I'm just a girl, incrementing the counter on the number of times I have been sent a plaintext email from a Protonmail user telling me that the message is encrypted.
-
@evacide
I know that all too well. For example, pharmacies that say, "You can send it to me by email. We have a secure address!"
I had to send some private information to an accountant recently. Their proposal was to email it in an encrypted spreadsheet and then email the password in a separate message. Their other proposal was to use WhatsApp, which is not compatible with either ethics or self-defence.
In other news, we are changing accountants.
-
@CAWguy @wcbdata @evacide This is just slightly automated pgp and has basically all the same ergonomic issues. Encryption is lost the instant anyone forwards or ccs someone outside the network and there's no way to fix that without purpose built clients. At that point you might as well be using chatmail or signal.
-
@CAWguy I would think it's possible...
As a former PM, I'd wonder if competitive position and/or deeply embedded technical differences make it a tough sell, though.@wcbdata ‘Competitive position’ would have been my first guess. With encryption set aside, each platform would then be exposed to competing on the best features and user experiences.
-
@CAWguy @wcbdata @evacide Most eMail is encrypted in transit across the network/internet. SMTPS (SSL/TLS encrypted mail delivery using certificates for verifying identities & negotiating encryption keys) has been a thing for a long time.
It's the eMail provider that's the issue. Once the message is received, the server itself has a plain-text copy, even if the backend storage has filesystem-level encryption.
The real solution is for all eMail clients to have PGP/GPG, with a directory server that publishes public keys.
That way you can query the directory server with my eMail address, receive my public key, then encrypt your message with that key, and then it traverses all of the internet plumbing in an encrypted format that only the intended recipient can decrypt.
The percentage of people who do this is very, very small in the context of the entire internet.
-
@CAWguy @wcbdata @evacide Most eMail is encrypted in transit across the network/internet. SMTPS (SSL/TLS encrypted mail delivery using certificates for verifying identities & negotiating encryption keys) has been a thing for a long time.
It's the eMail provider that's the issue. Once the message is received, the server itself has a plain-text copy, even if the backend storage has filesystem-level encryption.
The real solution is for all eMail clients to have PGP/GPG, with a directory server that publishes public keys.
That way you can query the directory server with my eMail address, receive my public key, then encrypt your message with that key, and then it traverses all of the internet plumbing in an encrypted format that only the intended recipient can decrypt.
The percentage of people who do this is very, very small in the context of the entire internet.
@JustinDerrick Thanks for the long description. So would this small percentage of people using this setup be due to a network effect/getting friends to comply issue, or do most people simply not care about privacy?
-
@JustinDerrick Thanks for the long description. So would this small percentage of people using this setup be due to a network effect/getting friends to comply issue, or do most people simply not care about privacy?
@CAWguy You'd have to get everyone you know to leave their webmail providers, and only receive eMail with specific physical devices (phone / laptop / desktop). I haven't been able to get anyone I know to give up their webmail accounts, even by offering them free hosting and vanity addresses on my mail server.
-
@CAWguy You'd have to get everyone you know to leave their webmail providers, and only receive eMail with specific physical devices (phone / laptop / desktop). I haven't been able to get anyone I know to give up their webmail accounts, even by offering them free hosting and vanity addresses on my mail server.
@JustinDerrick Those are definitely many steps too far! I merely suggested using Signal at a small non-profit where I volunteer, and I could see the eye rolls at me.
-
@JustinDerrick Those are definitely many steps too far! I merely suggested using Signal at a small non-profit where I volunteer, and I could see the eye rolls at me.
@CAWguy Yeah, many years ago, I presented info about Signal to a nearby non-profit. Their President still sends stuff through SMS, even after having made it a requirement for their entire team to start using Signal.
The inertia of bad habits is very difficult to overcome.
-
I'm just a girl, incrementing the counter on the number of times I have been sent a plaintext email from a Protonmail user telling me that the message is encrypted.
@evacide rot26-encrypted
-
"Military grade encryption" is another one
Actually anything "military-grade" is almost always used as a marketing term, not just in tech products.Personally I always try to use noncommercial alternatives where I can, like Mastodon for example. It's so much saner when they're not trying to sell you something, like the listings here - https://www.directory.trade-free.org
And people should donate to these good projects to support them.
@futureisfoss @jjacobsson @evacide A friend is in the US navy and told me "military grade" means "outdated, hard to use, developed by the lowest bidder contractor".
-
I'm just a girl, incrementing the counter on the number of times I have been sent a plaintext email from a Protonmail user telling me that the message is encrypted.
@evacide This message reaches you encrypted with the devilish rot0 algorithm.
