Q&A Stop Using Encrypted Email


Thread author
Staff member
Malware Hunter
Jul 27, 2015
Quote : " Avoid encrypted email.

Technologists hate this argument. Few of them specialize in cryptography or privacy, but all of them are interested in it, and many of them tinker with encrypted email tools.

Most email encryption on the Internet is performative, done as a status signal or show of solidarity. Ordinary people don’t exchange email messages that any powerful adversary would bother to read, and for those people, encrypted email is LARP security. It doesn’t matter whether or not these emails are safe, which is why they’re encrypted so shoddily. But we have to consider more than the LARP cases. In providing encryption, we have to assume security does matter. Messages can be material to a civil case and subject to discovery. They can be subpoenaed in a law enforcement action. They safeguard life-altering financial transactions. They protect confidential sources. They coordinate resistance to oppressive regimes. It’s not enough, in these cases, to be “better than no encryption”. Without serious security, many of these messages should not be sent at all.

The least interesting problems with encrypted email have to do with PGP. PGP is a deeply broken system. It was designed in the 1990s, and in the 20 years since it became popular, cryptography has advanced in ways that PGP has not kept up with. So, for example, it recently turned out to be possible for eavesdroppers to decrypt messages without a key, simply by tampering with encrypted messages. Most technologists who work with PGP don’t understand it at a low enough level to see what’s wrong with it. But that’s a whole other argument. Even after we replace PGP, encrypted email will remain unsafe. Here’s why.

If messages can be sent in plaintext, they will be sent in plaintext.

Email is end-to-end unencrypted by default. The foundations of electronic mail are plaintext. All mainstream email software expects plaintext. In meaningful ways, the Internet email system is simply designed not to be encrypted. The clearest example of this problem is something every user of encrypted email has seen: the inevitable unencrypted reply. In any group of people exchanging encrypted emails, someone will eventually manage to reply in plaintext, usually with a quoted copy of the entire chain of email attached. This is tolerated, because most people who encrypt emails are LARPing. But in the real world, it’s an irrevocable disaster. Even if modern email tools didn’t make it difficult to encrypt messages, the Internet email system would still be designed to expect plaintext. It cannot enforce encryption. Unencrypted email replies will remain an ever-present threat.

Serious secure messengers foreclose on this possibility. Secure messengers are encrypted by default; in many of the good ones, there’s no straightforward mechanism to send an unsafe message at all. This is table stakes.
Metadata is as important as content, and email leaks it.

Leave aside the fact that the most popular email encryption tool doesn’t even encrypt subject lines, which are message content, not metadata. The email “envelope” that includes the sender, the recipient, and timestamps – is unencrypted and always will be. Court cases (and lists of arrest targets) have been won or lost on little more than this. Internet email creates a durable log of metadata, one that every serious adversary is already skilled at accessing.

The most popular modern secure messaging tool is Signal, which won the Levchin Prize at Real World Cryptography for its cryptographic privacy design. Signal currently requires phone numbers for all its users. It does this not because Signal wants to collect contact information for its users, but rather because Signal is allergic to it: using phone numbers means Signal can piggyback on the contact lists users already have, rather than storing those lists on its servers. A core design goal of the most important secure messenger is to avoid keeping a record of who’s talking to whom. Not every modern secure messenger is as conscientious as Signal. But they’re all better than Internet email, which doesn’t just collect metadata, but actively broadcasts it. Email on the Internet is a collaboration between many different providers; and each hop on its store-and-forward is another point at which metadata is logged.
Every archived message will eventually leak.

Most people email using services like Google Mail. One of the fundamental features of modern email is search, which is implemented by having the service provider keep a plaintext archive of email messages. Of the people who don’t use services like Google Mail, the majority use email client software that itself keeps a searchable archive. Ordinary people have email archives spanning years. Searchable archives are too useful to sacrifice, but for secure messaging, archival is an unreasonable default. Secure messaging systems make arrangements for “disappearing messages”. They operate from the premise that their users will eventually lose custody of their devices. Ask Ross Ulbricht why this matters. "

Quote : " For encryption to protect users, it must be delivered “end to end”, with encryption established directly between users, not between users and their mail server. There are, of course, web email services that purport to encrypt messages. But they store encryption keys (or code and data sufficient to derive them). These systems obviously don’t work, as anyone with an account on Ladar Levison’s Lavabit mail service hopefully learned. The popularity of “encrypted” web mail services is further evidence of encrypted email’s real role as a LARPing tool. "

Quote : " Every long term secret will eventually leak.

Forward secrecy is the property that a cryptographic key that is compromised in the future can’t easily be used to retroactively decrypt all previous messages. To accomplish this, we want two kinds of keys: an “identity” key that lives for weeks or months and “ephemeral” keys that change with each message. The long-lived identity key isn’t used to encrypt messages, but rather to establish the ephemeral keys. Compromise my identity key and you might read messages I send in the future, but not the ones I’ve sent in the past.

Different tools do better and worse jobs of forward secrecy, but nothing does worse than encrypted Internet email, which not only demands of users that they keep a single long-term key, but begs them to publish those keys in public ledgers. Every new device a user of these systems buys and every backup they take is another opportunity for total compromise. Users are encouraged to rotate their PGP keys in the same way that LARPers are encouraged to sharpen their play swords: not only does nobody do it, but the whole system would probably fall apart if everyone did.
Technologists are clever problem solvers and these arguments are catnip to software developers. Would it be possible to develop a version of Internet email that didn’t have some of these problems? One that supported some kind of back-and-forth messaging scheme that worked in the background to establish message keys? Sure. But that system wouldn’t be Internet email. It would, at best, be a new secure messaging system, tunneled through and incompatible with all mainstream uses of email, only asymptotically approaching the security of the serious secure messengers we have now. "

Full source :


Level 31
Top poster
Content Creator
May 13, 2017
I prefer encrypted documents/attachments over the encrypted emails anyway. :)
Ordinary people don’t exchange email messages that any powerful adversary would bother to read
LoL. Identity theft, phishing, marketing research and so on and so on. Google reads all user emails and sell them to 3rd parties as agreed in TOS.

ForgottenSeer 823865

encrypted email is LARP security.
So true, most avid users of encrypted emails/messengers on nested VPN chains are plain idiot tinfoil hat wearers who watched too much spies movies believing they are Person of Interest and trying to be Jason Bourne...
They ware worthless, nobody cares of them, and for Google, they are just an ID number among millions others.

Those who really needs to secure their communications (spies, high-end cybercriminals, terrorists, etc...) uses high-end tools you won't find on Google Search, and especially not Protonmail LOL


New Member
Feb 23, 2020
Thoughts on this matter regarding the Blackberry Phantom Network that was shutdown worldwide with Interpol in 2018?

Someone who isn't me was paying $2500 every 6 months to be a part of it through a few underground distributers. Credit where credits due the law struck a pretty major blow to some pretty big criminals who didn't have a second point of contact. I'm sure it someones berry could have been taken to forensics and eventually cracked but it seemed to be secure enough to keep enough big fish comfortable using them.
Here's the detail.

Phantom Secure CEO pleads guilty to providing drug cartels with encrypted phones
  • Like
Reactions: Venustus


Level 1
Mar 18, 2020
Nice read. How about regulations like HIPAA? Where the email needs to be encrypted to protect patient data. When it comes to healthcare data I believe it becomes even a priority for the average Joe. You don't want the antidepressants you're using to prevent you from getting a job or being the patient zero for covid in your town getting leaked.
I honestly don't know the ins and outs of the topic, just started to read about it but I know that one of the requirements of the regulation is to encrypt your email. Correct me if I'm wrong, here are my resources:

HIPAA Compliance for Email

HIPAA Compliant Email Services

Summary of the HIPAA Security Rule