That’s the reason we have to still use fax machines right?

I know there are ways to do encryption like PGP on your message directly or I think email sent over TLS? But that isn’t the default right and that’s why I can’t send a picture of my license to the insurance company directly over email?

  • Ennon@lemmy.world
    link
    fedilink
    arrow-up
    57
    arrow-down
    2
    ·
    1 year ago

    Lol no, faxes do not have encryption. However, they are transferred over old school phone lines, which are not exposed to the internet, therefore making them harder to intercept. Also, federal wire tap laws are pretty beefy so risk in doing so is higher. That’s pretty much it though

    • nivenkos@lemmy.world
      link
      fedilink
      arrow-up
      28
      arrow-down
      3
      ·
      1 year ago

      therefore making them harder to intercept.

      You mean far, far easier to intercept? You used to be able to just stick a coil around the wires.

      The main issue is just a lot of countries governments’ don’t trust computers still. In Germany they insist on fax and post as it’s the only thing they can use as proof of signature in court, etc.

      But it’s government laws and regulation that is behind. It’s not so much of a technical problem (although E2EE email standard would be nice!).

      • Ennon@lemmy.world
        link
        fedilink
        arrow-up
        28
        ·
        1 year ago

        “Harder to intercept” as in you have to go outside where the grass is to play around with the telephone wires, as opposed to typey-typey in your mom’s basement. Ain’t nobody got time for that

        • nivenkos@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          It’s the same though.

          To intercept the email you need to be on a network that receives it (i.e. ISPs).

          It being stored unencrypted is a totally different problem (and also for letters, faxes, etc.)

      • fsw@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Well, how do you proof an email has been delivered if you don’t get a confirmation? That’s the main problem when going to court.

    • Skyrmir@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      Phone systems are all digital these days. A phone tap is easier than ever, and in higher quality.

      Also playing back the sound of a fax can reproduce a fax, with the right tools.

    • gdbjr@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Most companies now use fax severs which use the same SIP trunks that phone calls to the business use. Even if they are using old POTS lines the fax machines themselves are usually not in a secure area, but out in the open where anyone can walk by and pick them up.

      I had to have a discussion with our cyber group that didn’t understand this and insisted that we encrypt our digital fax sever. I tried many ways to convince them that it simply was not possible to encrypt faxes when we were getting or sending faxes to random people in the general population. It really tested my patience and my ability to stretch the truth so they would drop their idiotic request.

  • StarManta@lemmy.world
    link
    fedilink
    arrow-up
    20
    arrow-down
    1
    ·
    edit-2
    1 year ago

    It’s very easy to E2E encrypt stuff you’re sending via email: zip it up in a password protected archive. Even the email client won’t know what it’s sending.

    And even if that isn’t good for whatever reason, there’s no reason to use email. A web form via https is secure and encrypted, and cuts out the email middleman.

    That’s not the reason we still use fax machines. The reason we still use fax machines is because someone very old and set in their ways is the one in charge of making the decision to move away from fax machines.

      • macrocephalic@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Zip files aren’t very secure by default, however you can specify better encryption with better zipping tools. It would be more accurate to say you should put the content into an encrypted archive file.

      • StarManta@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Probably shouldn’t have been so specific, as I don’t know how deeply encrypted zip files can be in terms of bits. Broadly speaking, there is definitely some kind of encrypted archive file that would be secure when sent over email

  • FlexibleToast@lemmy.world
    link
    fedilink
    arrow-up
    15
    arrow-down
    3
    ·
    1 year ago

    PGP is already that answer. We just need a common trusted CA. It would be nice if the government did this and issued certs with your driver license or ID. We could replace our reliance on SSNs with actually good cryptography.

      • a4ng3l@lemmy.world
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        We have that already in Belgium. It’s been a while. It’s used to authenticate for government services or sign stuff. Why the hate?

        • linearchaos@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          1
          ·
          1 year ago

          trusting the government with certs to access data they’re providing you == good

          trusting the government not to listen to every email and website you ever visit and then not use that data to lock up dissidents. == bad

          • a4ng3l@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            The same could be said about all central certificate authorities… In the end trust is always contextual I guess.

            • linearchaos@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              My government keeps trying to pass laws that they need backdoors to every crypto to protect my safety, and also certain states are using Facebook chats to lock people up for abortion.

              • a4ng3l@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Sad but unrelated to more reasonable governments providing certificates to their citizens. My comment only applies to citizens of reasonable governments.

                • linearchaos@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  The reasonability of ones government is a treasured thing.

                  But do keep in mind, data collected is forever but the amount of reason that a government uses can change over time.

                  US States having access to abortion data would have be an absolute non-worry since the internet was invented, just starting a few years ago, it gets people put in jail.

                  It’s better to keep government out of my private affairs :)

          • FlexibleToast@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            trusting the government not to listen to every email and website you ever visit and then not use that data to lock up dissidents. == bad

            I’m definitely not advocating for that. Just for “official business.” Chatting with your friends or something, use matrix, signal, telegram, gpg, whatever you want. Signing documents or sending documents to your bank? That’s when you need the government CA. Basically anytime you would normally use your ID to identify yourself.

  • WidowsFavoriteSon@lemmy.world
    link
    fedilink
    arrow-up
    11
    arrow-down
    2
    ·
    1 year ago

    In the States, fax is required by HIPAA because legislators don’t understand technology. Which is hilarious because I, like many providers, use a fax service which emails me a PDF of the fax.

    • DRx@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      That’s not necessarily true, my hospital uses google services (gmail, chat, etc) and it is hippa compliant. If I need to send an email with PII I need to append the subject line with “-phi-“. Now whether you trust google encryption is another thing, but HIPPA says nothing about only using fax

  • JTode@lemmy.world
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    I’m sure there is a much more sophisticated explanation from the lawyers’ end, but more fundamentally, I’m pretty sure that encryption is not part of the basic protocol. Privacy is not actually a basic feature of the internet, so something as basic as email does not include it. Anything that uses email to do private coms would have to be referred to as ________ over email.

    PGP/GPG has been around as an option since the 90s, but it’s rather clunky to implement and you need to know how to keep your private key safe. So, the problem has long been functionally “solved” for the competent, and there we stay; you and anyone you want to talk to privately will always be free (possibly not legal, but free) to generate a key pair each, share your public keys, and then talk privately using those keys for as long as you can keep your private keys safe.

    And really, I personally find the idea fairly silly, that some company is going to keep my key for me and respect my privacy. No, if someone wants to keep your private key for you, they want to know your business, all of it. You don’t ask to hold anyone’s keys anymore than you ask to hold their johnson for them when they piss. I do use some corporate encryptions, signal for things I don’t want the DEA to know about mainly. Oh also FUCK THE DEA

  • irotsoma@lemmy.world
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    Generally, fax is still considered more secure. It’s a direct connection. It can’t be intercepted without physical access to the phone line. Encryption can be broken and not just brute force, which is always possible given enough time. The more common issue is poor implementation and insecure storage of keys. And the way email works, there’s no opportunity to exchange keys like with SSL/TLS. So you have to find a way to get your public key to the recipient in a way that they can trust it before you send the message and they have to store it securely so it doesn’t get tampered with. Email just isn’t designed to support that kind of thing.

    • Eris@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      It’s kind of true. But so many places are replacing physical fax lines with VOIP or even just automatically sending the fax to email via a copier, it’s hardly more secure in my experience

      • irotsoma@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        A lot of VOIP is local. So a phone line carries the signal to the office building, and a modem converts it to be emailed or whatever. At least in secure places like in healthcare or finance. On the consumer side, VOIP that you get from say a cable company, also doesn’t travel over the internet. It travels on the same local lines to the cable company, but from there it takes a different route. True the middle might still be digital, but it’s not using internet infrastructure. That would be a waste because there’s no need to be able to send that signal to any given device on the internet. There are a lot fewer landline phone numbers than internet connected devices.

      • irotsoma@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Not if you live on the other side of the world. Sure tapping a phone line is easy. But physical presence it required. It would be pretty suspicious if 10,000 people were digging in your yard, but not so hard to imagine 10,000 people targeting an email account that is likely to have lucrative secrets.

      • Crashumbc@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        To a specific phone line, yes. But even that is very time consuming. And not something that can be accomplished on any kind of scale…

  • Melllvar@startrek.website
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    Anything we want to add to the e-mail system has to be a backwards-compatible with the older system. Otherwise, few people will actually use it.

  • conciselyverbose@kbin.social
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Antiquated laws/regulatory environment gives fax special treatment even though it’s quite possibly the worst mechanism available to send a message.

    • nivenkos@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      This is why I don’t understand the people that really want more “AI regulation”.

      I don’t want a bunch of 70-year olds telling me what I can and can’t do with computers.

  • wagoner@infosec.pub
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Protonmail (which offers free accounts) let’s you click on a padlock icon, to set an encryption password and a password hint for the recipient, to send a pgp-encrypted email. Email can be opened by anyone as it directs the recipient to a web page where they enter the password. They can reply to your from that page with a message that is also itself encrypted.

    It’s not quite what you’re asking but it will get your ID securely to your insurance company. I haven’t found anyone yet whose employer has blocked this ability.

  • PostnataleAbtreibung@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    I have no idea about the technical stuff (I can’t really decipher your second paragraph), but there is a legal advantage for fax machines.

    Emails don’t count here as “ in writing“, so if something needs to be in writing you need to send a signed letter - or a fax.

    Fax is like a signed mail, but In almost real time. So if you send legal relevant stuff, you have proof what you sent and when the receiver got it.

    However, you talk about Encryption, I don’t know if E-Mails can be encrypted, fax are definitely not. They go through a normal landline with those beep tones similar to a normal modem made when dialling into BTX or the early internet.

  • csm10495@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I’ve seen something about emails being signed and stuff like that. I guess I’m out of the loop. I had a coworker once PGP sign their emails and it would have a signature at the bottom that I (and probably everyone else) ignored.

    Why couldn’t email just be encrypted ala https? Make a TLS connection, send message, end, move on. Or really just make TLS connection, POST a message, move on.

    I know it’s more complicated than that but not by much really… why haven’t we just made a new secure standard based on https?

    • Troy Dowling@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Your email likely is already delivered over a TLS or SMARTLS protected channel. That’s not the (only) problem PGP addresses. PGP provides message authentication in addition to encryption.

      To take your colleague as an example, his email was cryptographically signed by him. A function that requires his private key, and possibly a passphrase to unlock the key. The signature includes a hash of the message, and requires that private key to generate. On your end, your client hashes the message again and compares the signature. If it isn’t identical, someone has tampered with the content. Presuming you met up ahead of time in person or through another trusted channel, and shared public keys, seeing the valid signature also gives you confidence that this email was actually written by the person you expect, and not anyone else with access to their device or account. (If the senders key is still safe anyway.)

    • blackfire@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      It is. When you send an email a startls session is created between the servers as its a point to point protocol. That session is then used to send the message. You can downgrade to plain text which is where the problem lies.