The small boutique mail hosts are also much more tedious to deal with than any of the big players. So it depends on your recipients how much effort self-hosting is.
Microsoft has a similar policy on their consumer domains though. If they have not received mail from you for a month or so you are insta blocked. It's infuriating for personal mail server owners.
When I ran my own mail server Microsoft was the only company I encountered that would black hole my messages - no SMTP error for my own server to bounce back to me, no bounce back from their server, nothing. I vaguely recall having to do a dance with them a few times to fix this and the last time I tried I received no response. I don't frequently interact with Office 365 users so this didn't matter much to me.
I did end up later moving to Proton primarily out of laziness. I thought these issues would be a thing of the past until I applied to work at a company that administered their own Exchange server that also black holed my messages from Proton's servers. Their reasoning? "We geo-block Switzerland for security reasons." Needless to say I turned them down.
Oh when I ran my own mailserver I did get SMTP errors back.
Every month or so I had this issue and I had to contact them through a form somewhere and I would get emails back from someone in india who reset my 'reputation'. They have some stupid made-up reputation system which means they need to see significant volume from you that is not marked as spam for them to accept your mailserver.
And yeah proton has similar issues. A lot of companies blackhole even confirmation emails there. So you can't confirm accounts with a proton email and they give zero indication as to why. Tinder and the internet archive (archive.org) come to mind.
It has been ramping up a bit. Most recent case has been Russian (sock)puppet activity on Wikipedia, where they actively try to rewrite the language used, the narrative to be more suitable for them. It has even gotten news coverage.
They really haven't improved Mail in a long time now. Still can't use your own keys, still can't have a clean unmangled export, still can't send using your own keys.
It's almost like Protonmail is intentionally hostile to key management outside of their control.
Which reminds me that BuildKit does not have support for specifying a network which is crazy given how you can configure the daemon to not attach one by-default.
It's certainly a reasonable default. People lose or have their laptops stolen much more often than they get targeted by their governments.
Though that doesn't mean Microsoft couldn't implement a way of storing these keys so that they can't be accessed by Microsoft. Still better than nothing though.
How could the TPM ever have an idea or be able to verify the other sides' privilege level, besides knowing that the other side is able to access it (the TPM)?
Off the top of my head, here are some options. They all boil down to having a privileged driver talk to the TPM and less privileged programs mediate their access through the driver.
1. Have some PCRs that are not in the TPM at all but instead have their values sent from the driver along with any command that references them.
2. Have some policy commands that are aimed at the driver, not the TPM. The TPM will always approve them, but they contain a payload that will be read and either accepted or rejected by the driver.
3. Have a way to create a virtual TPM that is hosted by the real TPM and a way to generate attestations that attest to both the real TPM part (using the real TPM's attestation key hierarchy and whatever policy was needed to instantiate the virtual TPM) and to the virtual TPM's part of the attestation. And then give less-trusted code access only to the virtual TPM.
#3 would be very useful for VMs and containers and such, too.
Because the door being open makes it possible for opportunistic thieves and even kids to steal something. If the police knocks on it, it's actually better to open it. Otherwise they will still get in, but you will also not have door after that.
With phone interception, I can't imagine any other actor being sophisticated enough to bother with setting up the stringray thingy. Maybe something very targeted to get somebody very special (having a hot wallet with 20 bitcoins and going around the city with it comes to mind), but I would still expect the simplier methods there too.
Add: Even with the normal HTTP traffic, mitming was way more common and more practically exploitable back in the day, just by setting up a rogue wifi AP and fishing for passowrds. I'm not sure it was ever a thing with stringrays when non-government actors did something with them.
reply