View Single Post
Old 28 Jun 2017, 06:07 AM   #19
xor
Junior Member
 
Join Date: Aug 2012
Posts: 7
Quote:
Originally Posted by BritTim View Post
If you cannot trust your email provider, I cannot see how any encryption helps. If you trust your provider, then I cannot see how an encrypted IMAP connection is any more secure than an encrypted HTTP connection using the same algorithm and key lengths.
First of all, you can indeed no longer trust your email provider if they are forced by law to conspire against you. There is nothing they can do about that.

Second, encrypted IMAP or HTTP connections do not help in this case: they only protect you from outside eavesdroppers. They hide nothing from the email provider and so they do not help against a government forcing the provider to cooperate.

However, encryption properly done on your machine, with only your communication partner (and not the email provider!) holding the decryption key, is practically unbreakable, even by the government infiltrated email provider.

Use PGP or S/MIME and the content of your email is safe! (The subject line, sender, and recipient address are always revealed, though).

But do not rely on web clients provided by your email provider to do the encryption - these will be infiltrated also!

This is what I was trying to get across.
xor is offline   Reply With Quote