Hacker News new | ask | show | jobs
by __s 1867 days ago
Not technically. You'd just have to apply encryption at a higher level

Send email bodies encrypted to base64 along with a public key fingerprint, then receiver's client would decrypt if it had the private key for that fingerprint

But this isn't compelling enough to get a network effect to topple in-browser gmail
3 comments
kodah 1867 days ago
Common misconception. The three letter agencies do not really need to know the contents of your email body. They're much more interested in to/from, timestamps, and subject. Establishing that you communicate with a person and then getting their emails is much easier than playing with your encrypted email body.
link
upofadown 1867 days ago
I think this is a common misconception of its own. The three letter agencies would love to be able to see the content of messages. But the code makers have run so far ahead of the code breakers that this is effectively impossible. So they settle for only meta information and tell the people that are funding them that this is now sufficient for them to continue to do their job.
link
wolverine876 1867 days ago
What is this based on? How do you know their capabilities?

Per published reports, they (and others) have exploits for many things, including many cryptography implementations.

link
freshair 1867 days ago
Exactly right. The American government considers associations inferred from this "metadata" to be sufficient evidence to execute people via drone.
link
stjohnswarts 1866 days ago
Only foreigners and Americans on foreign soil
link
megablast 1867 days ago
This is just such an obviously ridiculous statement.
link
kodah 1867 days ago
Feel free to elaborate. This is fairly common knowledge if you Google parts of what makes ProtonMail (and others) susceptible to state actors.
link
stjohnswarts 1866 days ago
You have a misconception yourself, and it shows. It depends on what they're after. If they want to see an individual's email then obviously they need to decrypt the body.
link
PenguinCoder 1867 days ago
Base64 is an encoding, not encryption. But yes PGP or S/MIME encrypted email would work.
link
iudqnolq 1867 days ago
Charitably, they mean take the whole message with headers, encrypt it, and base64 it so you can stick it in a body. Probably still a bad idea.
link
joshuaissac 1867 days ago
This could work on top of GMail, with the help of a browser plugin.
link
input_sh 1867 days ago
https://mailvelope.com/en
link