[luguenth]

About not being worried, that someone could read your mail in the case you're dead:

Always bear in mind you're not writing mails to yourself. The other party writing mails with you, might not be that happy with third parties reading their mails. Privacy is not only about you

[ghusto]

> Always bear in mind you're not writing mails to yourself. The other party writing mails with you, might not be that happy with third parties reading their mails. Privacy is not only about you

People mailing me after I'm dead because they don't know I'm dead, probably aren't very close to me. If a marketer decides to send me deep felt confessions he needs to get off his chest, meh.

[ozyschmozy]

Worth considering that they can use access to your email to get into other accounts. Someone getting into my Google photos account would definitely affect the privacy of others for instance.

Though I think the way to defend against this is dead man switches for services with sensitive data, not using gmail

[theshrike79]

I'm still sad because PGP/GPG couldn't make the UX work for signing and encrypting emails 20 years ago. It's still a huge pain to do, even if you're a hobbyist like me.

Encryption/decryption should've been a standard thing everyone does transparently when sending emails with one recipient. Multi-recipient mails should always be signed, automatically.

Maybe some day.

[dale_glass]

IMO, GPG for email was mostly a mistake, because email can't be secured enough.

GPG leaves all the headers exposed, and reveals who's talking to whom. That, right there, is a huge security problem. Turns out metadata is often plenty. And it can't even encrypt the subject, which is a footgun of enormous proportions.

Picture a high stakes situation like say, a resistance member in the Russian occupied parts of Ukraine. Yeah, the Russians can't see what you're emailing about, but they can see that 3 people of a given village are sending encrypted messages to each other, and then there's some outside contacts. Gee, what might they be talking about? What conclusions should we make if somebody else also sends mail to this outside contact.

Yeah, the encryption might be strong, but it won't do much to protect those people against the $5 wrench.

GPG for email only works in extremely narrow scenarios, and that makes it a bad tool.

[theshrike79]

Which communication methods leak no metadata?

If two people are communicating, the message always needs to know where it's going and in most cases where it's coming from.

Not encrypting the email subject is an implementation detail really.

[dale_glass]

> Which communication methods leak no metadata?

All leak something, but there are differences in what and how much.

> If two people are communicating, the message always needs to know where it's going and in most cases where it's coming from.

Yes, but in this case it'd be actually better to use something like Signal. You want something that's plausibly used often, is always encrypted, and is used for random chit-chat all the time, so that it's hard to tell if anything odd is going on from the outside.

GPG just screams "an important conversation is happening"

> Not encrypting the email subject is an implementation detail really.

And it's still unfixed, despite being a serious problem (it's easy to slip up and put something interesting in the subject).

[mikro2nd]

> GPG just screams "an important conversation is happening"

is just another argument in favour of all email being encrypted.

And yes, there's side-channel/metadata still in the clear, and that's a problem, but still a smaller problem. The only crowd I know working on solutions to minimise/eliminate that problem is the Cwtch project (not product!)

[dale_glass]

> is just another argument in favour of all email being encrypted.

And that makes GPG unsuitable, because it's such a pain in multiple ways.

> And yes, there's side-channel/metadata still in the clear, and that's a problem, but still a smaller problem.

Absolutely not a "smaller problem". Using GPG in an actually serious scenario like in occupied parts of Ukraine is quite likely to get you imprisoned, tortured, killed or all 3.

GPG mail is only suitable for "polite society" -- situations where your only problem is to securely email documents and account numbers to your accountant, and nothing else.

And that's actually a very narrow application. It's trivial to run into situations where that becomes extremely inadequate.

[l72]

Sure, but sometimes we don't care about knowing who is communicating. For example:

I don't care if someone knows my bank sent me a message, but I want the content of the message to be secure (not just in transit, but also at rest)

I don't care if someone knows my primary care physician sent me a message, but I want my lab results to be secure.

I don't care if someone knows I communicated with my CPA, but I want my tax and receipts to be secure.

[dale_glass]

True, but that's incredibly user unfriendly. The average person isn't good at doing that level of risk evaluation. What's important and what not isn't intuitive.

And we have a much friendlier than GPG system for that: putting that on a website protected by HTTPS.

[piaste]

> Which communication methods leak no metadata?

> If two people are communicating, the message always needs to know where it's going and in most cases where it's coming from

Sure, but you can still do a lot of things to make it much, much harder for the same Carol to identify Alice and Bob.

SimpleX is a good example of how far you can go and how many obstacles you can pile up onto the same protocol:

https://simplex.chat/#how-simplex-works

https://simplex.chat/#privacy

[threatofrain]

IMO the privacy we might discuss in terms of government or community intrusion is different from the privacy you expect from friends with regards to discretion. If I send you an unprofessional email, it ought be your prerogative to make a judgment call for disclosure.

[tamimio]

You can always have your password in a password manager with emergency access, if you (not you god forbidden) die, someone close can access all these domains/emails.

[eloisius]

The problem is that someone has to squat your domain for you for as long as want to prevent an adversary from registering your domain and intercepting any emails still being delivered to it.