The case of IncognitoMarket is disgusting. But there’s something I hope people will remember:
Never trust server-side encryption. You’ll never know what happens on the backend, because you have no access of it.
This case have some similarities with Law Enforcements made to Proton. They were fair by encrypting internal mails. But hey had to give all your mails coming from regular providers like gmail ect…
Conclusion ? When you want to use anykind of privacy/anonymity technology, you anonymize or encrypt yourself with tools like PGP for concealing files & text (and verify fingerprints) + Tor to hide your location ect…
P2P markets will need to rise at a moment or an other, because an other incognito like threat actor still can collect metadata around everything you encrypted (see how WhatsApp knows your life even with E2EE messages) & other precious data to harm you.
Yes, for example on Thunderbird (a mail client) you can use PGP very easily.
On XMPP you can use PGP or OTR on a lot of clients making the process very easy and on the client-side.
People need good education about what data they share and how they can protect it
FULL STOP, that’s how incognito got all their customer data who don’t used PGP, use a mail client like Thunderbird as explained above (they comes preinstalled on Tails btw)
Thanks, I’ll take a look and maybe promote this in my circles. Most people just use the regular gmail/outlook clients which have none of this and that keeps them vulnerable.
With a mail client you can connect your gmail/outlook account, if an other provider allows you SMTP then you will have possibility to use it on ThunderBird
Indeed, I’ll tell them this