From 40335b9e3d7257bb33886e67b17d069f8c6bb036 Mon Sep 17 00:00:00 2001
From: Jonah Aragon <jonah@triplebit.net>
Date: Sat, 30 Nov 2019 13:06:56 -0600
Subject: [PATCH] Add security warning to email lists (#1543)

---
 pages/providers/email.html | 9 +++++++++
 pages/software/email.html  | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/pages/providers/email.html b/pages/providers/email.html
index 5c8d1577..ff4aac33 100644
--- a/pages/providers/email.html
+++ b/pages/providers/email.html
@@ -5,4 +5,13 @@ title: "Best Secure Email Providers for Privacy"
 description: "Find a secure email provider that will keep your privacy in mind. Don't settle for ad-supported platforms. Never trust any company with your privacy, always encrypt."
 ---
 
+<div class="card border-danger">
+  <div class="card-header text-danger"><i class="fas fa-exclamation-circle fa-fw"></i> Warning</div>
+  <div class="card-body">
+    <p class="card-text text-danger">Even when using end-to-end encryption technology like GPG, email is inherently insecure and should not be trusted for sensitive communications. Metadata is always communicated in plaintext, and even when encryption is used correctly it is very easy for either party to acidentally respond to or forward a previously encrypted message in plaintext in many clients. GPG also does not easily support modern crypto functionality such as key rotation and forward secrecy.</p>
+    <p class="card-text text-secondary">We recommend the following email providers for routine notifications and messages from other services that require an email address. For communications that <strong>need</strong> to be safe and secure, you should use a dedicated instant messaging tool, such as Signal.</p>
+    <a href="/software/real-time-communication/" class="btn btn-outline-secondary">Recommended Instant Messengers</a>
+  </div>
+</div>
+
 {% include sections/email-providers.html %}
diff --git a/pages/software/email.html b/pages/software/email.html
index 1c9d9921..147ad114 100644
--- a/pages/software/email.html
+++ b/pages/software/email.html
@@ -5,6 +5,15 @@ title: "Email Clients"
 description: "Discover free, open-source, and secure email clients, along with some email alternatives you may not have considered."
 ---
 
+<div class="card border-danger">
+  <div class="card-header text-danger"><i class="fas fa-exclamation-circle fa-fw"></i> Warning</div>
+  <div class="card-body">
+    <p class="card-text text-danger">Even when using end-to-end encryption technology like GPG, email is inherently insecure and should not be trusted for sensitive communications. Metadata is always communicated in plaintext, and even when encryption is used correctly it is very easy for either party to acidentally respond to or forward a previously encrypted message in plaintext in many clients. GPG also does not easily support modern crypto functionality such as key rotation and forward secrecy.</p>
+    <p class="card-text text-secondary">We recommend the following email providers for routine notifications and messages from other services that require an email address. For communications that <strong>need</strong> to be safe and secure, you should use a dedicated instant messaging tool, such as Signal.</p>
+    <a href="/software/real-time-communication/" class="btn btn-outline-secondary">Recommended Instant Messengers</a>
+  </div>
+</div>
+
 {% include sections/email-clients.html %}
 
 {% include sections/email-alternatives.html %}