Since emails are sent as plaintext whats the point of encrypting servers?

Discussion in 'privacy problems' started by mattdocs12345, Aug 21, 2013.

Thread Status:
Not open for further replies.
  1. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    As the title states... What's the point of encrypting servers where emails are stored if each and single one of those emails was sent to the server as plain text. So even if I pay $4.60 per month for offshore email service all those emails will be still freely available to the NSA once they leave my computer.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    You use end-to-end encryption to protect messages, SSL/TLS to protect headers in transit, and full disk encryption on servers. But if servers are compromised while running, full disk encryption won't help.
     
  3. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    But end to end encryption has to be supported by the other party. If the other person is using gmail/yahoo/hotmail/me account then it doesnt matter. Even if NSA doesnt access servers of your email provider they can still recreate whats in your inbox by intercepting every message you send and recive.
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    You are correct. However, if the other person uses GMail/Yahoo/Hotmail/etc., that doesn't mean that you can't encrypt your emails to them, it just means that they will have to save the encrypted email to their computer and use a specific software to decrypt it. And because it doesn't come naturally and it's not exactly easy to use, almost nobody does it...
     
  5. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Yeah we can do that but their servers are compromised by NSA so even if the message gets encrypted it will land on a compromised server. So reallyI can see only two reasons to switch to encrypted emails:
    A) you have another party with uncompromised servers
    B) prevent yourself from becoming a ptoduct for gmail/hotmail/yahoo.. who sell your personal information
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    This thread reveals something many of us "security minded" users deals with. The sad reality is that most of the folks we send and receive emails to/from are NOT aware of encryption's simplicity. Its actually very easy to keep communications private via encryption. Many of my friends simply refuse to participate making it frustrating. However; my "internet friends" using screen names often insist on privacy using PGP or similar. We almost all use it in forum(s) PM systems.
     
  7. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    95
  8. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    167
    Location:
    Sweden
    More and more servers supports SSL-traffic encryption, so at least you get a decent protection when the email travel from one server to another. PGP-encryption has increased a lot since Snowdens relevations, and it will continue to grow. Storing the local email in encrypted format is also important, if the server gets hacked or seized.

    Edit: SSL-traffic encryption does not require anything from the sender/receiver, it's something that the servers decide to use if both supports it.
     
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    That's the whole point of the encryption! If your adversary gets your message, he/she can't read it because it is encrypted! Of course, it would be a bonus if the adversary never gets the message at all, but I'm afraid that is very hard given the current circumstances. So you will have to accept the fact that your encrypted messages are seen by others than the intended recipient, but they won't be decrypted by them.
     
  10. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Yeah but my question is the same. Even thou you send an encrypted email it will be decrypted on gmail server and then read by your gmail.com friend and NSA will have access to it.
     
  11. NSAcanttouchthis

    NSAcanttouchthis Registered Member

    Joined:
    Aug 22, 2013
    Posts:
    2
    from "Even thou you send an encrypted email it will be decrypted on gmail server and then read by your gmail.com friend and NSA will have access to it."

    How would Google decrypt a message that you send in encrypted format? If it is encrypt with real encryption software then they can't do it. Being google doesn't magically make them able to break all encryption.
     
  12. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    You can't send an encrypted message to a casual gmail user who is using webmail. Unless Im missing something here.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    There's nothing stopping you from sending it via Gmail. But if recipients were using webmail, they'd need to put the encrypted stuff in a text file, and decrypt it with gpg etc. If recipients were using Thunderbird with Enigmail to get their Gmail, your messages would be automatically decrypted.
     
  14. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Of course you can. Please re-read my post #4 above.
     
  15. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    That's the problem here! My school/work/friends won't bother with that. So it's impossible to have private email communications with everyday people not concerned about privacy.
     
  16. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    You can only do what *you* can do. Worrying about what others do is pointless. If they won't use PGP, then either deal with it, or refuse to correspond with them....and you can't buy anything either, because no vendor uses PGP.

    These threads are kind of like asking for a unicorn. "I want my email, from everyone on the planet, even if unencrypted, to be secure end-to-end, through every single intermediary router on the net"

    -Not going to happen. There is nothing anyone can do, to *mandate* TLS for every single router on the internet, for mail.

    Even, as was asked in the other thread, if your super secure provider refused any email that didn't come in via TLS - it doesn't matter. That email *was* sent to you, and may have been scooped up at any point along the way.

    But you can:

    Run your own server, or use a provider that encrypts stored email, and is resistant to server raids.

    PGP anything you want only the recipient to read. And lets face it, if you can get someone to use PGP - You can get them to use BitMessage and send PGP messages through that - It gets rid of all the above problems, and more.

    But if you absolutely must have your cat food order confirmation email secure, end to end...not going to happen.

    PD
     
  17. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is a problem that no technological advancement is going to solve...
     
  18. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Thank you everyone for your input. Im very new to this and you guys helped me clarify few issues at hand.
     
Loading...
Thread Status:
Not open for further replies.