Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] email privacy/security

Richard Pieri wrote:
> I'd be wary of any third party provider. ...HIPAA regulations. ...
> The recent NSA disclosures are simply icing on the cake for me.

True. Self-hosted is better than outsourced, if you prioritize privacy.

But S/MIME encryption is better than either.

And even then, the metadata - senders and recipients - are still largely
sent as plaintext across the wire, and easily intercepted by the NSA.

We don't yet have the protocols to do end-to-end secure email that
encrypts the metadata TOR-style. At least nothing widely enough deployed
to be useful. It's hard enough finding a bank or insurance company that
knows how to handle the almost 20 year old S/MIME standard. (A recent
correspondence with BlueCross required using PGP (GPG), a phone call to
convey the password (no PKI), and a half-dozen emails to help
troubleshoot their inability to open the file in an encryption format
they suggested using.)


Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile:

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /