Exactly, but the author of the post didn't realize that.
Instead
> Some may frown reading that I suggest leaving the private key in the hands of your e-mail provider. I agree that this means you lose some privacy to your e-mail provider.
It completely defeats the purpose of encrypting the message. If you are sending encrypted email from (example) your Gmail account to another Gmail account, the message must be totally protected from Google to read, index, possibly giving it to any third party. So, no encryption and decryption using sw made by Google which could be changed in every moment to spy on you.
I just don't see how encryption could work in a web mail. Only client side will do.
I can see huge problems i educating people to look after their private keys. Imagine how many people would lose their keys and their entire mail archive is unreadable.
Just this week I had TWO colleagues separately losing their respektive 2FA for github. And they both work in IT, one had saved the recovery codes, but couldn't make them work, the other not.
In a time of cloud convenience, people are actually less and less inclined to understand the concept of public key crypto and the importance of backing up private keys.
Even if you trust say, apple's icloud keychain (which isn't necessarily a great idea), it still requires access to a trusted device, and it's locked in.
So I think the biggest nut to crack is a unified cloud based private key backup that seamlessly integrates with everything from web applications to every OS and then get Microsoft/Apple/Google on board to support it every where.
iCloud Keychain can still be recovered without any trusted device. They have some kind of escrow system for recovery. It was mentioned in the talk given recently by one of their security people.
Instead
> Some may frown reading that I suggest leaving the private key in the hands of your e-mail provider. I agree that this means you lose some privacy to your e-mail provider.
It completely defeats the purpose of encrypting the message. If you are sending encrypted email from (example) your Gmail account to another Gmail account, the message must be totally protected from Google to read, index, possibly giving it to any third party. So, no encryption and decryption using sw made by Google which could be changed in every moment to spy on you.
I just don't see how encryption could work in a web mail. Only client side will do.