this post was submitted on 26 Feb 2024
262 points (97.5% liked)

Technology

58137 readers
5205 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
262
Police shut more than 14,000 accounts on Mega, Tutanota and Protonmail (therecord.media)
submitted 6 months ago by [email protected] to c/[email protected]
38 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 20 points 6 months ago (2 children)

Fair question!

If an email address is being used for fraud, they don't need to see the encrypted copy; they can see the copy sent out to other people from that address. So if I send you a message from my Protonmail to your Gmail, the following is true:

Copy @ Protonmail: E2EE.
Copy @ Gmail: NOT E2EE.

There are other, circumstantial ways to tell as well. If you're trying to scam people with DudeBro Cryptocurrency, you necessarily reveal the address you use when you send our your spam or scams. If I send malware from [email protected], the proof that I sent the malware does not require you to see my server stored mail; you can just look at your own copy to see.

Does that make sense?

[–] [email protected] 1 points 6 months ago (1 children)

So any email address is not encrypted even if the message goes to another encrypted account? Is this correct?

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago) (1 children)

Yes, the "to address" cannot be encrypted as it is necessary to deliver the mail, the "from address" are needed to send a notification when the "to address" doesn't exist.

Technically, the "from address" probably can be encrypted, like in signal; but I think it is required in the current email standard.

[–] [email protected] 2 points 6 months ago

Thank you. This helped.

[–] [email protected] 1 points 6 months ago

Surely Proton also receives the mails in plaintext? There's no E2EE about it. You have to take their word that they encrypt it and discard the plaintext data.