| > If the message is decrypted only on my device, then that wouldn't matter. I'm guessing endpoint decryption is not what you (or maybe the GP) are talking about, but I don't know what you mean. Oh yeah, sure - if you only decrypt on your device, then that's reasonable. We could encrypt to a public key on delivery. There's services that do that, but FastMail isn't interested in being one of those services. The tradeoffs mean we could do very little. Certainly not a webmail service. > what's an app password https://www.fastmail.com/help/clients/apppassword.html It's a password that's created by the server and used on only one app. So if you lose your device, you can disable that one password only. Also, there's no chance that you'll reuse it across sites, so it can't leak from other services because you won't be using it there. It's also limited to just the protocols that are used on that device, so can't be used to reset your password or payment details or install forwarding rules, etc. > Why not do the processing then - spam filtering, build a search index of hash values, etc.? Then permanently (from the server's perspective) encrypt the old, stored messages If you can search for keywords and find maching message blobs, that's nearly as good as having plaintext access. If was encrypted to only the endpoint, the usual issues of "you need to download the entire database to search your email" apply, and of course we're doing very little. > How do the end-to-end secure messaging applications, such as Signal, handle those issues, if anyone knows? They're not designed to be your long term memory, which simplifies things a lot. You basically lose access to your history. Which might be find if you don't care about the past, but that's not how I see email. Email is your electronic memory, and encryption+lost password means that nobody can get at your memories, not even you! |