Why isn't there an end-to-end encryption standard for email so that we can get rid of fax machines? - eviltoast

That’s the reason we have to still use fax machines right?

I know there are ways to do encryption like PGP on your message directly or I think email sent over TLS? But that isn’t the default right and that’s why I can’t send a picture of my license to the insurance company directly over email?

  • irotsoma@lemmy.world
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    Generally, fax is still considered more secure. It’s a direct connection. It can’t be intercepted without physical access to the phone line. Encryption can be broken and not just brute force, which is always possible given enough time. The more common issue is poor implementation and insecure storage of keys. And the way email works, there’s no opportunity to exchange keys like with SSL/TLS. So you have to find a way to get your public key to the recipient in a way that they can trust it before you send the message and they have to store it securely so it doesn’t get tampered with. Email just isn’t designed to support that kind of thing.

    • Eris@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      It’s kind of true. But so many places are replacing physical fax lines with VOIP or even just automatically sending the fax to email via a copier, it’s hardly more secure in my experience

      • irotsoma@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        A lot of VOIP is local. So a phone line carries the signal to the office building, and a modem converts it to be emailed or whatever. At least in secure places like in healthcare or finance. On the consumer side, VOIP that you get from say a cable company, also doesn’t travel over the internet. It travels on the same local lines to the cable company, but from there it takes a different route. True the middle might still be digital, but it’s not using internet infrastructure. That would be a waste because there’s no need to be able to send that signal to any given device on the internet. There are a lot fewer landline phone numbers than internet connected devices.

      • irotsoma@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Not if you live on the other side of the world. Sure tapping a phone line is easy. But physical presence it required. It would be pretty suspicious if 10,000 people were digging in your yard, but not so hard to imagine 10,000 people targeting an email account that is likely to have lucrative secrets.

      • Crashumbc@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        To a specific phone line, yes. But even that is very time consuming. And not something that can be accomplished on any kind of scale…