- cross-posted to:
- opensource@lemmy.ml
- cross-posted to:
- opensource@lemmy.ml
I don’t understand why it took us 50 years to figure out how to do encrypted messaging-over-email. Anyone wanna swap email addresses?
I don’t understand why it took us 50 years to figure out how to do encrypted messaging-over-email. Anyone wanna swap email addresses?
deleted by creator
who do you KNOW doesn’t suck? myself, i like disroot, but i still prefer to encrypt any comms that go across their services, because i can’t explicitly trust them. i don’t even (really) trust riseup.net. it’s always best to encrypt anything thats sensitive yourself and control the keys.
deleted
i think it’s worth pointing out that pgp-protected messages would still be secure in the case of the kolektiva breach, not that anyone is e2ee for mastodon messages.
if you (and your friends) control your (and their) keys, then the actual contents of your communications can’t be compromised. i think email is fine if you understand the limitations.
deleted by creator
i would never bother with anything that i consider to be highly secure over any clearnet service. but for keeping advertisers out of my messages or just run of the mill dragnets, or spot-censorship (like how facebook or others forbid certain links), i think deltachat is a really reasonable solution.
but to this point:
deltachat has an option to delete server-side.
deleted by creator
you’re asking more than i really know here. i haven’t even convinced any of my friends to use it. it was hard enough getting their email addresses lol.
deleted
this is my settings screen. it looks like you would need to actually ask your friends to turn on the server-side purging.
if you are a deltachat user, it creates a directory for your deltachat messages. if not… you are strongly encouraged to use deltachat :P
can’t you just make a rule
personally, i don’t trust protonmail, so i haven’t tried it, but i think… it just doesn’t work lol.
What’s the issue with proton? Just the UI being a bit shit?
The UI has improved a lot since their re-brand, so I doubt that’s it.
they make a lot of promises about security, but email can truthfully only reach a certain level of security. the comment from @RTRedreovic@feddit.ch shows weaknesses in relying in protonmail to protect various aspects of your communications, but they sell themselves as TOTALLY SECURE.
the lady doth protest too much.
so they’re no more secure than, say, google, when you implement your own e2ee on top of email with PGP or something. but the promises of enhanced security actually set people up to expect more than that. coupled with the fact that they don’t even let you use imap or pop, it’s not exactly a hacker’s dream service.
Proton only uses E2EE for the message body (including attachments). The subject and headers are not end-to-end encrypted.
That’s not entirely unreasonable, since they use that data for the search function on the server side. Nobody’s really cracked the nut of E2EE search, though there’s been some interesting research in the field recently.
Proton should be avoided.
https://www.theregister.com/2021/09/07/protonmail_hands_user_ip_address_police/
https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/
https://cyberwarzone.com/protonmail-complies-with-a-record-6000-government-requests-for-user-data-in-2022/
https://encryp.ch/blog/disturbing-facts-about-protonmail/
I do agree that’s a fair point about mail.