Richard Pieri wrote: > I'd be wary of any third party provider. ...HIPAA regulations. ... > The recent NSA disclosures are simply icing on the cake for me.
True. Self-hosted is better than outsourced, if you prioritize privacy. But S/MIME encryption is better than either. And even then, the metadata - senders and recipients - are still largely sent as plaintext across the wire, and easily intercepted by the NSA. We don't yet have the protocols to do end-to-end secure email that encrypts the metadata TOR-style. At least nothing widely enough deployed to be useful. It's hard enough finding a bank or insurance company that knows how to handle the almost 20 year old S/MIME standard. (A recent correspondence with BlueCross required using PGP (GPG), a phone call to convey the password (no PKI), and a half-dozen emails to help troubleshoot their inability to open the file in an encryption format they suggested using.) -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/ _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
