@OhMyGod Remember: ANY "#KYC" in terms of #Messenger| #Apps IS the #IllicitActivity!
Regardless if @matrix or @signalapp , the sheer request, demand or coercion onto #PII like a #PhoneNumber or #eMail-Address is bad.
Personally, I'll recommend to switch to some real #E2EE with good #SelfHosting options like @delta / #deltaChat [which uses #PGP/MIME) or @monocles / #monoclesChat (which is based upon #XMPP+#OMEMO and who do host their own servers which are user-financed and can be paid for 100% anonymously.
@aristot73 Be warned: the fine print reveals it’s an unpaid role So it’s mainly going to be employees of governments and big business, there to represent those interests
#encryption #e2ee #ChatControl #EC
@cathygellis I concur with @AndrewHenry that Thunderbird is a suitable alternative for most. However, that's only the easy half of the problem. The email and (if shared among devices) contacts and calendars still need to be hosted somewhere online.
I'm still looking for an end-to-end encrypted email, contacts, and calendar host with an open API for bridging desktop email clients, so I can have all my email and calendars in one place without any vendor lock-in.
So far, @protonprivacy offers Proton Mail Bridge exclusively for paid Proton Mail subscribers, but that's inadequate, as it's proprietary and incompatible with competing services such as @Tutanota and @mailbox_org. As far as I can tell, neither of those competitors offer any bridge options at all, and an email and (especially) calendar host is useless to me if I can't access all accounts—personal and work—across services in a single interface.
Meanwhile, none of those services offer #E2EE cross-compatibility, which makes their E2EE offering next to useless, as it's only effective within their respective walled gardens. (I expect zero prospective clients would migrate service providers in order to do business with me, and I'll no sooner maintain multiple concurrent email and calendar hosting subscriptions than I would multiple concurrent streaming video entertainment services.)
A non-proprietary shared API and a single open-source bridging program for all three (and any other competitors) would suffice for me to migrate all my personal and business email and calendars to one of those services. E2EE competitive compatibility, in addition to that, would suffice for me to begin guiding all my clients to migrate off Google and Microsoft. None of the three seem to realize yet that their main gains would be at the expense of Google and Microsoft, not each other, at least insofar as their lack of competitive compatibility indicates.
But that's all tangential to your question. If you want a not-terrible email and calendar client on Windows, the only option I'd consider is Thunderbird. Although eM Client seems to be well developed, I'd never consider proprietary desktop software for email or calendars for the same reason I'd never consider a proprietary desktop web browser: replacing Windows with Linux (or BSD) is relatively quick and easy, if that becomes necessary, but migrating accounts, mailboxes, rules, contacts, and calendars; translating configuration; and developing and learning a new workflow for the new email and calendar client would a major business disruption for anyone (like me, and I'm guessing for a lawyer such as yourself) to whose workflow email and calendars are central.
If eM Client Inc. decides to impose AI features in a manner which conflicts with your or my confidentiality obligations to our respective clients, we may only find out retroactively, and may while dealing with the fallout of that breach, we'd still need to urgently migrate everything to a new client. If the Mozilla Foundation decides to push similar misfeatures into Thunderbird, however, we'd be able to determine that beforehand, and it wouldn't take much for drop-in Thunderbird replacements (analogous to LibreWolf or Waterfox) to be released and adopted, because Thunderbird is open source. Transferring all data and settings from Thunderbird to such a replacement would be as simple as renaming one folder.
Overheard in the corridors of the European Commission, on #encryption #E2EE #ChatControl:
"We seem to be fighting a losing battle on this...
“The best lack all conviction, while the worst
"Are full of passionate intensity.”
/cc @echo_pbreyer
@cryptohagen Tak til de mange deltagere, som kom til præsentationen om anti-kryptering initiativer fra EU tidligere i dag, og for den gode og konstruktive diskussion om emnet.
Her er links til slides fra dagens præsentation https://itpol.dk/sites/itpol.dk/files/Chat-Control-og-ProtectEU-Cryptohagen-jun25.pdf
@Tutanota The main selling features I'm looking for are #E2EE interoperability with such competitors as @protonprivacy and @mailbox_org, and a shared non-proprietary API to locally bridge Tuta and competitors with common desktop mail, contacts, and calendar apps.
No one should need to maintain multiple subscriptions or break end-to-end encryption to carry on a three-party email exchange with subscribers to one of the three services each, nor to invite the other two to an event in the calendar. Anyone should be able to view their work email and their private email in the same UI. And many customers will want to bulk drag and drop or cut and paste mail and events from their old Google or Microsoft accounts into their new Tuta, Protoon, or Mailbox accounts.
Make E2EE mail and calendars federated (i.e., protocol-compatible across competing services) and compatible with desktop clients (via a single cross-compatible locally client-hosted bridging server), and you'll remove one the main barriers to customer adoption.
A non-profit trade association (like the W3C, but for E2EE mail, contacts, and calendars) would be the best place for the copyright etc. in the bridging software, and the best employer for the lead maintainers of it. Eliminate the trade-off between vendor lock-in and privacy.
Other features are nice, but till no one needs multiple concurrent competing subscriptions, or multiple mail, contact, or calendar apps, other features are practically irrelevant. What uses is an overview of my personal calendar when I can only see my own schedule there, without the context of my work and university calendars in the same view?
All #encryption #e2ee experts around the world — please consider applying to save the EU from its own fuckwitted police ideas about “safe” backdoors
From: @aristot73
https://infosec.exchange/@aristot73/114756135579776190
Watch out, #encryption fans: there is an #IGF2025 workshop TODAY 1015-1130 CEST where the usual suspects look like they are on the attack (again) #E2EE https://igf2025.sched.com/event/61f3a45b7968d8c41c8ded0ac16046e6
Hier nochmal der ganze Überblick zum aktuellen Kampf um #Chatkontrolle und #E2EE Dezember 2024
Die High-Level Working Group „Going Dark“ stellt erste Pläne zur Umgehung von Verschlüsselung vor. Einordnung von der Zivilgesellschaft: https://www.ccc.de/de/updates/2024/gegen-uberzogene-eu-uberwachungsplane
April 2025
Die EU-Kommission legt mit dem #ProtectEU-Fahrplan ein umfassendes Überwachungskonzept vor: https://edri.org/our-work/protecteu-security-strategy-a-step-further-towards-a-digital-dystopian-future/
1/x
@ticho @delta @torproject isn't that related to that "#blockchain-based" #AntisocialNetwork?
Stuff like The "#OfflinePGP method" are really important skill for everyone!
@edsu Using the #DMA it will also be open to any third party client to enable #e2ee #interoperability with #WhatsApp and #FBMessenger (which are both designated under the DMA) — at least, for their EEA-resident users (thanks to dodgy legal interpretation by #BigTech, and as yet no pushback from the @EUCommission )
Let’s hope an interoperable, #E2EE-RCS #iMessage is part of the answer!
From: @fj
https://mastodon.social/@fj/114703250888512349