Since emails are sent as plaintext whats the point of encrypting servers?

As the title states... What's the point of encrypting servers where emails are stored if each and single one of those emails was sent to the server as plain text. So even if I pay $4.60 per month for offshore email service all those emails will be still freely available to the NSA once they leave my computer.

 

You use end-to-end encryption to protect messages, SSL/TLS to protect headers in transit, and full disk encryption on servers. But if servers are compromised while running, full disk encryption won't help.

 

But end to end encryption has to be supported by the other party. If the other person is using gmail/yahoo/hotmail/me account then it doesnt matter. Even if NSA doesnt access servers of your email provider they can still recreate whats in your inbox by intercepting every message you send and recive.

 

You are correct. However, if the other person uses GMail/Yahoo/Hotmail/etc., that doesn't mean that you can't encrypt your emails to them, it just means that they will have to save the encrypted email to their computer and use a specific software to decrypt it. And because it doesn't come naturally and it's not exactly easy to use, almost nobody does it...

 

Yeah we can do that but their servers are compromised by NSA so even if the message gets encrypted it will land on a compromised server. So reallyI can see only two reasons to switch to encrypted emails:
A) you have another party with uncompromised servers
B) prevent yourself from becoming a ptoduct for gmail/hotmail/yahoo.. who sell your personal information

 

This thread reveals something many of us "security minded" users deals with. The sad reality is that most of the folks we send and receive emails to/from are NOT aware of encryption's simplicity. Its actually very easy to keep communications private via encryption. Many of my friends simply refuse to participate making it frustrating. However; my "internet friends" using screen names often insist on privacy using PGP or similar. We almost all use it in forum(s) PM systems.

 

Steve Gibson talks about email encryption in his weekly podcast.

https://www.grc.com/sn/sn-417.htmhttps://www.grc.com/sn/sn-417.htm

and his blog

http://steve.grc.com/2013/08/08/the-lesson-of-lavabit/

d

 

More and more servers supports SSL-traffic encryption, so at least you get a decent protection when the email travel from one server to another. PGP-encryption has increased a lot since Snowdens relevations, and it will continue to grow. Storing the local email in encrypted format is also important, if the server gets hacked or seized.

Edit: SSL-traffic encryption does not require anything from the sender/receiver, it's something that the servers decide to use if both supports it.

 

That's the whole point of the encryption! If your adversary gets your message, he/she can't read it because it is encrypted! Of course, it would be a bonus if the adversary never gets the message at all, but I'm afraid that is very hard given the current circumstances. So you will have to accept the fact that your encrypted messages are seen by others than the intended recipient, but they won't be decrypted by them.

 

Yeah but my question is the same. Even thou you send an encrypted email it will be decrypted on gmail server and then read by your gmail.com friend and NSA will have access to it.

 

from "Even thou you send an encrypted email it will be decrypted on gmail server and then read by your gmail.com friend and NSA will have access to it."

How would Google decrypt a message that you send in encrypted format? If it is encrypt with real encryption software then they can't do it. Being google doesn't magically make them able to break all encryption.

 

You can't send an encrypted message to a casual gmail user who is using webmail. Unless Im missing something here.

 

There's nothing stopping you from sending it via Gmail. But if recipients were using webmail, they'd need to put the encrypted stuff in a text file, and decrypt it with gpg etc. If recipients were using Thunderbird with Enigmail to get their Gmail, your messages would be automatically decrypted.

 

Of course you can. Please re-read my post #4 above.

 

That's the problem here! My school/work/friends won't bother with that. So it's impossible to have private email communications with everyday people not concerned about privacy.

 

You can only do what *you* can do. Worrying about what others do is pointless. If they won't use PGP, then either deal with it, or refuse to correspond with them....and you can't buy anything either, because no vendor uses PGP.

These threads are kind of like asking for a unicorn. "I want my email, from everyone on the planet, even if unencrypted, to be secure end-to-end, through every single intermediary router on the net"

-Not going to happen. There is nothing anyone can do, to *mandate* TLS for every single router on the internet, for mail.

Even, as was asked in the other thread, if your super secure provider refused any email that didn't come in via TLS - it doesn't matter. That email *was* sent to you, and may have been scooped up at any point along the way.

But you can:

Run your own server, or use a provider that encrypts stored email, and is resistant to server raids.

PGP anything you want only the recipient to read. And lets face it, if you can get someone to use PGP - You can get them to use BitMessage and send PGP messages through that - It gets rid of all the above problems, and more.

But if you absolutely must have your cat food order confirmation email secure, end to end...not going to happen.

PD

 

This is a problem that no technological advancement is going to solve...

 

Thank you everyone for your input. Im very new to this and you guys helped me clarify few issues at hand.