Hacker News new | past | comments | ask | show | jobs | submit login

Why does it matter so much? Just use their automatic PGP email signing.



Signing isn't encryption.

If someone else has the key, it's not safe encryption. It's only as safe as the entities holding the keys. Do we know that they won't sell? Be forced? What happens if they get hacked?

Now it's not your security you have to monitor, but theirs. And you can't control theirs.


Isn't that the same argument for the receiver of a PGP email? How do you know they won't sell your email, be forced to, or have memory stealing malware on their machine reading all emails?


The receiver is first party, the rest are third-party. Intentions and roles are different.

Anyway, your argument could be extended to any E2EE protocol...

And why we still use encryption? Because we usually trust the receiver and also the receiver can suffer from the leak of the message.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: