#2 is fair, but I really don’t see any point in encrypting emails at rest when they by design are going to third parties who can do whatever they want with it. I don’t trust emails with sensitive information, so that’s not a problem for me. I wouldn’t have email if that was an option.
I think #1 is important in part due to #2, and because it’s due diligence for maximizing privacy where possible. If you’re sending emails to somebody on a different server, then you might not want them to be accessible on your own server if it gets breached, regardless of someone else’s security. (And if their server gets breached, attackers would then only have a subset of your messages.)
Yes, I understand, but I think it’s a false premise that email can be secure at all. You shouldn’t treat it as such and you should never send incriminating or sensitive information through email regardless of what promises are made about it being secure lest it is your own server. You can talk to people in much more convenient and actually secure and even anonymous ways and email does none of that so I don’t know why it’s expected to.
Email should, for 2-way communication, at best be used to establish actually secure connections elsewhere.
For all else, it should just be treated as an inbox that random people from the internet can dump stuff in for you to check out at your discretion.
#2 is fair, but I really don’t see any point in encrypting emails at rest when they by design are going to third parties who can do whatever they want with it. I don’t trust emails with sensitive information, so that’s not a problem for me. I wouldn’t have email if that was an option.
I think #1 is important in part due to #2, and because it’s due diligence for maximizing privacy where possible. If you’re sending emails to somebody on a different server, then you might not want them to be accessible on your own server if it gets breached, regardless of someone else’s security. (And if their server gets breached, attackers would then only have a subset of your messages.)
Yes, I understand, but I think it’s a false premise that email can be secure at all. You shouldn’t treat it as such and you should never send incriminating or sensitive information through email regardless of what promises are made about it being secure lest it is your own server. You can talk to people in much more convenient and actually secure and even anonymous ways and email does none of that so I don’t know why it’s expected to.
Email should, for 2-way communication, at best be used to establish actually secure connections elsewhere.
For all else, it should just be treated as an inbox that random people from the internet can dump stuff in for you to check out at your discretion.