Exactly. This fuzzy thinking in security is really frustrating me with the supposed security experts talking in this space. I was at Inbox Love a couple of weeks ago, listening to Ladar Levison talking about security, and he gave an example which conflated encryption with digital signatures, saying that the lack of encryption in his incoming email would allow people to send him executables which were unknown viruses.
I actually raised my hand and said "surely digital signatures confirming the sender are really what's needed" and he replied that if it was encrypted, the MITM wouldn't know what was being sent to modify it. For real. As if the attacker can't just replace the whole email with something else encrypted to your public key and containing a virus.
I lost a lot of respect for his security credentials in that moment, and I've lost a lot of respect for the EFF reading this posting. Not a _single_ mention of password theft, which is by far the highest risk to most users of having STARTTLS stripped. The ability for their email to be read over the backbone is bad, but the ability for hackers to get into their email and randomly delete or modify it is far more insidious.
(plus the ability to use the email account to trigger password resets on third party services and all sorts of other exciting stuff you can do once you own somebody's email account)
I actually raised my hand and said "surely digital signatures confirming the sender are really what's needed" and he replied that if it was encrypted, the MITM wouldn't know what was being sent to modify it. For real. As if the attacker can't just replace the whole email with something else encrypted to your public key and containing a virus.
I lost a lot of respect for his security credentials in that moment, and I've lost a lot of respect for the EFF reading this posting. Not a _single_ mention of password theft, which is by far the highest risk to most users of having STARTTLS stripped. The ability for their email to be read over the backbone is bad, but the ability for hackers to get into their email and randomly delete or modify it is far more insidious.
(plus the ability to use the email account to trigger password resets on third party services and all sorts of other exciting stuff you can do once you own somebody's email account)