Is it really so hard to make it secure? If both parties are using some kind of secure email client, couldn’t the clients just encrypt and decrypt the subject/content?
Sure but this is very similar to messaging isn’t it? Like most of my friends use WhatsApp, but a few people use signal and that number is increasing.
At least with email, a single client could presumably send encrypted emails to others when possible, and regular emails when not. Add opposed to messaging where I cannot send messages from signal to WhatsApp
PGP lets you encrypt the messages and sign them to digitally prove you sent them.
It doesn’t help with the problem here which is that the metadata of who you are (the IP used to log into the webmail and the email address of the sender) and who you’re talking to (the email of the recipient) and when (timestamps etc.) were able to be leaked.
In fact, depending on the implementation, PGP could be considered slightly worse for privacy because you’d have the added identity proof of the message having a signature that only you could create with your private key (although that’s encrypted, it’s a stronger identity proof than the sender email address). It also generally leaks the recipients’ key IDs too (although that’s configurable) PGP is great for accountability, message confidentiality and non-repudiation. Not so much for privacy. For that you’d need other systems.
Or go talk to the other person out in the middle of a field somewhere without your phones. And I’m not even 100% sure anymore that that would work. Like, maybe the lanternflies are bugged (pun intended).
…email will inherently be a lot less secure than messaging, no matter what you do.
If you truly want to be private about something, don’t email it lol
Is it really so hard to make it secure? If both parties are using some kind of secure email client, couldn’t the clients just encrypt and decrypt the subject/content?
The main issue is that in reality, 95%+ of people aren’t using an encrypted service. So it’s proton to Gmail usually
Sure but this is very similar to messaging isn’t it? Like most of my friends use WhatsApp, but a few people use signal and that number is increasing.
At least with email, a single client could presumably send encrypted emails to others when possible, and regular emails when not. Add opposed to messaging where I cannot send messages from signal to WhatsApp
Even PGP?
…TBF, getting your counterparty to also use PGP is the heavy lift there.
Security yes, privacy not especially.
PGP lets you encrypt the messages and sign them to digitally prove you sent them.
It doesn’t help with the problem here which is that the metadata of who you are (the IP used to log into the webmail and the email address of the sender) and who you’re talking to (the email of the recipient) and when (timestamps etc.) were able to be leaked.
In fact, depending on the implementation, PGP could be considered slightly worse for privacy because you’d have the added identity proof of the message having a signature that only you could create with your private key (although that’s encrypted, it’s a stronger identity proof than the sender email address). It also generally leaks the recipients’ key IDs too (although that’s configurable) PGP is great for accountability, message confidentiality and non-repudiation. Not so much for privacy. For that you’d need other systems.
Good point re: metadata. Keeping that private is an underrated aspect of security.
Or go talk to the other person out in the middle of a field somewhere without your phones. And I’m not even 100% sure anymore that that would work. Like, maybe the lanternflies are bugged (pun intended).
Well I’d suggest a forest instead but anyway depends how you get there :
… anyway, ending the paranoia comment ;)
Don’t forget facial recognition! Then just in case you decided to wear a mask, gait recognition!
The bird surveillance system is always watching. Remember birds aren’t real!
Flying tape recorders.