Idiomdrottning’s homepage

Re: Stop Using Encrypted Email

I already have my own positive take on this.

But I want to reply this post directly.

Plaintext email only?

When you’re saying:

Email is unsafe and cannot be made safe. The tools we have today to encrypt email are badly flawed. Even if those flaws were fixed, email would remain unsafe. Its problems cannot plausibly be mitigated. Avoid encrypted email.


There are reasons people use and like email. We use email, too! It’s incredibly convenient. You can often guess people’s email addresses and communicate with them without ever being introduced. Every computing platform in the world supports it. Nobody needs to install anything new, or learn how to use a new system. Email is not going away.

at the same time, what that means is that you’re saying “go ahead, keep using unencrypted, insecure, plaintext email”. I’m not onboard with that.

Keep using encrypted email?

When you’re saying:

And we don’t object to email security features, like hop-by-hop TLS encryption and MTA-STS, that make the system more resistant to dragnet surveillance.

You’re saying yes to email encryption after all. Good, then we’re on the same page.

I also wanna add SPF, DKIM, DMARC, and PGP. I use them every day, pretty happy about them.

LARPers vs the state?

When you’re saying:

Most email encryption on the Internet is performative, done as a status signal or show of solidarity. Ordinary people don’t exchange email messages that any powerful adversary would bother to read, and for those people, encrypted email is LARP security. […] Metadata is as important as content, and email leaks it.

You’re saying that the only adversaries that matter are powerful ones, like state actors that are gonna put you in jail for whatever reason. But we also want to fight the corporations and the spammers and the ad profilers.

Truth is that with TLS and STS, only people who can see the emails are the email service providers. And in a world where the biggest email provider is also the biggest ad seller, maybe encrypting the body text is not a bad idea.

Not that the larping isn’t fun. PGP does have a nostalgic charm for many of my generation. From being something I could barely understand, something people tattooed on their bodies, to something I now use hundreds of times per week, there is something joyful in that.

Bad alternatives

Yes, email isn’t the most secure, and OMEMO and Matrix also leaks metadata. To the provider, not to the entire world, but that’s true for email as well in the TLS era.

They suggest Signal, which is proprietary and leaks your actual cell phone number. What.

age will encrypt documents that can be sent through less secure systems. These tools are all harder to use and more fraught than secure messengers, but they’re better than encrypted email.

Age has all the same drawbacks as PGP without any of its advantages like WKD.

But there are good ways to speak anonymously and securely to each other. I’m glad you have apps you like. Email is very far from being the securest thing out there right now. That’s not what I’m contesting at all.

My problem with this widely quoted and self-contradictory essay is that they have driven a lot of otherwise very smart people to give up on making email the best it can be.

And there are plenty of things where email is still the best thing around. It’s a miracle that a world-writable fully federated inbox system is as good as it is. Fedi is a spam pit, IRC a harassment nightmare, email is at the forefront of fighting those things. Of course we want encryption on that.