Quote:
Originally Posted by correo
What I'm looking for is something akin to what a couple of providers offer. Some allow you to upload your public pgp key and set all incoming mail to be encrypted with it before it arrives in your inbox. That's fine and accomplishes my goal, but an approach I like better is what posteo allows you to do, which is they encrypt all incoming emails, attachments, meta data, everything, using your account password instead of your public key. The result of this encryption is that you alone can see this content, and the entire contents of your inbox are inaccessible to the email provider or anyone else who doesn't have your password (with posteo) or your private pgp key(with for example mailbox.org)
|
Personally, I would not assume either of these methods is keeping your mail confidential from either security agencies or an untrusted mail provider.
Unless the message is protected with strong encryption from the time it leaves your client, the big security agencies should be assumed to have a copy of it intercepted while in transit. There are a number of MitM mechanisms they can use for this. As for your mail provider, even if they claim no copy of your password is retained by them, how do you know this is true? Even using an asynchronous encryption method like PGP, you only have the mail provider's word that it is used.