> at best you're attempting to tunnel encrypted messaging over an unencrypted transport.
That covers pretty much all communication encryption: ultimately, encrypted data goes out over an unencrypted link.
> A protocol that leaks metadata, including some message content, at the envelope layer.
That is indeed the major problem I have with it.
> Hundreds of millions of users that primarily access messages through browser clients that can't meaningfully implement crypto.
The solution IMNSHO is to get off of the browser. Browsers are great for what they were designed for, but they're a terrible general-purpose computing platform.
> End user demands for things like search that can only be delivered efficiently at scale by databases of plaintext (most likely at centralized servers).
I think that one's home computers can probably handle the load of searching all of one's own data. If that's not the case, encrypted search protocols may be of use.
In general, though, your last point argues against any encryption or other user-privacy measure: if users are right when they demand centralised search, then encryption is a bad thing. I don't agree that encryption is a bad thing, thus I refuse to believe that users are right to demand centralised search.
> But: why bother? Email is just one of dozens of messaging systems available to Internet users.
It's the only decentralised one atop which a trustworthy system could be built. Signal, WhatsApp & Wire all have critical flaws which prevent their widespread use (Signal is centralised, tied to a phone number, leaks contact information to OWS; WhatsApp is centralised, owned by Facebook & default insecure; Wire looks appealing, but it too is centralised and controlled by a single company).
I tend to agree with your conclusion that email encryption is not worth the trouble; I disagree that it cannot be used securely.
>I think that one's home computers can probably handle the load of searching all of one's own data.
You seem to be implying that I have one computer at home. I mostly use the computer in my pocket, but sometimes I use "my" computer in "My office" at home. Sometimes I use "my wife's computer". Many people I know have a computer attached to their tv. I'm looking into putting a computer in my garage. Someday I'm likely to get a laptop or tablet computer for travel (I've had these in the past).
We need to get off the mindset of one computer per person - it was never really true, but for the average person today it is less true.
Ideally we might have one server per person. There's no reason, really, why I shouldn't be able to run my webmail, media store, calendar, lightly-trafficked blog, etc. from an RPi sitting at home and just use them wherever I like.
I used to do this with Owncloud, and Sandstorm has done some cool work in this field, though ISP's of course make it challenging. Also, it does raise the risk of everyone contributing to massive botnets.
That covers pretty much all communication encryption: ultimately, encrypted data goes out over an unencrypted link.
> A protocol that leaks metadata, including some message content, at the envelope layer.
That is indeed the major problem I have with it.
> Hundreds of millions of users that primarily access messages through browser clients that can't meaningfully implement crypto.
The solution IMNSHO is to get off of the browser. Browsers are great for what they were designed for, but they're a terrible general-purpose computing platform.
> End user demands for things like search that can only be delivered efficiently at scale by databases of plaintext (most likely at centralized servers).
I think that one's home computers can probably handle the load of searching all of one's own data. If that's not the case, encrypted search protocols may be of use.
In general, though, your last point argues against any encryption or other user-privacy measure: if users are right when they demand centralised search, then encryption is a bad thing. I don't agree that encryption is a bad thing, thus I refuse to believe that users are right to demand centralised search.
> But: why bother? Email is just one of dozens of messaging systems available to Internet users.
It's the only decentralised one atop which a trustworthy system could be built. Signal, WhatsApp & Wire all have critical flaws which prevent their widespread use (Signal is centralised, tied to a phone number, leaks contact information to OWS; WhatsApp is centralised, owned by Facebook & default insecure; Wire looks appealing, but it too is centralised and controlled by a single company).
I tend to agree with your conclusion that email encryption is not worth the trouble; I disagree that it cannot be used securely.