Client or provider

Discussion in 'Email Discussions' started by compleo, Oct 17, 2015.

  1. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Wondering which is more secure,if either & if so why?
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    A user needs "something" to access their email. That could be a combination of webmail, email client, app, and/or a custom mechanism. If that's not secure. game over.

    Also, what's your definition of secure? Which features do you care about? Email encryption? Privacy and not being tracked?

    I believe there isn't an answer to this question. It's not provider vs. client, but the implementation end to end.
     

  3. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Not really concerned if e mail is read,more interested in metadata & tracking.

    The reason i asked which is more secure,i get the impression that e mail client is not secure by itself which is why it needs a plug in to aid in security.

    If one uses "https everywhere" will a non encrypted e mail provider/client be secure.

    HTTPS EVERYWHERE
     
    Last edited: Oct 17, 2015
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    This gets into my comment about all of the connections end to end. HTTPS encrypts the traffic between your web browser and the web server you're communicating with to prevent a 3rd party in the middle from viewing your data. It's not 100% guaranteed. Sometimes there are vulnerabilities that break HTTPS. Sometimes you're on a hostile network (even a corporate network at work!) that intercepts and inspects the data within your HTTPS connections. This would make for a nice info graphic showing all of the pieces involved with an email between client and sender. I have the start of one here (How to encrypt and send secure email) from a few years ago that could go into more detail.

    An email client can be "secure" if it's reading email over IMAP+SSL or POP3+SSL. It also matters if you care about the copy of email being created on your device getting stored encrypted or not. Some of the newer encrypted email providers have apps that should be more secure than the standard email client such as Microsoft Outlook.

    It depends which part of the communication that you're trying to secure. Most web based email these days is already full session HTTPS. HTTPS everywhere does nothing to help with the email stored on the providers servers, your device(s), the senders device(s), the senders providers, or the connections between all of the above not already mentioned.
     
  5. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
  6. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    It's not fair to say "webmail" or "email client" is more secure. It's going to depend on the email service provider and the security around how you interact with them.

    For example, it's possible for there to be a webmail such as SCRYPTmail that is more secure than your ISP email accessed with a standard email client.
     

    compleo likes this.

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...