Stop Using Encrypted Email
a day ago
- #encryption
- #email-security
- #privacy
- Email is inherently unsafe and cannot be fixed; avoid using encrypted email due to fundamental flaws.
- Encrypted email is often performative or LARP security, as ordinary users' messages aren't typically targeted by powerful adversaries.
- Serious uses like legal cases, financial transactions, or resistance require robust security, which email fails to provide.
- PGP is outdated and broken, but even if replaced, email's design issues prevent true security.
- Email defaults to plaintext, leading to risks like unencrypted replies and metadata leaks, which secure messengers like Signal avoid.
- Email archives are permanent and likely to leak, unlike secure messengers with features like disappearing messages.
- Forward secrecy is poor in email, with long-term keys vulnerable to compromise over time.
- Alternatives like Signal, Magic Wormhole, and age offer better security than encrypted email for sensitive communication.
- While email is convenient and widely supported, it cannot promise security and should not pretend to offer it.