Thread Tools
This thread is privately moderated by Jack Crossfire, who may elect to delete unwanted replies.
Aug 10, 2014, 06:44 PM
Registered User
Jack Crossfire's Avatar
Thread OP
Discussion

The encrypted email problem


Google & Yahoo jumped on the email encryption bandwagon last year, then prompty got a lot more aggressive about turning over anyone who stored any suspicious content on their account. Google's mane victory was a pedophile who was arrested after a content ID algorithm applied to all gmail content found naked kid photos in his account.

After the pedophile was arrested, Google went on a renewed campaign advertizing complete "end to end" encryption between it & Yahoo's servers. Their email service was not only as private as a hard drive, but so was Yahoo's.

Is the hype about email encryption just a modern dragnet that's trying to leverage ignorance to get criminals, or is there hope for someday having a completely private link between 2 points? Technically, private webmail email is impossible.

The message has to be encrypted in the sender's browser using the receiver's public key, then decrypted in the receiver's browser. The decryption can't happen anywhere besides the receiver's browser. Wherever the receiver wants to run a different browser, the private key has to be entered in the browser & it has to be decrypted in the new browser.

The key pair is usually a hash of the password or something that can be changed. If the user changes keys, every email has to be downloaded from the server, decrypted with the old keypair, reencrypted with the new keypair, & uploaded again. It's completely impractical if the user has 1 gig of stored emails & 1 gig of online storage was originally what sold gmail.

At most, the "end to end" encryption being advertized can only encrypt the transfer over the wire. It has to be decrypted on the final server that dispatches it to the reader.
Sign up now
to remove ads between posts


Quick Reply
Message:
Thread Tools