Here’s security 101.

• Never use one of those free services like Gmail, Outlook, Yahoo! Mail, Hotmail, and so on.
• Never use your real name on any social media like Facebook or LinkedIn. In fact, never use Facebook or LinkedIn! Contrary to popular belief, none of the systems are private because there simply isn’t a law that protects anything you put on them. Any privacy policy or expectation of privacy is simply smoke & mirrors from a standpoint of law.
• never use your company iPad for anything other than company business because they have the legal authority to audit and monitor anything you do on there including logging on to your private email system.
• Never use any chat programs that are not end-to-end encrypted. If you use normal text messaging such as SMS text messaging or Apple iChat, all of your messages are only one bad employee away from being disclosed or otherwise extremely easily accessible even without a warrant by government agencies. And stay far away from programs like WhatsApp, which is owned by Facebook. WhatsApp has known vulnerabilities found by many security researchers around the world which they refuse to plug because those vulnerabilities are exploited by totalitarian governments and corporations around the world. All of these programs claim encryption but that is only true to a certain point. For example, many chat programs encrypt up to the server but they are stored unencrypted on the server.
• don’t never login anywhere to post comments using Facebook IDs or something similar to it. They all talk to each other and nothing legally protected. APC is similar because they have no legal obligation to protect who you are or identifying information such as IP address. Likewise they have no obligation to withhold anything from anyone. Their privacy policy means nothing. Unless you sign a legally binding contract such as a nondisclosure agreement, then you have no legal protection whatsoever.
• don’t use any websites like that other JetBlue forum that just came out which requires you to identify specifically to your person using some kind of JetBlue credential. If you can’t register anonymously, boycott them!
• don’t use voice recognition from Apple or Google services because they all store your voice permanently, despite what they say.

here is what you should do!
1. Dump Gmail and all those other services. If you want free secure email use ProtonMail. Look it up to see why.

2. Use Signal (the only true end-to-end encryption) and possibly Telegram to do all of your voice conversations and chat. Signal is the only program that is open source meaning you can look at the source code. It’s also the only one that hasn’t been compromised by anyone. Telegram might be safe but we don’t really know because the developers are Russian.

Also, Signal has disappearing messages that you can set to mere seconds all the way up to weeks. Once a message gets removed from your Signal installation, there are no artifacts left anywhere in between since it is true end to end encryption. Accept no substitutes.... all those other so-called disappearing message programs like Snapchat are not what they claim. Why do you think none of them will release their source code?

3. Use VPN. If you use a United States based VPN service you basically get no protection because they’re within United States jurisdiction. There was recently a case with in the last few months where someone was de-anonymized by their VPN provider.

You guys need to force ALPA people to take security a lot more seriously. What happened to Spirit was because they were stupid.

Fly SOP!