EmailDiscussions.com - View Single Post

jhollington · 11 Jan 2017, 12:05 AM

I think that a lot of people are starting to realize that a lot of these "encrypted" email services don't provide the security that they think they do, making it more about "security theatre" than actual protection.

I'm not saying that they don't provide certain advantages, and if you understand what you're getting, that's great, but it's easy for a lot of people to be misled into thinking that they provide FULL security akin to an encrypted file storage service like SpiderOak or Sync.com, when the reality is that this simply isn't possible with the way email technology works.

In short, it's very difficult to build a service where your emails aren't going to need to be "in the clear" at some point along the way. These services will keep you safe from hackers who get a dump of your mail store, but there's absolutely no way they're going to be able to protect you from a targeted attack against you specifically or a warrant-based search.

Ultimately, I think this is why closed messaging systems are becoming much more popular choices for secure communication. They're not hampered by legacy protocols that were designed 40 years ago when the Internet (and the tech world in general) was a much safer and more friendly place.

There's a good recent discussion about this over here in the FastMail forum.

11 Jan 2017, 12:05 AM	#3
jhollington Essential Contributor Join Date: Apr 2008 Posts: 371	I think that a lot of people are starting to realize that a lot of these "encrypted" email services don't provide the security that they think they do, making it more about "security theatre" than actual protection. I'm not saying that they don't provide certain advantages, and if you understand what you're getting, that's great, but it's easy for a lot of people to be misled into thinking that they provide FULL security akin to an encrypted file storage service like SpiderOak or Sync.com, when the reality is that this simply isn't possible with the way email technology works. In short, it's very difficult to build a service where your emails aren't going to need to be "in the clear" at some point along the way. These services will keep you safe from hackers who get a dump of your mail store, but there's absolutely no way they're going to be able to protect you from a targeted attack against you specifically or a warrant-based search. Ultimately, I think this is why closed messaging systems are becoming much more popular choices for secure communication. They're not hampered by legacy protocols that were designed 40 years ago when the Internet (and the tech world in general) was a much safer and more friendly place. There's a good recent discussion about this over here in the FastMail forum.