Was going to submit this but it was already submitted and then flagged.

It’s true, email is probably unfixable. It’s ok as a digital postcard though, and sometimes that’s all you need. If we could finally get rid of either SMS or email I’d have to pick SMS. But we’re probably stuck with both due to politics and network effects.

I didn’t see any mention of Delta Chat as an attempt to secure email. I do like Delta Chat on chatmail servers (see https://chatmail.at/doc/relay/faq.html#what-is-the-differenc...). Signal is better security-wise but I am very much oriented towards federation or full decentralization. For myself, I worry more about a service being blocked than I do targeted attacks, although I understand that others have different threat models.

If a topic is sensitive enough I might use email to ping someone and tell them a word that means get on my private server. I have taught a handful of lawyers how to PGP encrypt using Thunderbird, so simple a child could do it. It does leak some meta-data but that is sufficient to say "get on my private or semi-private server" or to have lawyers SFTP files to me. I tell them the passphrase over the phone. It also helps to have many aliases canaries on many domains to break some aspects of tracking. There is no single solution to privacy. It takes some facets of OpSec and embracing some friction. I am happy many people hate the friction as it moves them lower on the totem pole.

I might some day regret teaching lawyers how to PGP encrypt files and messages.

question: if php doesn’t encrypt email subjects, why don’t people just put conversations in age-encrypted attachments exclusively? This sidesteps the “quoting in plaintext” user error unless one goes out of their way to copy-paste the attachment conversation into the body while composing.

There's a sneaky jab at ProtonMail at the end, so I feel the need to defend them a bit:

> How are secret keys managed?

Stored on proton's server, encrypted with a passphrase known only to the account holder. I believe they allow you to upload keys as well.

> How are public keys managed? (Trust on first use, web of trust, etc.?)

ProtonMail supports WKD: Email clients can automatically query a proton account's public key using HTTPS. You can also send your public key to people using all the old ways.

> Where does the encryption take place, and where does that code come from?

Proton distributes a FOSS application which integrates with a standard email client. Yes, I imagine most people use the webmail client. Not offering a webmail client was not an option.

> What doesn’t get encrypted? (Subject lines, etc.)

Yes, I believe Proton only does the message body and attachments.

> How does this work for people not using the same service? Does everything silently downgrade to plaintext?

Yes. This behavior is important to increase adoption, and is a similar compromise to the one that allowed the HTTP => HTTPS transition. Once encrypted email is normalized we can tighten the screws.

> I know that sounds rude or dismissive, but the situation is completely terrible and there’s no real political will to fix it. And you *need* political will to fix it.

You point out that email encryption is a political problem. The folks at Proton are aware of that and are actively working to solve that problem. Part of the solution requires having a simple thing you can point people to that they can use to encrypt their emails with no fuss, even if that thing isn't perfect.