IE like Crypto AG:
In 2020, it was revealed that the Swiss company, Crypto AG, which provided secure communications services to ~120 governments throughout the 20th century, was secretly ran by the CIA and West German Intelligence. The CIA and later NSA were able to read encrypted communications for many countries such as Saudi Arabia, Iran, Italy, Indonesia, Iraq, Libya, Jordan and South Korea.
Of course, nobody is going to have evidence here, if there was any the cover would be lifted. But one can guess chances here:
Proton: “Unlikely”… but there is a but. They never cater for the ultimate privacy and they make typical blunders of a company wanted to growth really fast. Now, that they want to be a behemoth in Privacy makes it more vulnerable to requests from law enforcement. Also, law enforcement and intelligence agencies have it easier to penetrate within Proton massive headcount growth.
Tuta: “Very Unlikely”. The people behind started very young and had a sustainable growth. The people are very visible (unlike Crypto AG) so least likely to be working for an “agency”.
Mullvad: “Very Unlikely”. I think their story is similar to Tuta (haven´t followed it that much though).
GrapheneOS: “Very Unlikely”. But in the last year I have raised some minor concerns, but I haven change my rating yet…
/e/: “Very Unlikely”. I know the dude behind for 2 decades, he wouldn´t. However, /e/ never claimed full privacy and from the beginning says he would comply 100% with “lawful” requests, but it is not a honeypot, not that would make much difference to an intelligence agency if they wanted it.
Signal: “Potentially”… yes, yes… audited, solid privacy code… but still does not make sense to me many aspects; financially solvent from day one, the extreme unquestioned massive and vast support from launching till today… if i have to bet in all of these providers, this platform would have been my take as potential compromised one. I still use it to communicate with family since I trust better than WhatsApp, but I would not use it for critical journalistic info.
Oh what are your minor concerns with GrapheneOS? I heard the head behind it is a little weird and paranoid, but honestly i think you kinda need to be for a project like that.
Signal requires to use phone number, which in many countries is legally required to be tied to your personal identity. Like the SMS provider must have a copy of your id card. You’re basically naked to the CIA when using Signal. Even if not like in the US they presumably mass collect SIM and location correlations for ID. For the life of me I do not understand how anyone can promote that shit.
So the “honeypot” of Signal is that the mainstream promotes it as IF it was a privacy focused app when it’s very glaringly obviously is not. So the effect is that it prevents market space and attention for other apps actually focused on privacy without requiring ID to sign up. It’s a bit like introducing sterile insects to prevent the spread of unwanted pests (= actually secure communication).
https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/
Great catch, is this still default behavior?
Thanks so much, this looks worth a deep look! Iĺl need time to interpret this properly.