this post was submitted on 22 Aug 2025
56 points (100.0% liked)
Privacy
2664 readers
419 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How would that work? Their mail server still has to receive emails on your behalf.
Unless you mean whether they plan to sell data, which I agree they should absolutely not.
Emails could be end to end encrypted, so the mail server wouldnt be able to see the emails. Basicslly PGP but out-of-the-box
The problem is that basically no one uses PGP. Adoption would be hard
But there are workarounds like the one Infomaniak uses (I believe Proton does it too). When sending an encrypted email to a non encrypted user, a link is sent instead of the contents of the email instead. In any case, encryption at rest with user provided keys and things like that are always an option.
If the encryption at rest is done by the server, that defeats the point.
Also, how does the user receiving an encrypted email access it? Do they have to enter a password? How is the password transmitted to them?
In transit, it's impossible to get them all, though it should support PGP to anyone else that has it.
At rest, it should all be locked down so only I can access, they may have to store some messages temporarily until I connect to provide the encryption, but everything else better be completely inaccessible.