Which you should never do. They might look good and safe today, but all it takes is a subpoena or a change in management and they will spill all the secrets. Most likely past and present.
Basically, don’t do illegal shit over unencrypted forms of communications. But the billionares are not the smartest people, or Epstein thought he was protected enough that keeping a record of his co-conspirators and their crimes would protect him.
Or, if you do want to do illegal shit over unencrypted forms of communication, use your own encryption layer on top, so you can actually be 100 % sure that there’s real E2EE. This is the way e-mail encryption was meant to work, before someone added TLS to the “standard” and everyone thought it’s OK as they trust the e-mail service provider.
Yep, the issue is that the server stores the messages centrally in plaintext, and most email users nowadays assume that the server always has a copy. That’s why we have PGP and ring-of-trust, and why there used to be a lot of push to use that with especially E-mail. Especially with the preparation to post-quantum era, any communication you actually want to stay secret should be encrypted with (symmetric) keys you exchange in person. That way there’s no log or key exchange that someone can see or store, and thus break in the future.
Unfortunately people in general deemed the centralized solutions “good enough”, and for “more secure” contexts we got the abysmally horrible solutions like Secure Mail. PGP’s problem was, that the trust needed to be established in a distributed manner outside normal communication which the layperson found confusing. It also was problematic in corporate contexts, as proper client-side encryption meant that the company could no longer scan through employee messages.
It’s still the best way to make e-mail safe, though.
iirc it’s tls secured between client and server and again between servers. So no e2ee, but if you trust your provider, everything should be good.
iirc law enforcment regularly forces providers to reveal content of client’s mailboxes.
Which you should never do. They might look good and safe today, but all it takes is a subpoena or a change in management and they will spill all the secrets. Most likely past and present.
Basically, don’t do illegal shit over unencrypted forms of communications. But the billionares are not the smartest people, or Epstein thought he was protected enough that keeping a record of his co-conspirators and their crimes would protect him.
Or, if you do want to do illegal shit over unencrypted forms of communication, use your own encryption layer on top, so you can actually be 100 % sure that there’s real E2EE. This is the way e-mail encryption was meant to work, before someone added TLS to the “standard” and everyone thought it’s OK as they trust the e-mail service provider.
Yep, the issue is that the server stores the messages centrally in plaintext, and most email users nowadays assume that the server always has a copy. That’s why we have PGP and ring-of-trust, and why there used to be a lot of push to use that with especially E-mail. Especially with the preparation to post-quantum era, any communication you actually want to stay secret should be encrypted with (symmetric) keys you exchange in person. That way there’s no log or key exchange that someone can see or store, and thus break in the future.
Unfortunately people in general deemed the centralized solutions “good enough”, and for “more secure” contexts we got the abysmally horrible solutions like Secure Mail. PGP’s problem was, that the trust needed to be established in a distributed manner outside normal communication which the layperson found confusing. It also was problematic in corporate contexts, as proper client-side encryption meant that the company could no longer scan through employee messages.
It’s still the best way to make e-mail safe, though.
Yeah and you know all these assholes were protected by the cops at all levels
His provider was GMail, who nobody should trust.