Q: Is email encrypted or private?
A: Let’s take a step back and learn how the web works. Domains point to IP addresses or physical locations. The physical location registers encryption keys with a certificate authority. Then when an email is sent, it looks up what IP address to send it to and the public encryption key. When it gets to that physical location, it’s then unencrypted. So it’s only encrypted in transport.
Q: That’s absurd to only encrypt it server-to-server in transport. Why don’t you register the public encryption key with the domain registrar instead of having the physical location register it?
A: That’s how Session messenger works! Except their “domain registrar” is the blockchain. You assign on the blockchain which public key goes to your name, so the relays (physical locations) are powerless, and you have self-sovereign control. But that’s NOT email! So until you and me can convince these bone head clowns to let us register all our accounts and do all our businesses on Session & Nostr, we’re stuck with email.
Considering you need email to function in society, you have 2 choices. Either blindly trusting Protonmail/Tutanota, or self-host.
Q: What does “self-hosting email” even mean?
A: It means renting a 1 core VPS in a datacenter for under $10 a month, and running open source email software on it. Also once you have the VPS, you can get other use out of it, such as chat (XMPP or SimpleX) and replacing Google docs with Cryptpad. So a VPS doesn’t have to be just email, you can connect VoIP phone lines to XMPP, you can collaborate with all kinds of docs/spreadsheets, and have much more control over all your data. Also your friends and family can use the VPS too. Not only is this economical, but if the communication stays on the same server, it’s even more private.
Q: Why don’t I self-host email in my residential home?
A: Unfortunately, most email providers block messages from homes as spam. So if you host in your house, you can receive email, but you can’t send outgoing. Also people will know where you live just by seeing your domain.
Q: So Protonmail is NOT encrypted?
A: As we just discussed above, ALL email uses TLS (transport only). TLS gets unencrypted when it arrives at its physical location. Protonmail then claims to encrypt this after they scan it for spam. But this is a conflict of interest as they are encrypting it to protect from themselves.
Q: What are the advantages of self-hosted VPS email over blindly trusting Proton?
A: We’re going to break this up into 2 Nostr posts to prevent it from being an entire Bible.
So stay tuned, show some love so that others can learn, and we’ll see you next time!