Most emails are unencrypted. And indeed, in the medical profession, they were widespread. Nothing can protect from the sender putting in the wrong number or email address. I’ve received some seriously sensitive emails not meant for me because the people made typos and the recipients had the same family name as me (not sure how the email server decided it was close enough and delivered them to me).
I’ve also read for some businesses, it was critical to get an instant receipt that the fax has been properly received.
Now, I’m not defending using obsolete fax machines, it just had one advantage over email but today there are much better alternatives and dedicated platforms.
No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.
Fax on the other hand is never encrypted and also not signed, so there is no integrity protection. Fax is far, far less secure than even standard email. Businesses require fax often for legal reasons because laws are written by people with no technical understanding not because of any technical reason.
No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.
This is true AND untrue at the same time! It’s true that most e-mail providers will talk to other e-mail providers with TLS, but it’s trivial to downgrade the connection in most circumstances. If you can man-in-the-middle e-mail servers you can just say “hey, I’m the e-mail provider you’re trying to talk to, I don’t support TLS, talk to me in plain text!” and the senders will probably oblige. There’s a few standards to try to address this problem, like DANE (which actually solves the problem, but is unsupported by all large e-mail providers), and mta-sts which is a much weaker standard (but supported by gmail and outlook). In practice there’s a good chance that your e-mail is reasonably well secured, but it’s absolutely not a guarantee.
That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not. I highly doubt the “in most circumstances” line, my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all. If not for their users’s privacy, then at least to combat spam.
Most emails are unencrypted. And indeed, in the medical profession, they were widespread. Nothing can protect from the sender putting in the wrong number or email address. I’ve received some seriously sensitive emails not meant for me because the people made typos and the recipients had the same family name as me (not sure how the email server decided it was close enough and delivered them to me).
I’ve also read for some businesses, it was critical to get an instant receipt that the fax has been properly received.
Now, I’m not defending using obsolete fax machines, it just had one advantage over email but today there are much better alternatives and dedicated platforms.
No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.
Fax on the other hand is never encrypted and also not signed, so there is no integrity protection. Fax is far, far less secure than even standard email. Businesses require fax often for legal reasons because laws are written by people with no technical understanding not because of any technical reason.
This is true AND untrue at the same time! It’s true that most e-mail providers will talk to other e-mail providers with TLS, but it’s trivial to downgrade the connection in most circumstances. If you can man-in-the-middle e-mail servers you can just say “hey, I’m the e-mail provider you’re trying to talk to, I don’t support TLS, talk to me in plain text!” and the senders will probably oblige. There’s a few standards to try to address this problem, like DANE (which actually solves the problem, but is unsupported by all large e-mail providers), and mta-sts which is a much weaker standard (but supported by gmail and outlook). In practice there’s a good chance that your e-mail is reasonably well secured, but it’s absolutely not a guarantee.
That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not. I highly doubt the “in most circumstances” line, my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all. If not for their users’s privacy, then at least to combat spam.