This all seems very binary, treating security as if it were all or nothing. Preventing snooping at the network router for most email is still useful even if it doesn't prevent disclosure via...
This all seems very binary, treating security as if it were all or nothing.
Preventing snooping at the network router for most email is still useful even if it doesn't prevent disclosure via subpoenas like a good email retention policy. They are different problems with different solutions.
Protecting message contents and metadata are useful either by themselves or together. They are different problems with different solutions.
My decision to go with an encrypted email provider, ProtonMail, was more based on the protections that Proton themselves is not slurping up my email. Leaving Gmail was fueled by the knowledge of...
My decision to go with an encrypted email provider, ProtonMail, was more based on the protections that Proton themselves is not slurping up my email. Leaving Gmail was fueled by the knowledge of what Google does with your mail.
I agree with your opinion here, and just wanted to give my grey-area reasoning for using an encrypted email provider, even if that doesn't mean I'm 100% covered by encryption technologies in regards to my messages and contents on the distant-end.
At least with Protonmail if a malicious party breaks into the mail servers the data is all secured. Although if they don't detect the intrusion the hackers could store your key the next time you...
At least with Protonmail if a malicious party breaks into the mail servers the data is all secured. Although if they don't detect the intrusion the hackers could store your key the next time you connect.
This is true, and it runs the same risk of unauthorized login as any other webmail, but both of those are of equivalent risk, and possibly more so are Proton since they are much smaller.
This is true, and it runs the same risk of unauthorized login as any other webmail, but both of those are of equivalent risk, and possibly more so are Proton since they are much smaller.
For what its worth, GSuite doesn't get slurped. Proton is still an excellent option for email if you're not using Drive or other Google tools. edit: [citation]
For what its worth, GSuite doesn't get slurped. Proton is still an excellent option for email if you're not using Drive or other Google tools.
I have/had a GSuite account as well since I was interested in seeing how the GSuite worked, you know setting up an org, SSO, and admin options. I do still have a major footprint in other Google...
I have/had a GSuite account as well since I was interested in seeing how the GSuite worked, you know setting up an org, SSO, and admin options. I do still have a major footprint in other Google services but I'm moving away slowly.
The hardest thing to replace is Maps, I can not find anything that is opensource or more privacy conscious that comes ANYWHERE near as good as Google Maps.
It's a challenge to fully move away from Google. I was on GSuite from the get-go (grandfathered) and also had a paid account. Late last year I moved my email off to Zoho and started a junk account...
It's a challenge to fully move away from Google. I was on GSuite from the get-go (grandfathered) and also had a paid account. Late last year I moved my email off to Zoho and started a junk account with Google that I use for Drive (mostly for Sheets that are shared with strangers.)
If it weren't for Sheets and Maps, ditching Google entirely would be a breeze. As for the trade off, I don't mind giving them whatever they get out of Drive in exchange for some storage, Sheets, and Maps (which I use without being logged in.)
I like a few of Google's products and others might not be on the same page with this, but I appreciate that they say 'listen, we'll give you all of this good stuff if you let us gather certain data'. If you're willing to trade, it's a pretty good trade for everybody.
I appreciate your more moderate view, there's typically two camps "Google is the devil" or "What is wrong with Google?". The data part is definitely a toss up, where I understand a lot of the...
I appreciate your more moderate view, there's typically two camps "Google is the devil" or "What is wrong with Google?".
The data part is definitely a toss up, where I understand a lot of the value and usage that I get from the service is due to the large scale data collection, but at the same time hate the idea of what that data is used for outside of the scope of usage for the service that the data is being collected from.
Rock and a hard place, degoogling is the cilice of today.
yeah, having two camps for such a large company is crazy. Google makes a lot of mistakes, but overall they're honest about what they are, unlike Facebook and others who try to claim that they're...
yeah, having two camps for such a large company is crazy. Google makes a lot of mistakes, but overall they're honest about what they are, unlike Facebook and others who try to claim that they're anything but an ad provider.
I should give DDG another go. I find that the results aren't as good, but that could also come down to engine specific lingo. I tend to search with stripped down natural language instead of keywords in hopes if finding posts on reddit, stackexchange, etc.
Overall, I think Google has been great for the internet. At least for now, I'd rather live in a world with Google than without.
I may actually have been incorrect in this area, from what I could find they may have actually stopped scanning email contents for marketing purposes. Now that's not to say they're not still...
I may actually have been incorrect in this area, from what I could find they may have actually stopped scanning email contents for marketing purposes. Now that's not to say they're not still getting some value out of the metadata sender/receiver, subject lines, and that "value-added" features like receipt and trip-tracking, and from their others ways of tracking users online, especially through Chrome and Android devices; but in the very specific email content scanning that may no longer be occurring:
https://myaccount.google.com/data-and-personalization https://takeout.google.com/settings/takeout/custom/gmail,chat?pli=1 Both kinda speak for themselves, really. I don't think google is "evil",...
Both kinda speak for themselves, really. I don't think google is "evil", and I use many of their services (including gmail/gsuite), but I don't think you can deny they "slurp" up an inordinate amount of data when you use their services either. I don't generally have a problem with what they do with that data (though I do opt out of most of it where I can), and think it's a reasonably fair trade for what they offer, but I can certainly see how others might not be as comfortable with that exchange.
https://policies.google.com/privacy?hl=en Better? And I agree it's good they provide those opt-out and data download services. I admire/appreciate the control google gives people over the data...
Better? And I agree it's good they provide those opt-out and data download services. I admire/appreciate the control google gives people over the data they actually do collect. But again, not everyone thinks that is enough, and I certainly can see where they are coming from. While I don't think google is "evil" is does make me uncomfortable knowing that they collect as much information about me as they do, even if they don't generally share that info with third parties.
The argument is that it having those edge cases makes it very prone to user error. Basically it should be If you don't care if anyone sees your message, feel free to use an email protocol. If you...
The argument is that it having those edge cases makes it very prone to user error.
Basically it should be
If you don't care if anyone sees your message, feel free to use an email protocol.
If you do care, no mater how unimportant or small threat power, you should use an actually secure protocol.
This makes it really easy for everyone to think about. Trivial? Then if it's convenient I can use email. Sensitive? I'll use something else.
Having the 3rd option, use email depending on who you suspect to be attacking you maybe use secured email, just invites people who misjudge the threat model or are just not tech-literate to use the wrong tool for the wrong job, causing security issues.
I think perhaps they meant to say not to bother using PGP (or similar) for sending email, but they are saying it wrong? Since people do still use email, I still think email service providers...
I think perhaps they meant to say not to bother using PGP (or similar) for sending email, but they are saying it wrong?
Since people do still use email, I still think email service providers should send it over a secure connection. The link should be encrypted. It is fine and good to encrypt email whether in flight or at rest. The user experience isn't affected.
This ensures law enforcement has to get warrants and make requests to email providers rather than just grabbing it from the network. It makes sure they don't bypass the legal process like the NSA was doing.
The issue is more that it gives the illusion of security, when fundamentally email is not secure. Basically, if you're ever sending something that you don't want someone to see, don't use email....
The issue is more that it gives the illusion of security, when fundamentally email is not secure.
Basically, if you're ever sending something that you don't want someone to see, don't use email. That binary, black and white perspective is better than trying to nuance through all the ways that email, regardless of the encryption scheme built on top it, will fail you. Leaking metadata, lack of forward secrecy, etc. That's not only hard, but it will almost certainly break due to human reasons.
And so, if on the user side of things you should never put sensitive information on email, then why bother even encrypting it?
This ensures law enforcement has to get warrants and make requests to email providers rather than just grabbing it from the network. It makes sure they don't bypass the legal process like the NSA was doing.
But if you're using an actually secure protocol, then you wouldn't have to worry about it.
That's what the article is arguing. And it's fine, if not overly optimistic. Email is a bit too entrenched for people to let go for all sensitive information. The author argued (lightly) that if everyone ceased to use encrypted email at all, they automatically wouldn't put sensitive information on that, which may not really be true, but it makes sense from the angle.
What he's saying is email in it's totality, end to end. Connecting to gmail via TLS is encrypting the link between you (the user) and the MUA. It says nothing about the encryption between that MUA...
What he's saying is email in it's totality, end to end.
Connecting to gmail via TLS is encrypting the link between you (the user) and the MUA. It says nothing about the encryption between that MUA and any other component that google operates. I would imagine that google encrypts the link between the MUA and their MTA, but even if they do, once your message leaves google's servers, it's in the free and clear to whoever you're sending it to using plain old SMTP. Anyone with a tap anywhere along that message's route is free to listen on it and trivially read your message with a plain old MUA of their own, just like they were reading their own email.
Calling that type of setup "encrypted" would be like saying your house is locked because you locked your back door even though you left the front door wide open.
From a technical standpoint, yes, some part of your house is locked, but that's usually not what someone means when they say a house is locked.
Usually end to end encryption is used in comparison to transit encryption, but email doesn't even have transit encryption by default. If it did, it would be at least reasonably secure. HTTPS to...
Usually end to end encryption is used in comparison to transit encryption, but email doesn't even have transit encryption by default. If it did, it would be at least reasonably secure. HTTPS to gmail isn't transit encryption with respect to email as a service, because that's not even the link that really matters. That link is a new vector introduced with webmail. The SMTP link is still unencrypted.
If the SMTP link was encrypted that still wouldn't be E2E encryption though, because the messages would be unencrypted by google, then re-encrypted for delivery to you.
One can look past the needlessly patronizing, insulting, and unconstructive tone that I feel people in the computer security community often think adds weight to their statements, but instead...
One can look past the needlessly patronizing, insulting, and unconstructive tone that I feel people in the computer security community often think adds weight to their statements, but instead lends a sense of childishness to what are otherwise reasonable statements. Many of the technical points made do have merit. However, I am particularly and increasingly frustrated by the way the author, and many others in these discussions, are either unaware or dismissive of ways email is used in fields other than their own. As a result, these people make suggestions for alternatives that make sense, given common modes of communication in their field, but are unconstructive or outright ridiculous for many others.
I use Signal, and think it works very well, as an instant messenger designed for phones. The way I use email in technical fields and for scholarly collaboration is also such that systems like Matrix could reasonably replace it. But in general, the email alternatives usually recommended are various forms of instant messengers. That makes sense to people who primarily use email as a means of informal, instant communication, and I find that this is quite common in technology-related fields. In this case, systems like Signal, or E2E Matrix, or E2E XMPP, and so on, make sense as encrypted alternatives, if your primary means of communication are through short, instant communications written spontaneously.
However, many people, particularly those outside such fields, instead use email as a more formal communication method, meant as an alternative to letters or published statements. This is a very different usage, with different priorities and needs, for which the recommended alternatives are completely unsuitable. In fact, it seems that there is neither a viable alternative for this use of email at the moment or any plan, by anyone, for a viable alternative. And that's likely because the people making these sorts of arguments don't communicate in that way, and so therefore don't think that anyone communicates in that way.
Quite often, in business matters, when I am sending an email, the content of the email has at least some level of organizational or legal weight, and political implications. I need to be able to write a draft, review the draft, and make changes before I send it; in some cases, I need to send the draft to others for comment before sending it. It is often vital that the text I am writing is not accidentally sent prior to editing. In some cases, emails I write might take hours or days to finally compose. I'm not having a conversation: in many cases, I don't actually want people to respond, and I want the email to be seen as an individual message, as a letter would be. If necessary, it should be printable as a single message, and it should certainly be readable regardless of its length. It may contain some amount of formatting, lists, tables, images, and attachments. Cryptographic signing (even without encryption), usually ignored in these discussions, is often something that would be very useful, because people should be able to rely on my having made the statements that I made in the email.
None of the recommended alternatives I'm aware of are at all suited for these needs. Drafts simply don't appear to exist: systems are designed for messages written and sent immediately. Everything seems designed to treat communication as a conversation of either sentences, or, at most, a few paragraphs. For the most part, sending or receiving something in letter form via any of the systems is difficult. Encryption is always a higher priority than easily visible and heavily controlled signing.
And all this is unfortunate, because email does have significant problems in this usage as well, and if there were a good encrypted-and-signed alternative, there could be an opportunity to address them. For example:
Forwarding and poor understanding of reply recipients is a problem even ignoring encrypted and plain texts. Chains of replies with modified recipient lists make it easy for senders to think people are no longer receiving emails that they actually are. For example, I have witnessed several instances where questions brought to supervisors by employees have been discussed by higher-ups without a realization that, at some point in the replies, the employee ended up being included again. While in the instance I remember most, I think it was good that the employee did read the inappropriate opinions being expressed, this confusion meant that comments were unintentionally sent to them that were likely legally actionable.
E2E encryption would be useful, even disregarding state-level adversaries. For example, an E2E-encrypted system would allow users to have conversations without concern that the system's administrators could access them. Consider personnel discussions regarding the administrators, for example.
Widely-used signing could improve email for formal purposes enormously. It would make it possible for it to replace, for example, the practice commonly seen among lawyers of sending scanned and hand-signed PDF letters as email attachments, and the signatures would actually verify the authorship and signing of all the contents, which hand signatures do not do.
In short, to take on some of the childishness of the author, stop saying instant messengers are a suitable replacement for encrypted email.
I expressed no belief that encrypted email is secure against a hostile mail server administrator, or against anything; the point you were responding to was with regards to potential opportunities...
See, this is why the article is written. Your belief that encrypted email protects you against a hostile mail server sysadmin is plausible, and true in certain extremely limited circumstances, but generally wrong.
I expressed no belief that encrypted email is secure against a hostile mail server administrator, or against anything; the point you were responding to was with regards to potential opportunities of alternatives to email. This sort of tone is not constructive.
I expect, in writing something rather rambling and disorganized, that I didn't do a good job of making my central point clear: that encrypted email is fundamentally flawed, yes, and the instant messaging alternatives are great, but the longer and more organized message alternatives are not.
While it would require an entirely different protocol than email, there would seem to be no fundamental reason why a messaging system with email-like messages could not be just as secure and easy to use as Signal or Matrix. It simply doesn't exist right now.
And while I use age personally, CLI-only utilities are not reasonable secure alternatives to email. I can easily get other board members to use Signal. It's unlikely many of them would even know what a command line is.
I'm pessimistic about the privacy of Matrix and all federated solutions because it seems like they will eventually have the same problems as email? People will write new clients and sometimes they...
I'm pessimistic about the privacy of Matrix and all federated solutions because it seems like they will eventually have the same problems as email? People will write new clients and sometimes they will have UI features that make it easy to make mistakes, like forwarding an entire conversation to people who shouldn't see it.
Signal (and similar non-federated apps) control what clients are available and they are running on mobile phones, which are mostly locked down, so this seems less likely to happen?
Ultimately, privacy is social; you can only keep stuff private if your friends and correspondents are careful about not talking about it. If they're going to gossip then all bets are off. But, if the UI is fixed then the vendor can make sure it discourages leaking. It won't prevent all leaks, but it ensures that if someone leaks then they do it intentionally rather than by mistake.
This all seems very binary, treating security as if it were all or nothing.
Preventing snooping at the network router for most email is still useful even if it doesn't prevent disclosure via subpoenas like a good email retention policy. They are different problems with different solutions.
Protecting message contents and metadata are useful either by themselves or together. They are different problems with different solutions.
My decision to go with an encrypted email provider, ProtonMail, was more based on the protections that Proton themselves is not slurping up my email. Leaving Gmail was fueled by the knowledge of what Google does with your mail.
I agree with your opinion here, and just wanted to give my grey-area reasoning for using an encrypted email provider, even if that doesn't mean I'm 100% covered by encryption technologies in regards to my messages and contents on the distant-end.
At least with Protonmail if a malicious party breaks into the mail servers the data is all secured. Although if they don't detect the intrusion the hackers could store your key the next time you connect.
This is true, and it runs the same risk of unauthorized login as any other webmail, but both of those are of equivalent risk, and possibly more so are Proton since they are much smaller.
For what its worth, GSuite doesn't get slurped. Proton is still an excellent option for email if you're not using Drive or other Google tools.
edit: [citation]
I have/had a GSuite account as well since I was interested in seeing how the GSuite worked, you know setting up an org, SSO, and admin options. I do still have a major footprint in other Google services but I'm moving away slowly.
The hardest thing to replace is Maps, I can not find anything that is opensource or more privacy conscious that comes ANYWHERE near as good as Google Maps.
It's a challenge to fully move away from Google. I was on GSuite from the get-go (grandfathered) and also had a paid account. Late last year I moved my email off to Zoho and started a junk account with Google that I use for Drive (mostly for Sheets that are shared with strangers.)
If it weren't for Sheets and Maps, ditching Google entirely would be a breeze. As for the trade off, I don't mind giving them whatever they get out of Drive in exchange for some storage, Sheets, and Maps (which I use without being logged in.)
I like a few of Google's products and others might not be on the same page with this, but I appreciate that they say 'listen, we'll give you all of this good stuff if you let us gather certain data'. If you're willing to trade, it's a pretty good trade for everybody.
I appreciate your more moderate view, there's typically two camps "Google is the devil" or "What is wrong with Google?".
The data part is definitely a toss up, where I understand a lot of the value and usage that I get from the service is due to the large scale data collection, but at the same time hate the idea of what that data is used for outside of the scope of usage for the service that the data is being collected from.
Rock and a hard place, degoogling is the cilice of today.
yeah, having two camps for such a large company is crazy. Google makes a lot of mistakes, but overall they're honest about what they are, unlike Facebook and others who try to claim that they're anything but an ad provider.
I should give DDG another go. I find that the results aren't as good, but that could also come down to engine specific lingo. I tend to search with stripped down natural language instead of keywords in hopes if finding posts on reddit, stackexchange, etc.
Overall, I think Google has been great for the internet. At least for now, I'd rather live in a world with Google than without.
What do you mean by "slurping?"
I may actually have been incorrect in this area, from what I could find they may have actually stopped scanning email contents for marketing purposes. Now that's not to say they're not still getting some value out of the metadata sender/receiver, subject lines, and that "value-added" features like receipt and trip-tracking, and from their others ways of tracking users online, especially through Chrome and Android devices; but in the very specific email content scanning that may no longer be occurring:
https://techcrunch.com/2017/06/23/google-has-all-the-data-it-needs-will-stop-scanning-gmail-inboxes/
https://blog.google/products/gmail/g-suite-gains-traction-in-the-enterprise-g-suites-gmail-and-consumer-gmail-to-more-closely-align/
https://myaccount.google.com/data-and-personalization
https://takeout.google.com/settings/takeout/custom/gmail,chat?pli=1
Both kinda speak for themselves, really. I don't think google is "evil", and I use many of their services (including gmail/gsuite), but I don't think you can deny they "slurp" up an inordinate amount of data when you use their services either. I don't generally have a problem with what they do with that data (though I do opt out of most of it where I can), and think it's a reasonably fair trade for what they offer, but I can certainly see how others might not be as comfortable with that exchange.
The first page says nothing at all about what happens to your messages in Gmail. The second page lets you download all your messages. That seems good?
https://policies.google.com/privacy?hl=en
Better? And I agree it's good they provide those opt-out and data download services. I admire/appreciate the control google gives people over the data they actually do collect. But again, not everyone thinks that is enough, and I certainly can see where they are coming from. While I don't think google is "evil" is does make me uncomfortable knowing that they collect as much information about me as they do, even if they don't generally share that info with third parties.
Not really. Maybe we should let cybersurf say what they meant.
Uh, okay... I was just giving my personal perspective, not trying to put words into anyone's mouths.
The argument is that it having those edge cases makes it very prone to user error.
Basically it should be
If you don't care if anyone sees your message, feel free to use an email protocol.
If you do care, no mater how unimportant or small threat power, you should use an actually secure protocol.
This makes it really easy for everyone to think about. Trivial? Then if it's convenient I can use email. Sensitive? I'll use something else.
Having the 3rd option, use email depending on who you suspect to be attacking you maybe use secured email, just invites people who misjudge the threat model or are just not tech-literate to use the wrong tool for the wrong job, causing security issues.
I think perhaps they meant to say not to bother using PGP (or similar) for sending email, but they are saying it wrong?
Since people do still use email, I still think email service providers should send it over a secure connection. The link should be encrypted. It is fine and good to encrypt email whether in flight or at rest. The user experience isn't affected.
This ensures law enforcement has to get warrants and make requests to email providers rather than just grabbing it from the network. It makes sure they don't bypass the legal process like the NSA was doing.
The issue is more that it gives the illusion of security, when fundamentally email is not secure.
Basically, if you're ever sending something that you don't want someone to see, don't use email. That binary, black and white perspective is better than trying to nuance through all the ways that email, regardless of the encryption scheme built on top it, will fail you. Leaking metadata, lack of forward secrecy, etc. That's not only hard, but it will almost certainly break due to human reasons.
And so, if on the user side of things you should never put sensitive information on email, then why bother even encrypting it?
But if you're using an actually secure protocol, then you wouldn't have to worry about it.
That's what the article is arguing. And it's fine, if not overly optimistic. Email is a bit too entrenched for people to let go for all sensitive information. The author argued (lightly) that if everyone ceased to use encrypted email at all, they automatically wouldn't put sensitive information on that, which may not really be true, but it makes sense from the angle.
The confusing part is that this sounds like an argument not to use email at all, because it can't be fixed. Why isn't the headline "stop using email?"
What he's saying is email in it's totality, end to end.
Connecting to gmail via TLS is encrypting the link between you (the user) and the MUA. It says nothing about the encryption between that MUA and any other component that google operates. I would imagine that google encrypts the link between the MUA and their MTA, but even if they do, once your message leaves google's servers, it's in the free and clear to whoever you're sending it to using plain old SMTP. Anyone with a tap anywhere along that message's route is free to listen on it and trivially read your message with a plain old MUA of their own, just like they were reading their own email.
Calling that type of setup "encrypted" would be like saying your house is locked because you locked your back door even though you left the front door wide open.
From a technical standpoint, yes, some part of your house is locked, but that's usually not what someone means when they say a house is locked.
Yes, that's called "end-to-end encryption." If that's what the author meant, they should have said so.
Link-level encryption is still encryption.
Usually end to end encryption is used in comparison to transit encryption, but email doesn't even have transit encryption by default. If it did, it would be at least reasonably secure. HTTPS to gmail isn't transit encryption with respect to email as a service, because that's not even the link that really matters. That link is a new vector introduced with webmail. The SMTP link is still unencrypted.
If the SMTP link was encrypted that still wouldn't be E2E encryption though, because the messages would be unencrypted by google, then re-encrypted for delivery to you.
Burglars can break into your house by breaking windows, therefore always leave your doors open.
One can look past the needlessly patronizing, insulting, and unconstructive tone that I feel people in the computer security community often think adds weight to their statements, but instead lends a sense of childishness to what are otherwise reasonable statements. Many of the technical points made do have merit. However, I am particularly and increasingly frustrated by the way the author, and many others in these discussions, are either unaware or dismissive of ways email is used in fields other than their own. As a result, these people make suggestions for alternatives that make sense, given common modes of communication in their field, but are unconstructive or outright ridiculous for many others.
I use Signal, and think it works very well, as an instant messenger designed for phones. The way I use email in technical fields and for scholarly collaboration is also such that systems like Matrix could reasonably replace it. But in general, the email alternatives usually recommended are various forms of instant messengers. That makes sense to people who primarily use email as a means of informal, instant communication, and I find that this is quite common in technology-related fields. In this case, systems like Signal, or E2E Matrix, or E2E XMPP, and so on, make sense as encrypted alternatives, if your primary means of communication are through short, instant communications written spontaneously.
However, many people, particularly those outside such fields, instead use email as a more formal communication method, meant as an alternative to letters or published statements. This is a very different usage, with different priorities and needs, for which the recommended alternatives are completely unsuitable. In fact, it seems that there is neither a viable alternative for this use of email at the moment or any plan, by anyone, for a viable alternative. And that's likely because the people making these sorts of arguments don't communicate in that way, and so therefore don't think that anyone communicates in that way.
Quite often, in business matters, when I am sending an email, the content of the email has at least some level of organizational or legal weight, and political implications. I need to be able to write a draft, review the draft, and make changes before I send it; in some cases, I need to send the draft to others for comment before sending it. It is often vital that the text I am writing is not accidentally sent prior to editing. In some cases, emails I write might take hours or days to finally compose. I'm not having a conversation: in many cases, I don't actually want people to respond, and I want the email to be seen as an individual message, as a letter would be. If necessary, it should be printable as a single message, and it should certainly be readable regardless of its length. It may contain some amount of formatting, lists, tables, images, and attachments. Cryptographic signing (even without encryption), usually ignored in these discussions, is often something that would be very useful, because people should be able to rely on my having made the statements that I made in the email.
None of the recommended alternatives I'm aware of are at all suited for these needs. Drafts simply don't appear to exist: systems are designed for messages written and sent immediately. Everything seems designed to treat communication as a conversation of either sentences, or, at most, a few paragraphs. For the most part, sending or receiving something in letter form via any of the systems is difficult. Encryption is always a higher priority than easily visible and heavily controlled signing.
And all this is unfortunate, because email does have significant problems in this usage as well, and if there were a good encrypted-and-signed alternative, there could be an opportunity to address them. For example:
Forwarding and poor understanding of reply recipients is a problem even ignoring encrypted and plain texts. Chains of replies with modified recipient lists make it easy for senders to think people are no longer receiving emails that they actually are. For example, I have witnessed several instances where questions brought to supervisors by employees have been discussed by higher-ups without a realization that, at some point in the replies, the employee ended up being included again. While in the instance I remember most, I think it was good that the employee did read the inappropriate opinions being expressed, this confusion meant that comments were unintentionally sent to them that were likely legally actionable.
E2E encryption would be useful, even disregarding state-level adversaries. For example, an E2E-encrypted system would allow users to have conversations without concern that the system's administrators could access them. Consider personnel discussions regarding the administrators, for example.
Widely-used signing could improve email for formal purposes enormously. It would make it possible for it to replace, for example, the practice commonly seen among lawyers of sending scanned and hand-signed PDF letters as email attachments, and the signatures would actually verify the authorship and signing of all the contents, which hand signatures do not do.
In short, to take on some of the childishness of the author, stop saying instant messengers are a suitable replacement for encrypted email.
I expressed no belief that encrypted email is secure against a hostile mail server administrator, or against anything; the point you were responding to was with regards to potential opportunities of alternatives to email. This sort of tone is not constructive.
I expect, in writing something rather rambling and disorganized, that I didn't do a good job of making my central point clear: that encrypted email is fundamentally flawed, yes, and the instant messaging alternatives are great, but the longer and more organized message alternatives are not.
While it would require an entirely different protocol than email, there would seem to be no fundamental reason why a messaging system with email-like messages could not be just as secure and easy to use as Signal or Matrix. It simply doesn't exist right now.
And while I use age personally, CLI-only utilities are not reasonable secure alternatives to email. I can easily get other board members to use Signal. It's unlikely many of them would even know what a command line is.
I'm pessimistic about the privacy of Matrix and all federated solutions because it seems like they will eventually have the same problems as email? People will write new clients and sometimes they will have UI features that make it easy to make mistakes, like forwarding an entire conversation to people who shouldn't see it.
Signal (and similar non-federated apps) control what clients are available and they are running on mobile phones, which are mostly locked down, so this seems less likely to happen?
Ultimately, privacy is social; you can only keep stuff private if your friends and correspondents are careful about not talking about it. If they're going to gossip then all bets are off. But, if the UI is fixed then the vendor can make sure it discourages leaking. It won't prevent all leaks, but it ensures that if someone leaks then they do it intentionally rather than by mistake.