Mozilla recently announced that they were going to stop actively working on their Thunderbird email client. At the time, someone said on Twitter “Hasn’t the problem of email been solved? Do we really need email clients anymore?”
That bothered me a little, because there are lots of things email clients can still do better, and one that is near and dear to my heart is encryption. Does your email client handle encryption? That fact that you probably don’t even know is an indication that the tech community at large doesn’t care.
Here’s why you should care, especially if you work in technology.
People have long thought of email like a letter you mail. You put it in an envelope and mail it. In reality it’s like a post card. Everything you have to say is available to be read by everyone who handles it, as well as anyone who has an interest in tracking it down and seeing what you have to say.
There are two kinds of emails to be concerned about. One is normal emails to people like your mom or your friends that it’s rude to read, and possibly damaging. Another is emails that actually contain information that should be secret, like the password to your web site.
I’m not going to talk too much about the first kind. If you actually believe that because you have nothing to hide then anyone should be able to read your email I’m not going to convince you of the danger therein.
The second is easy to make a case for. Would you post the password to your web site to Facebook? How about your social security number? Then you shouldn’t email it in the clear. It’s readable by anyone who cares while it’s in transit, and if you use an email service like gmail then it’s stored forever.
“But who could read that email?”, you ask. Lots of people. There have already been instances of Google employees abusing email, China has stolen lots of gmail, and the government rifles through it at will.
Email encryption is not very hard as long as your email client supports it. Outlook makes it difficult, and AppleMail makes it practically impossible. It used to be pretty easy to do with webmail, but Google went out of their way to make it very very hard in gmail, so most people making ecryption clients for it gave up. Google doesn’t want you to encrypt your email, because then they couldn’t read it. If they couldn’t read everyone’s email it probably wouldn’t be worth their while to run gmail.
If you care at ALL about internet security (your own web site, your client’s web sites, your own email account etc), please please don’t post your login credentials in the clear, over email, instant messenger, or social media.
My typical recommendation for people is to use Thunderbird. It’s free, full featured, makes encryption easy, and works on all common platforms.