Viewing a single comment thread. View all comments

bradland t1_iuja3ii wrote

Reply to comment by synmotopompy in eli5 What came of Edward Snowden leaking all of that classified intel? by tpb772000

Your mail is not necessarily stored as plaintext. It depends on where your mail is housed. You can absolutely encrypt email at rest. The hard question is whether everyone you correspond with also encrypts email at rest.

7

synmotopompy t1_iujc6v7 wrote

Sure, my mail can be encrypted in storage. It all depends how much you trust your mail provider.

Note that encrypting uses more CPU than plaintext does, so it costs more money in the long run. Now think from the perspective of a mail provider: "What do they care that their emails are not encrypted if they have no way to verify that?" At some companies (Google for instance) I'm sure they do everything in their might to store the mails securely. But they have to obey every order from the government and yield mails, so that means they store encryption keys which makes it a moot point. Note that even privacy advertised mails like protonmail obey government subpoenas and lie to their users that they don't store the keys while they do.

3

bradland t1_iujfgvm wrote

I only pointed it out because it's not a great blanket statement because it gives the impression that there is something inherent about email that means it is stored as plaintext. I fully agree that security is hard, and securing against a government while operating within their jurisdiction is just about impossible, but your email may not be stored in plain text.

Just as an example, ProtonMail offers encrypted email with protection that is good enough right up to the point that a major nation-state takes a very strong interest in you. They're based in Switzerland as a means to make it more difficult to compel access to user data. Nothing is impossible, of course.

1