"Political language [...] is designed to make lies sound truthful and murder respectable, and to give an appearance of solidity to pure wind." - George Orwell
myRL.net
Home Services Downloads About
Posted on 2012-01-11 by IceBear

This article is a follow up to Germany's E-Pestbeef. I suggest reading that in case you haven't already.

I found a flyer for Deutsche Post AG's E-Postbrief in my mailbox the other day. I've found some of those there before but always tossed them immediately (with the rest of the advertisement crap I don't need). This time I actually went through it however. The idea was to have a laugh. Instead I ended up raging.

It is just ridiculous what claims they make in there. What upsets me the most is how they try to deceive normal people who have no clue about the matter into registering and using their "secure" system. I will comment on some quotes taken from the flyer. The original quotes are in German and I will include them in brackets after the translated quote. Let's take a look:

"Conventional emails are too insecure - you never know who else might be reading. Michael's solution: the E-Postbrief." ("Einfache E-Mails sind zu unsicher - da weiß man nie, wer alles mitliest. Michaels Lösung: der E-Postbrief.") - Aktuelles zum E-Postbrief 12/2011 page 8

So conventional emails are not as secure as the E-Postbrief. I beg to differ. First of all it depends on how you define "conventional email".

Let's say "conventional email" means unencrypted emails then I'd say conventional emails and E-Postbrief are pretty much on the same level. Yes, E-Postbrief uses encryption. But what encryption? We don't know. Who encrypted it? Not you.
Update: Actually this wasn't quite correct to prove my point. It's more like: Who decrypts it? Not you, they decrypt it for you on their system.
Meaning: a third party being not you nor the recipient knows how to decrypt the message. Insecure crap.

Let's say "conventional email" means an encrypted email with GPG/PGP. You created your key, the recipient created their key, there is no third party involved. The message has been encrypted with well known and proven security standards.

Which would you choose now? Of course they're not telling you that, though. This is exactly what makes me rage: they're telling people their system is secure and some who don't really know a lot about the matter will believe and trust them. However in reality their system is NOT secure at all. It's a freaking lie.

"Your documents are stored permanently and securely like in a giant safe at www.epost.de." ("Ihre Unterlagen sind bei www.epost.de wie in einem riesigen Safe dauerhaft und sicher abgelegt.") - Aktuelles zum E-Postbrief 12/2011 page 5

Yes, permanently alright. Since once you delete something it actually is not deleted. Securely, huh? Let's see...

"The high quality and security standard of the E-Postbrief platform is even approved and certified by TÜV." ("Der hohe Qualitäts- und Sicherheitsstandard der E-Postbrief-Plattform ist sogar vom TÜV bestätigt und zertifiziert.") - Aktuelles zum E-Postbrief 12/2011 page 5

This one actually makes me laugh and die a bit inside. Security certified by TÜV. Want to know software that has also been certified by TÜV?
Internet Explorer 8 and Internet Explorer 9 (OMFG, are those spaces in the URL?)
What a guarantee for security and quality! Trollolololol.

DON'T USE THIS SERVICE. I can't say it often enough. It is NOT secure, it is NOT private, it's all a big freaking lie.

Also have a look at this nice list of companies who apparently seem to be as incompetent as Deutsche Post AG (since they are all already using and supporting E-Postbrief).

At least they're maintaining a handy blacklist. Vote with your wallet.

Note: Due to copyright I'm not publishing the whole flyer on here. I have a copy however, in case you want to have a look at it, simply contact me.

Tagged: Deutsche PostE-PostbriefEavesdroppingEmailGPGGermanyPGPPrivacySecurityTÜV
Permalink: https://www.myrl.net/article/16
Static article: No content updates or changes will be made to this article without a clearly visible "Update" tag. Only grammatical as well as spelling errors may be edited without any further notice.
License: Creative Commons Attribution-NonCommercial 3.0 Unported
Dynamically generated
2019-05-25T07:29:15+00:00

1 unique sql queries
page executed in 378ms
load 0%

Served by dd6922
© myRL.net
PHPIDS LGPL PHPIDS Team
Font Awesome SIL OFL 1.1 Dave Gandy