[Discuss] email privacy/security
Tom Metro
tmetro+blu at gmail.com
Sun Aug 4 22:30:22 EDT 2013
Richard Pieri wrote:
> I'd be wary of any third party provider. ...HIPAA regulations. ...
> The recent NSA disclosures are simply icing on the cake for me.
True. Self-hosted is better than outsourced, if you prioritize privacy.
But S/MIME encryption is better than either.
And even then, the metadata - senders and recipients - are still largely
sent as plaintext across the wire, and easily intercepted by the NSA.
We don't yet have the protocols to do end-to-end secure email that
encrypts the metadata TOR-style. At least nothing widely enough deployed
to be useful. It's hard enough finding a bank or insurance company that
knows how to handle the almost 20 year old S/MIME standard. (A recent
correspondence with BlueCross required using PGP (GPG), a phone call to
convey the password (no PKI), and a half-dozen emails to help
troubleshoot their inability to open the file in an encryption format
they suggested using.)
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list