undefined | Better HN

0 pointsRedoubts9y ago0 comments

I think it's closer to "you deserved your message to be read, since you put it on the back of a postcard". But ok.

0 comments

5 comments · 2 top-level

morganvachon9y ago· 3 in thread

This. Email messages are digital postcards. When it leaves your computer (house) and goes to your ISP (local post office), anyone at that place can pick it up and read it before sending it on its way to the recipient's mail handler. While it's in transit, it's not sealed, it's not obscured or encrypted, it is plain text.

Now, that doesn't change the fact that Yahoo rolled over like a puppy when the government came calling, which is reprehensible for any tech company to do. They should have fought it and asked for a warrant for the specific persons of interest, rather than happily fucking over every single Yahoo email subscriber.

dredmorbius9y ago

The fact that email is a digital postcard doesn't mean it must be.

SMTP was designed with no privacy, security, reputation, or authentication capabilities. Even the add-ons which provide some of these (e.g., PGP -- and I'm looking for the comment on this thread mentioning that) doesn't address what's almost always more useful than full-text search: metadata.

It's the systematic failure of tech industry leadership to come up with an open and viable alternative to email that's landed us in this position, and that's a lack of action that's increasingly utterly indefensible.

roywiggins9y ago

Don't a lot of the big providers pass emails between each other encrypted with TLS? And emails internal to Yahoo's email system wouldn't be visible to your ISP or anyone outside of Yahoo.

https://www.google.com/transparencyreport/saferemail/

morganvachon9y ago

They might pass the email around via TLS but they store their copy unencrypted on their servers[1]. Even if they do one day decide to encrypt their local copy, they hold the keys, you don't. According to the Ars article on this subject[2], Google has officially said "We haven't been subpoenaed and if we were we'd say 'no'", but that stance could change in the next few years.

[1] https://www.google.com/transparencyreport/saferemail/faq/#wh...

[2] http://arstechnica.com/tech-policy/2016/10/report-fbi-andor-...

itsnotlupus9y ago

Or maybe "you deserved your postcard along with millions of other postcards to get systemically OCR'd and entered into a government database" ?

Concepts of scale and intent are rather central to this discussion.

This isn't about a postal employee glancing at your postcard and thinking you must be having a nice vacation.

j / k navigate · click thread line to collapse