Here is a privacy thing that seems strange to me.

I buy something from an online store. The connection is https. Secure server. We protect your privacy, says the website. Great!

Once I've placed my order, they send complete details of my order to me by regular email. Unencrypted. The confirmation email includes my name, address, payment method, and the list of what I bought.

How is that protecting my privacy, ffs? And there is no way to opt out of this.

#privacy #shopping #onlineshopping

@skiring i may be missing something but if the email is sent via SMTP on an encrypted connexion (which should be the case nowadays), how is it different / less secure than you sending your order detail over https?

In both cases, the data isn't encrypted at rest (in the store database, or in the email), but is transmitted via encrypted channels so third parties can't really intercept it

@eliotberriot @skiring SMTP+TLS is pretty much shit though, isn't it? Does gmail even validate certs yet?
@eliotberriot @skiring Or am I mixing that up with how they handled XMPP back when they supported it? Pretty sure they didn't validate the certs for XMPP+TLS.

@clacke you may be right about Gmail, though I didn't experience it myself. Why would SMTP over TLS would be bad?

Even if Gmail doesn't verify certs when delivering emails over SMTP, it wouldn't really apply to the situation described by @skiring because the order confirmation isn't sent by gmail, is it?

@eliotberriot @skiring They are the biggest email host, and if they don't validate certs when mailing over TLS, then the whole idea of SMTP over TLS is suspect. But as I noted, I'm less sure that they don't than I was 30 minutes ago. πŸ˜€

@clacke they're the biggest host when it come to mailboxes, but are they the biggest email sender? Most email messages we receive are automated, so services like mailgun or sendgrid may generate more SMTP traffic than Gmail users.

(sendgrid apparently send at least one billion email a day

@eliotberriot Do mailgun and sendgrid validate TLS certs?

Does STARTTLS support indicating in DNS that senders should require TLS, and do senders read and respect that setting?

@clacke @eliotberriot @skiring Verifying certs is needed to prevent an active man-in-the-middle attack, but without this verification TLS still provides protection against passive surveillance, so it's not worthless at all.

@changaco @eliotberriot @skiring I used to reason like that, and that most governments wouldn't normally MITM because it would be a whole new line to cross compared to passive monitoring. But then I also thought that mass surveillance of a whole population's internet connection would be both prohibitively expensive and politically impossible.

These days, I don't think there is any reason to think that a connection that could be MITMed wouldn't be MITMed.

@clacke @eliotberriot @skiring An active MITM is much more costly and risky than a passive one. I'm not saying we don't need to verify certificates, in fact I would be in favour of phasing out SMTP entirely, because we do need a more modern and safer protocol, but as of today my guess is that a TLS connection between servers isn't likely to be intercepted.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!