this post was submitted on 24 Aug 2024
45 points (95.9% liked)

Technology

59605 readers
3366 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

As someone who has read plenty of discussions about email security (some of them in this very community), including all kind of stuff (from the company groupie to tinfoil-hat conspiracy theories), I have decided to put ~~too many hours~~ some time to discuss the different threat models for email setups, including the basic most people have, the "secure email provider" one (e.g., Protonmail) and the "I use ~~arch~~ PGP manually BTW".

Jokes aside, I hope that it provides an overview comprehensive and - I don't want to say objective, but at least rational - enough so that everyone can draw their own conclusion, while also showing how certain "radical" arguments that I have seen in the past are relatively shortsighted.

The tl;dr is that email is generally not a great solution when talking about security. Depending on your risk profile, using a secure email provider may be the best compromise between realistic security and usability, while if you really have serious security needs, you probably shouldn't use emails, but if you do then a custom setup is your best choice.

Cheers

you are viewing a single comment's thread
view the rest of the comments
[–] wazoobonkerbrain@lemmy.world 1 points 3 months ago (1 children)

An attempt to a comprehensive threat model for emails

That's the subtitle, is it missing a word?

[–] loudwhisper@infosec.pub 2 points 3 months ago (2 children)

I don't think so, does it sound weird? Not a native speaker, so maybe it does :)

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 months ago* (last edited 3 months ago) (2 children)

It would sound better as one of the following:

  • An attempt at a comprehensive...
  • An attempt to create a comprehensive...

I don't think it's grammatically incorrect (native speaker, but not a grammar expert), it just sounds odd.

[–] wazoobonkerbrain@lemmy.world 2 points 3 months ago

I considered recommending "attempt at" but "an attempt at a model" still sounds weird. OP went with "to create" which sounds better 🙂

[–] wazoobonkerbrain@lemmy.world 1 points 3 months ago (1 children)

It does. How about

An attempt to summarize a comprehensive threat model for emails

Or, in place of summarize - define, or outline?

[–] loudwhisper@infosec.pub 3 points 3 months ago (1 children)

Thanks, I have taken @sugar_in_your_tea@sh.itjust.works's suggestion and I have added "create".

[–] wazoobonkerbrain@lemmy.world 1 points 3 months ago (1 children)

Aw how come you always take his ideas instead of mine it's not fair

[–] loudwhisper@infosec.pub 2 points 3 months ago

Sorry about that :) But you get the credit for spotting the problem! Thanks for that!