Well, there are some intricacies here that may not be first apparent. Can I call you good buddy?
I am not quite sure what you mean by ‘forward secrecy?’
My understanding is like this: Proton Mail. If I communicate from one Proton Mail account to another, I can choose the option to let it automatically use a PGP type encryption.
If the government puts the screws to the handlers of Proton Mail, they will open their vault of codes, give the decrypted message to the government, who gives it to? Whatever power structure demands the emails.
I can, on my own computer, create a PGP Key Pair. One to encrypt, a public key. One to decrypt, a private Key. I give the public key to whomever I want to send encrypted messages to me. When they send an encrypted message to me, they might send that message through Proton Mail. but when some government demands the messages, what they get is the message you encrypted with my public key. The decryption key is my Private Key, which I have in my possession.
Of course there are all kinds of ways this could go sideways for keeping the secret. but it is a well thought out system that is more safe than may first appear with my description. There is an excellent write up on Rise Up. Rise Up has a website and represents a non violent anarchists group, opposed to government ____ . Well this is not about politics.
Both Proton Mail and Rise Up have rolled over for demands on governments to turn over emails from people in the past. I suspect Tutanota staff are not going to go to jail to protect me. I don’t blame them. If I was part of the staff of a mail server, and the government said, child porn. And offered a warrant. Saying if it is not there, no foul. We will consider this email account holder cleared.
But I digress into too much detail.
If you notice, many of the folks on the Qubes WebSite post their public PGP Key on their threads.
I have to think, do they really have a good reason to be afraid of governments? Or are they just screwing with the man?
If I am truly afraid of my government? Do I have good reason?
That would prompt me to do a lot of reading about how to communicate without their knowing.
But to pose a different question. To whom would I communicate if I felt my government was dangerous to my well being, or practicing human rights abuses? With the expectation of what kind of outcome do I expect?
We know that there are in China a bunch of Cyber Journalists in jail for writing about government policies. If they are to report to those outside their country, they need a tool that does not require a lot of reading, study. A tool that can be directly implemented.
Some will suggest Tails Linux. Uh, well. I am not qualified to judge if that would be a good choice for someone in the area where Muslims are being persecuted by the Chinese Government. Or a person in Hong Kong who wants the Chinese to practice the kind of government they had when the England, Great Britain, United Kingdom ran the show.
I think the original post is about how, no matter how much I might try to practice good security, if those I send emails too, leave those same emails unencrypted on their computer, the more likely those might be read by someone I did not intend them to be read by.