Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Gmail's New TLS Icon Really Means: Email Encryption Is Still Broken

Posted by timothy on from the ask-me-about-my-spam-collection dept.

An anonymous reader writes: On Safer Internet Day Google announced that Gmail will display warning signs for missing encryption and authentication, a great initiative indeed! Now that it's live we've taken it for a spin, only to find that the warning when composing email is quite slow (for new domains), and that they fail to mention that the non-authenticated TLS encryption that the currently sad state of SMTP encryption leaves us with is really poor, and vulnerable to almost anything (except passive wiretapping). I rather wish they took a stance on how we could move on to proper email encryption.

3 of 129 comments (clear)

  1. gmail is what has broken email. by Anonymous Coward · · Score: 5, Insightful

    I consider gmail to by my biggest threat to the privacy of my email.

    If I want end to end security, well there is a standard for that. I use it. It works.

    But gmail is close to having a monopoly on email. It isn't quite yet, but almost everyone I know uses exclusively gmail now. That means if I want to email them, Google IS the man in the middle. I can't easily email my friends without giving Google the contents of my email, which they will use to build a profile of me - and I've never signed up for any of their services or estasblished any kind of business relationship with them.

    Furthermore, most small to medium businesses are using gmail.

    Think about this: we used to have a decentralized, non-censorable, email standard that no one entity could control or pervert for their own ends. But the whole world said, "Fuck that, we want one advertising company to see everybody's email!.

    Google is the main threat to the privacy of email today. Like Bruce Schneier observed, they want you to have email privacy from everyone except them.

    1. Re:gmail is what has broken email. by sims+2 · · Score: 5, Insightful

      Well if anyone else had wanted to provide a reasonable amount of storage, allow attachments bigger than 4MB, provide both pop3 and imap access, not inject advertising into your outgoing mail, for "free".
      They could have been the largest email provider.

      But no one else wanted to do that for "free".

      --
      Minimum threshold fixed. Thanks!
  2. Re:easy encryption by Anonymous Coward · · Score: 5, Insightful

    Imagine if you could actually write good clean documented code!

    Good example of how not to code.
    - no useful comments
    - the only two comments conflict with each other
    - no line breaks before "if" constructs or after "else" constructs
    - assumes existence of files for which it doesn't check existence
    - doesn't check status for execution of openssl commands

    Not bad for a six-year old.
    M