Email provides zero confidentiality by design, functioning like digital postcards rather than sealed envelopes. Recent vulnerabilities in PGP software (gpg.fail) highlight ongoing problems, but the fundamental issues run deeper: encrypted email solutions fail due to user error (accidental plaintext replies), metadata leakage (subject lines, timestamps, recipients), and DKIM signatures that provide non-repudiation. Despite technical proposals like SMIMP, email cannot be fixed because the oligopoly controlling email infrastructure and governments have no incentive to change. The recommendation is to abandon email encryption entirely and use purpose-built encrypted messaging tools like Signal instead.
Sort: