This means that there is no way to independently confirm (like we recommend you do for Signal) that you are using the authentic keys for your contacts. They do this by managing all encryption keys for you on their server.
#CANARY MAIL VS PROTONMAIL SOFTWARE#
ProtonMail claims a number of security and user-experience advantages: end-to-end encryption the possibility of anonymous accounts open source (for their client–the app you run–but it’s not clear if their server software is all open-source) two-factor authentication physical and legal protection of their servers (located at CERN, guarded by Swiss privacy laws, for whatever that’s worth) simple to use encryption (PM manages encryption keys for you) fancy webmail and custom mobile app no-cost (freemium).
Get in touch if you want a hand getting set up. So as an activist who could be targeted for political reasons, you’d have good reason to feel unprotected.įor verifiable, resilient, solidaristic email security, we recommend GPG/OpenPGP (Mozilla Thunderbird+Enigmail plugin) combined with a trusted movement email provider like - and if you can, support all of these efforts with money or time.
Not good, if that system turns out to be not-all-that-secure after all. This risks herding diverse movements into a single system for secure comms.
Can this be good enough for activists? Here, we take a look at easy-to-use ProtonMail–and why we at the CLDC can’t recommend it (or its security model) for people opposing the powerful.įirst off, if you currently rely on ProtonMail for your organizing, please don’t feel you need to quit using it straight away. This security model is offered by many Snowden-era startups claiming to provide digital security to the masses. In case of bear attack, you can feel secure knowing you can outrun your (former) friend. “You don’t have to outrun the bear” is a security model where you stay safe from predators on camping trips by taking your chain-smoking, out-of-shape buddy along.