they simply don’t have to care. in a similar way where jobs was wearing jeans and black shirt while everyone around him was saluting in suits. he didn’t have to.
also these messages were supposed to be private, lot of our signal/whatsapp chats also look less professional than work emails.
Most of the internet, nowadays, is encrypted on transmission.
Some things are end-to-end encrypted, some things are only encrypted for transmission, and rarely (nowadays) things are not encrypted at all.
Emails are encrypted for transmission.
That means, your email is readable on your computer, on your email server, on their email server and on their computer. Your email is not readable by your router, their router, your ISP, their ISP, or anyone operating a machine over which the transmission happens.
There are end-to-end encryption for email but you would know if you would use it.
that’s not relevant question. people are running old software and people are running software in other than default settings. so while the mail can be encrypted on the way, you can’t count on that.
that is technically correct, but the point is they still not expected them to be published. in a similar way where you don’t really care what the postal clerk will think about grammar on your postcard, while you might pay bigger attention to some text you know you will present publicly.
Which you should never do. They might look good and safe today, but all it takes is a subpoena or a change in management and they will spill all the secrets. Most likely past and present.
Basically, don’t do illegal shit over unencrypted forms of communications. But the billionares are not the smartest people, or Epstein thought he was protected enough that keeping a record of his co-conspirators and their crimes would protect him.
Or, if you do want to do illegal shit over unencrypted forms of communication, use your own encryption layer on top, so you can actually be 100 % sure that there’s real E2EE. This is the way e-mail encryption was meant to work, before someone added TLS to the “standard” and everyone thought it’s OK as they trust the e-mail service provider.
Yep, the issue is that the server stores the messages centrally in plaintext, and most email users nowadays assume that the server always has a copy. That’s why we have PGP and ring-of-trust, and why there used to be a lot of push to use that with especially E-mail. Especially with the preparation to post-quantum era, any communication you actually want to stay secret should be encrypted with (symmetric) keys you exchange in person. That way there’s no log or key exchange that someone can see or store, and thus break in the future.
Unfortunately people in general deemed the centralized solutions “good enough”, and for “more secure” contexts we got the abysmally horrible solutions like Secure Mail. PGP’s problem was, that the trust needed to be established in a distributed manner outside normal communication which the layperson found confusing. It also was problematic in corporate contexts, as proper client-side encryption meant that the company could no longer scan through employee messages.
It’s still the best way to make e-mail safe, though.
they simply don’t have to care. in a similar way where jobs was wearing jeans and black shirt while everyone around him was saluting in suits. he didn’t have to.
also these messages were supposed to be private, lot of our signal/whatsapp chats also look less professional than work emails.
Were these emails encrypted? I thought that regular email is basically public, like sending a postcard. Or is that not the case anymore?
Most of the internet, nowadays, is encrypted on transmission.
Some things are end-to-end encrypted, some things are only encrypted for transmission, and rarely (nowadays) things are not encrypted at all.
Emails are encrypted for transmission.
That means, your email is readable on your computer, on your email server, on their email server and on their computer. Your email is not readable by your router, their router, your ISP, their ISP, or anyone operating a machine over which the transmission happens.
There are end-to-end encryption for email but you would know if you would use it.
no. they may be and probably most of them are, but they are not by design. mx to mx can still go in plaintext.
Are you aware of any mail server or client that is not using encrypted channels by default?
that’s not relevant question. people are running old software and people are running software in other than default settings. so while the mail can be encrypted on the way, you can’t count on that.
that is technically correct, but the point is they still not expected them to be published. in a similar way where you don’t really care what the postal clerk will think about grammar on your postcard, while you might pay bigger attention to some text you know you will present publicly.
iirc it’s tls secured between client and server and again between servers. So no e2ee, but if you trust your provider, everything should be good.
iirc law enforcment regularly forces providers to reveal content of client’s mailboxes.
Which you should never do. They might look good and safe today, but all it takes is a subpoena or a change in management and they will spill all the secrets. Most likely past and present.
Basically, don’t do illegal shit over unencrypted forms of communications. But the billionares are not the smartest people, or Epstein thought he was protected enough that keeping a record of his co-conspirators and their crimes would protect him.
Or, if you do want to do illegal shit over unencrypted forms of communication, use your own encryption layer on top, so you can actually be 100 % sure that there’s real E2EE. This is the way e-mail encryption was meant to work, before someone added TLS to the “standard” and everyone thought it’s OK as they trust the e-mail service provider.
Yep, the issue is that the server stores the messages centrally in plaintext, and most email users nowadays assume that the server always has a copy. That’s why we have PGP and ring-of-trust, and why there used to be a lot of push to use that with especially E-mail. Especially with the preparation to post-quantum era, any communication you actually want to stay secret should be encrypted with (symmetric) keys you exchange in person. That way there’s no log or key exchange that someone can see or store, and thus break in the future.
Unfortunately people in general deemed the centralized solutions “good enough”, and for “more secure” contexts we got the abysmally horrible solutions like Secure Mail. PGP’s problem was, that the trust needed to be established in a distributed manner outside normal communication which the layperson found confusing. It also was problematic in corporate contexts, as proper client-side encryption meant that the company could no longer scan through employee messages.
It’s still the best way to make e-mail safe, though.
Yeah and you know all these assholes were protected by the cops at all levels
His provider was GMail, who nobody should trust.