Beneficial to add a note to the email provider section

I think it would be beneficial to add a note to the email provider section under recommendations explaining that even end-to-end encrypted email providers still need to intercept non-encrypted emails and then encrypt them after they have been intercepted, it would be possible for the end-to-end encrypted email provider to log the emails

proton exponentiation

"The email is encrypted in transit using TLS. It is then unencrypted and re-encrypted (by us) for storage on our servers using zero-access encryption. Once zero-access encryption has been applied, no-one except you can access emails stored on our servers (including us). It is not end-to-end encrypted, however, and might be accessible to the sender’s email service.
"

My exponentiation uses an image from the skiff with paper

I am not sure I see a benefit to this. It seems to me all this is doing is stating the obvious that sending and receiving unencrypted emails is insecure.

I would be more in favor of PG highlighting more prominently the methods in which users of an E2EE service can protect emails they have to send unencrypted such as Protons password protection.

I think most users believe that when they receive an email from gmail (or another provider) that gmail can see the email but an encrypted email provider cannot see it if they want.

I think it would be beneficial because it highlights the need to trust the provider you choose.

1 Like

Its a fair point, for me I don’t really see that as the scope of these recommendations. Users should still be reading the information provided by the service before using. I think it will just add a bunch of unnecessary clutter to re-hash information that is already clearly provided by the service.

To me, if you are using a service recommended by PG solely based on what you read on PG you are not using the resource correctly. Its not meant as a end all be all, it should be one data point in the users research.

2 Likes

I dont agree but it is a fair and valid point. I could not find it in the knowledge base section but it is probably there.