Here is a privacy thing that seems strange to me.

I buy something from an online store. The connection is https. Secure server. We protect your privacy, says the website. Great!

Once I've placed my order, they send complete details of my order to me by regular email. Unencrypted. The confirmation email includes my name, address, payment method, and the list of what I bought.

How is that protecting my privacy, ffs? And there is no way to opt out of this.

#privacy #shopping #onlineshopping


@skiring You are comparing apples to oranges.

HTTP with TLS encryption is HTTPS. Similarly, email can also use TLS encryption. Most email providers provide support for it. Most free software for email used for self-hosting also has support for TLS encryption of emails.

TLS encryption is only encryption in transit. At your end and at the e-commerce website's end the data is not encrypted.

PGP (pretty good privacy) on the other hand does end-to-end encryption. (1/2)

@skiring (2/2) This means that your data is encrypted in transit and at rest. It can only be decrypted using the corresponding PGP key.

HTTPS may be a guarantee of security (well, not really, not always) and privacy from people trying to snoop the traffic, but it is no indication of how the transaction data may be used. Your data could be sold to third-parties by the e-commerce company, the email provider, the credit-card company, the ISP or anybody else who can.

@njoseph @skiring

I haven't seen any clearnet ecommerce sites offering to PGP encrypt their emails to you though.
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!