What a joke. There hasn't been a good one since lavabit.
What a joke. There hasn't been a good one since lavabit.
They include Outlook in the list but it is only for businesses and nobody in their right mind would trust Microsoft for privacy anyway.
They include Outlook in the list but it is only for businesses and nobody in their right mind would trust Microsoft for privacy anyway.
At this point i believe EVERYTHING has been hacked
At this point i believe EVERYTHING has been hacked
the fact is that because email servers exchange encryption options when interfacing and sending to external entities, it's typically always possible for your emails to be sent unencrypted- when the interfacing email server claims that it doesn't support encryption, it falls back to clear text.
now you're talking about "end to end" encryption, and this is even more complicated than what we were just talking about, and it's not a function of email protocol at all. Anyone who claims that their email service provides end to end encryption is lieing. it would be important to pause and ask yourself why a company might do that.
anyways, to speak to your potential solution: the best widely used manner to achieve what you're speaking about (end to end encryption with email) is to use open pgp before you send an email. in this case, it's encrypted before you send it and you also control your keys so it doesn't matter if the email host gets a court order, they can't decrypt it even if they wanted to.
the fact is that because email servers exchange encryption options when interfacing and sending to external entities, it's typically always possible for your emails to be sent unencrypted- when the interfacing email server claims that it doesn't support encryption, it falls back to clear text.
now you're talking about "end to end" encryption, and this is even more complicated than what we were just talking about, and it's not a function of email protocol at all. Anyone who claims that their email service provides end to end encryption is lieing. it would be important to pause and ask yourself why a company might do that.
anyways, to speak to your potential solution: the best widely used manner to achieve what you're speaking about (end to end encryption with email) is to use open pgp before you send an email. in this case, it's encrypted before you send it and you also control your keys so it doesn't matter if the email host gets a court order, they can't decrypt it even if they wanted to.
https://privacy-watchdog.io/truth-about-protonmail/
(post is archived)