I work in InfoSec. The first step is defining what your threats are, and what are you trying to defend. I’ll be blunt, if large, highly capable geopolitical powers actively want to get your highly valuable information, beyond passive bulk collection, then they will be able to get it. I don’t quite know how to say this, but security is bad at what we do. If you want to keep something secret they want as much as say nuclear secrets, then we don’t know how to do that, so that it will work with a high chance of success.
If your information is sensitive, confidential, but nation state actors only want it as much as, say something that would give a press scandal then there is opportunity. If you want to disclose infohazards safely, there’s a lot to learn from whistleblower publisher orgs (like wikileaks), and CitizenLab.
The cheap, usable, option is for someone to have a otherwise unused phone and create a protonmail and signal with it, and then publish those on any https website (like this forum), and then the info never gets forwarded from the phone. Publish the protonmail PGP key, and make sure people email it from either Protonmail itself or if they understand PGP (so not normal gmail). That gets everything to a device with minimal attack surface, and is reasonably user friendly.
Hey Lorenzo pointed me to this comment.
I work in InfoSec. The first step is defining what your threats are, and what are you trying to defend. I’ll be blunt, if large, highly capable geopolitical powers actively want to get your highly valuable information, beyond passive bulk collection, then they will be able to get it. I don’t quite know how to say this, but security is bad at what we do. If you want to keep something secret they want as much as say nuclear secrets, then we don’t know how to do that, so that it will work with a high chance of success.
If your information is sensitive, confidential, but nation state actors only want it as much as, say something that would give a press scandal then there is opportunity. If you want to disclose infohazards safely, there’s a lot to learn from whistleblower publisher orgs (like wikileaks), and CitizenLab.
The cheap, usable, option is for someone to have a otherwise unused phone and create a protonmail and signal with it, and then publish those on any https website (like this forum), and then the info never gets forwarded from the phone. Publish the protonmail PGP key, and make sure people email it from either Protonmail itself or if they understand PGP (so not normal gmail). That gets everything to a device with minimal attack surface, and is reasonably user friendly.
If you have problems in this area, I can help.