mirror of
https://github.com/privacyguides/i18n.git
synced 2025-09-02 03:18:46 +00:00
53 lines
7.0 KiB
Markdown
53 lines
7.0 KiB
Markdown
---
|
|
meta_title: "Mengapa Surel Bukan Pilihan Terbaik untuk Privasi dan Keamanan - Privacy Guides"
|
|
title: Keamanan Surel
|
|
icon: material/email
|
|
description: Email is insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
|
|
---
|
|
|
|
Surel adalah bentuk komunikasi yang tidak aman secara bawaan. You can improve your email security with tools such as OpenPGP, which add end-to-end encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications.
|
|
|
|
Akibatnya, surel paling baik digunakan untuk menerima surel transaksional (pemberitahuan, surel verifikasi, pengaturan ulang kata sandi, dll.) dari layanan yang Anda daftarkan secara daring, bukan untuk berkomunikasi dengan orang lain.
|
|
|
|
## Ikhtisar Enkripsi Surel
|
|
|
|
Cara standar untuk menambahkan E2EE ke surel antara penyedia surel yang berbeda adalah dengan menggunakan OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](../encryption.md#gnu-privacy-guard) and [OpenPGP.js](https://openpgpjs.org).
|
|
|
|
Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. Inilah sebabnya mengapa kami merekomendasikan [instant messenger](../real-time-communication.md) yang menerapkan kerahasiaan ke depan melalui email untuk komunikasi orang-ke-orang bila memungkinkan.
|
|
|
|
There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates, and often a yearly payment is required). In some cases it is more usable than PGP because it has support in popular/mainstream email applications like Apple Mail, [Google Workplace](https://support.google.com/a/topic/9061730), and [Outlook](https://support.office.com/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). However, S/MIME does not solve the issue of lack of forward secrecy, and isn't particularly more secure than PGP.
|
|
|
|
## Apa itu standar Direktori Kunci Web?
|
|
|
|
The [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Klien surel yang mendukung WKD akan meminta server penerima untuk mendapatkan kunci berdasarkan nama domain alamat surel. Sebagai contoh, jika Anda mengirim surel ke `jonah@privacyguides.org`, klien surel Anda akan meminta `privacyguides.org` untuk mendapatkan kunci OpenPGP Jonah, dan jika `privacyguides.org` memiliki kunci untuk akun tersebut, pesan Anda akan dienkripsi secara otomatis.
|
|
|
|
Selain [klien surel yang kami rekomendasikan](../email-clients.md), yang mendukung WKD, beberapa penyedia surel berabasis web juga mendukung WKD. Apakah kunci *Anda* diterbitkan ke WKD untuk digunakan orang lain tergantung pada konfigurasi domain Anda. Jika Anda menggunakan [penyedia surel](../email.md#openpgp-compatible-services) yang mendukung WKD, seperti Proton Mail atau Mailbox.org, mereka dapat mempublikasikan kunci OpenPGP Anda ke domain mereka untuk Anda.
|
|
|
|
Jika Anda menggunakan domain khusus Anda sendiri, Anda perlu mengonfigurasikan WKD secara terpisah. Jika Anda mengontrol nama domain Anda, Anda bisa menyiapkan WKD terlepas dari apa pun penyedia surel Anda. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from the `keys.openpgp.org` server: Set a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then upload your key to [keys.openpgp.org](https://keys.openpgp.org). Sebagai alternatif, Anda dapat [meng-host sendiri WKD di server web Anda sendiri](https://wiki.gnupg.org/WKDHosting).
|
|
|
|
If you use a shared domain from a provider which doesn't support WKD, like `@gmail.com`, you won't be able to share your OpenPGP key with others via this method.
|
|
|
|
### Klien Email Apa yang Mendukung E2EE?
|
|
|
|
Penyedia email yang memungkinkan Anda menggunakan protokol akses standar seperti IMAP dan SMTP dapat digunakan dengan salah satu klien email [yang kami rekomendasikan](../email-clients.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](account-creation.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
|
|
|
|
### Bagaimana Cara Melindungi Kunci Pribadi Saya?
|
|
|
|
A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
|
|
|
|
It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
|
|
|
|
## Email Metadata Overview
|
|
|
|
Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message and includes some visible headers that you may have seen such as `To`, `From`, `Cc`, `Date`, and `Subject`. Ada juga sejumlah header tersembunyi yang disertakan oleh banyak klien dan penyedia email yang dapat mengungkapkan informasi tentang akun Anda.
|
|
|
|
Perangkat lunak klien dapat menggunakan metadata email untuk menunjukkan dari siapa pesan itu berasal dan jam berapa diterima. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent.
|
|
|
|
### Siapa yang Dapat Melihat Metadata Email?
|
|
|
|
Email metadata is protected from outside observers with [opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS), but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Terkadang server email juga akan menggunakan layanan pihak ketiga untuk melindungi dari spam, yang umumnya juga memiliki akses ke pesan Anda.
|
|
|
|
### Mengapa Metadata tidak bisa menjadi E2EE?
|
|
|
|
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into standard email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt some of this email metadata required for identifying the parties communicating. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, when you're emailing, etc.
|