This does not stop the host from being compelled to wiretap future communications.

Just don't try to make encrypted email happen. It can't, and we don't need it to be. We have better solutions for encrypted communications, for those that need it.

It's harder and requires more red tape.

you can be required to keep logs - they need to design a system that cannot collect logs - You cannot share what you cannot have.

I’d be more interested in a system that can prove to me that it’s not collecting logs. Hard, but not impossible.

As long as we are talking about classical communication (and not quantum) it is impossible to prove that it isn't collecting at least ciphertext logs.

Consider a certified tamper-resistant operating system which cryptographically certifies the versions of software it operates, and prohibits uncertified processes from running. The certificate of authenticity verifying the software is made available to the clients which connect to the remote application. This cert specifies all of the program transforms which were required in order to produce the compiled software, and they specify the capabilities required for the transform.

It is certainly a very hard and complex problem but I wouldn’t necessarily go as far as “impossible”. Maybe you know something I don’t know, though.

> Consider a certified tamper-resistant operating system which cryptographically certifies the versions of software it operates, and prohibits uncertified processes from running.

If I own the hardware, I can decide how the software is executed, including containerizing your certification processes to make them feel warm and fuzzy and happy but in reality they are running inside a simulation.

If push comes to shove I could theoretically manufacture my own RAM sticks that copy everything and your OS wouldn't even know, but there's a 99% chance I could successfully pull it off at the kernel virtualization level.

Not really. Tor, I2P, and Monero manage this just fine. Building on these technologies should allow one to have privacy and anonymity without any exotic quantum technology.

Well they don't actually, Tor especially has enormous amounts of government nodes so they can trace and log exactly what and who. And all of those still rely on the IP network which always will allow logging without you ever knowing, it's just math really, the proof of not-logged is just impossible.

Interesting, do you have a source? All fully p2p networks are vulnerable to sybil attacks to some extent, but specifically a source that Tor actively has enough "government nodes" to de-anonymize everything.

These technologies give privacy and anonymity under normal conditions, but they do not prevent anyone from logging ciphertexts. If someone has logged ciphertext, and the government subponies someone to divulge their private key and subponies whoever has the ciphertext, those ciphertexts as good as plain text.

I mean, I don’t think anyone really expects that encrypted messages are necessarily secure in context of stolen private keys. I assume that a lot of encrypted traffic is either recorded at the ISP/backbone level or at least can be on demand.

gullible vpn fans believe anything

or at least their favorite youtuber with the paid ads and zero domain knowledge of network topology

serious question I have is whether “internet reseller” is a compelling service. because that's all that VPNs are, and I dont mind paying to use them for that purpose.

I would say that Mullvad seems to be the exception - they know their stuff. You can even pay with cash for even more anonymity.

How would a recovery email feature be possible without them knowing what your recovery email is?

If you are super duper serious about securing yourself, recovery email is non-viable. Every piece of data is a potential vector towards exposure.

Which comes directly into the problem of security vs convenience.

Of course, but you can't blame Proton that you chose to prioritize convenience over security. If you don't want Proton to know who you are, don't use that feature.

I mean it's clear, the governments of the world are colluding to ensure that all companies and users must incriminate themselves by collecting logs. They're trying to do the same with cryptography.