Sensitive communication with Mainland China

Hello everyone! I am having to communicate with someone in China who has reached out to me with a QQ email. I wanted to ask if it is okay to use this email for some communication that may be considered politically sensitive. I suspect the email communication from QQ is filtered much like WeChat. I was wondering if you have any advice around that? I know that they use a VPN, can I ask them to create a Gmail account for further communication? Many thanks for your insights.

If you want your receiver to be safe. First create a conversation using SimpleX Chat and then create a secondary conversation in a fresh account that is not linked at all with the primary account.

And in case of sharing invites to start the conversation. Please be cautious. Since you say it is filtered they may change the invite URL and trick you into providing details.

So, I suggest you to send the URL via privatebin with view once (Burn after read) and a password. So, in case when they click the link and input password and can’t access the share. The receiver could say I cannot access it. So you could be sure, you are communicating with the person intended.

If it happens, Then re-visit your strategy to communicate.

8 Likes

Thank you for that guidance - much appreciated!

1 Like

The only con of using Simplex is that, its new.

If you want to be ultra safe and have access to TOR (through bridges), you can use briar mailboxes.

https://code.briarproject.org/briar/briar/-/wikis/Mailbox-Architecture

1 Like

Well, I recommended it because they had an audit. People I know use it too, hence why.

3 Likes

Great idea. Only thing I have to add is that wouldn’t it be a bit better to use a messenger that doesn’t need to be installed? Personally I wouldn’t want to be caught with an encrypted messaging app inside China.

Perhaps protonmail with disappearing messages sent to another protonmail account?

The only other web based communication app I know of is Wire, which is problematic since they store all your contacts plaintext.

Additionally, these web based services would leave less forensic traces on any device used. I think there should be a greater list of web based messaging apps, that way you can use them on Tails.

1 Like

Tutamail is better than proton in this context, right?

Indeed. But does the receiver have a better time connecting to these email services without a VPN ?

Even if he did, wouldn’t he be instantly be under the radar ?

We have to consider a lot of facts with regards to this.

Maybe this is slightly off-topic, but I’m curious why would Tuta be better than Proton in this context?

It has better encryption (doesn’t use PGP), e.g. encrypts the subject and headers. Its encryption is also quantum proof, but that might be a little less important. It will supposedly get perfect forward secrecy in a few months.

Proton is not bad or anything, but I think tuta makes more sense for this particular case (but might be worse in general because it’s not compatible with the most used standard).

1 Like