fbpx
Skip to content
Home » Blogg um netöryggi » infosec » Book Errata

Book Errata

INTRO

This post will serve as an ongoing errata page for my book. My plan is to continuously update this post as I discover errors, issues, addendum, or just things I’d like to follow up on.

PUBLIC USB CHARGE STATIONS

First I want to address potential criticism that despite my promise to avoid all FUD that there might a bit of that in the section on public USB charging stations. I can totally see that point although I think calling it FUD is a bit strong. Yes, the likelihood that a public charge station could infect your phone is pretty slim and would require very specific circumstances for it to work. So more than 99% of you should be just fine. I still stand by my recommendation that carrying a power pack is a wise idea for multiple reasons.

TRAVELING MAILBOX

In my book, I mentioned that as I was wrapping up my writing I discovered a new service I thought showed great potential and promised to update all my readers on that service. I am happy to report that they have not disappointed and I plan to do a post dedicated to reviewing my experience with them. So stay tuned for that post.

PROTONMAIL

In my book, I spoke to great length about what a great company Protonmail is and their zealous privacy advocacy. This is all still true, they offer one of the few, if not the only, fully encrypted email service. This means they have a true zero-knowledge system, where even if they were forced to disclose things about their customer they simply couldn’t because everything is encrypted by the customer’s encryption certificate and their password. This means that all they could hand over are encrypted emails, which would take years, if not hundreds of years, to break the encryption on.

What has changed is that I am no longer using Protonmail as my primary email provider. I bet you are asking why did I stop using them if they are so fabulous and what am I using now. The answer to that goes back to thread modeling as discussed in the book. For my threat model encryption and secrecy is not my top requirement. I am satisfied with good privacy practices, I do not require great privacy. What caused me to leave Protonmail was their zero-knowledge encryption model meant there were a lot of features I appreciated were not possible or have not been implemented yet. Their UI is a little clunky, it is not possible to search email content are a couple of the negative aspects of Protonmail experience. What really pushed me over the edge though was lack of reliability. There were several cases where either email I sent or emails sent to me did not arrive. Protonmail support was either unwilling or unable to do anything about this, basically telling me to provide proof in a form of an error message, which I did not have, or go away.

So I took my business to a company in Australia called FastMail. They seem to have a good privacy reputation from what I’ve been able to tell and their feature sets are on par, if not above par, with the leading email providers such as Gmail and Outlook. They do not offer any encryption so if that is a requirement for your threat model then stick with Protonmail. Also, Australia is a member of the Five Eye Intelligence consortium. So if nation-states are part of your threat model you might be better of with Protonmail as Switzerland is not known for cooperating with other nation-states and there is nothing that Protonmail can provide other than heavily encrypted files even if they did. I believe that FastMail would not willingly disclose anything about its customers, however, governments could compel them to do so.

Be on the lookout for a post on my experience migrating all my domains and all my emails from Protonmail to Fastmail, as well as a full review on FastMail.

PRIVACY.COM

This is a site I just discovered this week and if I had known about it while I was writing the book I would have included it. What they are is a site that allows you to create virtual pre-paid credit card funding directly from your bank account, either through direct withdrawal or via a link to your debit card. Look for a post with a full review of privacy.com in the near future.