So I saw this post today, which talks about a Web base email encryption service called Send..
Now I’ve always hated people who think they’re getting secure email by using https for webmail or SSL over SMTP, because really this only encrypts the data to your email provider, not through the rest of it’s travels across the Internet to the reciever.
Most people probably should give up on the idea of “secure” email and just not put anything sensitive in email. But if you do or need to one should use something like OpenPGP to encrypt your message, and use a Desktop email client (like Mail.app or Thunderbird) and use SSL with SMTP.
But really doing that is often more complicated than most people will do. So in response comes this company Send. You type your message in their form and specify your email address the receivers email address, and submit the form (via https of course). The receiver will then get an email with an encrypted attachment they can decrypt at the Send site.
Of course this seems easier then using something like PGP, but you still of course have to visit this site to view the message. Second, it assumes you trust Send with this sensitive email. If you really have something so sensitive you don’t want anyone reading it why on earth would you trust it to some third party?
So my final analysis stays the same: Either don’t use email for “secure” communication or do it right with real desktop/local based encryption.
