As someone who has read plenty of discussions about email security (some of them in this very community), including all kind of stuff (from the company groupie to tinfoil-hat conspiracy theories), I have decided to put too many hours some time to discuss the different threat models for email setups, including the basic most people have, the “secure email provider” one (e.g., Protonmail) and the “I use arch PGP manually BTW”.

Jokes aside, I hope that it provides an overview comprehensive and - I don’t want to say objective, but at least rational - enough so that everyone can draw their own conclusion, while also showing how certain “radical” arguments that I have seen in the past are relatively shortsighted.

The tl;dr is that email is generally not a great solution when talking about security. Depending on your risk profile, using a secure email provider may be the best compromise between realistic security and usability, while if you really have serious security needs, you probably shouldn’t use emails, but if you do then a custom setup is your best choice.

Cheers

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    It’s a Proton alias, so I get anyway PGP encryption

    That’s only true if you’re talking to other Proton users. Proton does encrypt emails at rest, but that’s basically the same as TLS + trusted server. Whether they use PGP on the BE or not is irrelevant.

    Publishing your PGP public key next to your email doesn’t require “wasting a domain” or anything like that, it merely gives others an option to contact you w/ PGP encryption. Since you already get near-zero volume, you probably would get even nearer-zero PGP volume (the few that would email you probably won’t bother using your PGP key), but it would at least show that you’re open to E2EE. You can even generate a special key that’s only used publicly, and Proton should handle decryption automatically for you.

    Anyway, I’m part of that group that probably wouldn’t bother using your PGP key anyway, I just thought it was amusing that you didn’t seem to actually follow your own advice. Perhaps that’s just more evidence that email should simply be avoided.

    • loudwhisper@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      With Simplelogin integration Proton does PGP encryption because effectively all emails are forwarded by a simplelogin address. I have just tested to be sure, and I can confirm it is the case. I agree though that this only protects “my side”, which is why I said that it doesn’t provide all the PGP features.

      Publishing your PGP public key next to your email doesn’t require “wasting a domain” or anything like that

      It does if I don’t have any key that I use for emails. My key(s) is bound to the Proton account with the other domains I use, so for this domain I would need to either add it (back) to Proton (easier option, but “wastes” a domain) or just generate and manage a key myself, that I can then even add manually to Proton, but I didn’t bother doing this just yet. I am not going to use any other public key I have because I wanted specifically to keep this domain separated from my identity.

      I just thought it was amusing that you didn’t seem to actually follow your own advice.

      FWIW, I do follow the described setup for everything personal, which is what matters to me. As I said, ~1/2 months ago I did have my PGP key because I enrolled the domain into Proton, which if anything is a testament to how annoying it is having to manage keys myself (which I already do for signing commits etc.). Maybe I will spend some time to polish the setup, eventually.