Avoiding the next Skiff

I think it entirely depends on the product as a dozen of examples could be made where that isn’t true.

And we don’t recommend any of those, because that usually is pretty obvious. There are a heap of them in the decentralized routing network category that simply have no real usage.

They were extremely aggressive in their marketing, and sometimes to the point of including false information about PGP, the number of users etc. When I asked questions about that I never got any answers. There was a lot of focus on getting this item “mentioned” in as many places as possible, no doubt because an exit like this was planned long before we knew.

Perhaps we should not list things, which follow this aggressive marketing strategy, because it certainly felt like a pump and dump scheme at the time. Especially when I inquired about how they were going to sustainably give every user 100GB and basically all the features of the paid plans.

The problem is a lot of those options are either not providing zero knowledge encryption, or they are simply regular or anonymous providers. Meaning you really don’t know who is running them. When it comes down to it, there really isn’t too much reason to use those over an aliasing service.

While we do prefer open source solutions, in some cases closed sourced counterparts are particularly good (eg 1Password) or have no viable open source option.

We don’t list any of those things.

The thing is that’s really just marketing. They could very well be playing the lip service and not actually doing anything or planning on sticking around long term.

We don’t list anonymous providers or ones which don’t provide zero knowledge encryption once you go down that road, they could be run by anyone. I’m personally hoping there will be more providers maybe integrating options like https://lacre.io

and you can use an aliasing service for that too, without having a dozen mailboxes that don’t change anyway. The issue is this has many human failure, and we recommend against extremely complicated sets of rules about when and where to use one of the 10 accounts you might have.

Generally people don’t simply need a dozen identities with separate inboxes. Unless you’re doing something which would get you a subpoena and legal action then something like addy.io or simplelogin is fine.

And so do spammers, which makes them often banned.

The problem is a lot of people who think they need “darknet opsec” are just larpers in reality who have not realized that it takes a lot of work to maintain completely anonymous identities, and these really should only be short lived anyway.

The threat model is not something we choose for you but something you do for yourself. The reason is it can vary from person to person and can include factors such as, technical background, geographical location, general usage and interests/activity etc.

3 Likes