🔐 Every unencrypted email is readable by 10+ entities and stored forever.

@nicfab @Fr333k Email crypto is extremely complex and because of this, has plenty of attack surface. We published close to 10 papers in the last seven years attacking email and email encryption with OpenPGP and S/MIME.

I am at the point where I find recommending email encryption to be actively harmful. Metadata leaks all over the place, crypto from the '90s, plaintext fallbacks everywhere, user hate it, in particular the gnupg devs are very toxic, mail client developers lack time and (too often) expertise to implement it properly.

Just use Signal. If you got budget, build an app on top of Signal. Heck, just use WhatsApp. Just don't even try to send sensitive information with email encryption.

@nicfab @Fr333k Just an observation: that's a long blog post, with a lot of words and with a lot of computer commands and that somewhat contradicts the sentence "WKD makes encrypted email as simple as HTTPS made web browsing secure."

Nothing is simple with OpenPGP and email and that's broadly documented in academia and annecdotes. WKD does not change that.

If you absolutely positively must use email for sending sensitive info, use S/MIME.