ISPs are removing encryption from customers' emails
greybeard last edited by
This may not be the appropriate location for this post. If so Please move to a more appropriate Category. This morning I got an email from a friend referring me to an EFF article regarding the stripping of a security flag (called STARTTLS) from email traffic by some U.S. and Thai ISPs. This goes unnoticed mostly because it is targeted to [b]Residential [/b]customers. Of course no names are mentioned... There are possibly some good intentions here (spam and phishing prevention) but with possibly unintended consequences. And remember that: [quote]the Road to Hell is paved with Good Intentions[/quote]. The whole article can be read here: https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks Just thought I'd let you know.
theyTookMyUsername last edited by
I suggest PGP Everywhere... So there could be some implementation of raw C libraries for encryption right in browser cores to make it fast.
@theyTookMyUsername Oh you picked up a very old post. I asked myself: why did the user do this?
SSL has to do with encrypting the transfer from user to destination server, but not with encryption of mail content!
Yes, with OpenPGP you can encrypt and sign content of mails.
But openPGP does not force safe SSL traffic, so the mentioned providers may pick up login data.