• xChronoZerox@lemmy.today
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    The post isn’t about privacy, if it was, faxing wouldn’t be on there. I’d wager a strong guess it’s about convenience on one hand while choosing to be inconvenient on the other.

    Edit: or maybe it’s more about high tech in some sectors and low tech in others, still not about privacy.

      • LwL@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        1 year ago

        Fax is unencrypted. Encrypted versions apparently exist but that’s not what Japan and Germany use.

        And that aside my mom regularly gets sensitive patient data via fax at her workplace because the number is one digit off some doctor’s (bonus points for the inverse also happening, and her also working with sensitive data). Far less likely to happen with email. At most encrypted fax is equally secure.

        • ours@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Most emails are unencrypted. And indeed, in the medical profession, they were widespread. Nothing can protect from the sender putting in the wrong number or email address. I’ve received some seriously sensitive emails not meant for me because the people made typos and the recipients had the same family name as me (not sure how the email server decided it was close enough and delivered them to me).

          I’ve also read for some businesses, it was critical to get an instant receipt that the fax has been properly received.

          Now, I’m not defending using obsolete fax machines, it just had one advantage over email but today there are much better alternatives and dedicated platforms.

          • friendlymessage@feddit.de
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            Most emails are unencrypted.

            No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.

            Fax on the other hand is never encrypted and also not signed, so there is no integrity protection. Fax is far, far less secure than even standard email. Businesses require fax often for legal reasons because laws are written by people with no technical understanding not because of any technical reason.

            • Chobbes@lemmy.world
              link
              fedilink
              arrow-up
              0
              ·
              1 year ago

              No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.

              This is true AND untrue at the same time! It’s true that most e-mail providers will talk to other e-mail providers with TLS, but it’s trivial to downgrade the connection in most circumstances. If you can man-in-the-middle e-mail servers you can just say “hey, I’m the e-mail provider you’re trying to talk to, I don’t support TLS, talk to me in plain text!” and the senders will probably oblige. There’s a few standards to try to address this problem, like DANE (which actually solves the problem, but is unsupported by all large e-mail providers), and mta-sts which is a much weaker standard (but supported by gmail and outlook). In practice there’s a good chance that your e-mail is reasonably well secured, but it’s absolutely not a guarantee.

              • friendlymessage@feddit.de
                link
                fedilink
                arrow-up
                0
                ·
                1 year ago

                That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not. I highly doubt the “in most circumstances” line, my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all. If not for their users’s privacy, then at least to combat spam.