[RKearney]

> To use hosted S/MIME, companies need to upload their own certificates (with private keys) to Gmail, which can be done by end users via Gmail settings or by admins in bulk via the Gmail API.

So this is just to give the illusion of privacy and security then?

[advisedwang]

It gives protection against eavesdropping of messages in transit, so it's better than nothing (Even SSL+SMTP allows email relays to see the email in the clear). However it does not protect against an attacker who gets into your GMail, does not protect against warrents/NSLs/subpoenas against Google, does not protect against your domain admin accessing your message.

[cvwright]

I can't tell if you're agreeing or disagreeing with the parent comment.

[euyyn]

It's detailing that it does provide real privacy and security protections against some scenarios, even if not against all scenarios.

[advisedwang]

I've given up on trying to push a viewpoint on the internet. I just want to add to discussions by providing information, analysis and experience.

[chimeracoder]

If you want to protect against an adversarial Google, you shouldn't be using Gmail at all.

If you want to protect against an adversarial nation-state, well, power to you, but it's an uphill battle. Use PGP, not S/MIME, and pray that everyone else knows how to use it perfectly, making no mistakes at any point ever.

[ams6110]

TBH, if you want to protect against an adversarial nation-state, don't use email. Full stop.

[stuckagain]

S/MIME or other payload encryption is strictly better than SMTP STARTTLS alone because adversaries can easily defeat STARTTLS if they stand in the middle of the connection. Being so positioned will not allow them to disable S/MIME.