Privacy in email communication: we should use encryption by default

My accountant is now using the stupid “encrypted email” system Outlook has where it sends you a link to their server, which then emails you a password to login to read the email. It’s so bloody clunky and annoying.<p>It’s particularly stupid as I then don’t have a copy of the email myself, and they have disabled text selection on the webpage so I can’t even copy and paste it (easily)!<p>I suppose it ensures that if the recipient isn’t using TLS with SMTP then it’s not sent unencrypted over the wire, but I suspect the vast majority of email servers are using TLS now. If someone hacks my email they have access to it anyway. I wish the system was intelligent enough to turn itself off if the recipient server has TLS, then I could almost support it as a concept.<p>But if someone is watching your unencrypted connection to your mail server they can just follow the link and then watch the password being sent. So meh, stupid pointless thing.

For me, everything has been said here already: <a href="https:&#x2F;&#x2F;latacora.micro.blog&#x2F;2020&#x2F;02&#x2F;19&#x2F;stop-using-encrypted.html" rel="nofollow">https:&#x2F;&#x2F;latacora.micro.blog&#x2F;2020&#x2F;02&#x2F;19&#x2F;stop-using-encrypted....</a><p>&gt; Ordinary people don’t exchange email messages that any powerful adversary would bother to read, and for those people, encrypted email is LARP security. It doesn’t matter whether or not these emails are safe, which is why they’re encrypted so shoddily.<p>Totally agree that there is no way of doing email right. If you want security, use other messaging systems, like signal, for all the reasons explained in that post.

I&#x27;d absolutely love an email 2.0 with E2E encryption, but I doubt the ability of the industry&#x2F;community to create something like that anymore as much as it depresses me. That email is so standard and federated despite pressure to the contrary is something of an accident of history and the time it was developed. The trend now is the opposite. It would probably also require a foundation of secured DNS which could then act as a transparent root of trust, but that hasn&#x27;t been doing well either. Even a lot of &quot;security experts&quot; insist on stupid shit like Signal or the like being a replacement. So we&#x27;ll continue to use email for highly sensitive and secure material and it&#x27;ll just continue to be a window for a lot of adversaries I guess :(. It&#x27;s not hard to envision a system with a few simple upgrades to make it both vastly more secure and help deal with spam at a much more root level, the pieces exist at the technology level. Yet I doubt it&#x27;ll get out together and adopted. Path dependency is hard.

This is a non-starter because it doesn&#x27;t, and can&#x27;t, work the way you expect it to.<p>Email can be thought of as an encrypted communications protocol where the parties can negotiate down to plain text. In other words, it isn&#x27;t <i>encrypted communication</i>, it&#x27;s bare communication over which the user might choose to send encrypted information.<p>Something with the ergonomics of email, but built over a platform with enforceable E2E such as Matrix, would be quite welcome. But it can&#x27;t be an extension of mail protocols, or reuse the email address space, so it won&#x27;t be email.

No we should not. Logging in from anywhere and seeing all mail without problems, server side search improves the usability immensely. People who <i>need</i> encryption for sensitive stuff should have this capability, but forcing mandatory encryption for everyone like various do-gooders do want to will lead to far too many problems for regular users.

Is this post some kind of a joke? First it complains that most users are unaware that emails even can be encrypted, and then goes off on a tangent about some command line garbage that 0% of these users will be able to use.

Just an FYI for HN, you can add your PGP fingerprint to your profile (along with the keyserver(s) they&#x27;re on) so that at least HN users who want to communicate with you can use E2E encryption.<p>And it&#x27;ll be harder for your email address to be harvested by bots since they&#x27;d have to actually download the key to see what address it&#x27;s for.

It would be a start, and a decent one, for TLS to be required for all my email transmission. It seems like the providers can do the same thing that Chrome did, and put scary security warnings for emails that can&#x27;t meet encrypted in transmission.<p>Encryption at rest is another problem, one that I&#x27;m not even sure most users want.

&gt; Therefore, in 2022 a daily email traffic of 333.2 billion emails is expected<p>I mean, sure, but let&#x27;s be honest, a big majority of that is going to be spam, the next step down from that are silly little things like email verifications, password resets, notifications, newsletter spam, and other similar crap. As a millennial who doesn&#x27;t touch emails for work or for personal reasons (because there is Slack, Signal or some other alternative to those two), I could very well be out of touch, but I&#x27;d be surprised if actual legitimate emails (both business and consumer) are more than 5% of that number.<p>I suppose 5% is still a big number, putting it at a comfortable ~16 billion emails.<p>Anyway, yes, we should be using encryption by default wherever possible, but honestly, encryption isn&#x27;t easy for the common folk, which is going to be the majority of those 333 billion. Heck, I migrated away from PM and I struggled with a lot of it. As someone who mostly lives in the CLI, GnuPG is not easy to use. Something like MailVelope makes it easier, but still not that easy.<p>Then there is the matter of administration. Your sysadmin, especially of the bigger orgs, do not want encryption on your emails. Especially when the business you&#x27;re in is regulated. Imagine being able to casually leak something without anyone knowing what&#x27;s in the content? I know regulation is usually not a good answer for why not, but within a business, yes, it totally is. As a customer of Big Bank Corp, I do not want employees to be able to mess with my data, money, or worse, the money of the bank so that it can fail and for my money (or the tax payer&#x27;s in case of govt protections) to be gone because everyone&#x27;s emails were encrypted.<p>The only viable solution here is something like ProtonMail, which actually makes it easier to use, at $&#x2F;£&#x2F;€ 5 per month, not many are able to afford to part with that. And no, their free tier is really not that great. But regardless, even PM doesn&#x27;t really help if a non PM user sends you an email.

Few random notes from my heart:<p>- it&#x27;s about time people rediscover that emails are not <i>webmails</i>, even if except for few &quot;geeky&quot; modern MUA the real development of MUA is stuck at &#x27;90s level emails can and should be perfectly locally synced, accessed, sent and used in the more broad sense;<p>- I do not care about &quot;secrecy&quot; of my mails simply because I do not mail myself normally but third parties, since I have no control on them, no knowledge of their systems I can only assume that my messages will be public anyway. Yes, as many I have few friends with GNUPG keys, cross-signed in various occasions etc, but that&#x27;s just &quot;for fun&quot;, not for real usage simply because if GNUGP&#x2F;PGP became a widespread habits anyone took it&#x27;s almost useless: I do not have to discuss anything really secret via mail with some friends. At maximum I might have to privately contact third parties signaling a vulnerability, but in most cases those parties do not have a public key either...<p>- even if we arrive en masse to local&#x2F;classic mail usage, with IMAP sync-ed maildirs, locally indexed, locally used etc, encryption can be useful ONLY if the system it live on can be trusted. Using a &quot;safe&quot; system on a proprietary OS on top of proprietary hw is not much different than mounting a super-strong door on a very fragile wall, a thief just need to detach the door from the wall without really facing it.

I personally have no reason to encrypt my emails. I treat the vast majority of them as potentially public information since I work for a research institute and think that I should be and need to be accountable for anything I do at work. Whether private or work-related, I generally don&#x27;t write anything in emails that I wouldn&#x27;t also be willing to defend in person in front of an audience.

I totally agree, for that I’m sending encrypted emails also with my family and I wrote a quick tutorial on how to do it on Apple devices. <a href="https:&#x2F;&#x2F;giuliomagnifico.blog&#x2F;tutorial&#x2F;2021&#x2F;01&#x2F;13&#x2F;ios-smime-and-pgp.html" rel="nofollow">https:&#x2F;&#x2F;giuliomagnifico.blog&#x2F;tutorial&#x2F;2021&#x2F;01&#x2F;13&#x2F;ios-smime-a...</a>

There are a few a real problems with encrypted email.<p>Spam detection is much more effective when you have access to the plain text of email as you can both build out better models of &quot;this is spam&quot; based on your entire customer base marking things that you miss or get wrong.<p>You also get to more trivially go &quot;oh this email is only (say) 60% likely to be spam, but it was also sent to 200k people who have no relationship, so maybe it&#x27;s closer to 90% spam&quot;.<p>The real killer is financial, all the &quot;free&quot; mail providers are making money from hosting your email. Gmail is especially egregious in this regard, and scans the content of inherently private communication in order to build out it the google surveillance infrastructure. Gmail&#x27;s scanning is why companies like amazon no longer include actual order information in the emails that they send out.<p>A true E2E mail system (in which email was decrypted on the client side), would run counter to the googles goals for gmail.

Just use Tutanota (€1&#x2F;month) or Proton (€5&#x2F;month) and be done with it. They even have free versions if you don&#x27;t have your own domain.<p>What I&#x27;d love to see, though, is that organizations (banks, authorities, etc.) start using such systems as well so that they can actually send documents e2e encrypted.

I wrote about email privacy in general a few days ago and after talking to a few friends who have read the article they asked about actual email privacy - what happens to the content (my article was mostly focused around obscuring your real address and I don&#x27;t talk about securing the contents of the emails).<p>The problem when approaching the issue especially with not-so-technical people is the difficulty of explaining how encryption would work in this scenario. Unlike Signal where a user A sends a message to a user B and the transmission is encrypted because they are using the same protocol, email is a bit trickier to explain. It would be like sending a Telegram message to Signal. Someone needs to do some conversion from one to another. Even when they use encryption, the methodology applied to encryption can be different.<p>So while I agree with &quot;we should use encryption by default&quot; for non-technical users, this isn&#x27;t as straightforward. The top comment highlights an issue of the current &quot;send a link to their server&quot; approach, which is what Tutanota uses for example. Everyone moving on to encrypted emails would entail a mass education of users to use PGP keys for example, managing the keys themselves, understanding encryption at rest and the list goes on...<p>Finally, users are horrible at remembering&#x2F;maintaining their passwords. Fully encrypted services such as Protonmail and Tutanota (I know proton doesn&#x27;t encrypt the subject line) do not really offer password resets in the classical way - &quot;Oh I forgot my password, well, here&#x27;s my phone number give me a new password&quot; or &quot;just send me a reset link to this other email&quot;. This means that there is a very real risk of losing complete access to your email address or potentially losing a lot of emails. I believe Protonmail allowed password resets but it would wipe your inbox and Tutanota only allows reset using the account key that you have to generate and save somewhere, but again, a user would need to be aware of this and manage it well...<p>Great idea. We should. We won&#x27;t, or at least, the majority won&#x27;t.

is there any project (probably should be email server) which would use pubkey hash (secp256k1) as identity?<p>example: `0x9be5d213245be984c0fb806a1d92c03a05448a4d@example.com`<p>It would still accept SMTP as backward compatibility and also implement e2e protocol without leaking metadata on side. It could implement other endless cool stuff on top of that (roaming with notifying addresses that you moved to new @example2.com. Send some crypto for better ranking in inbox as optional spam protection.<p>i did Ask HN about the idea few weeks ago but it did not get traction but there were people who liked idea and dm me in tg&#x2F;discord, feels like this might be good place to resubmit it.

It would be nice if the page would stick to using HTTPS port 443 exclusively, instead of reaching out to other ports as well and popping up the OS firewall.<p>Also, Matrix TCP port 8448 is meant for federation, not for client communication.

The email encryption tools available are not ergonomic or easy to set-up and maintain. It presents a steep learning curve that requires special plugins or email clients &#x2F; search tools as the giants don’t have good support for it.<p>I have a feeling that Gmail could virtually single-handedly make E2E email encryption a standard practice with good UX, but they would rather be able to read your email.

&gt; It&#x27;s probably worth asking why in 2022, people still don’t use encryption systems to exchange emails,<p>Because mail MITM is extremely rare. It&#x27;s much more likely your cell phone texts will get intercepted during 2FA rather than your mail.<p>And actually, if I had to send an encrypted email, I wouldn&#x27;t use PGP. I&#x27;d send an encrypted zip file.

&gt; <i>In fact, in the daily traffic, as described above, a large percentage of emails is sent “in plain text” without the adoption of cryptographic solutions that protect the content of each message.</i><p>I would not expect this to be true. TLS adoption is not <i>universal</i> (and it would be nice to make it so), but I don’t believe it’s <i>that</i> far off it. This hop-by-hop encryption protects the traffic from all but your own email service provider.<p>Yes, I am misconstruing the article’s <i>intent</i>, which seems to be talking about end-to-end encrypted message <i>content</i>, so that your email service provider can’t see it either, but what it actually <i>says</i> here is just flatly wrong. The messages are sent encrypted (conditions apply), and promptly decrypted by the receiving mail server, so that it can do useful stuff with it rather than just treating it as an opaque blob.<p>The article completely fails to note the harsh compromises that must be made if you want to further encrypt messages with PGP or S&#x2F;MIME or whatever. For most people, the most obvious one is that any form of webmail is crippled and you lose all server-side search, meaning that you need to fetch all the mail locally and index it locally. This is normally infeasible for phones.<p>Fastmail explains the compromises well in this article on why they don’t offer PGP: <a href="https:&#x2F;&#x2F;fastmail.blog&#x2F;advanced&#x2F;why-we-dont-offer-pgp&#x2F;" rel="nofollow">https:&#x2F;&#x2F;fastmail.blog&#x2F;advanced&#x2F;why-we-dont-offer-pgp&#x2F;</a>. It boils down to (a) it crippling the service, and (b) not actually being useful anyway, because first-party encryption is pretty much unavoidably broken.<p>Most of what ProtonMail sells as privacy in their encrypted messages stuff is snake oil, plain and simple. As long as they provide the software that holds the keys, they can obtain those keys (this is a style of attack Fastmail refers to in that article—though Fastmail assumes you’d send the key with each request, rather than the email service provider being just a blob store and decryption happening on the client, but changing the code makes exfiltrating that trivial). This is a systemic failing of first-party encryption in the presence of automatic software updates (which is the default on almost all platforms, and fundamental to the web). The only path to real success requires that the platform and the encryption provider be distinct. To ProtonMail’s credit, they <i>have</i> done at least some pushing in the direction of what’s essentially reproducible builds for the web, so that clients can actually reliably detect when something’s changed (subresource integrity is a starting point, but insufficient as it doesn’t protect the top-level resource). I don’t think anything has actually come of it (it’s a fairly tiny niche that there’s not much interest in), but they are trying.<p>(Disclosure: I worked on Fastmail’s webmail in 2017–2020. I do not believe this has significantly influenced my position on these matters, save that my opinions are better informed than they were before; but I already saw and understood the problems of first-party end-to-end encryption. I find Fastmail’s position in this matter to be eminently reasonable and well-expressed.)

Also if we actually care about privacy, maybe we should legally enshrine it universally like some countries do?<p>Putting real legal barrier in place where at least some parties like employers could be swatted would already be improvement.

Email encryption is dead. And a stupid bolt on, poorly implemented fix that email wasn’t designed to handle.<p>Ditch email and move on to encrypted comms that are end to end.

There is no reasonable way to encrypt emails.<p>It’s far too easy to reply to the message without encryption or something of the sort.<p>Email was never designed to be encrypted.

Email is fundermentally insecure. What we need is a new protocol entirely, not to pile more stuff on top of it.

One word: <a href="https:&#x2F;&#x2F;delta.chat" rel="nofollow">https:&#x2F;&#x2F;delta.chat</a>

Can’t public keys be distributed for email, as with any other service: trusting an authority?

Rewrite the email protocol entirely, using crypto by default and MIXING.

Is this not going to make stopping spam somewhat of a nightmare?

do smtp clients validate certificates yet?<p>my Debian postfixes with their default config certainly don&#x27;t

How about we avoid using this archaic system altogether and switch to IM already?

protonmail