this post was submitted on 28 Nov 2023
2 points (100.0% liked)

memes

10219 readers
1958 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

Sister communities

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] ours@lemmy.world 0 points 11 months ago (1 children)

Most emails are unencrypted. And indeed, in the medical profession, they were widespread. Nothing can protect from the sender putting in the wrong number or email address. I've received some seriously sensitive emails not meant for me because the people made typos and the recipients had the same family name as me (not sure how the email server decided it was close enough and delivered them to me).

I've also read for some businesses, it was critical to get an instant receipt that the fax has been properly received.

Now, I'm not defending using obsolete fax machines, it just had one advantage over email but today there are much better alternatives and dedicated platforms.

[–] friendlymessage@feddit.de 0 points 11 months ago (1 children)

Most emails are unencrypted.

No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.

Fax on the other hand is never encrypted and also not signed, so there is no integrity protection. Fax is far, far less secure than even standard email. Businesses require fax often for legal reasons because laws are written by people with no technical understanding not because of any technical reason.

[–] Chobbes@lemmy.world 0 points 11 months ago (1 children)

No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.

This is true AND untrue at the same time! It's true that most e-mail providers will talk to other e-mail providers with TLS, but it's trivial to downgrade the connection in most circumstances. If you can man-in-the-middle e-mail servers you can just say "hey, I'm the e-mail provider you're trying to talk to, I don't support TLS, talk to me in plain text!" and the senders will probably oblige. There's a few standards to try to address this problem, like DANE (which actually solves the problem, but is unsupported by all large e-mail providers), and mta-sts which is a much weaker standard (but supported by gmail and outlook). In practice there's a good chance that your e-mail is reasonably well secured, but it's absolutely not a guarantee.

[–] friendlymessage@feddit.de 0 points 11 months ago

That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not. I highly doubt the "in most circumstances" line, my guess would be that at least the big ones like gmail don't allow unsecured communication with their servers at all. If not for their users's privacy, then at least to combat spam.