this post was submitted on 24 Jul 2023
0 points (50.0% liked)

Ask Lemmy

26831 readers
1492 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 1 year ago
MODERATORS
 

That's the reason we have to still use fax machines right?

I know there are ways to do encryption like PGP on your message directly or I think email sent over TLS? But that isn't the default right and that's why I can't send a picture of my license to the insurance company directly over email?

top 25 comments
sorted by: hot top controversial new old
[–] irotsoma@lemmy.world 1 points 1 year ago (2 children)

Generally, fax is still considered more secure. It's a direct connection. It can't be intercepted without physical access to the phone line. Encryption can be broken and not just brute force, which is always possible given enough time. The more common issue is poor implementation and insecure storage of keys. And the way email works, there's no opportunity to exchange keys like with SSL/TLS. So you have to find a way to get your public key to the recipient in a way that they can trust it before you send the message and they have to store it securely so it doesn't get tampered with. Email just isn't designed to support that kind of thing.

[–] Eris@lemmy.world 0 points 1 year ago (1 children)

It's kind of true. But so many places are replacing physical fax lines with VOIP or even just automatically sending the fax to email via a copier, it's hardly more secure in my experience

[–] irotsoma@lemmy.world 1 points 1 year ago

A lot of VOIP is local. So a phone line carries the signal to the office building, and a modem converts it to be emailed or whatever. At least in secure places like in healthcare or finance. On the consumer side, VOIP that you get from say a cable company, also doesn't travel over the internet. It travels on the same local lines to the cable company, but from there it takes a different route. True the middle might still be digital, but it's not using internet infrastructure. That would be a waste because there's no need to be able to send that signal to any given device on the internet. There are a lot fewer landline phone numbers than internet connected devices.

[–] macrocephalic@lemmy.world -1 points 1 year ago (1 children)

True, but physical access to phone lines is trivially easy.

[–] irotsoma@lemmy.world 1 points 1 year ago

Not if you live on the other side of the world. Sure tapping a phone line is easy. But physical presence it required. It would be pretty suspicious if 10,000 people were digging in your yard, but not so hard to imagine 10,000 people targeting an email account that is likely to have lucrative secrets.

[–] VexCatalyst@lemmy.astaluk.icu 1 points 1 year ago

Fax isn't encrypted. What keeps it alive is just inertia.

As for why your insurance company won't take emailed photo, that probably has more to do with whatever system your insurance is using for their backend.

Email content can be end to end encrypted by GPG and S/MIME as well as through a few other standards. Email in transit can be (but not always is) encrypted via TLS.

The reason encryption is not default is because (I think) of backwards compatibility. E-mail originated at a time when almost nothing electronic was ever encrypted, including the username and password you used to log into a system with. Most of the encryption we use of today has simply been "bolted on" to standards that were already in place at the time and it did take a few tries to get it right.

When the internet was first getting started, few people, if anyone, thought it would become as invasive (possibly the wrong word) as it has become. Everyone on the net knew each other. They were friends, why would they ever need to hide anything from each other. /s

That and the early systems couldn't really spare the processing power for encrypting and decrypting things.

[–] Ennon@lemmy.world 1 points 1 year ago (2 children)

Lol no, faxes do not have encryption. However, they are transferred over old school phone lines, which are not exposed to the internet, therefore making them harder to intercept. Also, federal wire tap laws are pretty beefy so risk in doing so is higher. That’s pretty much it though

[–] nivenkos@lemmy.world 0 points 1 year ago (3 children)

therefore making them harder to intercept.

You mean far, far easier to intercept? You used to be able to just stick a coil around the wires.

The main issue is just a lot of countries governments' don't trust computers still. In Germany they insist on fax and post as it's the only thing they can use as proof of signature in court, etc.

But it's government laws and regulation that is behind. It's not so much of a technical problem (although E2EE email standard would be nice!).

[–] Laser@feddit.de 2 points 1 year ago

But it's government laws and regulation that is behind. It's not so much of a technical problem (although E2EE email standard would be nice!).

No. Government had nothing to do with it, these are separate issues. WhatsApp was never approved by the government, yet it's widely used and it has E2E. OTOH, German government accepts email for lots of things. I know of some public sectors requiring email with PGP even.

The actual problem is that both email and PGP are really bad. This on my opinion describes it very well: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html

[–] Ennon@lemmy.world 2 points 1 year ago

“Harder to intercept” as in you have to go outside where the grass is to play around with the telephone wires, as opposed to typey-typey in your mom’s basement. Ain’t nobody got time for that

On top of that these days most phone calls are routed over the internet at some point too.

[–] Skyrmir@lemmy.world -1 points 1 year ago

Phone systems are all digital these days. A phone tap is easier than ever, and in higher quality.

Also playing back the sound of a fax can reproduce a fax, with the right tools.

[–] FlexibleToast@lemmy.world 0 points 1 year ago (1 children)

PGP is already that answer. We just need a common trusted CA. It would be nice if the government did this and issued certs with your driver license or ID. We could replace our reliance on SSNs with actually good cryptography.

[–] Tangent5280@lemmy.world 0 points 1 year ago (1 children)

Trust the government to link security certs with your ID? No thank you

[–] a4ng3l@lemmy.world 0 points 1 year ago (1 children)

We have that already in Belgium. It’s been a while. It’s used to authenticate for government services or sign stuff. Why the hate?

[–] linearchaos@lemmy.world 1 points 1 year ago (1 children)

trusting the government with certs to access data they're providing you == good

trusting the government not to listen to every email and website you ever visit and then not use that data to lock up dissidents. == bad

[–] a4ng3l@lemmy.world 1 points 1 year ago

The same could be said about all central certificate authorities… In the end trust is always contextual I guess.

[–] WidowsFavoriteSon@lemmy.world 0 points 1 year ago (1 children)

In the States, fax is required by HIPAA because legislators don't understand technology. Which is hilarious because I, like many providers, use a fax service which emails me a PDF of the fax.

[–] DRx@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

That’s not necessarily true, my hospital uses google services (gmail, chat, etc) and it is hippa compliant. If I need to send an email with PII I need to append the subject line with “-phi-“. Now whether you trust google encryption is another thing, but HIPPA says nothing about only using fax

[–] CookieJarObserver@sh.itjust.works 0 points 1 year ago (1 children)

Just send a matrix invite lol

[–] trimmerfrost@lemm.ee 1 points 1 year ago (1 children)

This is the answer. Federated but still end to end encrypted

[–] jabberati@social.anoxinon.de 0 points 1 year ago (1 children)
[–] trimmerfrost@lemm.ee 1 points 1 year ago

Xmpp is dead bro. Last time I tried, I couldn't even find a featureful Android client

Matrix is the modern and mature real deal

[–] ErwinLottemann@feddit.de -1 points 1 year ago (1 children)

PGP is the solution, but the problem is, that noone likes to use it. Or it's "too complicated", because it's another password they need to remember. Or, whatever. It would literally solve nearly all of the problems we currently have with emai 🤷 No more spam, because you could filter out all unsigned or untrusted mails, no problems when your email account is hacked, because the mails are encrypted on the server. No Mailserver admin spying on your mails...

[–] CoderKat@lemm.ee 1 points 1 year ago

Let's be honest, PGP has major usability issues. I mean, a standard that just tells you to "figure it out" with regards to key exchange? And while I'm sure there's plenty of people who've tried to make central services to handle the key exchange part, none have actually gotten any significant usage or seemingly even agreement.

I don't think it would much reduce spam, though. If you use email in a closed environment of sorts, you already can reject email from people you don't know. If they use trusted email providers and you require SPF and DKIM (as most modern webmail does), spoofing isn't really a concern, at least not if you have an allowlist of senders. And if you're not in a closed environment, presumably you'd have to share your public key very widely, making it accessible to spammers too.