Written off the cuff
by yours truly.
Act One: Groundwork
There are two types of adversaries: passive and active. Passive adversaries do not interact with their target. They only monitor. The defense against passive adversaries is encryption. The defense against active adversaries is signing and encrypting. Metadata is a side-effect. We (generally) can’t control that, we might be able to manipulate it somewhat, but on the whole, we don’t (I know nothing about the legality).
When properly done, encryption guarantees confidentiality. Signing ensures integrity. And me, I’d argue that integrity is more important than confidentiality. But in reality there’s no need to choose because we can simply apply both.
Act Two: Meat of the Matter
On the whole, the intelligence agencies don’t care for content, they care about metadata. Does Signed & encrypted email contain metadata? It sure does. And in an even broader perspective: TRANSIT = METADATA. Sender and recipient rely on a medium that they in part or in whole do not control.
Does Protonmail contain metadata? I’ve never used it, but of course it has metadata. And obviously that transit is metadata as well. But he also argues that if you both use Protonmail, it stays within the Protonmail network and can only be decrypted by the correspondents i.e. you and him. Well, yeah, maybe.
Now PGP. Realistically, PGP is not crackable. Is this an absolute? There are no absolutes. Are you and I worth the quantum computing power? No – so, PGP is safe enough.
The whole combination of self hosted email + TLS between email servers + email that’s signed and encrypted + DMARC-enabled mailservers + DNSSEC enabled DNS with TLSA DNS resource records, and so on and so forth, offer the skilled sysadmin and its users a certain degree of assurance, namely that this is a self-contained unit, managed by said sysadmin.
But Is it safe? Compared to what? Protonmail? That’s is a third party service. Who’s in charge? Can you ever trust 3rd party services and their owners those more than you can trust peer reviewed technology like PGP, and open standards like SMTP over TLS, and all of the signing happens in transit as it pertains to TLS, DMARC, DNSSEC, etc.?
Can you trust your browser?
Act Three: Hash, Rinse, Repeat
This is all such a cliché by now that I call it the trade-off bonanza. Do you research stuff yourself or do you let someone else do this work for you? All systems are vulnerable, all of our thinking processes are vulnerable, there are trade-offs at every corner. Between security and decent user-experiences, security and privacy, privacy and reliability, on and on.
Protonmail might be totally legit. It might be more secure than the Vatican’s secret historic library. Who has access? No one? There might be a 0day that, like most 0days, was just caused by a mistake.
Or consider that, apart from the software, there might be a backdoor on an Intel chip that makes snooping Protonmail… or your computer… a piece of cake.
ACT FOUR – PEBKAC*
The combination of Thunderbird + Enigmail + OpenPGP does require technical know how. Everything does, He mentions Tails. And does Tails not require technical know how?
And do we even really trust Tor to begin with?
So to me “difficulty” is the ultimate wildcard argument. I call it the fallacy of user stupidity and won’t waste my time on it except to make this one point: Humans are held back by fear and doubt and driven by incentives and rewards: another trade-off indeed. When a prospect is perceived as important and/or rewarding enough, everyone can practically learn everything and speed is mostly driven by motivation versus fear doubt hesitation.
So let us take all of the above and ask ourselves this: How important is it that the contents of the email can’t be cracked? Is it about principle? Is it about real world trade secrets? Nuclear launch codes? A plot to try and take over the world? If the answer to ANY of these is “Yes” then here’s my advice: use pen & paper.