Article [by OP]: "End-to-end encrypted email is bad for you"

anon98021195 · January 8, 2025, 4:04pm

*I’m the author

Parish2555 · January 8, 2025, 4:24pm

I would like to hear your explanation on how POP3 is going to provide any of the benefits that E2EE does for

protecting against unauthorized access, data breaches
protection against server compromises
metadata protection
protection against mass surveillance
compliance for data protection regulations like GDPR and HIPAA

anon98021195 · January 8, 2025, 4:36pm

The idea is that since no emails are left stored on the server, this is the same level of security as with an E2EE service.

Regarding server compromise, there is no way around that (short of self hosting), even with an E2EE service, a bad server can simply not encrypt any incoming emails.

Cyber-Typhoon · January 8, 2025, 4:36pm

For a minute I thought @anon94009837 was the author after his recent post

Parish2555 · January 8, 2025, 4:37pm

This ignores any sort of protection needed during the transmission of an email. It also assumes that the sender should trust the server the email is sent to with the content of the email.

In properly implemented E2EE systems, encryption occurs on the client device before the data reaches the server.

anon98021195 · January 8, 2025, 4:44pm

It’s a little different with email. You always have to trust the server with the content of the email unless communicating in-platform or using PGP (see point 3).

Parish2555 · January 8, 2025, 4:49pm

Except companies like Proton and Tuta use zero-knowledge encryption so the encryption keys are generated and stored on the user’s device, preventing the server from accessing unencrypted data.

BlackDog · January 8, 2025, 5:22pm

If your threat model doesn’t need E2EE (nobody I know uses it) but does want zero-access encryption of the inbox, would a trusted (non data-mining etc) email provider and pop3 with an email client like Thunderbird be sufficient? Would an E2EE email provider like Protonmail be overkill?

madhogs · January 8, 2025, 5:40pm

If you use POP3 as you suggested I agree it is better than an encrypted provider as there is literally nothing on the server (once each message has been downloaded). Every provider (even proton and tuta) have the ability to read non PGP encrypted when they are received.

I would like to move to a set up like this but I use my android phone for my emails and neither k-9 mail nor fairemail support POP3 with deleting messages from the server and also proper backup of messages. So for the meantime I use Proton as encrypting the messages on their server is the next best thing.

whoami6 · January 8, 2025, 8:22pm

end-to-end encrypted email is not bad for you. It is just improperly used and falsely advertised to where the average joe thinks the provider themselves can’t see anything useful or do something useful in the future. They can still associate you with many things even if they can’t access the “contents”.

quitet.gear · January 9, 2025, 7:34am

I sort of agree with the sentiment of the article and with some of the points, but the article uses E2EE email, and encrypted email services interchangeably, which I think leads to confusion/misinterpretation. Truly E2EE email, where one end encrypts and only the other end decrypts, is good but rare.

If I make the interpretation that the article is talking exclusively about encrypted email services in an unencrypted email environment, then most of what the article says makes sense. When communicating with someone that doesn’t use email encryption, the encrypted email service will encrypt the plain text emails received and will decrypt the emails before sending them. So you are trusting the encrypted email service with the plain text email temporarily, similar to how you’d trust an unencrypted email service when using POP3.

But for how long each type of email provider has the plain text email is different. With POP3, the email provider needs to store the plain text email until you download it. Meaning it will probably end up in some storage back up if they want to provide any kind of reliable service. While an encrypted email provider can do the encryption and decryption in-memory, meaning the plain text email would only exist in the encrypted email provider’s infrastructure for a fraction of a second.

So an audit of the encrypted email provider just has to verify that the plain text email is encrypted in-memory and discarded, with nothing else donde to it. In the case of an unencrypted email provider, an audit would have to check for mischief in pretty much the whole infrastructure.

I do agree though that encrypted email services can be bad for you, as they can mislead people into thinking that all their emails are E2EE, giving a false sense of security. I think the news about political dissidents and activists being caught thanks to data provided by their encrypted email service sort of proves that, as they would probably not have sent incriminating emails to unencrypted ends if they knew they were ending up unencrypted at the other end’s email service, for the authorities to find.

And to a lesser extent, they can also be bad as they give the sensation that it’s either the privacy-invasive email providers, or the privacy-friendly but cumbersome encrypted email provider, with nothing in between. Leading to a lot of people staying on Gmail/Outlook as they don’t want to deal with the inconvenience of encrypted emails. While there are non-privacy-invasive email providers that are as convenient as the privacy-invasive ones that they could make the switch to.

Regime6045 · January 9, 2025, 1:23pm

The arguments in the article have some merit, but POP3 is not an alternative for 99% of people because it only really works well if you only have one device (a PC). Most people will also be interested in having access to their emails from a mobile device or web browser.