| I don't see a single argument in the article why, conditional on: 1. Me deciding to send a given message 2. Me deciding to use email for that message ... I should send it over an unencrypted email rather than encrypted one. I see arguments for using other systems like Signal. I see arguments for a false sense of security — i.e. if I didn't assume the email was secure, I'd write a different message. But, again, for a given message being sent over an email, I just don't see any reason not to encrypt it if it provides at least some protection (and saying it doesn't would probably be too much hyperbole even for latacora). The authors sort of just declare out of nowhere: > But email cannot promise security, and so shouldn’t pretend to offer it. And if "pretending" meant rot13, I would agree. But even despite all its flaws, there's a sea of difference between rot13 and PGP. If I can publish the encrypted contents of my email publicly, and not even tptacek can decrypt it, then it's not pretending. So, what is the downside of encrypting an email compared to not encrypting it? I can't think of any, and apparently the authors can't either, despite trying very hard. |