Conversation

Notices

1. Embed this notice
   Rich Felker (dalias@hachyderm.io)'s status on Thursday, 16-Jan-2025 11:38:21 JST Rich Felker

   In the domain of email, unleas you're running your own mail system, there is NO SUCH THING as privacy against inspection by your mail provider. They can see (and hand over to authorities, or to anyone who pops them) anything you send or receive which is going to be cleartext unless you're PGP'ing the contents or something.

   Someone who promises you privacy (Proton) is lying. On top of likely (actually in case of Proton) being cryptofash scum.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 16-Jan-2025 11:45:54 JST Rich Felker

     in reply to

     If email secrecy is really important to you, the only option is running your own mail system and using DANE. And you still have to trust that the mail systems of the people you're communicating with are honoring the cryptographic requirements and that their mail providers aren't snooping (which is only true if they also run their own mail systems).

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 16-Jan-2025 11:55:16 JST Rich Felker

     in reply to

     • G. Wozniak

     @gwozniak It's not impossible, but impossible to outsource.

   • Embed this notice
     G. Wozniak (gwozniak@discuss.systems)'s status on Thursday, 16-Jan-2025 11:55:17 JST G. Wozniak

     in reply to

     @dalias I don't know how many times it's been explained, very clearly, that private email is impossible.

     You have to trust the provider and assess your threat model. If secrecy is a must, email isn't for you.

     The PGP email dream is dead, based on all that I've ever heard, and basically was never alive to begin with.

     And yet...

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 16-Jan-2025 11:56:13 JST Rich Felker

     in reply to

     • Michael Chrisco :rootaccess:

     @michaelc Proxy port 25 thru a VPS. The VPS doesn't see your mail because you terminate TLS on your end.

   • Embed this notice
     Michael Chrisco :rootaccess: (michaelc@social.rootaccess.org)'s status on Thursday, 16-Jan-2025 11:56:15 JST Michael Chrisco :rootaccess:

     in reply to

     @dalias I wish my port 25 wasn't blocked... I have everything else. Used to run my own email for a year or so.

   • Embed this notice
     Howard Chu @ Symas (hyc@mastodon.social)'s status on Thursday, 16-Jan-2025 12:07:20 JST Howard Chu @ Symas

     in reply to

     @dalias it's not hard to write a milter for postfix or sendmail to PGP encrypt any cleartext incoming email. So it *is* possible to be an email provider with zero access to clients' emails.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 16-Jan-2025 12:07:20 JST Rich Felker

     in reply to

     • Howard Chu @ Symas

     @hyc No, because the provider is the one who'd be running that code, and thereby have access to the cleartext. "Encrypt on arrival" is the bs Proton claims to do. And there's no way to verify that they actually do it, nor any way they can refuse lawful order to intercept first.