Email is a scourge, an evil affliction, and a way for Google to make money from unsuspecting users. Email isn’t even private anymore. Email is subject to scouring and culling by the likes of Google’s Gmail, but sits on servers all over the world, almost begging hackers to invade its contents.
What can be done? Why hasn’t Apple, Microsoft, or the internet community come up with a secure method to send and receive email? A method that respects privacy, offers a few layers of security, builds in a bit of convenience, and works everywhere?
How hard can that be?
Apparently, privacy and security in email is a pipe dream, and it might have to do with how the whole process is structured. Compare email to, say, FaceTime, or Apple’s Messages app, both encrypted end-to-end. Once you’ve crafted and sent an email it remains as a Sent email file on your Mac. Most email services– Gmail, your local ISP, your company, or the server where your blog or website resides– also store Sent mail. Once you click Send, the message gets sent but stored in multiple places. Once it arrives at the destination, the message is stored on another server; that belonging to or used by your recipient. And, assuming your recipient has an email app connected to the internet– that’s how email is handled in the 21st century– your message may stay on his or her server and on his or her Mac, Windows, PC, iPhone, Android phone, or whatever it is that collects and stores the messages. Forever.
How is any of that secure? It’s not. There are too many points of entry so it’s almost trivial for hackers to gain access to email.
What can Apple do to rescue email privacy and security? Nothing. Really. Nothing. Why? Because a solution requires everyone else to get on board at about the same time using the same security standards. Microsoft, Google, Yahoo!, and email server providers, ISPs, those who manage IMAP and SMTP protocols, and probably others I don’t remember.
What would help is a simple encryption method that encrypts the message you send and it stays encrypted until opened by the sender. That would require a key, because that’s how it works. But note Apple’s success with Touch ID fingerprint sensor.
I use Airmail on my Mac, iPhone, iPad and Touch ID is required to open mail on the latter two. That would be a start. Even moving Touch ID, Face ID, voice recognition, and make a password a requirement simply to open an email message would help close the open holes.
Unfortunately, such a method and encryption would have to work on both ends– sender and receiver– and right now that’s not the case.
The encrypted email service Proton thinks they have a helpful solution to improve privacy and security. In this case it’s called ProtonVPN, a service that helps secure access to a private email server. The Proton encrypted email services attempts to do the right thing with an encrypted email account. Supposedly, your messages are secure. What you sent to others isn’t likely to be as secure, but it can be encrypted end-to-end– if everyone uses Proton and encryption.
One interesting aspect of the email saga of trials, tribulations, and troubles– look what email did to Hillary Clinton– is to use it less, and seldom use it for anything serious which requires more security. For that I use Apple’s Messages, or an encrypted text file with a password.
Of course, such messages are only as secure as where they go, but a secure, end-to-end encrypted system shouldn’t be that difficult for the technology industry to fix– if only Apple, Microsoft, Google, Yahoo! and internet email standards would just work together.
Just kidding. That won’t happen.