cross-posted from: https://lemmy.world/post/46687168

AtomicMail.io has recently emerged as a significant player among "next-generation" email services, specifically targeting the privacy and security-conscious demographic. From the perspective of an email security specialist, let's analyze the platform's promises of "unlimited capacity" and "free service," alongside its corporate structure and technical foundation.

https://pdfhost.io/v/6VW4SA83NT_AtomicMail_io_Cybersecurity_and_Strategic_Analysis__2026_

1. Corporate Profile and Background Origin: The service is operated by AtomicMail Systems OÜ, based in Estonia. Estonia is a jurisdiction renowned for robust digital rights and strict data protection laws (fully GDPR compliant).

Server Location: Physical data servers are located in Germany. This is a positive indicator, as Germany maintains some of the world's most stringent data privacy regulations. History: Unlike Gmail or Proton, which have decades of history, AtomicMail is a modern startup that gained significant popularity during the 2024–2025 period.

1. Revenue Model: Why is it Free? While "free and unlimited" often serves as a red flag in tech, Atomic Mail utilizes the following model:

Freemium Model: Basic email features are free for everyone. However, "Plus" packages— including custom domain support, professional alias management, and priority support—are paid.

Prestige Alias Sales: The platform generates revenue by selling highly sought-after, short (1-4 character) email aliases through annual or three-year subscriptions.

No Data Harvesting: Unlike Gmail, the company declares that it does not scan user data or display ads; revenue is strictly derived from user subscriptions.

1. Security and Infrastructure Features Zero-Access Architecture: Your messages are stored encrypted. Not even company employees can read the content without your password.

Crypto-Style Recovery: During account creation, you are provided with a Seed Phrase (recovery words). If you forget your password, this is your only way back in. The company cannot reset your password; this is a massive security asset, but a total risk for those who lose their phrase.

Advanced Encryption: They employ OpenPGP (4096-bit) and their proprietary Atomic Encryption (ECIES) systems.

Anonymity: No phone numbers or personal information are required during registration.

1. Current User Sentiment (2026 Update) Pros (Positive) Cons (Negative) Unlimited Capacity: No more worrying about Gmail’s 15GB limit.

UI Deficiencies: Some users still complain about the lack of basic features like "Dark Mode." Privacy: The ability to sign up without a phone number is a major draw for anonymity seekers.

Deliverability: As it is a newer domain, there are rare reports of emails occasionally landing in recipients' spam folders.

Alias Support: Being able to create 10 free aliases on a single account is excellent for shielding your primary address.

Mobile App: While rated well (4.3+), some features like text selection/highlighting are limited compared to the web version.

1. Technical Verdict and Strategic Advice Atomic Mail is a formidable alternative for those tired of Gmail’s surveillance-based model and storage fees.Critical Warning: You must physically write down the Seed Phrase provided during registration. If you lose it and forget your password, even a skilled hacker could not recover your emails; by design,the system allows no external intervention.

While it appears to be a "safe harbor" for privacy, I recommend using it for non-critical testing for a few weeks before making it your primary address.

AtomicMail.io and the Thunderbird/POP3/IMAP Relationship

1. Current Status: Currently Inaccessible: As of May 2026, AtomicMail.io does not support standard POP3, IMAP, or SMTP protocols.

Why? Because of the "Zero-Access" end-to-end encryption, emails remain encrypted on the server. Standard clients like Thunderbird cannot natively decrypt this specific encryption type.

Solution: Currently, access is limited to their proprietary Web interface and native Mobile/ Desktop apps.

1. Future Roadmap: The "Encryption Bridge": A "Bridge" application is being developed for third-party apps like Thunderbird and Outlook.

Mechanism: Much like the Proton Mail Bridge, you will install a small software on your PC that decrypts emails in the background and presents them to Thunderbird as a local IMAP/ POP3 connection.

Will it be free? This remains unclear. Usually, these bridge tools are part of paid (Plus) packages. However, AtomicMail's aggressive "everything free" policy might change this.

1. Thunderbird Users: If Thunderbird integration is a "must-have" right now, AtomicMail may not be your first choice. For manual archiving, you can still export emails manually from the web interface. Direct synchronization is not yet active.

Email Forwarding Analysis Based on detailed research, the forwarding feature at AtomicMail.io differs from standard services.

1. Automatic Forwarding: The free plan currently does not offer automatic forwarding to other addresses (like Gmail or Outlook).

Technical Obstacle: Gaining access to an email to forward it would break the "Zero- Access" promise, as the email would have to be decrypted to be sent to an unencrypted service.

1. Aliases vs. Forwarding: AtomicMail provides 10 free aliases. These are 10 different addresses that all land in your single primary inbox. This feature is entirely free.

2. Alternative: Password Protected Messages: If you want to send a secure message, you can send password-protected emails for free. The recipient gets a link and reads the mail via a portal using the password you set.

Complete Technology and Risk Analysis

1. The Metadata Reality

Content: Fully encrypted.

Metadata: Who you talk to, when, and the Subject line may technically be visible to the server. AtomicMail claims to keep this to a minimum, but subject lines are usually not encrypted so they can be listed. Tip: Do not put sensitive info in the subject line.

1. Is "Unlimited" Sustainable? Technical Trick (Deduplication): If a 100MB PDF is sent to 1,000 people, the system stores one copy but shows it to everyone. This slashes storage costs.

Economics: They are currently in a growth phase. "Unlimited" is often a marketing tactic. A "Fair Use Policy" (e.g., speed throttling after 500GB) is likely in the future.3. IP Reputation and "Spam" Risk

Risk: Anonymous and free services attract spammers. If AtomicMail's IP addresses are blacklisted, your emails might land in the spam folder of other users. Currently, their reputation is moderate.

1. Legal Shield: The Estonia Factor Estonia is a world leader in digital bureaucracy. If a foreign authority wants to inspect your emails,they must obtain a court order from Estonia—a notoriously difficult and lengthy process.

2. User Experience Details File Size: Individual email attachments are likely limited to 25MB or 50MB. Search Function: Because content is encrypted, the server cannot search your emails. Searching only works for emails already indexed on your local device.

Final Recommendation: Professional Setup Strategy Primary Email Transition: Initially, test it for 3–6 months with newsletters and forums. Seed Phrase Discipline: Never store your recovery words in a digital notepad. Write it on paper and keep it in a secure physical location.

Own Your Domain: Connect your own domain for professional use. 2FA: Always use an Authenticator app.

Final Verdict: AtomicMail.io is a "rising star" for 2026. It is a digital fortress for private communication, but one should always maintain a backup plan.

Deep Technical Analysis: "Atomic Encryption"

AtomicMail's "Atomic Encryption" is based on the ECIES (Elliptic Curve Integrated Encryption Scheme).

Zero-Knowledge Proof: Your password never reaches the server. Instead, an SRP (Secure Remote Password) key is used. Even if the servers are breached, your password remains safe.

Financial Sustainability: The Cost of "Unlimited"

Venture Capital: AtomicMail is likely burning through investment capital to acquire users. Expect an "archive quota" by 2027-2028.

Low Operational Cost: By utilizing efficient data centers in Germany, they maintain low overheads.

Comparison: Infomaniak vs. AtomicMail.io (2026)

Feature Infomaniak (Swiss Powerhouse) AtomicMail.io (Security Fortress) History Since 1994 (30+ years) vs Since 2024 (Modern Startup)

Location Switzerland (Geneva) vs Estonia / Germany Focus Complete Cloud Ecosystem Pure Anonymity & E2EE

Registration Requires Phone Number No Phone / Fully Anonymous Recovery SMS/Support Possible Only via Seed Phrase

Storage 20 GB (Fixed) Unlimited (Campaign)

Which should you choose?

Choose Infomaniak if: You want Swiss reliability and don't mind providing a phone number.

Choose AtomicMail.io if: You want absolute anonymity and 100% encryption.

Backup and Account LimitsAccount Limits: Infomaniak usually limits users to one free account per phone number.

AtomicMail has no physical link to your identity, allowing multiple accounts, though anti-abuse AI monitors bulk creations.

Backup Strategy (3-2-1 Rule):

1. 3 Copies: One on the server, one on your PC, one on an external drive.
2. 2 Formats: Keep emails in the inbox and export important ones as .eml or PDF files.
3. 1 Remote Backup: Keep one physical copy in a different location.

Summary: Infomaniak is like a high-security bank vault; AtomicMail is like an encrypted black box in an underground bunker.

cross-posted from: https://lemmy.world/post/46687168

AtomicMail.io has recently emerged as a significant player among "next-generation" email services, specifically targeting the privacy and security-conscious demographic. From the perspective of an email security specialist, let's analyze the platform's promises of "unlimited capacity" and "free service," alongside its corporate structure and technical foundation.

https://pdfhost.io/v/6VW4SA83NT_AtomicMail_io_Cybersecurity_and_Strategic_Analysis__2026_

1. Corporate Profile and Background Origin: The service is operated by AtomicMail Systems OÜ, based in Estonia. Estonia is a jurisdiction renowned for robust digital rights and strict data protection laws (fully GDPR compliant).

Server Location: Physical data servers are located in Germany. This is a positive indicator, as Germany maintains some of the world's most stringent data privacy regulations. History: Unlike Gmail or Proton, which have decades of history, AtomicMail is a modern startup that gained significant popularity during the 2024–2025 period.

1. Revenue Model: Why is it Free? While "free and unlimited" often serves as a red flag in tech, Atomic Mail utilizes the following model:

Freemium Model: Basic email features are free for everyone. However, "Plus" packages— including custom domain support, professional alias management, and priority support—are paid.

Prestige Alias Sales: The platform generates revenue by selling highly sought-after, short (1-4 character) email aliases through annual or three-year subscriptions.

No Data Harvesting: Unlike Gmail, the company declares that it does not scan user data or display ads; revenue is strictly derived from user subscriptions.

1. Security and Infrastructure Features Zero-Access Architecture: Your messages are stored encrypted. Not even company employees can read the content without your password.

Crypto-Style Recovery: During account creation, you are provided with a Seed Phrase (recovery words). If you forget your password, this is your only way back in. The company cannot reset your password; this is a massive security asset, but a total risk for those who lose their phrase.

Advanced Encryption: They employ OpenPGP (4096-bit) and their proprietary Atomic Encryption (ECIES) systems.

Anonymity: No phone numbers or personal information are required during registration.

1. Current User Sentiment (2026 Update) Pros (Positive) Cons (Negative) Unlimited Capacity: No more worrying about Gmail’s 15GB limit.

UI Deficiencies: Some users still complain about the lack of basic features like "Dark Mode." Privacy: The ability to sign up without a phone number is a major draw for anonymity seekers.

Deliverability: As it is a newer domain, there are rare reports of emails occasionally landing in recipients' spam folders.

Alias Support: Being able to create 10 free aliases on a single account is excellent for shielding your primary address.

Mobile App: While rated well (4.3+), some features like text selection/highlighting are limited compared to the web version.

1. Technical Verdict and Strategic Advice Atomic Mail is a formidable alternative for those tired of Gmail’s surveillance-based model and storage fees.Critical Warning: You must physically write down the Seed Phrase provided during registration. If you lose it and forget your password, even a skilled hacker could not recover your emails; by design,the system allows no external intervention.

While it appears to be a "safe harbor" for privacy, I recommend using it for non-critical testing for a few weeks before making it your primary address.

AtomicMail.io and the Thunderbird/POP3/IMAP Relationship

1. Current Status: Currently Inaccessible: As of May 2026, AtomicMail.io does not support standard POP3, IMAP, or SMTP protocols.

Why? Because of the "Zero-Access" end-to-end encryption, emails remain encrypted on the server. Standard clients like Thunderbird cannot natively decrypt this specific encryption type.

Solution: Currently, access is limited to their proprietary Web interface and native Mobile/ Desktop apps.

1. Future Roadmap: The "Encryption Bridge": A "Bridge" application is being developed for third-party apps like Thunderbird and Outlook.

Mechanism: Much like the Proton Mail Bridge, you will install a small software on your PC that decrypts emails in the background and presents them to Thunderbird as a local IMAP/ POP3 connection.

Will it be free? This remains unclear. Usually, these bridge tools are part of paid (Plus) packages. However, AtomicMail's aggressive "everything free" policy might change this.

1. Thunderbird Users: If Thunderbird integration is a "must-have" right now, AtomicMail may not be your first choice. For manual archiving, you can still export emails manually from the web interface. Direct synchronization is not yet active.

Email Forwarding Analysis Based on detailed research, the forwarding feature at AtomicMail.io differs from standard services.

1. Automatic Forwarding: The free plan currently does not offer automatic forwarding to other addresses (like Gmail or Outlook).

Technical Obstacle: Gaining access to an email to forward it would break the "Zero- Access" promise, as the email would have to be decrypted to be sent to an unencrypted service.

1. Aliases vs. Forwarding: AtomicMail provides 10 free aliases. These are 10 different addresses that all land in your single primary inbox. This feature is entirely free.

2. Alternative: Password Protected Messages: If you want to send a secure message, you can send password-protected emails for free. The recipient gets a link and reads the mail via a portal using the password you set.

Complete Technology and Risk Analysis

1. The Metadata Reality

Content: Fully encrypted.

Metadata: Who you talk to, when, and the Subject line may technically be visible to the server. AtomicMail claims to keep this to a minimum, but subject lines are usually not encrypted so they can be listed. Tip: Do not put sensitive info in the subject line.

1. Is "Unlimited" Sustainable? Technical Trick (Deduplication): If a 100MB PDF is sent to 1,000 people, the system stores one copy but shows it to everyone. This slashes storage costs.

Economics: They are currently in a growth phase. "Unlimited" is often a marketing tactic. A "Fair Use Policy" (e.g., speed throttling after 500GB) is likely in the future.3. IP Reputation and "Spam" Risk

Risk: Anonymous and free services attract spammers. If AtomicMail's IP addresses are blacklisted, your emails might land in the spam folder of other users. Currently, their reputation is moderate.

1. Legal Shield: The Estonia Factor Estonia is a world leader in digital bureaucracy. If a foreign authority wants to inspect your emails,they must obtain a court order from Estonia—a notoriously difficult and lengthy process.

2. User Experience Details File Size: Individual email attachments are likely limited to 25MB or 50MB. Search Function: Because content is encrypted, the server cannot search your emails. Searching only works for emails already indexed on your local device.

Final Recommendation: Professional Setup Strategy Primary Email Transition: Initially, test it for 3–6 months with newsletters and forums. Seed Phrase Discipline: Never store your recovery words in a digital notepad. Write it on paper and keep it in a secure physical location.

Own Your Domain: Connect your own domain for professional use. 2FA: Always use an Authenticator app.

Final Verdict: AtomicMail.io is a "rising star" for 2026. It is a digital fortress for private communication, but one should always maintain a backup plan.

Deep Technical Analysis: "Atomic Encryption"

AtomicMail's "Atomic Encryption" is based on the ECIES (Elliptic Curve Integrated Encryption Scheme).

Zero-Knowledge Proof: Your password never reaches the server. Instead, an SRP (Secure Remote Password) key is used. Even if the servers are breached, your password remains safe.

Financial Sustainability: The Cost of "Unlimited"

Venture Capital: AtomicMail is likely burning through investment capital to acquire users. Expect an "archive quota" by 2027-2028.

Low Operational Cost: By utilizing efficient data centers in Germany, they maintain low overheads.

Comparison: Infomaniak vs. AtomicMail.io (2026)

Feature Infomaniak (Swiss Powerhouse) AtomicMail.io (Security Fortress) History Since 1994 (30+ years) vs Since 2024 (Modern Startup)

Location Switzerland (Geneva) vs Estonia / Germany Focus Complete Cloud Ecosystem Pure Anonymity & E2EE

Registration Requires Phone Number No Phone / Fully Anonymous Recovery SMS/Support Possible Only via Seed Phrase

Storage 20 GB (Fixed) Unlimited (Campaign)

Which should you choose?

Choose Infomaniak if: You want Swiss reliability and don't mind providing a phone number.

Choose AtomicMail.io if: You want absolute anonymity and 100% encryption.

Backup and Account LimitsAccount Limits: Infomaniak usually limits users to one free account per phone number.

AtomicMail has no physical link to your identity, allowing multiple accounts, though anti-abuse AI monitors bulk creations.

Backup Strategy (3-2-1 Rule):

1. 3 Copies: One on the server, one on your PC, one on an external drive.
2. 2 Formats: Keep emails in the inbox and export important ones as .eml or PDF files.
3. 1 Remote Backup: Keep one physical copy in a different location.

Summary: Infomaniak is like a high-security bank vault; AtomicMail is like an encrypted black box in an underground bunker.

cross-posted from: https://lemmy.world/post/46687168

AtomicMail.io has recently emerged as a significant player among "next-generation" email services, specifically targeting the privacy and security-conscious demographic. From the perspective of an email security specialist, let's analyze the platform's promises of "unlimited capacity" and "free service," alongside its corporate structure and technical foundation.

https://pdfhost.io/v/6VW4SA83NT_AtomicMail_io_Cybersecurity_and_Strategic_Analysis__2026_

1. Corporate Profile and Background Origin: The service is operated by AtomicMail Systems OÜ, based in Estonia. Estonia is a jurisdiction renowned for robust digital rights and strict data protection laws (fully GDPR compliant). Server Location: Physical data servers are located in Germany. This is a positive indicator, as Germany maintains some of the world's most stringent data privacy regulations. History: Unlike Gmail or Proton, which have decades of history, AtomicMail is a modern startup that gained significant popularity during the 2024–2025 period.
2. Revenue Model: Why is it Free? While "free and unlimited" often serves as a red flag in tech, Atomic Mail utilizes the following model: Freemium Model: Basic email features are free for everyone. However, "Plus" packages— including custom domain support, professional alias management, and priority support—are paid. Prestige Alias Sales: The platform generates revenue by selling highly sought-after, short (1-4 character) email aliases through annual or three-year subscriptions. No Data Harvesting: Unlike Gmail, the company declares that it does not scan user data or display ads; revenue is strictly derived from user subscriptions.
3. Security and Infrastructure Features Zero-Access Architecture: Your messages are stored encrypted. Not even company employees can read the content without your password. Crypto-Style Recovery: During account creation, you are provided with a Seed Phrase (recovery words). If you forget your password, this is your only way back in. The company cannot reset your password; this is a massive security asset, but a total risk for those who lose their phrase. Advanced Encryption: They employ OpenPGP (4096-bit) and their proprietary Atomic Encryption (ECIES) systems. Anonymity: No phone numbers or personal information are required during registration.
4. Current User Sentiment (2026 Update) Pros (Positive) Cons (Negative) Unlimited Capacity: No more worrying about Gmail’s 15GB limit. UI Deficiencies: Some users still complain about the lack of basic features like "Dark Mode." Privacy: The ability to sign up without a phone number is a major draw for anonymity seekers. Deliverability: As it is a newer domain, there are rare reports of emails occasionally landing in recipients' spam folders. Alias Support: Being able to create 10 free aliases on a single account is excellent for shielding your primary address. Mobile App: While rated well (4.3+), some features like text selection/highlighting are limited compared to the web version.
5. Technical Verdict and Strategic Advice Atomic Mail is a formidable alternative for those tired of Gmail’s surveillance-based model and storage fees.Critical Warning: You must physically write down the Seed Phrase provided during registration. If you lose it and forget your password, even a skilled hacker could not recover your emails; by design, the system allows no external intervention. While it appears to be a "safe harbor" for privacy, I recommend using it for non-critical testing for a few weeks before making it your primary address. AtomicMail.io and the Thunderbird/POP3/IMAP Relationship
6. Current Status: Currently Inaccessible: As of May 2026, AtomicMail.io does not support standard POP3, IMAP, or SMTP protocols. Why? Because of the "Zero-Access" end-to-end encryption, emails remain encrypted on the server. Standard clients like Thunderbird cannot natively decrypt this specific encryption type. Solution: Currently, access is limited to their proprietary Web interface and native Mobile/ Desktop apps.
7. Future Roadmap: The "Encryption Bridge": A "Bridge" application is being developed for third-party apps like Thunderbird and Outlook. Mechanism: Much like the Proton Mail Bridge, you will install a small software on your PC that decrypts emails in the background and presents them to Thunderbird as a local IMAP/ POP3 connection. Will it be free? This remains unclear. Usually, these bridge tools are part of paid (Plus) packages. However, AtomicMail's aggressive "everything free" policy might change this.
8. Thunderbird Users: If Thunderbird integration is a "must-have" right now, AtomicMail may not be your first choice. For manual archiving, you can still export emails manually from the web interface. Direct synchronization is not yet active. Email Forwarding Analysis Based on detailed research, the forwarding feature at AtomicMail.io differs from standard services.
9. Automatic Forwarding: The free plan currently does not offer automatic forwarding to other addresses (like Gmail or Outlook). Technical Obstacle: Gaining access to an email to forward it would break the "Zero- Access" promise, as the email would have to be decrypted to be sent to an unencrypted service.
10. Aliases vs. Forwarding: AtomicMail provides 10 free aliases. These are 10 different addresses that all land in your single primary inbox. This feature is entirely free.
11. Alternative: Password Protected Messages: If you want to send a secure message, you can send password-protected emails for free. The recipient gets a link and reads the mail via a portal using the password you set. Complete Technology and Risk Analysis
12. The Metadata Reality Content: Fully encrypted. Metadata: Who you talk to, when, and the Subject line may technically be visible to the server. AtomicMail claims to keep this to a minimum, but subject lines are usually not encrypted so they can be listed. Tip: Do not put sensitive info in the subject line.
13. Is "Unlimited" Sustainable? Technical Trick (Deduplication): If a 100MB PDF is sent to 1,000 people, the system stores one copy but shows it to everyone. This slashes storage costs. Economics: They are currently in a growth phase. "Unlimited" is often a marketing tactic. A "Fair Use Policy" (e.g., speed throttling after 500GB) is likely in the future.3. IP Reputation and "Spam" Risk Risk: Anonymous and free services attract spammers. If AtomicMail's IP addresses are blacklisted, your emails might land in the spam folder of other users. Currently, their reputation is moderate.
14. Legal Shield: The Estonia Factor Estonia is a world leader in digital bureaucracy. If a foreign authority wants to inspect your emails, they must obtain a court order from Estonia—a notoriously difficult and lengthy process.
15. User Experience Details File Size: Individual email attachments are likely limited to 25MB or 50MB. Search Function: Because content is encrypted, the server cannot search your emails. Searching only works for emails already indexed on your local device. Final Recommendation: Professional Setup Strategy Primary Email Transition: Initially, test it for 3–6 months with newsletters and forums. Seed Phrase Discipline: Never store your recovery words in a digital notepad. Write it on paper and keep it in a secure physical location. Own Your Domain: Connect your own domain for professional use. 2FA: Always use an Authenticator app. Final Verdict: AtomicMail.io is a "rising star" for 2026. It is a digital fortress for private communication, but one should always maintain a backup plan. Deep Technical Analysis: "Atomic Encryption" AtomicMail's "Atomic Encryption" is based on the ECIES (Elliptic Curve Integrated Encryption Scheme). Zero-Knowledge Proof: Your password never reaches the server. Instead, an SRP (Secure Remote Password) key is used. Even if the servers are breached, your password remains safe. Financial Sustainability: The Cost of "Unlimited" Venture Capital: AtomicMail is likely burning through investment capital to acquire users. Expect an "archive quota" by 2027-2028. Low Operational Cost: By utilizing efficient data centers in Germany, they maintain low overheads. Comparison: Infomaniak vs. AtomicMail.io (2026) Feature Infomaniak (Swiss Powerhouse) AtomicMail.io (Security Fortress) History Since 1994 (30+ years) Since 2024 (Modern Startup) Location Switzerland (Geneva) Estonia / Germany Focus Complete Cloud Ecosystem Pure Anonymity & E2EE Registration Requires Phone Number No Phone / Fully Anonymous Recovery SMS/Support Possible Only via Seed Phrase Storage 20 GB (Fixed) Unlimited (Campaign) Which should you choose? Choose Infomaniak if: You want Swiss reliability and don't mind providing a phone number. Choose AtomicMail.io if: You want absolute anonymity and 100% encryption. Backup and Account LimitsAccount Limits: Infomaniak usually limits users to one free account per phone number. AtomicMail has no physical link to your identity, allowing multiple accounts, though anti-abuse AI monitors bulk creations. Backup Strategy (3-2-1 Rule):
16. 3 Copies: One on the server, one on your PC, one on an external drive.
17. 2 Formats: Keep emails in the inbox and export important ones as .eml or PDF files.
18. 1 Remote Backup: Keep one physical copy in a different location.

Summary: Infomaniak is like a high-security bank vault; AtomicMail is like an encrypted black box in an underground bunker.

cross-posted from: https://lemmy.world/post/46687168

AtomicMail.io has recently emerged as a significant player among "next-generation" email services, specifically targeting the privacy and security-conscious demographic. From the perspective of an email security specialist, let's analyze the platform's promises of "unlimited capacity" and "free service," alongside its corporate structure and technical foundation.

https://pdfhost.io/v/6VW4SA83NT_AtomicMail_io_Cybersecurity_and_Strategic_Analysis__2026_

1. Corporate Profile and Background Origin: The service is operated by AtomicMail Systems OÜ, based in Estonia. Estonia is a jurisdiction renowned for robust digital rights and strict data protection laws (fully GDPR compliant). Server Location: Physical data servers are located in Germany. This is a positive indicator, as Germany maintains some of the world's most stringent data privacy regulations. History: Unlike Gmail or Proton, which have decades of history, AtomicMail is a modern startup that gained significant popularity during the 2024–2025 period.
2. Revenue Model: Why is it Free? While "free and unlimited" often serves as a red flag in tech, Atomic Mail utilizes the following model: Freemium Model: Basic email features are free for everyone. However, "Plus" packages— including custom domain support, professional alias management, and priority support—are paid. Prestige Alias Sales: The platform generates revenue by selling highly sought-after, short (1-4 character) email aliases through annual or three-year subscriptions. No Data Harvesting: Unlike Gmail, the company declares that it does not scan user data or display ads; revenue is strictly derived from user subscriptions.
3. Security and Infrastructure Features Zero-Access Architecture: Your messages are stored encrypted. Not even company employees can read the content without your password. Crypto-Style Recovery: During account creation, you are provided with a Seed Phrase (recovery words). If you forget your password, this is your only way back in. The company cannot reset your password; this is a massive security asset, but a total risk for those who lose their phrase. Advanced Encryption: They employ OpenPGP (4096-bit) and their proprietary Atomic Encryption (ECIES) systems. Anonymity: No phone numbers or personal information are required during registration.
4. Current User Sentiment (2026 Update) Pros (Positive) Cons (Negative) Unlimited Capacity: No more worrying about Gmail’s 15GB limit. UI Deficiencies: Some users still complain about the lack of basic features like "Dark Mode." Privacy: The ability to sign up without a phone number is a major draw for anonymity seekers. Deliverability: As it is a newer domain, there are rare reports of emails occasionally landing in recipients' spam folders. Alias Support: Being able to create 10 free aliases on a single account is excellent for shielding your primary address. Mobile App: While rated well (4.3+), some features like text selection/highlighting are limited compared to the web version.
5. Technical Verdict and Strategic Advice Atomic Mail is a formidable alternative for those tired of Gmail’s surveillance-based model and storage fees.Critical Warning: You must physically write down the Seed Phrase provided during registration. If you lose it and forget your password, even a skilled hacker could not recover your emails; by design, the system allows no external intervention. While it appears to be a "safe harbor" for privacy, I recommend using it for non-critical testing for a few weeks before making it your primary address. AtomicMail.io and the Thunderbird/POP3/IMAP Relationship
6. Current Status: Currently Inaccessible: As of May 2026, AtomicMail.io does not support standard POP3, IMAP, or SMTP protocols. Why? Because of the "Zero-Access" end-to-end encryption, emails remain encrypted on the server. Standard clients like Thunderbird cannot natively decrypt this specific encryption type. Solution: Currently, access is limited to their proprietary Web interface and native Mobile/ Desktop apps.
7. Future Roadmap: The "Encryption Bridge": A "Bridge" application is being developed for third-party apps like Thunderbird and Outlook. Mechanism: Much like the Proton Mail Bridge, you will install a small software on your PC that decrypts emails in the background and presents them to Thunderbird as a local IMAP/ POP3 connection. Will it be free? This remains unclear. Usually, these bridge tools are part of paid (Plus) packages. However, AtomicMail's aggressive "everything free" policy might change this.
8. Thunderbird Users: If Thunderbird integration is a "must-have" right now, AtomicMail may not be your first choice. For manual archiving, you can still export emails manually from the web interface. Direct synchronization is not yet active. Email Forwarding Analysis Based on detailed research, the forwarding feature at AtomicMail.io differs from standard services.
9. Automatic Forwarding: The free plan currently does not offer automatic forwarding to other addresses (like Gmail or Outlook). Technical Obstacle: Gaining access to an email to forward it would break the "Zero- Access" promise, as the email would have to be decrypted to be sent to an unencrypted service.
10. Aliases vs. Forwarding: AtomicMail provides 10 free aliases. These are 10 different addresses that all land in your single primary inbox. This feature is entirely free.
11. Alternative: Password Protected Messages: If you want to send a secure message, you can send password-protected emails for free. The recipient gets a link and reads the mail via a portal using the password you set. Complete Technology and Risk Analysis
12. The Metadata Reality Content: Fully encrypted. Metadata: Who you talk to, when, and the Subject line may technically be visible to the server. AtomicMail claims to keep this to a minimum, but subject lines are usually not encrypted so they can be listed. Tip: Do not put sensitive info in the subject line.
13. Is "Unlimited" Sustainable? Technical Trick (Deduplication): If a 100MB PDF is sent to 1,000 people, the system stores one copy but shows it to everyone. This slashes storage costs. Economics: They are currently in a growth phase. "Unlimited" is often a marketing tactic. A "Fair Use Policy" (e.g., speed throttling after 500GB) is likely in the future.3. IP Reputation and "Spam" Risk Risk: Anonymous and free services attract spammers. If AtomicMail's IP addresses are blacklisted, your emails might land in the spam folder of other users. Currently, their reputation is moderate.
14. Legal Shield: The Estonia Factor Estonia is a world leader in digital bureaucracy. If a foreign authority wants to inspect your emails, they must obtain a court order from Estonia—a notoriously difficult and lengthy process.
15. User Experience Details File Size: Individual email attachments are likely limited to 25MB or 50MB. Search Function: Because content is encrypted, the server cannot search your emails. Searching only works for emails already indexed on your local device. Final Recommendation: Professional Setup Strategy Primary Email Transition: Initially, test it for 3–6 months with newsletters and forums. Seed Phrase Discipline: Never store your recovery words in a digital notepad. Write it on paper and keep it in a secure physical location. Own Your Domain: Connect your own domain for professional use. 2FA: Always use an Authenticator app. Final Verdict: AtomicMail.io is a "rising star" for 2026. It is a digital fortress for private communication, but one should always maintain a backup plan. Deep Technical Analysis: "Atomic Encryption" AtomicMail's "Atomic Encryption" is based on the ECIES (Elliptic Curve Integrated Encryption Scheme). Zero-Knowledge Proof: Your password never reaches the server. Instead, an SRP (Secure Remote Password) key is used. Even if the servers are breached, your password remains safe. Financial Sustainability: The Cost of "Unlimited" Venture Capital: AtomicMail is likely burning through investment capital to acquire users. Expect an "archive quota" by 2027-2028. Low Operational Cost: By utilizing efficient data centers in Germany, they maintain low overheads. Comparison: Infomaniak vs. AtomicMail.io (2026) Feature Infomaniak (Swiss Powerhouse) AtomicMail.io (Security Fortress) History Since 1994 (30+ years) Since 2024 (Modern Startup) Location Switzerland (Geneva) Estonia / Germany Focus Complete Cloud Ecosystem Pure Anonymity & E2EE Registration Requires Phone Number No Phone / Fully Anonymous Recovery SMS/Support Possible Only via Seed Phrase Storage 20 GB (Fixed) Unlimited (Campaign) Which should you choose? Choose Infomaniak if: You want Swiss reliability and don't mind providing a phone number. Choose AtomicMail.io if: You want absolute anonymity and 100% encryption. Backup and Account LimitsAccount Limits: Infomaniak usually limits users to one free account per phone number. AtomicMail has no physical link to your identity, allowing multiple accounts, though anti-abuse AI monitors bulk creations. Backup Strategy (3-2-1 Rule):
16. 3 Copies: One on the server, one on your PC, one on an external drive.
17. 2 Formats: Keep emails in the inbox and export important ones as .eml or PDF files.
18. 1 Remote Backup: Keep one physical copy in a different location. Summary: Infomaniak is like a high-security bank vault; AtomicMail is like an encrypted black box in an underground bunker.

cross-posted from: https://lemmy.world/post/46687168

AtomicMail.io has recently emerged as a significant player among "next-generation" email services, specifically targeting the privacy and security-conscious demographic. From the perspective of an email security specialist, let's analyze the platform's promises of "unlimited capacity" and "free service," alongside its corporate structure and technical foundation.

https://pdfhost.io/v/6VW4SA83NT_AtomicMail_io_Cybersecurity_and_Strategic_Analysis__2026_

1. Corporate Profile and Background Origin: The service is operated by AtomicMail Systems OÜ, based in Estonia. Estonia is a jurisdiction renowned for robust digital rights and strict data protection laws (fully GDPR compliant). Server Location: Physical data servers are located in Germany. This is a positive indicator, as Germany maintains some of the world's most stringent data privacy regulations. History: Unlike Gmail or Proton, which have decades of history, AtomicMail is a modern startup that gained significant popularity during the 2024–2025 period.
2. Revenue Model: Why is it Free? While "free and unlimited" often serves as a red flag in tech, Atomic Mail utilizes the following model: Freemium Model: Basic email features are free for everyone. However, "Plus" packages— including custom domain support, professional alias management, and priority support—are paid. Prestige Alias Sales: The platform generates revenue by selling highly sought-after, short (1-4 character) email aliases through annual or three-year subscriptions. No Data Harvesting: Unlike Gmail, the company declares that it does not scan user data or display ads; revenue is strictly derived from user subscriptions.
3. Security and Infrastructure Features Zero-Access Architecture: Your messages are stored encrypted. Not even company employees can read the content without your password. Crypto-Style Recovery: During account creation, you are provided with a Seed Phrase (recovery words). If you forget your password, this is your only way back in. The company cannot reset your password; this is a massive security asset, but a total risk for those who lose their phrase. Advanced Encryption: They employ OpenPGP (4096-bit) and their proprietary Atomic Encryption (ECIES) systems. Anonymity: No phone numbers or personal information are required during registration.
4. Current User Sentiment (2026 Update) Pros (Positive) Cons (Negative) Unlimited Capacity: No more worrying about Gmail’s 15GB limit. UI Deficiencies: Some users still complain about the lack of basic features like "Dark Mode." Privacy: The ability to sign up without a phone number is a major draw for anonymity seekers. Deliverability: As it is a newer domain, there are rare reports of emails occasionally landing in recipients' spam folders. Alias Support: Being able to create 10 free aliases on a single account is excellent for shielding your primary address. Mobile App: While rated well (4.3+), some features like text selection/highlighting are limited compared to the web version.
5. Technical Verdict and Strategic Advice Atomic Mail is a formidable alternative for those tired of Gmail’s surveillance-based model and storage fees.Critical Warning: You must physically write down the Seed Phrase provided during registration. If you lose it and forget your password, even a skilled hacker could not recover your emails; by design, the system allows no external intervention. While it appears to be a "safe harbor" for privacy, I recommend using it for non-critical testing for a few weeks before making it your primary address. AtomicMail.io and the Thunderbird/POP3/IMAP Relationship
6. Current Status: Currently Inaccessible: As of May 2026, AtomicMail.io does not support standard POP3, IMAP, or SMTP protocols. Why? Because of the "Zero-Access" end-to-end encryption, emails remain encrypted on the server. Standard clients like Thunderbird cannot natively decrypt this specific encryption type. Solution: Currently, access is limited to their proprietary Web interface and native Mobile/ Desktop apps.
7. Future Roadmap: The "Encryption Bridge": A "Bridge" application is being developed for third-party apps like Thunderbird and Outlook. Mechanism: Much like the Proton Mail Bridge, you will install a small software on your PC that decrypts emails in the background and presents them to Thunderbird as a local IMAP/ POP3 connection. Will it be free? This remains unclear. Usually, these bridge tools are part of paid (Plus) packages. However, AtomicMail's aggressive "everything free" policy might change this.
8. Thunderbird Users: If Thunderbird integration is a "must-have" right now, AtomicMail may not be your first choice. For manual archiving, you can still export emails manually from the web interface. Direct synchronization is not yet active. Email Forwarding Analysis Based on detailed research, the forwarding feature at AtomicMail.io differs from standard services.
9. Automatic Forwarding: The free plan currently does not offer automatic forwarding to other addresses (like Gmail or Outlook). Technical Obstacle: Gaining access to an email to forward it would break the "Zero- Access" promise, as the email would have to be decrypted to be sent to an unencrypted service.
10. Aliases vs. Forwarding: AtomicMail provides 10 free aliases. These are 10 different addresses that all land in your single primary inbox. This feature is entirely free.
11. Alternative: Password Protected Messages: If you want to send a secure message, you can send password-protected emails for free. The recipient gets a link and reads the mail via a portal using the password you set. Complete Technology and Risk Analysis
12. The Metadata Reality Content: Fully encrypted. Metadata: Who you talk to, when, and the Subject line may technically be visible to the server. AtomicMail claims to keep this to a minimum, but subject lines are usually not encrypted so they can be listed. Tip: Do not put sensitive info in the subject line.
13. Is "Unlimited" Sustainable? Technical Trick (Deduplication): If a 100MB PDF is sent to 1,000 people, the system stores one copy but shows it to everyone. This slashes storage costs. Economics: They are currently in a growth phase. "Unlimited" is often a marketing tactic. A "Fair Use Policy" (e.g., speed throttling after 500GB) is likely in the future.3. IP Reputation and "Spam" Risk Risk: Anonymous and free services attract spammers. If AtomicMail's IP addresses are blacklisted, your emails might land in the spam folder of other users. Currently, their reputation is moderate.
14. Legal Shield: The Estonia Factor Estonia is a world leader in digital bureaucracy. If a foreign authority wants to inspect your emails, they must obtain a court order from Estonia—a notoriously difficult and lengthy process.
15. User Experience Details File Size: Individual email attachments are likely limited to 25MB or 50MB. Search Function: Because content is encrypted, the server cannot search your emails. Searching only works for emails already indexed on your local device. Final Recommendation: Professional Setup Strategy Primary Email Transition: Initially, test it for 3–6 months with newsletters and forums. Seed Phrase Discipline: Never store your recovery words in a digital notepad. Write it on paper and keep it in a secure physical location. Own Your Domain: Connect your own domain for professional use. 2FA: Always use an Authenticator app. Final Verdict: AtomicMail.io is a "rising star" for 2026. It is a digital fortress for private communication, but one should always maintain a backup plan. Deep Technical Analysis: "Atomic Encryption" AtomicMail's "Atomic Encryption" is based on the ECIES (Elliptic Curve Integrated Encryption Scheme). Zero-Knowledge Proof: Your password never reaches the server. Instead, an SRP (Secure Remote Password) key is used. Even if the servers are breached, your password remains safe. Financial Sustainability: The Cost of "Unlimited" Venture Capital: AtomicMail is likely burning through investment capital to acquire users. Expect an "archive quota" by 2027-2028. Low Operational Cost: By utilizing efficient data centers in Germany, they maintain low overheads. Comparison: Infomaniak vs. AtomicMail.io (2026) Feature Infomaniak (Swiss Powerhouse) AtomicMail.io (Security Fortress) History Since 1994 (30+ years) Since 2024 (Modern Startup) Location Switzerland (Geneva) Estonia / Germany Focus Complete Cloud Ecosystem Pure Anonymity & E2EE Registration Requires Phone Number No Phone / Fully Anonymous Recovery SMS/Support Possible Only via Seed Phrase Storage 20 GB (Fixed) Unlimited (Campaign) Which should you choose? Choose Infomaniak if: You want Swiss reliability and don't mind providing a phone number. Choose AtomicMail.io if: You want absolute anonymity and 100% encryption. Backup and Account LimitsAccount Limits: Infomaniak usually limits users to one free account per phone number. AtomicMail has no physical link to your identity, allowing multiple accounts, though anti-abuse AI monitors bulk creations. Backup Strategy (3-2-1 Rule):
16. 3 Copies: One on the server, one on your PC, one on an external drive.
17. 2 Formats: Keep emails in the inbox and export important ones as .eml or PDF files.
18. 1 Remote Backup: Keep one physical copy in a different location. Summary: Infomaniak is like a high-security bank vault; AtomicMail is like an encrypted black box in an underground bunker.

Updating the situation:

I'd like to do the following: for the first 15 minutes, I want to play the video normally and then either not show the rest or display a frozen image instead.

I occasionally encounter corrupted videos that only show certain parts and not the entire content.

I was wondering if I could replicate such a situation based on my selection. However, I would also like the option to view the entire video normally if I choose to do so through an alternative method

1. Persistent Device Identifiers

My id is (1 digit changed to preserve my privacy):

38400000-8cf0-11bd-b23e-30b96e40000d

Android assigns Advertising IDs, unique identifiers that apps and advertisers use to track users across installations and account changes. Google explicitly states:

“The advertising ID is a unique, user-resettable ID for advertising, provided by Google Play services. It gives users better controls and provides developers with a simple, standard system to continue to monetize their apps.” Source: Google Android Developer Documentation

This ID allows apps to rebuild user profiles even after resets, enabling persistent tracking.

1. Tracking via Cookies

Android’s web and app environments rely on cookies with unique identifiers. The W3C (web standards body) confirms:

“HTTP cookies are used to identify specific users and improve their web experience by storing session data, authentication, and tracking information.” Source: W3C HTTP State Management Mechanism https://www.w3.org/Protocols/rfc2109/rfc2109

Google’s Privacy Sandbox initiative further admits cookies are used for cross-site tracking:

“Third-party cookies have been a cornerstone of the web for decades… but they can also be used to track users across sites.” Source: Google Privacy Sandbox https://privacysandbox.com/intl/en_us/

1. Ad-Driven Data Collection

Google’s ad platforms, like AdMob, collect behavioral data to refine targeting. The FTC found in a 2019 settlement:

“YouTube illegally harvested children’s data without parental consent, using it to target ads to minors.” Source: FTC Press Release https://www.ftc.gov/news-events/press-releases/2019/09/google-youtube-will-pay-record-170-million-settlement-over-claims

A 2022 study by Aarhus University confirmed:

“87% of Android apps share data with third parties.” Source: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies https://dl.acm.org/doi/10.1145/3534593

1. Device Fingerprinting

Android permits fingerprinting by allowing apps to access device metadata. The Electronic Frontier Foundation (EFF) warns:

“Even when users reset their Advertising ID, fingerprinting techniques combine static device attributes (e.g., OS version, hardware specs) to re-identify them.” Source: EFF Technical Analysis https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

1. Hardware-Level Tracking

Google’s Titan M security chip, embedded in Pixel devices, operates independently of software controls. Researchers at Technische Universität Berlin noted:

“Hardware-level components like Titan M can execute processes that users cannot audit or disable, raising concerns about opaque data collection.” Source: TU Berlin Research Paper https://arxiv.org/abs/2105.14442

Regarding Titan M: Lots of its rsearch is being taken down. Very few are remaining online. This is one of them available today.

"In this paper, we provided the first study of the Titan M chip, recently introduced by Google in its Pixel smartphones. Despite being a key element in the security of these devices, no research is available on the subject and very little information is publicly available. We approached the target from different perspectives: we statically reverse-engineered the firmware, we audited the available libraries on the Android repositories, and we dynamically examined its memory layout by exploiting a known vulnerability. Then, we used the knowledge obtained through our study to design and implement a structure-aware black-box fuzzer, mutating valid Protobuf messages to automatically test the firmware. Leveraging our fuzzer, we identified several known vulnerabilities in a recent version of the firmware. Moreover, we discovered a 0-day vulnerability, which we responsibly disclosed to the vendor."

Ref: https://conand.me/publications/melotti-titanm-2021.pdf

1. Notification Overload

A 2021 UC Berkeley study found:

“Android apps send 45% more notifications than iOS apps, often prioritizing engagement over utility. Notifications act as a ‘hook’ to drive app usage and data collection.” Source: Proceedings of the ACM on Human-Computer Interaction https://dl.acm.org/doi/10.1145/3411764.3445589

How can this be used nefariously?

Let's say you are a person who believes in Truth and who searches all over the net for truth. You find some things which are true. You post it somewhere. And you are taken down. You accept it since this is ONLY one time.

But, this is where YOU ARE WRONG.

THEY can easily know your IDs - specifically your advertising ID, or else one of the above. They send this to Google to know which all EMAIL accounts are associated with these IDs. With 99.9% accuracy, AI can know the correct Email because your EMAIL and ID would have SIMULTANEOUSLY logged into Google thousands of times in the past.

Then they can CENSOR you ACROSS the internet - YouTube, Reddit, etc. - because they know your ID. Even if you change your mobile, they still have other IDs like your email, etc. You can't remove all of them. This is how they can use this for CENSORING. (They will shadow ban you, you wont know this.)

Ref: https://www.rottentomatoes.com/tv/zero_day

Started watching the series the other day and completed…

Here’s a short comment I have come across, I kind of agree somehow

Zero Day Netflix Series and the New America by M. M SAGMAN

The Zero Day series highlights the dangers of a “new America” through its plot and themes. Released by Netflix shortly after Trump’s re-election, the six-episode series features Robert De Niro as G. Mullen, a former president leading an investigation into a nationwide cyber attack. Mullen, portrayed as a patriotic and intelligent figure, faces moral dilemmas as the commission he heads prioritizes private law, allowing controversial decisions in a crisis.

The series also critiques the relationship between capital, media, and politics, exemplified by the character of President Mitchell, who embodies a mix of Obama and Harris. The narrative reveals how political figures, including Mullen’s daughter, navigate ethical challenges amid a backdrop of systemic issues, suggesting that the American dream often masks deeper problems.

While the series addresses the cyber attack as a societal crime, it emphasizes the rise of fascism as a more pressing concern. Mullen’s character reflects the complexities of leadership, as he grapples with personal loss and moral integrity. Ultimately, Zero Day presents a narrative that critiques the American political landscape while reinforcing the notion of the American dream, albeit through a flawed lens.

Despite its engaging premise, the series sacrifices truth for fiction, simplifying complex issues and portraying individual actors as the sole sources of systemic problems. This approach risks obscuring the broader capital-centered networks that shape American society and its global actions.

M. M SAGMAN He is a PhD student in Sociology. He has been actively involved in various civil society organizations. He worked as an editor for a while. He is married and has 2 children.

I like the review above more than the series itself and would currently rate the series no higher than 7 out of 10.

Ref: https://www.rottentomatoes.com/tv/zero_day

Started watching the series the other day and completed the 3rd episode yet and continue..

Here's a short comment I have come across, I kind of agree somehow

Zero Day Netflix Series and the New America by M. M SAGMAN

The Zero Day series highlights the dangers of a "new America" through its plot and themes. Released by Netflix shortly after Trump's re-election, the six-episode series features Robert De Niro as G. Mullen, a former president leading an investigation into a nationwide cyber attack. Mullen, portrayed as a patriotic and intelligent figure, faces moral dilemmas as the commission he heads prioritizes private law, allowing controversial decisions in a crisis.

The series also critiques the relationship between capital, media, and politics, exemplified by the character of President Mitchell, who embodies a mix of Obama and Harris. The narrative reveals how political figures, including Mullen’s daughter, navigate ethical challenges amid a backdrop of systemic issues, suggesting that the American dream often masks deeper problems.

While the series addresses the cyber attack as a societal crime, it emphasizes the rise of fascism as a more pressing concern. Mullen's character reflects the complexities of leadership, as he grapples with personal loss and moral integrity. Ultimately, Zero Day presents a narrative that critiques the American political landscape while reinforcing the notion of the American dream, albeit through a flawed lens.

Despite its engaging premise, the series sacrifices truth for fiction, simplifying complex issues and portraying individual actors as the sole sources of systemic problems. This approach risks obscuring the broader capital-centered networks that shape American society and its global actions.

M. M SAGMAN He is a PhD student in Sociology. He has been actively involved in various civil society organizations. He worked as an editor for a while. He is married and has 2 children.

I like the review above more than the series itself and would currently rate the series no higher than 6 out of 10.

Join this tactical, practical, and heretical discussion between Meredith Whittaker, President of Signal and leading advocate for secure communication, and Guy Kawasaki, host of the Remarkable People podcast

FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data By Zak Doffman, Contributor. Zak Doffman writes about security, surveillance and privacy. Feb 24, 2025

The furor after Apple removed full iCloud security for U.K. users may feel a long way from American users this weekend. But it’s not — far from it. What has just shocked the U.K. is exactly what the FBI told me it also wants in the U.S. “Lawful access” to any encrypted user data. The bureau’s quiet warning was confirmed just a few weeks ago.

The U.K. news cannot be seen in isolation and follows years of battling between big tech and governments over warranted, legal access to encrypted messages and content to fuel investigations into serious crimes such as terrorism and child abuse.

As I reported in 2020, “it is looking ever more likely that proponents of end-to-end security, the likes of Facebook and Apple, will lose their campaign to maintain user security as a priority.” It has taken five years, but here we now are.

The last few weeks may have seemed to signal a unique fork in the road between the U.S. and its primary Five Eyes ally, the U.K. But it isn’t. In December, the FBI and CISA warned Americans to stop sending texts and use encrypted platforms instead. And now the U.K. has forced open iCloud to by threatening to mandate a backdoor. But the devil’s in the detail — and we’re fast approaching a dangerous pivot.

While CISA — America’s cyber defense agency — appears to advocate for fully secure messaging platforms, such as Signal, the FBI’s view appears to be different. When December’s encryption warnings hit in the wake of Salt Typhoon, the bureau told me while it wants to see encrypted messaging, it wants that encryption to be “responsible.”

What that means in practice, the FBI said, is that while “law enforcement supports strong, responsibly managed encryption, this encryption should be designed to protect people’s privacy and also managed so U.S. tech companies can provide readable content in response to a lawful court order.” That’s what has just happened in the U.K. Apple’s iCloud remains encrypted, but Apple holds the keys and can facilitate “readable content in response to a lawful court order.”

There are three primary providers of end-to-end encrypted messaging in the U.S. and U.K. Apple, Google and Meta. The U.K. has just pushed Apple to compromise iMessage. And it is more than likely that “secret” discussions are also ongoing with the other two. It makes no sense to single out Apple, as that would simply push bad actors to other platforms, which will happen anyway, as is obvious to any security professional.

In doing this, the U.K. has changed the art of the possible, bringing new optionality to security agencies across the world. And it has done this against the backdrop of that U.S. push for responsible encryption and Europe’s push for “chat control.” The U.K has suddenly given America’s security agencies a precedent to do the same.

“The FBI and our partners often can’t obtain digital evidence, which makes it even harder for us to stop the bad guys,” warned former director Christopher Wray, in comments the bureau directed me towards. “The reality is we have an entirely unfettered space that’s completely beyond fully lawful access — a place where child predators, terrorists, and spies can conceal their communications and operate with impunity — and we’ve got to find a way to deal with that problem.”

The U.K. has just found that way. It was first, but unless a public backlash sees Apple’s move reversed, it will not be last. In December, the FBI’s “responsible encryption” caveat was lost in the noise of Salt Typhoon, but it shouldn’t be lost now. The tech world can act shocked and dispirited at the U.K. news, but it has been coming for years. While the legalities are different in the U.S., the targeted outcome would be the same.

Ironically, because the U.S. and U.K. share intelligence information, some American lawmakers have petitioned the Trump administration to threaten the U.K. with sanctions unless it backtracks on the Apple encryption mandate. But that’s a political view not a security view. It’s more likely this will go the other way now. As EFF has warned, the U.K. news is an “emergency warning for us all,” and that’s exactly right.

“The public should not have to choose between safe data and safe communities, we should be able to have both — and we can have both,” Wray said. “Collecting the stuff — the evidence — is getting harder, because so much of that evidence now lives in the digital realm. Terrorists, hackers, child predators, and more are taking advantage of end-to-end encryption to conceal their communications and illegal activities from us.”

The FBI’s formal position is that it is “a strong advocate for the wide and consistent use of responsibly managed encryption — encryption that providers can decrypt and provide to law enforcement when served with a legal order.”

The challenge is that while the bureau says it “does not want encryption to be weakened or compromised so that it can be defeated by malicious actors,” it does want “providers who manage encrypted data to be able to decrypt that data and provide it to law enforcement only in response to U.S. legal process.”

That’s exactly the argument the U.K. has just run.

Somewhat cynically, the media backlash that Apple’s move has triggered is likely to have an impact, and right now it seems more likely we will see a reversal of some sort of Apple’s move, rather than more of the same. The UK government is now exposed as the only western democracy compromising the security for tens of millions of its citizens.

Per The Daily Telegraph, “the [UK] Home Office has increasingly found itself at odds with Apple, which has made privacy and security major parts of its marketing. In 2023, the company suggested that it would prefer to shut down services such as iMessage and FaceTime in Britain than weaken their protections. It later accused the Government of seeking powers to 'secretly veto’ security features.”

But now this quiet battle is front page news around the world. The UK either needs to dig in and ignore the negative response to Apple’s forced move, or enable a compromise in the background that recognizes the interests of the many.

As The Telegraph points out, the U.S. will likely be the deciding factor in what happens next. “The Trump administration is yet to comment. But [Tim] Cook, who met the president on Thursday, will be urging him to intervene,” and perhaps more interestingly, “Elon Musk, a close adviser to Trump, criticised the UK on Friday, claiming in a post on X that the same thing would have happened in America if last November’s presidential election had ended differently.”

Former UK cybersecurity chief Ciaran Martin thinks the same. “If there’s no momentum in the U.S. political elite and US society to take on big tech over encryption, which there isn’t right now, it seems highly unlikely in the current climate that they’re going to stand for another country, however friendly, doing it.”

Meanwhile the security industry continues to rally en masse against the change.

“Apple’s decision,” an ExpressVPN spokesperson told me, “is deeply concerning. By removing end-to-end encryption from iCloud, Apple is stripping away its UK customers’ privacy protections. This will have serious consequences for Brits — making their personal data more vulnerable to cyberattacks, data breaches, and identity theft.”

It seems inconceivable the UK will force all encrypted platforms to remove that security wrap, absent which the current move becomes pointless. The reality is that the end-to-end encryption ship has sailed. It has becomne ubiquitous. New measures need to be found that will rely on metadata — already provided — instead of content.

Given the FBI’s stated position, what the Trump administration does in response to the UK is critical. Conceivably, the U.S. could use this as an opportunity to revisit its own encryption debate. That was certainly on the cards under a Trump administration pre Salt Typhoon. But the furor triggered by Apple now makes that unlikely. However the original secret/not secret news leaked, it has changed the dynamic completely.

by Lars Wilderang, 2025-02-11

Translation from the Swedish Origin

In a new instruction for fully encrypted applications, the Swedish Armed Forces have introduced a mandatory requirement that the Signal app be used for messages and calls with counterparts both within and outside the Armed Forces, provided they also use Signal.

The instruction FM2025-61:1, specifies that Signal should be used to defend against interception of calls and messages via the telephone network and to make phone number spoofing more difficult.

It states, among other things:

“The intelligence threat to the Armed Forces is high, and interception of phone calls and messages is a known tactic used by hostile actors. […] Use a fully encrypted application for all calls and messages to counterparts both within and outside the Armed Forces who are capable of using such an application. Designated application: The Armed Forces use Signal as the fully encrypted application.”

The choice of Signal is also justified:

“The main reason for selecting Signal is that the application has widespread use among government agencies, industry, partners, allies, and other societal actors. Contributing factors include that Signal has undergone several independent external security reviews, with significant findings addressed. The security of Signal is therefore assumed to be sufficient to complicate the interception of calls and messages.

Signal is free and open-source software, which means no investments or licensing costs for the Armed Forces.”

Signal supports both audio and video calls, group chats, direct messages, and group calls, as well as a simple, event-based social media feature.

The app is available for iPhone, iPad, Android, and at least desktop operating systems like MacOS, Windows, and Linux.

Since Signal can be used for phone calls, the instruction is essentially an order for the Armed Forces to stop using regular telephony and instead make calls via the Signal app whenever possible (e.g., not to various companies and agencies that don’t have Signal), and no SMS or other inferior messaging services should be used.

Note that classified security-protected information should not be sent via Signal; this is about regular communication, including confidential data that is not classified as security-sensitive, as stated in the instruction. The same applies to files.

The instruction is a public document and not classified.

Signal is already used by many government agencies, including the Government Offices of Sweden and the Ministry for Foreign Affairs. However, the EU, through the so-called Chat Control (2.0), aims to ban the app, and the Swedish government is also mulling a potential ban, even though the Armed Forces now consider Signal a requirement for all phone calls and direct messaging where possible.

Furthermore, it should be noted that all individuals, including family and relationships, should already use Signal for all phone-to-phone communication to ensure privacy, security, verified, and authentic communication. For example, spoofing a phone number is trivial, particularly for foreign powers with a state-run telecom operator, which can, with just a few clicks, reroute all mobile calls to your phone through a foreign country’s network or even to a phone under the control of a foreign intelligence service. There is zero security in how a phone call is routed or identified via caller ID. For instance, if a foreign power knows the phone number of the Swedish Chief of Defence’s mobile, all calls to that number could be rerouted through a Russian telecom operator. This cannot happen via Signal, which cannot be intercepted.

Signal is, by the way, blocked in a number of countries with questionable views on democracy, such as Qatar (Doha), which can be discovered when trying to change flights there. This might serve as a wake-

https://cornucopia.se/2025/02/forsvarsmakten-infor-krav-pa-signal-for-samtal-och-meddelanden/

Dear Friends,

I just wanted to take a moment to sincerely thank you everyone for your incredibly thoughtful and detailed responses for the films in general, while I find myself in a difficult situation when it comes to safeguarding the PERSONAL FAMILY PHOTOS and VIDEOS.

• On one hand, if I choose to store them online/cloud encrypted / (edit: encrypt first then upload it), I face significant privacy concerns. While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse.

The idea of the personal moments being used in ways I can’t control or predict is deeply unsettling.

• On the other hand, keeping these files offline doesn’t feel like a perfect solution either. There are still considerable risks of losing them due to physical damage, especially since I live in an area prone to earthquakes. The possibility of losing IRREPLACEABLE MEMORIES due to natural disasters or other unforeseen events is always a WORRY.

How can I effectively balance these privacy, security, and physical risks to ensure the long-term safety and integrity of the FAMILY’S PERSONAL MEMORIES?

Are there strategies or solutions that can protect them both digitally and physically, while minimizing these threats?

How do you ensure privacy and security on cloud platforms in an age of compromised encryption, backdoors, and AI-driven hacking threats to encryption and user confidentiality?

Let’s say you’ve created a film and need to securely upload the master copy to the cloud. You want to encrypt it before uploading to prevent unauthorized access. What program would you use to achieve this?

Now, let’s consider the worst-case scenario: the encryption software itself could have a backdoor, or perhaps you're worried about AI-driven hacking techniques targeting your encryption.

Additionally, imagine your film is being used to train AI databases or is exposed to potential brute-force attacks while stored in the cloud.

What steps would you take to ensure your content is protected against a wide range of threats and prevent it from being accessed, leaked, or released without your consent?