I am talking about the threat model that a person have if they work with information that by law they need to keep secret, which if you live in the EU is basically any personal identifiable information about a customers. There is also a long list of professions that deal with sensitive information and carry legal binding requirements to not divulge to third parties. Typical examples is anyone working in health care, education, government, legal system and so on. I am not talking about meta data but classified or data which if disclosed results in people getting fired and holds legal punishment such as jail time.
Using gmail without encryption in those cases is a security issue and also illegal. A lot of people still use gmail in those cases and google track record in regard to data leaks has meant that few people have been found out. That said it will only take one significant data leak and people will start to dig for all data being sent to google. That day a lot of peoples head will roll.
I would guess without exaggeration that a large enough data leak at gmail would cause a global market crash. There is just too much plain text data containing sensitive information that people would dig into. Not private, not meta, just information which people should not have given to a third party. Google privacy policy does not play a role in that.
> I am talking about the threat model that a person have if they work with information that by law they need to keep secret
Then PGP is irrelevant, you don't email that data around. And even if you are, then you aren't dealing with security, you're dealing with compliance, compliance with legal obligations has nothing to do with, and is often in direct action against, actual security.
> Using gmail without encryption in those cases is a security issue and illegal.
This, almost certainly, isn't true, given that Gmail is a GDPR compliant store. You might need to use enterprise gmail, for the legal requirements, but that's still entirely beside the point. "Use enterprise Gmail" is the solution here, not "fail to use PGP".
It is true that people should not email that kind of data but then we assume good op security. Failure of op security is one of the argument of the author here against encryption. On that note I agree with him. People op security is bad, thus they should not use a third party service provider where the line between legal and illegal is the wrong attachment.
Enterprise Gmail is able to operate as a data processor, but there is a lot of fine details in order to stay within the law. It assumes that the company has agreed to the gmail processing terms and gotten permission from their own customer to process the data in such ways. Again here we hope that op security match the fine line between legal and illegal. (If we want a practical example which I know people do, imagine a administrator of a CRM sending a copy of the database to a new hosting provider. Now a copy of the database exist in the sent folder and an other copy at the email provider that the hosting company use. It is very doubtful that GDPR allows that kind of sharing of the private information. If the file get leaked in a data breach there is high probability of a successful lawsuit for mishandling of the information).
Using your own email server or tools that automatically encrypt everything does however prevent those risks.
What email server do you use that automatically end to end encrypts everything using pgp?
It sounds like you're talking about encryption at rest, in which case Gmail does that already, more securely than whatever you're doing so the backwards approach to compliance is more effort and less secure in practice.
> What email server do you use that automatically end to end encrypts everything using pgp?
I wrote a program to do that, but there is also a package in Debian if I recall right that also do it. On the mail server it looks up keys in DNS and if it founds it, automatically encrypts outgoing email.
> talking about encryption at rest, in which case Gmail does that already
Emails at google is not encrypted. Good must have access to the plain text in order to do analytics and search. If google has a data breach it can include every single email gmail has in plain text, and that is a fundamental risk.
> more securely than whatever you're doing
That is kind of impolite to make assumption about my own setup. It is also wrong.
> On the mail server it looks up keys in DNS and if it founds it, automatically encrypts outgoing email.
So you're not talking about pgp/e2ee, you're talking about, like, SMIME or something.
> Emails at google is not encrypted.
They're at least as encrypted as they are on your server from what you've told me.
> That is kind of impolite to make assumption about my own setup.
Given that you don't seem to understand the difference between end to end encryption, in transit encryption, and encryption at rest, I'm going to say that no, I'm very confident that you haven't done this correctly.
> It is also wrong.
And that therefore no, gmail and Outlook are both more secure than your email server.
I wish more people would study IT security since a lot of this kind of silly discussions are cleared up during the first lecture.
Basic 101 security. In order to calculate risk you take the risk threats minus risk mitigation. The bigger the threat, or the fewer the risk mitigations are, the bigger the risk.
You might have forgotten that in 2010 there was this data leak called cablegate. NSA lost 251,287 diplomatic messages. NSA did store them on an encrypted server, and used transit encryption, and yet the data leaked. A major risk to data security is access, and in that case an administrator with access leaked it.
With my mail server, that administrator is me. One of the larger benefits of personal servers.
When you compare Gmail and my mails server then you include social risk just as much as technical risk. You compare the physical risk, that is servers located in multiple places on the earth. You compare the political risk of a single entity that control 80% of the world email with a private email address used by one person. you compare targeted attacks with passive and optimistic attacks.
Lets put money where out mouths are. Want to bet that google will have a new data leak before I do? Looks like a very lucrative bet to me.
In 2018 Google had a data breach. five million user's data was compromised. In 2018 I had zero data breaches in any of my servers. Zero users data was compromised. I have been running my own server for almost 20 years and not a single bit has been lost.
Have I Been Pwned? has billions of leaked accounts, not a single which belongs to me. What about you?
> So you're not talking about pgp/e2ee, you're talking about, like, SMIME or something.
No. There are RFC for email security written in this century. The adaption of putting pgp keys in dns is not great however which is why personal email servers is currently better, but both solution works fine either way as long both side of the conversation does it.
> With my mail server, that administrator is me. One of the larger benefits of personal servers.
Ah I see, so you aren't actually worried about security, you're worried about privacy. Which We've been over when I said:
> Privacy is not security.
You also are ignoring a whole host of other risks, like data loss (your one server breaks, oops there goes your all of your email, etc.)
> Lets put money where out mouths are. Want to bet that google will have a new data leak before I do? Looks like a very lucrative bet to me.
Sure, I'll bet you $10,000 that my email will not be leaked before yours. Here's what we'll do, I'll tell you my email address, and you tell me yours. Mine is @gmail. Yours is hosted on your server. I'll then turn around and spend $8000 on a pen-test of your server, they'll exfiltrate data, and I'll win the bet and be up an easy $2,000.
> In 2018 Google had a data breach
Pause, hold on. No. In 2018, Google announced that there was a vulnerability that could allow semi-public information to be shared more widely than intended (literally it was things like name and phone number that you put on your G+ profile being shared with a wider than intended audience).
There was no evidence that this vulnerability had been used, and Google's own employees detected it.
> In 2018 I had zero data breaches in any of my servers
that you detected. Here, Google has a better track record than you: they are actively monitoring and red-teaming their own servers and systems to detect vulnerabilities. Do you?
So I'll put it bluntly one more time: you are putting your clients data at more risk by administrating your own mailserver than you would be if you let Google or MS do it for you. You can try to come up with all the counterarguments you want, but they are, as this article puts, security LARPing, not actual security best practices.
You are a bit funny. Just as you can hire a hacker, I could buy a zero-day exploit, or someone could hire mercenary and take down googles servers. It would not prove or disprove anything.
In the end, if you have your email leaked while I do not then that is what matters. Results. I have had zero leaked accounts. Most people have stuff that been leaked, and since you refused to answer, I assume you are listed in Have I Been Pwned?. You trusted someone to be secure and they were not. That was your choice, and it was the wrong one.
I have had the same setup been tested by two different pen testers, so yes, I would not mind that bet.
If you break the law however, which is what happens if a pen test a system without permission, then it doesn't really matter if you hack or use rubber hose tactics. Breaking the law is breaking the law. The police don't look kindly to bets under those situations.
I will also say the same thing I wrote to those two pen testers that tested our system. If you find any vulnerability I will happy help write the CVE report. What I did not tell them but will mention here is that I also happy take part in getting those bug hunting reward money that zero days exploits usually rewards. If you have for example a working exploit against current stable release of latest SSH then I am sure we can turn that in somewhere for a pretty good amount of money.
Using gmail without encryption in those cases is a security issue and also illegal. A lot of people still use gmail in those cases and google track record in regard to data leaks has meant that few people have been found out. That said it will only take one significant data leak and people will start to dig for all data being sent to google. That day a lot of peoples head will roll.
I would guess without exaggeration that a large enough data leak at gmail would cause a global market crash. There is just too much plain text data containing sensitive information that people would dig into. Not private, not meta, just information which people should not have given to a third party. Google privacy policy does not play a role in that.