I recently ran across ProtonMail, which is interesting in that email encryption and decryption happen locally in the client, and in that ProtonMail-to-ProtonMail messages are end-to-end encrypted.
I realized that I have no idea how I would ensure that my communications can’t be trivially read without my knowledge by, for example, the US government - Even if I switch to ProtonMail, I’ve got to resort to the dubious practice of decrypting my email on a device that might easily have a factory-installed keylogger and/or malware for reading the key.
In the worst case, the NSA has “reflections on trusting trust”ed all the software on my machine, including all relevant compilers, binary analysis tools, and emulators. This seems pretty unlikely, but would I really be able to tell?
Disregarding this last possibility since it seems too hard to protect against, and hopefully too difficult to accomplish in the first place, what’s my best bet for a computing environment that can be safely connected to the internet to send and receive email that only the correspondents will be able to see?
My best guess is something like a Novena laptop running OpenBSD and using ProtonMail and nothing else, with some kind of data shredding on shutdown. Is there something better? Is this a doomed thought experiment? I look forward to any thoughts or new sources of tinfoil.