Encrypted Email and Security Nihilism

Daniel Kahn Gillmor, reporting on the whole EFAIL thing (short story: even encrypted email isn’t truly safe):

Unfortunately, many of the responses to this report have been close to the line of “security nihilism:” Throwing your hands in the air and saying that because certain important security measures aren’t perfect, we should abandon them altogether. This is harsh and potentially damaging to the best efforts we currently have to protect email and risks leading people astray when it comes to securing their communications.

Personally, I’ve never bothered with encrypted email. As a Gmail user, I’m pretty meh about the fact that Google “reads” it to deliver me contextual ads. I own zero tin foil hats. If you’d like to use me as anecdotal evidence, I’m a decade and a half in and nothing weird/bad has ever happened to my Gmail account.

But I am bullish on general security best practices. You really should have 2FA turned on if you can and have a very secure email password that you change somewhat regularly. If someone gets into your email account, that’s extraordinarily bad. It’s like they have access to every single service you use (that doesn’t use 2FA).  

Leave a Reply