r3bl comments on “Bringing the power of AMP to Gmail”

You two are totally missing to use the threat model approach to security.

Email is “secure enough” for common people, whose threat model isn’t high. We have Google and Microsoft to thank for that primarily, since they’re the ones that pushed 2-factor auth, encryption in transit (HTTPS) and other features (that later on got implemented by all the email providers). Those features themselves would mean nothing if they weren’t incorporated in the biggest free email hosting solutions.

Email is “completely insecure” to those who can’t trust a third party (like Gmail). It has GPG on top of it, which is nasty to use from a user’s perspective. Meanwhile, even if you do all the things perfectly, you’re still not getting the same level of protection you would get from using Signal (as a solution that doesn’t retain any metadata), whose user experience is out of this world compared to GPG.


Author: r3bl
Go to Link: https://news.ycombinator.com/item?id=16368769