This post is not really about questions I have. I just feel like I need to write this somewhere to express my concern.
First of all, online stores have become a huge part of our society and I admit I heavily rely on that. That alone could be privacy issue but I’d ignore that for the sake of not missing the point of this post.
The problem is rather in the way these online stores send out their receipts. You might already know that emails are by default not client side encrypted. That means your email server admin (Google if you use Gmail, Apple if you use iCloud mail. And Proton if you use Protonmail. Yes Proton claims it stays encrypted as soon as the emails arrive to their server but who can really vouch this? It’s behind the curtain anyway. ) has access to your receipts including of the past.
Now email has been around for a really long time. And the client side encryption part has been worked in a lot of forms such as S/MIME. But none of the online services really implement it even though they contain critically personally identifiable info such as items I bought along with my name & address.
And the thing is even though these online sellers acknowledge this privacy risk, they don’t have options to not email us receipts. For example, Amazon has a dedicated page on their site where I can see the list of everything I bought. That’s literally enough for me. They can stop sending me the receipts in the worst possible way! At least they could provide us with better way (even WhatsApp will do) yet they don’t. This is a severe privacy issue.
I can’t help feeling, with all the sophisticated technology we have at hand, that we deserve better.
One of the problems I personally see is the reliance on a standard that was done since the dawn of the internet and got stitches all these years.
Emails as a service is useful, and has several properties that make sense to exist. However, it is simply not easy nor intuitive to have encryption on it (and even then, there are limitations).
What we would need on the long run is simply replace email with a common standard that actually encrypts in transit (at very least) with auto negotiated keys on exchange.
But we would need to change the mind of a lot of people to make that a priority… (For better or worse, it is the market that states the incentives and priorities. And it is abundantly clear security is not on the top list)
Encryption in transit is pretty much solved these days with TLS, what OP wants is E2E - encryption from sender to recipient with no intermediate parties having an idea about contents of the message. Problem with E2E is inconvenience: emails are inaccessible without private keys and key management is pain. Users don’t want additional headache of managing their keys between bajillion of devices where they might use emails
Yes e2e is a different beast. Pgp as an algorithm is actually quite solid, but the amount of effort to make it work on emails is straight up insane. And in the end, subject line does not get encrypted
That would be ideal, but realistically, if email ever goes away, it would be replaced with a proprietary locked down ecosystem. Likely a messenger app. Link a WhatsApp or Facebook account and you will get messages and notifications through that. I just do not see current tech companies supporting a new open standard for communication.
Despite all of emails flaws, it is one of the few remaining universal forms interoperable communication with little vendor lock-in. It would be great to have something more modern, but not at the expense of openness and interoperability which is likely what would replace it at the current time.
That would be a fair concern. Until we collectively understand standards should be open and fairly documented for everyone to use, we are going to have a lot of these “standards but not really” pretty much everywhere (but again, we are asking this of people that also do not see security as being on the top list of considerations. I am sure interoperability is not even know to most)
Yeah. I agree they will definitely go with proprietary solution. I would much prefer something like Matrix adopted. But that has to be blow up in popularity to replace emails…