any help with these things I would be happy to help you free of charge as a thank you and exchange 🙏
You Sir, are a gem 💎. I'm glad a came across your video. Shared.
Awesome! Thank you!
I have used proton mail and vpn for a long time and I love it
After watching a couple of your videos, I'm thinking about giving up on trying to keep my privacy online. I thought I was doing well using different email providers for private stuff, Protonmail for shopping and Gmail for Google and social media accounts. Now I'm not so sure.
Same here. Or rather I've already thrown in the towel, don't have nor the time or the skills that it takes.
My Dad always said he wants to know how much that “free” is gonna cost him.
That, and get me another beer.
yep! Nothing's free!! Exactlly!!! Google has billions of Gmail accounts and who pays for the memory "space" and maintenance?
I wonder what is the total amount of Gmail accounts Data on Planet Earth?
Nothing's free...for sure.
Clever
@@drivingschool11 except open source stuff
I just don't want anyone selling data based on my emails and I don't want ads. I pay 5 Euros a month for that I'm not worried about trying to hide anything from the government
This is a little over my head but I'm very interested in this. Thanks for sparking my interest.
You missed one thing about Protonmail - being based in Switzerland means that Swiss law applies and they have quite strong protection. Sure, a government can request information but Protonmail would be breaking Swiss law by providing the information unless there is a Swiss court order.
Sounds like email needs to be ditched altogether for a more secure messaging system!
yea, 2 tins and a string should do
@@c1dk1n pencil and paper mail. traditional mail lmaooo
@@fishrr34 fbi looks at it now legally like brittish so we started the post office...
pigeons carrier pigeons ,,, they can carry a bit as well ...; today lots falcons and eagles so got trouble there as well ...
@@fishrr34 : I've had too many problems with the post office.
Thank you, once again. I am not a tekke in any stretch of anyone's imagination and most of your lecture goes over my head. I do however, enjoy what ever I learn during my time listening.
You're very welcome
Thankyou for your very informative and generous information. I have been researching for years to try and find a "safe" email server. As Proton Mail is run by CERN, it is obviously not trustworthy. Now you clarify the risks. Sadly I'm no techy so your Braxme is probably out of my range.
I signed up for a free Proton account. I hated it. No one I knew signed up for it. I only put one contact in and after about 2 years I canceled it. So now I know it is not only an annoying platform but it is also not trustworthy.
Thank so much, I got Proton and can't jump in and use it, I am 53 and a lay user. I am starting here to understand what I bought, for a year, thanks!!!
@pauz
I think you missed the point. It's not private as advertised
No e mail system is secure or encrypted "end to end".. thats not allowed in any email protocols.
There ia always a point where everything is in the clear in plan text.
Pgp and gpg are ways of encrypting your actual text into gibberish and pasting it in ANY email and sending it.
Your friend who receives the gibberish in his email can un-encrypt it back to plain text read it ,then respond to you the same way.
But only you and he can read it or un-encrypt each others messages.
You can post your key in public for anyone to use pgp to contact you.only you can read those.because its a "public key"
Allowing you and everyone you know to trade keys with each other and talk securely.
@@justaguy-69 Should I use proton for banking and privacy ???
Excellent video and explanation of all the concepts. It sure beats the marketing hype we get from "secure" email providers.
Thanks for putting this together. A question - is Protonmail's web interface any more or less secure than a local email client like Thunderbird?
another nice video Rob ! ... I have been trying Protonmail for 6 months now - works pretty good and blocks 90% of spam mail (my yahoo mail lets in 90% of spam mail ! ... I will go for the email provider that can STOP ALL SPAM mail (I'm tired of trying to block (unsubscribe) spam for the first 30 minutes on my mail ! 🤮
MTA to MTA encryption is possible on SMTP port 25 as long as both sides have valid certificates installed and both sides are configured to prefer or require TLS. Ask any sysadmin in healthcare. But, it only takes one side (MTA) not supporting TLS to switch the communication to plain text.
And with MTA-STS policy configured, the plain text communication would be forbidden. You'd lose connectivity with servers not supporting TLS.
EMail is 100% Open and Insecure. It doesn't matter what provider you are using.
100% insecure? What you mean by that?
The email service Provider reads my own emails or anyone can hack the email Service Provider?
@@drivingschool11 both
@@mushenji
I presume Gmail is...worst?
@@drivingschool11 Yes Gmail is the worst
@@mushenji
Do you or someone has evidences?
I am not arguing but where are the proofs that Gmail is so bad?
Or else? I think the competitors are trying to destroy Google without no evidences.
Frankly speaking I use MetaGer and Startpage but I reckon Chrome is the best browser in the world to control cookies as long as we know the settings of privacy. My main email service provider is Yandex.
I never thought of this. I'm happy customer of ProtonMail. Never would have thought that it could be a governmental company.
Of course! The possibility of counter-intelligence is very high. It’s like this guy is reading my mind.
You all need to research the CLOUD ACT.
@@ashleynoelle7429 basically, there is no privacy ....
@@filipetorchiamiranda Not if you own and control all the tech with in a network and have no one know that it exists.
@Jayavarman5th Definitely ProtonMail, I'm a happy customer of them.
Your videos are excellent. After watching a bunch of your videos I feel like any attempt at privacy is useless. For one it's been more than 25 years on the web with no knowledge, understanding or idea that literally everything I have ever searched or sent is probably on a database somewhere. So now I'm thinking what's the point in even trying? Might as well be walking naked down main street.
Great video! Rob, you surely know your stuff. Thank you for sharing your knowledge with us.
You are the man. THX for sharing and clearly pointing out what's the state of the people's mailadress's. It helps a lot to get rid of some selfbetraying illusionary presumptions.
Rob Braxman... What a great presentation. After hearing this, however, I now want to quit using email entirely. Is there a safer alternative? Keep up the good work.
I think of email like my postal mail box. Sure, send me those forms to fill out. Talk to me about my broken TV, or my order for replacement laptop parts. It's not something I'd send private info over, and don't email me about next week's protest or anything like that.
I'm not on the level of this guy, so if he says otherwise somewhere I haven't heard yet, please listen to him and not me - You can mitigate the problem with email by encrypting your attachments - the file itself, before it's attached.
Thanks for the video. I've run my own mail server for a long time. It is not for the technical illiterate or easily frustrated. While maybe you touch on this point in other videos, just because some traffic is unencrypted doesn't mean that the attacker necessarily has access to it. Yes, you should assume they do. Yes, there are lots of vectors. But things aren't as bad as they used to be, monitoring local switched LAN traffic is not the same as sniffing a shared bus, for instance. The parties involved would have to be complicit, like ISPs providing access to it on either end, or high speed interconnects being watched. If we're saying that bulk email collection is happening even nationwide, beyond just metadata, then storage, indexing, and search becomes a real issue. I'm just saying that raising the bar of your understanding, general opsec, and taking some precautions goes a long way in thwarting practical attacks. In general, if you piss off an unlimited budget attacker, you've got problems beyond SMTP being unencrypted by default.
Bugger! I moved from gmail to protonmail in the hope of improving my privacy. I was under no illusion that it would be significantly more secure, I just assumed my data wouldn't be automatically used/sold to the extent it would be with a gmail account. I never considered that what I was doing was flagging myself as someone to watch. *sigh*
I had looked in to my own email server but even though I'm reasonably tech-savvy the pitfalls were too numerous to go for it. *sigh*
Thanks for the advice. Not a computer nerd, but I was planning to buy a ProtonMail subscription and decided not to after this video.
Wow! Never been so interested in learning. It's so informative. Thanks so much.
This guy..... listen to this guy my friends. I give this lecture 9/10 for value. 1 point deducted for being too low level for 'normal folk' but I understand why it was necessary.
I get asked : "is it safe to send username and password in one e-mail to a user?"
The only correct rebuttal to that question is to ask this person to ask them to STOP and read up on secuy first
Is it better than gMail?
Are they datamining your e-mail messages and sell the data to third parties?
If not then they are great.
Everything else is bs.
It is why I use Protonmail.
Before Protonmail, I had my own server but was hacked by spammers even if I was very careful (probably a configuration error of Postfix). As I didn't know how I was hacked, and then unable to fix the hole, I moved to Protonmail.
Also Protonmail is very clear that emails in interdomain can be read. They talk also about the problem of meta-data. They don't hide it and warn their users.
They know that it is not possible to be 100% secure with emails as you still have to exchange messages with other platforms and they warn you about this and give you tips about it (like using gpg if you can and avoid interdomain emails as much as possible).
I like Proton, I am not worried. Nothing you do online is safe, if they want your information they have full access to it.
Top-notch info. Thanks so much for your work -- it feels supremely relevant right now.
When I watch your videos I start thinking that there is no way to keep my privacy and protect myself; just let the Big Tech do whatever they want to do with my data. Your content is very informative, but combined with a huge factor of fear!
that fear is your own. this is information
Email is always going to be inherently not as secure good video once again thanks
Who could we be talking about in the U.S. State department?
Thank you soooo much. I do appreciate your work. Very important for everyone to know.
Hello Rob, it was an awesome explanation. But when I was setting up a protonmail account, I did go through the articles they have provided. They have something called 'outside encryption' which they claim to provide end-end encryption even when sending to non protonmail users. Does this mean the SMTP is somehow secured? They also claim that they have no access to the encryption keys for the mails in our inbox. Is this believable? Also will it make a difference using S/MIME?
No one can invent a new SMTP standard. They actually do encryption from their app (externallly/outside) for end-to-end but again that affects on Intra-domain messages.
SMTP is pretty given. You need to talk to unknown servers all over the world and it is unauthenticated. So that's how the world works. Of course no one will talk about this because it is an obvious hole
Your message is secured by including a link to the actual message (body of the email). You have the option of securing the link with a password. Only the subject to the message and link are visible to the recipient. There is a 28 day default expiration time for the link containing the body of the email.
Edit: I should add that other paid encryption services like Virtru use this same method to "encrypt" their messages as well.
@@Zeddd7 That could work as long as you can trust Protonmail.
@@robbraxmantech They don't have to invent a new SMTP standard but simply encrypt the body of the email before covering it to base64. I am sorry I am doubting you but when I was working on a messaging product that is what I did server side and on client side I first decoded base64 then decrypted the data, I wonder why this will not work with emails, please correct me if there is an assumption on my part that is not correct.
To any tech person reading this SMTP's plain text requirement does not mean that emails can be encrypted, at least in my view.
@@DecadantHandshake He won’t reply because in reality he is promoting his own email! Don’t forget that Braxman is a seller after all
Great video. You are not wrong. ;-) No, its not cheap. I'm running my own web and email servers. Its a lot of work to make secure and keep secure for sure. No matter what you do, they will capture the traffic in transit anyway but you should make them work for it just the same. I've been doing this since the clipper chip in the mid-90's. By the way, many VPNs often don't work right or user don't use them right. I see a lot of IP leakage from VPNn and TOR users.
My VPN disconnects at least once a day. Which means they can now know my browsing and activity before I reconnect the VPN again . Incredibly annoying and upsetting .
I'm mostly just concerned about people like google reading my email for targeted ads.
I have been looking for a reliable service for communication for a long time and now I recommend the Utopia and uMail ecosystem to everyone. Peer-to-peer network, a new type of data encryption, anonymity are the main advantages of this project.
SMTP to SMTP server transmission (or transfer) is predominantly opportunistic TLS and rarely ever unencrypted. Normally they use some form TLS 1.2 cryptographic cipher and you can see this in the P2 message header you were mentioning in your video
I wish more people saw this. Nowadays between MTA’s, almost everything is encrypted via TLS except for the metadata needed for routing (because it can’t be, or it won’t work).
You are the hero we needed, nobody ever said the truth except you, thank you from the very depth of my heart
I want to make sure I've understood you correctly and completely...
I left Gmail because I didn't want my mail read for ads. (Btw, this was my first step in weaning off Google - and this step has had the biggest impact. My ads on RUclips, for example, got so much less targeted. Google can't even figure out if I'm still not a Christian. XD )
My mail on a paid provider is likely GENERALLY safe sitting on the server, but should never be used for things like medical information because it could be intercepted.
I've always thought of email like the postal mail. I can lock my mailbox, but the mail truck driver could read it I'd he wants. No sense in spending more money, and inconvenience, for a fort nox locking mailbox from Proton.
Actually, you can transmit medical information via e-mail. It comes with certain caveats, however. The e-mail provider must have a "business associate" agreement for HIPAA purposes set up with the covered entity. Gmail offers this with a few button clicks. It can then only be transmitted via servers that support TLS security at the exchange level. For servers where this is not supported, Google will e-mail a link to the recipient informing them that there is a secure message waiting for them and prompting them to sign in. E-mail can be used for HPI by a covered entity. It's just a bit more of a pain in the butt.
I do not do any banking or medical info on line. Call me old fashion butI trust no one
You are a very informative and skills that could benefit everyone on the planet. When I learned of Protonmail a year ago it was specifically told to me if I wanted my identity to stay anonymous you could only give to site that only ask for a email address and not my name, "NO KYC" now I see why they said that. Thanks Rob a new subscriber here and will sub your other channel as well.
Hey bro, can you please make a video suggesting and reviewing some of the well known cloud services and their security levels? Specially on MEGA.
Mega will 100% tell law enforcment. I've seen a lot of megas with the message saying "the account is closed and all info and content has been handed over to law enforcment"
@@thebandit9982 😳
How I'm supposed to live? Is there even any secure cloud for free?😂
You can encrypt mails to non-ProtonMail users, all that is required is a PGP key, or you can use their Encryption function for non-ProtonMail users, where they have to enter a password on the Decryption page.
Meta data cannot be encrypted, which is why you should always use a VPN (just not NordVPN)
1: How do you send a pgp key to someone in another country, without it getting intercepted?
2: Why not nordvpn?
3: What vpn would you suggest?
4: What do you think about windscribe?
It became popular because of the TV series "Mr. Robot".
I never heard of that series
I only saw the first season and never noticed it on there...but i used protonmail for stuff like banking and stuff but i don't do anything nefarious to want email anonymity...if i want to send something secret to someone i encrypt it first then send it...but i rarely have to do that..
Dont think so. I've Proton since it was first started in the early '00. Had a Beta account but really haven't used it that much until lately, trying to get away from the prying eyes of Google and Yahoo. But I guess in the real world, there is no such thing.
@@lb7068 there is, it just requires you to dump your electronic life.
UPDATE: MTA2MTA CAN BE encrypte nowadays .... it's not default, but if both parties support ssl, the smtp on 25 will get a STARTTLS command, and all communication forward will be encrypted... this hasn't always been this way, my mailserver supported this since 2005, and back then i didn't get any starttls from other mta's, Yahoo was the first 'big' one who sent encrypted mta-mta mail ... nowayads MOST mta's send encrypted...
Thank you so much for this explanation.
You're very welcome!
Forgive me for my ignorance in IT security("have you tried turning it on and off again" is a better example of my level of knowledge of the intricate details) and new subscriber, first time comment, 3rd vid.. anyway, I have always been a sony xperia ONLY guy, and noticed their ", developer options" from the xz premium, I still have and works fantastic(side note on build quality, other than youtube videos comparing their 5 meters of water dunk for 30 minutes, or whatever that most difficult test is, with galaxy 10, iphone x or 11, LG, Huaewei and maybe xiaomi(I'm sure there is like a razer, or some manufacturer that builds for durability alone,the name eludes me, but c'mon, we'r talking 4k screen with a ps4 synching app, not the jungles of somalia), anyway it wasn't even close, the sony-xperia xz2 at the time,(i bought one for my better half) was the only one that could turn on and continue to work after the dunk..the iphone fared worst, getting visible water in it's interior, the LG being only other that could continue working even for a few minutes,-, I'm sorry my digressions are tangents that become novels all their own or wanderings in the left field of Shea stadium and getting stuck there long during and after it gets torn down)..back to software- developer options, I dabbled in as a toddler would the facets and dangers of gambling, but only could be excited by what my imagination could dream up, not by what I could actually accomplish...if you were familiar, or are, or could scan it briefly, were there, or are there any security benefits to what they offer in terms of given the freedom to change the rules written by Google into your phone from android to ",I did it myyy way,"..or was it useless marketing stunt, tho I couldn't really abide that it was marketing or a stunt, bc it benefitted almost no one who buys a phone ever to be told "with those phones your playing by their rules, only with ours you can take sleepless unpaid arduous hours of work/nights & write the rules yourself,", so as with other projects they had like the artists circles developing and sharing themes/icons/animations/ I believed it to be genuine bc it made them lose more money by going after ideas on principle, which is only finally paying off with their newest offerings..⁵⁵the connection with the pro photographer community in building something they wanted...I just watched a short y+be vid to make sure they still had it, wasn't sure if had changed over the years, diluted usually, but mainly why give this power to folk if not allowing them to really "develop" the UI, and one of the main factors to the longevity of its health(not a cornerstone, but imagination, creation, progress and unique engineering and artistic ideas are the cornerstones, unfort we live in a world where security is thought of as a god, but the word for ",meek", in the sermon on the mount is "one who knows how to wield his sword deftly, but chooses to sheath it", which ppl forget today, that it's only protection of the outer circle, not first principles, only necessary when necessary, but not intrinsic to a things ability to eat and grow, stay alive yes, but not reason for living..thank you and Keep up the quality information
Rob, awesome explanation as always. Thank you! Are docs stored on the cloud encrypted?
Good question. I would love to know the answer. If they are reading my online storage than they're going to be disappointed cuz there's nothing of any kind of private sensitive information there
TL;DW use whatever you like, proton has the same advantages as gmail if you stick internally plus potentially no reading of emails, however once it gets sent out of the provider be it gmail or proton your email is free for anyone to read, not encrypted.
Think I got the idea
Thank you for providing this video demonstration of Encryption, Protonmail.
I don`t have much faith in any of them but as far as Proton mail is concerned, if you sign up and it requires a text message if you use the same phone number more than once it will state that this number is already in use so they are lying when they say they don`t maintain any logs etc. as far as accessing any email i can`t say unless some one comes forward with the information required.
Unfortunately you are right. Email still works by he same principles as 50 years ago. And while getting peers to adopt PGP is in some cases possible, in most it isn't. And what really annoys me is that even government institutions don't support PGP when they clearly would have the resources to do deploy it system wide.
I think I learned that MTA to MTA aspect of e-mails in CCNA courses and knew e-mail is inherently insecure, but over time when using HTTPS web clients I developed false sense of security when using e-mails. Your video made it clear that e-mails are not to be trusted for private communication for once and for all.
Exactly
What course did you take and where can i find it?
@@sergiomazariego_ I guess @deafno hasn't seen your request...
Essentially, Rob is making the course here in data privacy for us! Here on Rob Braxman's channel - (if you can tease RUclips into showing it to you) if you start from when Rob first got onto RUclips (about a year ago) there's a whole course on protecting your personal data privacy for regular folks like us that Rob has made in his "shorts." All the little videos Rob Braxman has made (that are 10 min to half hour lengths) are pretty interesting...
I've only seen a minuscule amount so far, but Rob - you're a very easy-to follow practical teacher. What makes me say that is: you keep track of what you've already taught us so we don't have to figure out what new terms that you drop on us without explaining them. Very smart teaching!
The more I hear of all this....the more I'm convinced I should buy stamps and envelopes...."life, liberty, & the pursuit of privacy"....should be the new mantra
whilst this is informative, I don't get the high praise comments. It's still far more secure that most other email platforms. But as in the video quite rightly mentioned, if you email a gmail account without encrypting the mail, google will scan it.
Hello Rob, in Berlin Germany there is a small company founded some years ago with an email service named posteo.de. If you want you can make it a totally anonymous email account. It cost 1 Euro standard per month which you can send anonymous, so the company will never know who is the owner of the account. They claim that they don't release any information to the government and give out reports if they got contacted by government offices. They simply don't know who a customer is if he wants it so. You can pick a different domain not only "de".
This is a very informative video. Thank you for it.
Thank you for the good information.
one observation though, I believe creating a Gmail address forces you to enter a cell phone number where proton mail does not ask for one, hence a bit easier to create
So what email providers are out there that we can use?
All email should be considered public-facing. Save your privacy for private messengers, or in person.
So why would someone like James O'Keefe from project veritas use proton?
That same thought crossed my mind when watching this...
For one, the US government can't force Proton to hand over user data with a national security letter. Also, Proton likely doesn't store a copy of the meta data, so its only in the user's account, encrypted by their public key. Also, you can send mails between Proton users that are completely encrypted and never see a port 25.
@@p.schmidt7032 this was the answer I was looking for..Thank you for being smarter than me..Love and Respect good Sir.
My lawyer uses ProtonMail and proton vpn and most of her clients are fighting corrupt police. There never seems too be a data leak and the barristers get pdf's and evidence too cross examine them not once have the police known any information before hand. I know cases where tapped phones would not allow proton to load even too the point that data was switched by the phone companies.
It looks like pencil or pen and paper in the snail mail is probably the most secure now!
Great topic of discussion Rob. The topics you bring up are things I would like to to talk about one day on my channel. Thanks for your candid responses.
So .... about all those "password reset" requests in my inbox over the years ....
Oh my. Massive user error. I think I need to watch Tron again after watching this video.
Thank you, I'm hooked.
very interesting. thank you so much.
They main reasoning is : Well, if you don't have anything to hide Gmail is fine! It's ain't nobody's business what do I've to hide or not!
I don't know how I got here, but! I am glad I landed on your channel 🙂 New subscriber here, invaluable information. Thanks for sharing.
Make a .txt file and write your message there. Put the .txt in .rar and create a strong password. And if the .rar password is only known between you and your recipient, you are good to use yahoo:)
Would this work with .zip of only .rar?
Thanks for the explanations. It would appear that for the average Internet and phone user that nothing is safe. Our lives are being minimized down to a cube of data that is nothing more than a source of marketing for greedy tech and retail.
Except William Barr wants to ban end to end encryption. I've been watching this fight since the V chip in the 90's. And I wanted to give 2 likes. Good job.
This was a great understandable explanations where the problems is with emails. Thank you very much. And if I understand it right, the only benefit from protonmail, besides inter domain communication, is that they encrypt your mailbox and can't read it as long as you don't send it to an other domain?
So if I could encrypt my Gmail mailbox it would be a much cheaper version of Protonmail :-)
@Rob Braxman Tech, Thank you for your details and informative videos! I'm not looking primarily for email company that is secure from reading, but one that might be less susceptible to the coercion/corruption we are seeing in US tech companies - to get farther from those that may start closing accounts as the US becomes more socialist/communist. Any thoughts on that?
Lol what?
What's hilarious is that this video opened with an ad for google fiber.
OMG... my entire breath just left my body... :(
Wow! I learned so much - so glad I found this, I'm looking for a new email provider
Amazing insight. Would you recommend any literature on building email server?
Its easy just get a 2.50 to 5 dollar a month vps and use mail in a box. You might have to contact them to open up port 25 before you do so... but it will be free once you have the vps
smtp can be encrypted, port 25. I've been doing that for two decades. Look at the sendmail.mc file. You'll see where it has certificate support. Even self signed. I used let's encrypt's certificate. If you get it right you'll see something like:
STARTTLS=server, relay=mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20:0:0:0:62f], version=TLSv1.3, verify=FAIL, cipher=TLS_AES_128_GCM_SHA256, bits=128/128
Not just google. I have so many machines that do this. If you're not using certificates on your server you should be. Part of it won't be, the negotiation up front. The important parts are AES encrypted.
Quite so, I've been asking Rob to address his oversight of MTAs requesting TLS, and demanding it via MTA-STS policy configuration.
your style of presenting information reminds me Michio Kaku, the futurist.
It’s owned by CERN
says enough....
Shit man this is very stunning. Nice share