this post was submitted on 18 Jul 2026
80 points (92.6% liked)

Technology

86442 readers
2942 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS
top 10 comments
sorted by: hot top controversial new old
[–] palordrolap@fedia.io 8 points 15 hours ago

Anything that isn't encrypted at the message level will be accessible in plaintext at some point on a mail provider's hardware.

Secure protocols only ensure that mail gets to the mail provider and leaves again without someone else reading the message on the wire. On the server, there is no such protection.

Take a look at any mail message's headers for Received. Any server that added a header, and maybe a few others besides, had full access to the plain text of the whole message.

A good provider might have encrypted volumes in case a server is stolen, but while those volumes are live, messages on there are effectively plain text.

This is an unavoidable fact.

For many years, I had access to hundreds if not thousands of customer mailboxes but neither I nor my colleagues had any need or desire to go snooping, and I expect we would have been sued out of existence had we done so, contracts or otherwise.

The closest I ever got was when trying to help a customer determine what was happening to messages being sent from a third party. I was able to confirm that messages from that third party were indeed landing in the mailbox (literally grepping for the From: header in newly arrived messages) and then confirming that the message had been collected by something outside our network.

Then we had to go through the usual customer-side troubleshooting, like other things that might be picking up the mail, junk mail collection systems, message rules and so on.

A few customers were uncomfortable as and when they realised we were able to see all their mail. They got an abridged version of the above and were told about the benefits of things like PGP or having their own mail server to reduce the chance for snooping.

[–] A_norny_mousse@piefed.zip 21 points 22 hours ago

it looked as if they (porovider) might have been reading the emails.

The IT manager exploded and confronted them. The response was chilling:

"I’m not saying we do - but we could. It’s in the contract. You should read the fine print, especially the unilateral amendment from two years ago.".

"Unilateral agreement" here means that they send you a message saying "We've updated our TOS" and if you don't reply otherwise, you agreed.

Horror story.

BTW:

All of this happened before the GDPR era, when certain practices could still slip through.

[–] solrize@lemmy.ml 5 points 20 hours ago

This is like those AI slop youtube channels where they make up stories about celebrities with a suspicious lack of details. Sorry this needs names and specifics.

[–] brsrklf@jlai.lu 11 points 1 day ago* (last edited 23 hours ago) (1 children)

Oh shit, was halfway through when they mentioned being in EU. Don't think it could happen (legally) in my country because we've got a privacy agency that's quite older than GDPR (and one of its precursors). But it's worrying.

[–] rmuk@feddit.uk 11 points 1 day ago

In the UK we had the Data Protection Act before GDPR, but it was so full of words like "reasonable" and "appropriate" and "balanced" that is was basically homeopathic; I wouldn't be at all surprised if this story was from the UK. I'm so glad GDPR got in before Brexit.

[–] Hund@feddit.nu 7 points 1 day ago* (last edited 1 day ago)

When shit like this happens it's your responsibility to call these shitheads out.

[–] MonkderVierte@lemmy.zip 5 points 1 day ago

So, rather, a horrifying legal system.

[–] Smaile@lemmy.ca 2 points 22 hours ago (1 children)

Company people don't give a shit about what they sign off on and make it other people's problem. His first mistake was assuming people carried enough to actually do their job and not Fuck over their own company.

[–] HobbitFoot@thelemmy.club 1 points 15 hours ago

Or they may not understand the implications of what they are agreeing to.

[–] Sims@lemmy.ml 1 points 1 day ago

..but but, free fighting for existence in 'markets' is great and gives prosperity and freedom for all ??!?

/s