End-to-end encrypted email is bad for you

#email

End-to-end encrypted (E2EE) email doesn't benefit you and can be worse than not having it at all. Let's back this up with some facts:

  1. Encrypted emails must always be downloaded on all devices (this is because it isn't searchable by the server, barring some fancy academic solutions no-one bothers with). The "cloud" is just a backup solution.
  2. Every email you send or receive exists unencrypted in the other party's inbox.*
  3. The server still has access to unencrypted email at send/receive time (technically none of it is truly E2EE - more on this below).
  4. Using your preferred email client is hard or impossible (no POP3/IMAP, see 1.).

POP3 has it right

Compare this to simply using good old POP3. It actually provides the maximum level of privacy, and is equivalent to an E2EE email service when used with local full-disk encryption. Encrypted services receive plain emails, encrypt them, then discard the plain copies. With POP3, the server receives the plain email, you then download it via POP3, and it is deleted from the server (if following protocol). Privacy-wise, the end result is the same.

Except - with POP3 you gain the freedom to secure your emails with your choice of local disk encryption. You "own" your emails forever, and are free to search and analyse privately. Compare this to encrypted services where you must reach a cloud through proprietary protocols just to download your data (usually even advertised as a super premium "feature" behind a paywall).

In both cases your emails are stored locally, so you aren't saving space. In both cases you are also relying on the email provider's word not to keep a copy of plain unencrypted emails. There is no way of verifying software running on the provider's server (unlike with client-based E2EE schemes), so this is purely non-crypto "trust us" security either way.

It's worse than POP3

Actually, encrypted email is even worse than our POP3 example. Take ProtonMail, the world's most popular E2EE email service. In order to make search work immediately after login, ProtonMail does not encrypt any subject lines. The user is never told.

Even with services that encrypt everything, the general feeling of safety and privacy afforded is misleading to the average user, blindly trusting the service and perhaps not realizing most of their emails end up on G-mail's servers anyways. Any privacy gained by picking an encrypted provider is lost when you inevitably trust it more than G-mail users trust Google.

There is also the matter of custom clients required to make E2EE work, which leaves you at their mercy metadata wise (eg. are you sure no logs are kept every time you search or open an email?). Standard email clients have a much lower incentive to phone back since they aren't developed by the service provider and are under much higher audit scrutiny.

What does this all mean

So what's really important? Focus on finding a trustworthy provider with a good privacy policy over one with grand encryption promises. Complexity only adds insecurity, and with all the hoops around lack of protocols and local-only search, the real status quo gets lost and opsec blunders are born.

There is no shortage of open-source email clients nowadays on desktop and mobile. Plus most people already have some solution for backups. You only need to make sure they're encrypted - and you're all set!

*Unless you rely on in-platform encryption promises. At which point this is no longer email. If relying on PGP, the platform becomes redundant since most email clients already offer it.