-
Great episode! It really made me think, especially about email security. I've always considered it the holy grail and this episode really hammered in how it just requires one creative and motivated person and then it's game-over. Can we fix this? How? @DarknetDiaries/1531636817442881537
-
One solution I can think of is client-side encryption. But then we need to solve recovery, because for most people the threat < risk of loosing key and all email @ProtonPrivacy and @TutanotaTeam is trying but not sure if they are succeeding, they are still niche with custom apps
-
There was an interesting paper on a more generalised solution cs.columbia.edu/~koh/papers/koh-eurosys19-e3_easy_email_encryption-final.pdf but does not seem to have taken off. And yes I know about GPG, it had it's chance and probably cannot (for multiple reasons, complexity mostly) be the solution.
-
@material_sec is also doing good work in this area, but focused on businesses, which makes sense, much easier to identify business sensitive data than figure out what personal data might be sensitive)
-
The flatness of the internet has just turned all previous human threat modelling upside down.