Are we finally ready for End-To-End-Email-Encryption (E2EE) yet?

ISOC Switzerland Chapter - Sunday, October 16, 2022

Even though tens of millions of Gmail and Yahoo accounts are hacked and being sold on the dark web, why is encrypted e-mail still not the default? 

Is it high technical barriers, or the users’ “I have nothing to hide” arguments or lack of easy to use encryption solutions in the consumer space? 

Especially in light of what has transpired in the US as reported by the New York Times  and EFF, innocent users can be threatened without the protection of encryption even when seeking medical advice for their children. 

What does it really mean to be protected by encryption? It requires that you must have your own secret private key. You might ask: What is a secret private own key? It is a variable to encrypt and decrypt messages. Any solution that does not provide you with a secret key of your own, should make you suspicious. And you should be the only person having access to the private key. It is best practice and highly recommended to have the encryption solutions validated by security specialists, before buying/deploying them as protective measures. There are many solutions out there that do not do a good job at protecting you and your information.

Good solutions today operate with secret keys. If you do not have a secret key, be aware as you may have some ‘feel good’ encryption but no reliable, bullet proof protection.

The best solutions for e-mail are using asymmetric cryptography and operate with 2 different keys (one public & one private). PGP and pEp are such solutions. 

Secure e-mail solutions providing web-links are about as secure as Yahoo Mail. One could label them as ‘feel good’ solutions, but cannot consider them as reliable protection.

Just for illustration a few pictures to illustrate the subject:

This picture below is an unprotected e-mail or an e-mail protected by ‘feel good’ encryption; after retrieving username/password, the hacker can read everything.  

Below is what a protected e-mail by end-to-end cryptography (PGP in this case) looks like. Even after a hacker stole username/password to the e-mail account, they still cannot read anything as you can see.

We would like to hear your experiences and opinions on encryption. Which encryption solutions do you use? Why do you prefer that solution? If you are not encrypting, please tell us why. 

If you would like to learn more about encryption please visit: https://www.internetsociety.org/issues/encryption/what-is/

If you would like to learn more about the pEp Foundation and how you can become part of the pEp community, please go to: https://pep.foundation/

The post Are we finally ready for End-To-End-Email-Encryption (E2EE) yet? appeared first on ISOC Switzerland Chapter.