Why is privacy important?
There's a problem with digital communications today: too many people believe that privacy is dead. And a lot of them think the "death" of privacy will create a safer world. But privacy is not about hiding crimes, it is about controlling your personal information.
Splintermail's mission is to deliver privacy to every email user.
Email without Encryption
Let's pretend that you are a user of a certain popular company. We don't want to name names, so we will refer to this company as a Surveillance Company Hiding Malintent Under a Convenient Service (or "schmucs", for short). Now pretend that you received the following email at your shmucs.com account confirming an unfortunate medical condition:
Subject: Positive Diagnosis From: HerpesClinic <firstname.lastname@example.org> To: You <email@example.com> Date: Wed, 4 Jul 1984 12:00:00 Dear Human, We are writing in response to the tests you took last week in our clinic. We regret to inform you that you do have the herpes virus. Sincerely, Herpes Clinic
Oooh... I'm sorry to hear that.
Now even though you haven't committed a crime, you probably don't want just anybody to read that email. It's a private matter, right?
But the schmucs.com Terms of Service clearly states that they are going to read through your emails. So then later, when you show Mom something online, she starts to wonder why all the advertisements you receive (which are controlled by schmucs.com) are for herpes medications.
Well, good-bye, privacy. You should know that this sort of thing really does happen.
Email with Traditional Encryption
Let's suppose that the Herpes Clinic is very concerned about about your privacy, and they sent you an email using traditional GPG encryption. This is how it might look instead:
Subject: Positive Diagnosis From: HerpesClinic <firstname.lastname@example.org> To: You <email@example.com> Date: Wed, 4 Jul 1984 12:00:00 -----BEGIN PGP MESSAGE----- W5fBeCrIReltr7lL6ZwQkZbjzONeb0I4tK0yoSJ9p9SEpw jSGkIX0ByObHMSE+s53UDZSAudWYGYES7CcnQxoojQEI3P YgQXpeIlNy/0hEp7O+uUWNaWGCSwU5XUvW55Ne0N/xE7lk K8JK9Y5DfcxwT7qkf2OvfUlfIULqHSI+AecbZqX1jNrOx3 JmrAhcgQFgXmvH+uvRp1M8U5c6LjeL3JjDGxCZ+Hmm32ub -----END PGP MESSAGE-----
Phew, good thing nobody could possibly infer your condition from that email. Except, wait... traditional GPG encryption doesn't encrypt any of the email metadata, which is pretty damning in this case. Most people without herpes probably aren't communicating with the Herpes Clinic, and it in this case the subject line says as much as the entire message. In fact, it is common for the metadata of your communications to contain critically sensitive information. Metadata needs to be encrypted too!
Email with Splintermail Encryption
Now suppose that you received the same email to your Splintermail email account. This is how we would store your email:
-----BEGIN SPLINTERMAIL MESSAGE----- vSeqj5myntrvLR5/cJtH6CR8rwtI1ZNVn7waLx7x2SHhz hMK7w25TbVXVAPzDG1uEZWupoCe3G87s99pNP1ltyrgbh 8Sp3X8YJzhqp97n9PXRp94J1ItqT5rwJhSOdF9dEUGo3u eHHv+CiyzycS+6ENRLtnWvODHWQqMFQUQ2781qA+dbKRf qlvbY97Iz/MsjkBQdQ2frivbB8WvkGH3U80CL73ESRKiE 3PP5lWeXdTCutk2RM4UuRJaCTNiTauUalsEzm6kcob3r/ CfQiFEKvUK0o2Y2tsVrc5sg80VD09Zrm1PyG7mdklwsbB E1WrmQ0GLo+NUOFQb58dkf9ER9NunIB1gpvmyC5GXmdUu -----END SPLINTERMAIL MESSAGE-----
When everything is encrypted, there is nothing to analyze. Your private information stays private.