analogpixel parent
weird, I have never been pwned via email which has been updated 0 times in the last 20 years. I guess Signal is just so poorly made it needs to be constantly re-written every 2 weeks.
Email has been updated many times in the last 20 years. All of the major sender authentication protocols (SPF, DKIM, DMARC) were created and deployed over the last 20 years. Email is also famously insecure and lacking a standard way of managing encryption - so the reason you never see updates is because the features signal is changing do not exist in email at all.
SPF, DKIM, DMARC are all about server reputation. They don't count as any sort of update to email and don't affect the protocol. These days regular non E2EE email is as secure as any other messaging protocol that relies on trusted servers. Since it is federated over multiple servers it is better than systems with just one server. You can choose who to trust and can even host it yourself.
Compare with Signal where there is only one allowed server entity and hardly anyone verifies identities making man in the middle attacks trivial.
Any reference to the trivial mitm attacks which signal has suffered?
This is mostly about the usability issues that make such attacks work so well on Signal:
https://www.ndss-symposium.org/wp-content/uploads/2018/03/09...
This adds some detail about how Signal can do MITM attacks:
https://sequoia-pgp.org/blog/2021/06/28/202106-hey-signal-gr...
Some of the details might of changed since publication. My current understanding is that Signal doesn't even bring up the idea of identity verification if a user has not previously done it. So if anything, things have gotten worse.