[ifdefdebug]

The author is not saying to stop using email. He wants you to stop pretending it can be secured. If people think that "works as intended" means their email communication privacy is secured, and their personal safety depends on it, then those people are in danger.

Basically, he argues you can't trust encrypted email for any content you would not also be fine to send over an TLS secured wire.

[GoblinSlayer]

The title is "Stop Using Encrypted Email" though.

[soraminazuki]

Yes, which confirms the parent comment's point. Note the title refers to encrypted email, and not email in general.

[lvh]

That sounds congruent with both GP’s point, and the intent of the author.

[jtbayly]

And you should. Because it’s pointless, as he demonstrated quite well.

[belorn]

That sounds awful close to advocating in favor of more plain text and less encryption.

[tptacek]

It sounds like that, but because of how encrypted email actually works in the real world, it's actually the opposite.

[belorn]

That sounds like an extra ordinary claim that telling people to encrypt their email will cause more unencrypted emails.

Claims like that need extra ordinary support. Spend money on a study where one company employees are told to encrypt their work emails, with an other company being told to not encrypt their work emails. At the end of the study, see which one encrypts more.

Common intuition say that the one being told to not encrypt will not have more encrypted email conversation than the other. At worst both have the same amount, and at best the one being told to encrypt has more encrypted conversations because they are more security aware.

[tptacek]

If it's an extraordinary claim, it's backed by extraordinary evidence. Modern secure messengers make it difficult (or even impossible) to accidentally send a plaintext message. Meanwhile, plaintext replies to encrypted emails are such a widespread phenomenon that practically everyone who has used them at any kind of scale has witnessed them. The reason those opsec lapses aren't newsworthy is because the underlying messages are unimportant, so nobody cares. Which is why it's important that people understand that almost all encrypted mails are LARPsec.

[belorn]

Failure in opsec does not prove that telling people to encrypt create worse security than explicitly telling people to not encrypt.

I do not see any extraordinary evidence that support your claim. It still sounds more like you are advocating for plain text, and since the encryption wars has been on going for the last 40 years it is worrying to see a new front being formed.

There are two requirements: Plain text should be banned from the network and sensitive data at rest in the hands of third parties should always be encrypted. Advancement in email security has gone forward enough that if both sides of a communication are running their own email server than the need for PGP has been made redundant. If however an untrusted third party is used by either side then the second requirement is not unfulfilled and sensitive data is leaked.

People can pretend that they don't have sensitive data and a single look at the company CRM, HR, customer registers and so on will show that it is really hard to operate a company without handling sensitive data which under GDPR has some real legal ramifications. A single email attachment and now a third party has a copy of that, and a data breach later at the service provider and a law suit happens. With that threat model and enough cases ending up in the news the cost of running unencrypted email goes up.

[tptacek]

I'm not telling people not to encrypt. People should encrypt. I'm telling them not to encrypt email, because email is unsafe. You're going to have to engage with my actual argument rather than fleeing to abstractions.

[miscPerson]

Is Signal supposed to be more secure than point to point TLS?

That doesn’t sound correct to me, and makes me wonder what the complaint about email is.

TLS encryption over a relay network seems like state of the art security, and something I’d trust much more than Signal to hide my metadata — which is how you’ll actually get killed in a “life or death” situation.

[cyphar]

Email-over-TLS provides encryption to your mail server, not to end-to-end encryption to the recipient of your email. That's what this entire discussion is about (and "encrypted email" in the article refers to PGP encryption, not TLS.)