1. If you are a citizen or a resident, you get an ID card to use for every public service. It's just a smart card with a government PKI.
2. The public services provide an email account that can only be used within the e-government services. The card is used for accessing those services.
3. The email service accepts either identity number or registry number of the recipient. So the recipient can be a legal entity.
4. You can and almost always do provide a forwarding address, so that you don't need to check.
5. You can't use it for other purposes. No RFC defined email address is shared with you. And it's just an internal system for official issues.
I've heard some countries issue mailboxes for citizens but I am not aware of the general use of these. Also, email services were designed to be decentralized but evolved into centralized systems, a current and unsolved problem. I am not sure about the privacy and security of government provided email services.
I still have a vague hope that the United States Postal Service could be "pivoted" into being a PKI provider and distribute physical tokens to citizens. They already have substantial procedures and infrastructure for verifying identity. There would be problems, to be sure, but I'd much rather get my ubiquitous PKI for citizens from the USPS than the banks or "tech giants".
I'd like to see the USPS expanded to become a public / municipal ISP of sorts.
If you read about the history of the institution, this is really what was intended in its constitutional incorporation. It really wasn't about physical mail per se, and you can't hold the founders accountable to something that was outside the realm of imagination at the time.
There's all sorts of information-structural things that are in the bounds of the USPS per the intent of its creation.
My main reservation with the USPS becoming an ISP lies in its investigative powers and long history of politically driven, unconstitutional use of its police force. Namely suppressing socialist newsletters, pornography, and the like.
I'm guessing most Americans do not realize that going back more than a decade, the USPS has scanned and stored imagery and metadata for every single piece of mail that passes through their automated sorting machines.
Look closely at the images they email you of mail coming into your mailbox and you'll notice that very often, the scans reveal the nature of the documents inside even without messing with contrast/levels.
That's a good point, and I share that concern to some extent. But in thinking about it I guess I'm of the impression this happens anyway with private ISPs and the government? Private courts, state privilege, etc. Maybe if it were through the USPS it would force some transparency as well due to it not being private.
Also, I would be concerned if all the private ISPs disappeared also. Ideally I'd like to see something like is the case with physical delivery, where you have the USPS, FexEx, UPS, DHL, etc. Having the USPS be an ISP of sorts would hopefully not kill private offerings, along the same lines. Especially so given that we're in a de facto monopoly situation at the level of specific geographic locations often now. Introducing competition where the market has failed to do so shouldn't be a problem, and if it is, there are larger issues.
If anything I could see this being selling point for private ISPs, "use us and don't worry about the government because we have everything locked down in X, Y, and Z manner."
They still can. A government doesn't have the need for first mover advantage because they have the power to make the official version. Also, the technology is very mature and best practices are better known. The userbase has been trained. And it's cheaper for them to do it now.
Though an official united states citizen email address has its own pitfalls for abuse, scams, and fraud.
> I still have a vague hope that the United States Postal Service could be "pivoted" into being a PKI provider
It’s going to be an uphill battle or impossible as PKIs are too obscure for the average citizen to understand the benefits and any whiff of a federal ID card will be treated like the mark of the communist coup beast.
I always discover how Estonia is really amazing for lots of technology things. AFAIK they are by quite a margin the most advanced country in Europe when in comes to egovernment services. Moreover my (admittedly outside) impression is that they often go for technologically sound solutions not the ones which some large lobby organisation pushed for. This is particularly remarkable considering how small the country is, and in stark contrast to the mess that is egovernment services in Germany the richest country in Europe.
Probably because they're so small they're overlooked by the salespeople and lobbyists from the big corps. I imagine that helps a lot. In the UK there are plenty of smart people in Government who can and would build things in a sensible way (and sometimes they do!), but there are also legions of smooth talking salespeople who usually bend the ministers' ears more easily.
The self developed UK government online services tend to be pretty good (sometimes very good!). It's the stuff they outsource to government contractors whose CEOs play golf with government ministers that are universally terrible.
This "playing golf with government minister" should be called out for what it is: a probable or possible bribe. It won't be money in a brown paper bag but the result will be the same. It's endemic. We like to think bribery and corruption happens to other countries but there's plenty of it in the UK: it's just higher up the totem pole and largely accepted.
Same thing in the US. I always laugh whenever I see a list of corrupt countries and the US isn't near the top. Codifying bribery into law as lobbying and superpacs doesn't make it not bribery.
That's because the US has a low amount of corruption on the positions that face the public.
It's also because most of those lists are ordered by a "perception index", that is the kind of bullshit that increases if your government does an awareness program and if corruption fighting gets on the news.
Agreed, though I've always had this thought: How do we know it's not money in a brown paper bag/briefcase. I mean, could they not transfer physical money as easily as they transfer words and secret deals. Golf courses are huge, golf carts can have large compartments and be loaded up directly from a car. I know the thought is, "well why would they do that, surely there's an easier alternative", but my point is that it's not would, it's could.
> How do we know it's not money in a brown paper bag/briefcase
One of the problems is that some of these checks can only be performed much later.
The most common currency of choice, for modern bribes, is the promise of a fat gig in the private sector when the political career ends. As the public demands younger and younger political classes, with lower and lower salaries, while maintaining an appetite for career-ending scandals and relatively short terms in office, it's inevitable that individuals will tend towards ensuring their future survival. Such promises need no paper trail, are trivial to keep, and are effectively invisible for years. When they're realized, it's typically too late to do anything about the original source of corruption, and the new guys in power have no incentive to cut that income source for them; in fact, they now know it works and are more likely to tap it for themselves.
> As the public demands younger and younger political classes, with lower and lower salaries
Looking into the US senate, I fail to see that trend. In the last presidential election, both candidates were older than my grandparents.
Even in my country, seeing a really young person in a political position is very rare. They exist (if you define "young" as under 40), but they are rare. I don't think age worries are a factor at all.
In the US there's a huge disconnect between national and local political positions; the national politicians are largely 80 years old and have enough muscle from their party structure and the media to be essentially scandal-proof. The voters don't like that but can't really fix it; local politicians, who are younger, see the big-time corruption in Washington and assume that's how things get done, and all of a sudden you have things like a majority of Cincinnati city council being investigated by the FBI.
You're not paying attention to the salaries part, though.
Look at the pay for members of the House and Senate, in real dollars, over the last 50 years. Also pay attention to how much stupid noise there is about how members of Congress are supposedly overpaid. The pay for all US Senators combined (under $18M) is less than half of what LeBron James makes (over $41M) in salary alone in a year.
That's not a very informative comparison. LeBron James is a outlier's outlier in a sector that already has exceptional pay. Senators' salaries would more usefully be compared to the (upper) middle-class white-collar workforce that they would most likely occupy if they weren't in office.
I don't see how you can compare being a senator to being a middle manager at some bank. The problem is that the banker faces huge consequences if they do something stupid to earn a little money by abusing their position and the upside isn't even that big. By comparison, senators have the opportunity to earn literally millions by doing things that aren't even technically illegal, like being given a wink-and-nod promise of a revolving door-style highly paid position in industry, "insider" trading that for some reason just doesn't count, etc.
But until relatively recently (2018 perhaps?) Congress was legally allowed to profit with insider trading (probably due to Article I, section 6, paragraph 1 of the Constitution).
My outlook is European. In the US the political career is indeed longer, because there are effectively more levels (EU Parliament and Commission are still largely considered a step down from national-level politics, silly as it might sound). But the selectiveness (only two senators per state, often lasting decades) makes it similarly treacherous at the mid-level.
> They exist (if you define "young" as under 40)
In political terms, at the (European) national level, "young" is typically under 50, and "old" is over 70. Acquiring reputation and solid power base takes time.
Looking at the UK: Tony Blair was considered very young when he became PM at 44; Thatcher was 53, Major 57, Brown 56, and most of their predecessors were much older. Cameron was 43 but again May was 59 and Johnson 55. Backbenchers will typically enter Parliament around 35-40.
In Italy you can basically add 10 to all those numbers; the current PM (or PdCM, for the purists) is 73.
Senators are old but many of their staffers are young, underpaid, and, through their job, well-connected to industry. Perfect recipe for a revolving door.
And I guess my counterpoint is that could is a very very large potentially unusably large category of possible actions, and would is a much more tightly controlled set of realized actions we believe might happen again.
But then would has the potential of misdirection. Your believed set of would's might be entirely separate from the realized would's of the individual. Could is wider but has less room for interpretation or propagandizing. Exactly my point in the above post: why wouldn't they be able to transfer money. My set of would's include those deliberate obvious actions, especially if all kinds of other things happen on golf courses. Anyways, I'm rambling, have a nice day. :)
If I'm Fujitsu or Accenture and I lose $BigCountryContract, it's a Big Deal and somebody is not going to get his fat bonus. If I lose Estonia, "Whatever, it was pennies anyway". Smaller orgs also don't have the sort of complex bespoke requirements that allow consulting firms to really entrench themselves.
Yep, we already have the most resilient, decentralized and safe public key infrastructure in place working in the real world for more than a decade now ;)
Good for our neighbors (And Hi!). Latvia is also advanced in regards to eservices
:)
We also get state issued ID card with PKI. We can access tons of services. Last I read I can buy a house, fully remotely. Including notary services via video call + all parties need to sign stuff with our ID card.
We get health results via email as an encrypted pdf, where password is given at the time when I submit samples.
Many business also use ID card to sign contracts between parties.
Bank transactions involve Smart-ID, 2FA app that I have to authorize via ID card for remote setup for any new device. (It involves generating new certificates) Smart-ID is developed by Estonia and is very convenient, secure way to authorize payments.
As of communication, no state issued email. However we usually get email notifications, for example from state tax service, that we should log in and read whatever we have to.
The application allows Latvian ID card to be used in the Settings tab. So I learnt that it's applicable to your country too. I recently moved to Tallinn and just became a resident. The thing is they are capable of doing lots of things. And still, there are many things that can be improved.
Estonia is the founding member of the NATO Cooperative Cyber Defence Centre of Excellence... they've been at the forefront for a long time. https://ccdcoe.org/
Their development of IT public infrastructure is a bit more complex. The first thing was the political situation in the 90's during the transition. As they wanted to go as far away from communism as possible, they sliced away all the political tradition and old politicians. A lot of young people got a chance in politics and public policy making. They somehow understood that investing in technology is the way to go.
But the real starter was the Progertiger program, which brought computers to public schools. By 1999, almost all the schools were connected to the internet (about 98% of them and you have to understand that Estonia has a lot of countryside and forrests).
I haven't seen the code nor read about it. But I'll have a look at it after this comment. Thanks.
The e-vote thing seems like an issue of reputation now. I don't think any politician would dare to change this. It would be possible only if a huge campaign involving a foreign interference becomes successful among the voters.
Size of the country is also something to consider. Population of the whole Estonia is fewer than population of a single city in other country. Area of the Estonia is also minuscule.
What works for a tiny state isn't always appropriate for a big state.
Yep - Here in Finland, just over the bay in the north, the Estonian e-prescription system is often quoted as much leaner, meaner and more functional than our own borked attempt, at a fraction of the cost.
Not citizenship but residency, hence e-residency[1]. It actually means you can start a business here and pay your taxes here but you can be anywhere else in the world.
In Italy we have a worse version of what you described.
1. An ID card you can use to access some services (carta di identità digitale)
2. Another card you can use to access healthcare related services and some other services (carta nazionale servizi)
3. SPID: your digital ID to access yet some other services, and also some of the above services. It is not released by the government but by other authorized entities such as banks, the national mail service and others. You need to pay a small fee for the verification, and sometimes an annual fee. There are different SPID levels but no one actually knows the difference between them.
4. PEC (posta elettronica certificata): a digitally signed email box you can use to send/receive documents, invoices, etc. or simply messages. Those are legally attributed to you and you can use it to talk to government agencies instead of sending registered paper mail. As SPID it is issued by an authorized third party.
We also have some smartphone apps that work as a combination of the above, and need some of the above to work.
As you can see it is a mess, a waste of tax money and we will need to waste more money in the future to make this mess work.
Nice :)
Edit: and by the way when you need something really important all the above are useless: you either need to start hopping from a public office to another (we have a lot of them) and/or go to a notary (a kind of medieval bureaucrat you pay a lot of money to sign and stamp sheets of paper)
In the Netherlands we do have an inbox from the government ("Berichteninbox" which is optional, the alternative is snailmail), it's coupled to the Digital ID system (DigiD), both are apps and webservices. You can use DigiD to access information on your pension, or healthcare insurance etc. The inbox can be (optionally) coupled to many government organizations and you receive information on taxes for example. I like the way it works, it works best if you have an Android or iOS system, but you can use it without (fully on the web).
Btw, a nice insight into email is also that it is one of the very few systems that decouples protocol from provider (Matrix and xmpp do that too, not widely adopted sadly) AND also has critical adoption (which Whatsapp also has in my country, sadly we are stuck with Meta there). We should never give up email because we will likely never get an open and free system like that back without some kind of government intervention. (Even though we all know email is a sub-optimal pile of hacks.)
Using Berichtenbox is a liability. Once you activate the thing, all sorts of (semi-)government communication goes there, but you can't forward it or download it via an open API. You have to use their smartphone app or webapp.
The notifications you can set up to a normal email address invariably only say that institution X sent you a message, but never specify the topic. That means you have to login to see if it is actually important and actionable or just something you already knew or a confirmation of something you submitted.
Even worse is this common scenario:
* Get notification that X sent something to Berichtenbox
* Login to Berichtenbox (first get mobile phone for required 2FA)
* Message says new information is available in X's web portal
* Login to X's web portal (mijn.somethingsomething.nl)
* Read totally pointless message that could even have been sent in plain email
Compare this to the postal flow:
* Get letter, read it
I think these days you can deactivate Berichtenbox and receive important information via post again, but this was not an option in the first year or so, so even experimenting with it was risky.
The Czech similar system (Datová Schránka) is similar and even worse:
* email notifications are unreliable
* messages are considered delivered a week after landing in your data box, regardless of you reading them
* old messages are automatically deleted after 90 days (!!!) unless you pay for an expensive and cumbersome archive addon service
Especially point number three makes the whole thing quite dangerous, not just liability - you might get an important message/request from the state while on long vacation/loose the notification and it will self erase - mission impossible style! And you will only find out when you re in trouble for not doing something important later...
Unless you plan to work with the data box daily and manually check the messages its really dangerous to use it.
Yeah, it does seem pretty bad indeed, especially for older or less tech inclined people. What would be a better solution? Perhaps Estonia's system. I guess many countries are starting their own experiments, in 10 years we may know what works well and what doesn't.
Importantly, though, that inbox is not an email inbox. This is what the process might look like (i.e. I've been through this):
1. You can an email in your regular email stating that there is a new message in your Berichteninbox. (No clickable link, presumably to avoid phishing.)
2. You go to mijn.overheid.nl to access your Berichteninbox. You sign in with DigID.
3. You open the mentioned message, which says a PDF with the actual letter is attached.
4. You open the PDF.
5. The PDF says you'll be able to file your tax returns a month from now.
Yes, that is the process, it's pretty involved indeed, biometric auth and apps opening other apps on mobile makes it bearable. But indeed, if you look at the number of successive actions in such a seemingly simple thing, it's quite a lot.
BTW, if said PDF contains an iDeal payment link, you can switch to yet another app (your banking app) and back (probably via website in between) and immediately pay things. Which is nice, but again watching over the shoulder of someone going through these actions it may seem that the phone is going crazy switching between apps :)
I can't rightly say that I am able to navigate the maze of standards and acronyms associated with smart cards, but the OpenSC tools on Linux have worked for me with a couple different smart cards (Nitrokey HSM and Taglio PIVKey). There are quirks. The Taglio PIVKey can't load certificates using OpenSC, but I've always generated the certificates on the device anyway.
Just because there is smart card software for Linux it doesn't mean it will work with $SOME_GOVERNMENT's interfaces.
Ofc in this case feldrim above pointed us to the mac/linux/etc downloads so the estonian government has actually heard there are other platforms besides Windows.
Presumably you'll be using it with a browser. I'm sorry that I didn't clarify that assumption in my first response.
I don't know about Estonia in particular but I'm guessing "$SOME_GOVERNMENT's interfaces" for most places is going to be HTTPS.
So, with that in mind, I've used a Nitrokey HSM and a Taglio PIVKey with Firefox on Linux using the OpenSC tools PKCS 11 module. I would suspect any smart card supported by OpenSC will work fine in Firefox.
From my reading, OpenSC is being distributed by the government of Estonia, so I suspect using it in a browser that supports PKCS 11 modules compatible with OpenSC on a Linux PC would work fine.
Yes, I use the eID software on Linux all the time. It is based on OpenSC and the main stuff in the browser is all standardised. OpenSC is loaded as a plugin to say Firefox, and most of the authentication is standard TLS client cert stuff.
The app is used for changing PINs and there's another one for signing documents.
A question about number 4. By forwarding address, do you mean to a real email address? Denmark has a similar solution, but it can only be accessed via the website or a mobile application. The idea is that the content will almost always contain person information, so it shouldn't be allowed to be transmitted via an unencrypted channel.
Side note: Denmark has a one time pad instead of a smartcard. A smart phone app has since been added, and the one time pad will be discontinued in about a year, sadly.
I have been in Estonia for a few months and get my TRP recently. It's new to me. But I heard that it's the same. It's just a notification probably. Yet, the term "forwarding address" makes me think it can be something else. I did not get any email from there yet, so I don't know actually.
The PKI thing includes a physical ID card, a software solution called Smart-ID and a mobile solutions called Mobile ID. The software solutions are just authenticator apps that you've matched with your ID.
> If you are a citizen or a resident, you get an ID card to use for every public service. It's just a smart card with a government PKI.
This is the biggest flaw in the design. Tying the ID card to a single identity.
If you're using it with a bank, it needs to be tied to your bank account. If you're using it for physical access control at your company's building, it needs to be tied to your employee account. These are different things, and should be different things, for security.
You don't want a single system for everything. It makes the incentive to break it stronger, so it gets broken more often. It makes the consequences of it getting broken larger, so the damage when it happens multiplies. And it gets integrated into everything, so the amount of time it takes to roll out fixes increases. It's a security nightmare, and it gets polynomially worse the bigger the country is that tries to do it that way. (For reference, the GDP of Estonia is less than one third the revenue of Costco.)
No, it's solid design. It's a very simple safe primitive. You can build endless infrastructure on top of it. Similar to subkeys.
For example a lot of businesses use Smart-ID on top of that. You need to tie the smartid stuff to your PKI identity. But after that you can just use that as identity.
The flaw right now is that you guys believe that all online identity needs to be decoupled from the online identity. There are a couple things you guys dismiss or don't think about:
1. Contrary to systems such as the German one this identity system actually has a working upgrade and revokation path. The German one was is assuming that it's safe by design and the identity being fixed. The German ID keys don't have a revokation system and they don't expire either.
2. The baltic system has expiry's on these private keys. They are authenticated against your physical government issued ID with background checks being done by the current existing police/interpol infrastructure.
These private keys are not isolated from your identity. You receive them from government institutions that use the exist physical identity infrastructure.
The problem with people here is that they want the digital identity to be completely self contained. I get that sentiment and I don't disagree with it, but it's a completely different goal from what is being solved here.
This solves - in a much better fashion - what a lot of "crypto" fanatics want governments to use.
> Contrary to systems such as the German one this identity system actually has a working upgrade and revokation path.
Systems without this are even more broken, but this is hardly the main problem.
The problem is that with a system like this, if you can compromise one person, you can compromise them totally. You compromise every part of their life that uses this system instead of just one when it's isolated from the others.
And if you can compromise that system itself, even temporarily, you can compromise everyone that comprehensively at once. Everyone's health records, stolen. Bank accounts drained. Trade secrets published or sold to foreign competitors.
Canceling their credentials after the fact doesn't undo all the damage.
> These private keys are not isolated from your identity. You receive them from government institutions that use the exist physical identity infrastructure.
In most cases this is a liability rather than an asset. It's only useful if you for some reason need to prove your physical government identity, e.g. so you can vote. But those few things can use the same process you use to bootstrap into this identity system to begin with.
If all you want to do is sign into a website or acquire a book or a contraceptive or travel, having that tied to your government identity is bad.
By public services, I meant the public services provided by the state. For instance, health insurance, family doctor application, taxes, etc.
Banks require your ID whether it's smart or not. But it's not for payment purposes but for authentication. And they are not state bodies, but private commercial entities. They are not part of the PKI ecosystem of the state.
> By public services, I meant the public services provided by the state. For instance, health insurance, family doctor application, taxes, etc.
It's not clear why any of these things should be tied together even when they're all provided by the government.
You may have to identify yourself to your employer for taxes, but why should they get the identity used for your healthcare when it isn't any of their business? All it does is create the potential for that to leak. Or vice versa. Your tax returns are none of the business of the doctor you asked out, so these things should not be tied together in any way.
And the only reason the bank wants your government identification is that they're required to by law. Otherwise banks would widely offer numbered accounts. Even then this should only require the identity used for taxes and not the one used for healthcare or military service or professional licensing, none of which is any business of the bank.
That still has the same issue mentioned in the article: it works fine inside an organization (the organization being, in this case, the whole country), but not between different organizations. For instance, how would I, a Brazilian, send a message to someone using that system?
But is it really email as we know it? It looks more like a private message system like you find in forums and social networks.
In France, we are not as advanced as Estonia when it comes to e-government services, but we have an official identification system called "France connect", and government services have private messaging systems to communicate with them. And I think many countries have similar systems. The only difference seems to be that it is better integrated in Estonia.
I could only wish the US had something like that. Very few Congresspeople could even succinctly describe email to you, let alone express the need for a system like this. And even if they could introduce a bill, Big Tech lobbyists would instantly swoop in and proclaim the idea as a threat to national democracy, and instead try to steer the legislator to just hosting entire thing on their platform instead. I fucking hate our federal government.
There are a few issues. First, Estonia is a small country and it's relatively easier. Second, there's no legacy solution to comply with when a new feature is developed. US has both federal and local government systems, and many agencies with their own services. That creates an overhead for a new and standard[1] solution.
Adding to that, even worse, each state are also implementing their own identity solutions. Take Service NSW which is an expensive front-end built on Salesforce, with its digital drivers license. Each platform has its own digital identity system, which is just waste of taxpayer money.
I really hope that we end up moving back towards supporting open protocols.
I was heartened (and a little surprised) that Jack Dorsey recently mentioned that the draconian control of the Twitter API was the worst thing Twitter had done [1].
The corporatisation of the Internet, has undone a lot of the great work that had traditionally underpinned the network.
It feels like the slow, laborious and fundamentally equitable nature of standards ratification in the open has been seen to be at odds with the OKRs of tech businesses.
Businesses that sell and work with natural resources are starting to wake up to the idea that a degree of cooperation and inter-market regulation with peer companies can positively impact individual performance. Sustaining business is even more fundamental than making profit.
In the same sense; open protocols can help to develop rich and sustainable markets that benefit the consumer; as well as those businesses that operate in within it.
It really is about incentives. When the government and universities were the primary agents influencing the internet, open protocols were favored I presume because they incentivized the decentralization that the internet was created for.
Now private corporations are the primary agents of change, and they are driven by very different incentives. When was the last time you heard of a company based around open protocols being valued at a billion dollars?
And the money involved is just too great. I don't see how anything is going to change.
And yet none of those corporations has displaced email, despite the fact that it has become a universal cyberattack channel, with a stagnant UX that doesn't address most real-world use cases for email!
I saw a need for a safer, better, decentralized protocol for email, so I drafted one (TMTP) and implemented client & server. More at:
> I saw a need for a safer, better, decentralized protocol for email, so I drafted one (TMTP) and implemented client & server.
We definitely do, and then we need big, heavy corporate advocates for this new protocol. That second part is the rub. I would argue that every company embraced email early only because proprietary formats that locked customers into a platform weren't yet a thing. Now that they are, it is so much harder to propose that we all "just get along" with shared protocols.
Your work looks very interesting and I applaud you for taking this on. I will take a look. I am not entirely pessimistic. Have you thought about building a company around it?
I have sketched a plan for a venture, for which I'd need co-founders (e.g. mobile app code & UX expertise) -- feel free to reach out via Twitter @mnmnotmail (link above).
Those big corporate advocates necessary for the success of a new email protocol are fortunately not the major email hosting players! See the mnm FAQ #2 for a plausible adoption path.
It feels like the slow, laborious and fundamentally equitable nature of standards ratification in the open has been seen to be at odds with the OKRs of tech businesses.
At the risk of sounding like I'm trivialising this comment (with which I completely agree), this difference in behaviours has as its root the difference between a long- vs short-term mindset.
I think the issue might be the huge amount of VC cash invested, and the need for such a player to have explosive growth to a huge valuation.
Open standards of federated systems could lead to slow sustainable growth with a spot for the original designers and pushers of the protocol. But open standards won't let you fully dominate the market, they don't allow you to leverage all the VC cash, and so they don't pay back on massive investment. Because quite a lot of the benefits are shared.
Moreover, slow growth can't compete with VC cash investment. The VC backed competition will have a better UX, more features, aggressive marketing, and in general be more developed. All because they can develop their product a lot faster because they have more money behind them.
I was heartened (and a little surprised) that Jack Dorsey recently mentioned that the draconian control of the Twitter API was the worst thing Twitter had done [1].
I wasn't, because he didn't do jack shit to change it. We hear this bullshit all the time; big actors sound off about what was wrong at their previous places, but rarely did they do anything to upset the apple cart.
I'd say (and I think this happens quite often, moreso in politics) it is at least possible you may be overestimating his power to do so, perhaps at least by the time he realized it?
Twitter wasn't his github repo, it was his gazillion dollar company that has to answer to a lot of stakeholders.
(That being said, no reason to not get on them about it.)
Email is our only reliable communication method between different organizations.
I'm still of the opinion there should be public-option internet services. Everyone deserves an e-mail address that cannot be taken away from them without a court order.
> Everyone deserves an e-mail address that cannot be taken away from them without a court order.
Not even a court order, arguably. Internet access and it's essential services like email, is arguably a human right in developed countries. Almost impossible to find employment without it.
I don't think email is the issue here but it is DNS. Email relies on DNS and unfortunately government and ISPs have too much control to take your domain or have it blocked.
Democratic governments having that power seems reasonable: they have to follow a legal process and seizing a domain is rare — if I was worried about government overreach I’d want, say, physical detention to be as fair a process as seizing a domain or bank account is.
ISPs can’t take your domain and blocking is quite rare - usually just active malware attacks - but that seems like an argument for regulating them as utilities because they’re a natural chokepoint and as such many people do not have the option of switching.
It is a bit technical, but that can be solved without involving the government. You just need the registrar and email providers to talk to each other with OAuth plus some DNS delegation protocol.
Interesting. So if you want to have some kind of legal protection over your domain, the best bet is buying a .cc domain (from the country you currently live in, I suppose) but no chance when buying a .com, .org domain, right?
also, (or: alternatively?) one that can't be/won't be blocked by the centralized services' spam filters. The biggest hurdle to running your own email server nowadays isn't the online time or the data volume or anything; it's that the existing institutions don't recognize you as part of the institutional club and block your messages...
btw, Germany did this a decade ago: giving everyone an email account with the national mail service, as an "official email." I honestly don't know anyone here who uses it.
> it's that the existing institutions don't recognize you as part of the institutional club and block your messages...
How common is this if you’ve setup DKIM, SPF, etc.? I’ve only heard about problems in that context where someone hadn’t done the basics or was trying to send from shared IPs and hit some spammer’s past reputation.
Presumably it would be tied to an individual's identity which would make it easy to identify who was sending the email and fine them using existing anti-spam laws.
This was the idea behind the USPS originally, if you read records about it's founding. It wasn't intended to be about physical mail, but about "transmission of information" or something like that. It's actually kind of striking.
People already have accounts in national databases and there's a notification system using e-mail, sms and phone. Why not just manage the e-mail for them (and if they want - they can forward it to their private e-mail of choice).
Until they make it easy to bridge decentralized DNS queries with regular DNS even on mobile phones (without using a middleman) but apps that run and do this for users, then no web3 is not bringing decentralized email. Also, email providers would need to bridge decentralized DNS and it is in their interests not to. So Gmail, Outlook, etc which most companies have migrated to will not support it.
Define internet services, or do you mean email service?
There are many decisions that impact the usability and cost of the service. Some people need high volume sending or large mailbox storage. Do you punish people for sending spam? Do you filter spam, if so, how. Do people need public terminals to access the service? Etc.
I'm not saying it should be free. Quite the opposite. It should charge the user per-e-mail on an at-cost basis. It's a utility, not a hand-out. Think post office.
Do you punish people for sending spam?
Only by making them pay for every mail they send.
Do you filter spam, if so, how.
On the receiving end. A plugin system would let people choose to subscribe to updated blocklists and filtering rules, just like modern adblocking.
Do people need public terminals to access the service?
Same way it is now. The vast majority of people have their own smart devices, and for the ones who don't there's the public library.
> Quite the opposite. It should charge the user per-e-mail on an at-cost basis.
When you write “charge” do you mean money? When you say “at cost” do you mean at the cost of the sender, receiver, both?
If charge means money, isn’t money just a transaction cost inefficient method of proving stake? Maybe a new SMTP would ask the sending server to perform some work on behalf of the reciever in order for the recover to accept it.
In this case, you'd want the sending client to do some POW. Verified either by the sending server (to prevent it being blacklisted) or by the recipient (as a much wider anti-spam system).
I still would expect this breaks down from ASICS and generally the price not being high enough.
It also seems like it’d have unintended consequences due to resource differentials: a non-profit or freelancer with a newsletter would feel that harder than spammers using other people’s computers or simply getting commissions on the more profitable scams, similar to how cryptocurrency made ransomeware profitable enough that the attackers have more capacity than the defense at most small to medium-sized businesses.
Maybe this would work better in combination with PKI: allow me to give you a signed voucher OR you pay full price, allowing that price to be set high enough to actually deter spam. That wouldn’t help with businesses abusing your contact info for marketing, of course, but there’s never going to be one fix for this class of problems.
I think if people had to pay per email, email wouldn't have become as big as it is. Especially since in your scenario compromised credentials could incur financial losses. Turning it into a paid utility would cripple it.
For many people, email is synonymous with free digital communication. Ideally such an essential service should not discriminate against homeless people or people with disabilities.
In the sense that you shouldn't be required to know how to use them to be a full-fledged citizen. (Last I checked, a whopping 20% of citizens had trouble using them.) This involves stopping considering "digitalization" as a cost-cutting measure - and it never was to start with anyway, if one of the goals was to maintain the same quality of service - real human beings are just so much better at it.
while I agree with the idea of emails that can't be arbitrarily shutdown, SSN-xx-HERE@citizen.gov sounds like all kinds of awful. It will either be instantly unusable or require a gov approved SPAM filter, both of which are bad. It also seems like a good vector to force a backdoor on all comms.
I think the issue (as in the what) is that people should always be able to have a fallback option for sending and receiving email that's not at the whim of Google, MS et al.
SSN-xx-HERE@citizen.gov is a how, which may or may not be a good one. For one, here in France, the SSN isn't as important as it seems to be in the US, so its being public is probably less of an issue. This approach would still be bad for spam or whatever.
Another how could be by using the same kind of naming in use elsewhere, as in name.surname.213@citizen.gov. Except that not anyone would be able to randomly open an account. You'd have to go through some kind of agency that would check your ID. This would allow them to expose a way of changing (in case its overrun by spam) or unlocking (in case of lost password) your account safely.
We have a more or less similar thing in France with bank accounts: you have an "opposable right" (as in, undeniable) to have a basic bank account. Not sure if this is a French law or an EU directive, but I think the same could work for email.
The same right about basic bank account is active in Germany.
I have a few poor friends and it is amazing how important this right is.
We need the same with internet-access and communication in general.
edit to add I agree. the comment below is just how I think it would actually turn out.
---
Avoiding the SSN issue, I think this still comes down to either forcing 3rd parties to host email accounts or gov hosting said email accounts. The former leads to "free" but not free email (like TurboTax) with the former or an outright loss in privacy with the latter.
I get the privacy implications, but I'd say it may not be that big of an issue in practice, if we consider that these accounts would mainly (only?) serve to contact the government.
There's of course the price issue, but that's the case in both situations (3rd party and gov hosting). Of course, at least in France, the government isn't known for always making the best choices cost-wise...
Having a government approved spam filter would be better than letting an oligopoly of five companies decide what constitutes spam.
In fact, I can't think of a single market dominated by a handful of large companies hasnt been improved by the introduction of a government competitor.
There's a reason telcos lobby hard against community broadband and that financial institutions dial back the usuriousness of their fees when the post office offers bare bones accounts.
This would also require everyone to have an email client to handle their email address though. I believe this the reason most folks have a gmail/outlook account because it's easy to set up and operate, not just because it gives them a unique-ish address?
That's where right to disconnect and anti-spam measures come in. I'm in France, and i have the right to refuse my employer contacting me outside of work hours, and they pay me if i don't. And since robocall spam is illegal, i get ~1 call every 4-5 months at most, to sell me a different internet or electricity or mobile plan, and they're obligated to respect my refusal to be contacted thereafter ( and all do).
> And since robocall spam is illegal, i get ~1 call every 4-5 months at most, to sell me a different internet or electricity or mobile plan, and they're obligated to respect my refusal to be contacted thereafter ( and all do).
You are just lucky with your number. We get an average of 10 calls a day. Yes, in France. Stuff like Bloctel do not work, it isn't respected. I don't even know if fake caller numbers are now finally disallowed, it doesn't look so; anyway they were allowed for a long time.
Each time the government grants subsidies for whatever, it is immediately diverted by an enormous amount of companies which deal with the grey areas of the laws (laws concerning that subsidies and laws concerning solicitations), and if you have a residential number, you get spammed with commercial robot calls all the time (and then there are the 'empty' robot calls, too).
I think the issue is that since email is more and more required to interact with the Government services, they should also provide a usable alternative. Why have your citizens rely on random foreign services from which they may be cut off because a bot somewhere is having a bad day?
In France at least, many people (mostly the elderly) are having a hard time using computers and such. Some Government agencies have dedicated personnel to help them with filling in the forms and such on dedicated computers. It could probably be easier for them if they also provided email instead of relying on a third party provider. Grandma lost her password? No biggie. If she has her ID, we can reset it for her. Good luck getting any kind of support from Google / Yahoo in such a case.
Of course, I will explicitly say that I would be very much against such a service being compulsory for the people. I just think it should exist.
The post office ( La Poste) offer free emails, so there already is a non-foreign not-exactly-for-profit free email service out there. Plus all the ISPs also offer emails ( by default, you get an email with your plan, and on some ISPs you can't refuse it), but honestly that's just a terrible idea.
Price isn't the issue, the issue is that marginalised people can be denied service outright. E.g. if you don't have a phone you can't sign up for many of those services. If you have an unusual name you may be rejected. And if you have unpopular political views you may be kicked off.
Cost aside, a solution needs to be highly available. Third party services can not guarantee your email will be available for the duration of your lifespan.
There is also the issue of data stewardship, (democratic) governments can ensure independent reviews and be held accountable for security breaches and data misuse. They could also be held liable for losses incurred by service defects.
arbitrary account shutdown is a known issue with free email. losing your gmail account without explanation and with no recourse can be an awful situation for anyone, especially for vulnerable populations. This leaves the options of forcing private orgs to maintain email addresses or have a gov email for every citizen, both of which have significant drawbacks.
* interacting with the government online (I needed to provide an email address to update my driver's license and vehicle registration)
* opening a bank account
* renting an apartment
These are important things, so we might as well have some guaranteed way to access these services. Especially because you need an email to interact with a lot of government services.
I know that you do not need an email for some of the things you mentioned. I doubt you need an email for the rest.
I don't think the change we need to make here is "everyone should require email for everything, and therefore we need government subsidized emails for everyone." If anything, the change should be "email is not required", because it's not.
Furthermore, these are not rights but privileges:
> buying virtually anything online
> interacting with the government online (I needed to provide an email address to update my driver's license and vehicle registration)
> opening a bank account
> renting an apartment
I feel strongly the other things aren't rights either, but don't want to argue about it.
Would you like to tell me more about this society where having a roof over your head is not a right, but a privilege? More of a privilege than applying for a job?
But we also all need to eat and use a toilet to live. Those seem to be provided by the market to a reasonable degree. Email is also pretty cheap and there's at least some choice among providers, though of course far fewer that food types.
I don't think this is a fair comparison. You can replace a toilet, arguably upgrade to a better one with little to no disadvantage.
Taking away an email address someone has had and is their primary point of contact for years, possibly decades is irreplaceable. Being able to create a new one isn't equal to the old one.
Not sure about elsewhere in the world, but even regular mail isn't that painful in my country. Pay a nominal fee to Australia post and you can have all mail addressed to you forwarded from your old to new address for N months (or years).
The reason there are as many food types is that you pay for food, while most people (except corporations) don't pay for email. This makes it so investments in food production can be returned without waiting for network effect / vendor lock-in to reach a significant level.
Your toilet example actually proves the point. Generally, water and wastewater services are not private (I know there's exceptions and most are going terribly wrong). So yes everyone's ability to use a toilet is somewhat government guaranteed.
Yeah but the existence of toilets is mandated by code. The existence of email isn't regulated in any way. Requiring non-commercial (<-- which is doing a lot of work here) email addresses would cause a robust market to appear overnight.
In this day and age of censorship, I feel the same about web hosting. The American government should provide their citizens with a small space of hosting to share their thoughts.
I imagine getting your representatives to author and pass legislation for this (which will include raising money to pay for it) will be met with more opposition than you think. I think this because I don't think it serves the public interest :)
I do hope that web 3 brings a DNS service that can be bought once and owned forever that nobody can tear even from your cold dead hands. I'm not holding my breath though.
It had all sorts of nice properties, including some resilience against Sybil attacks.
The problem was that, even with the ability to "forget" unneeded blocks, the storage requirement was simply out of reach for the regular person. [2]
And because it's out of reach of the regular person, it will inevitably centralize around companies that do it for people. And we're back to where we started.
On the contrary, I'd say I haven't yet heard of a problem that web3 and blockchain can solve better than other technologies.
There are a lot of problems for which you can create solutions that involve web3 and blockchain but that doesn't mean that technology is necessary nor sufficient to solve those problems, nor that it is the best solution (or a good solution, at least).
Web3 and blockchain do solve a number of problems in the specific scenario that you want to collaborate within domains controlled by the blockchain with individuals you actively distrust, though. With the obvious caveats that you have to trust the blockchain itself (which both in PoS and PoW means trusting people with sufficient wealth to control large portions of the infrastructure) and that everything you want to do has to be within domains controlled by the blockchain (whether the actual problems within that domain benefit from this or not).
So in a sense the question becomes how much you are willing to sacrifice to be able to solve that class of problems instead of redefining the problem so it doesn't require a blockchain.
I always have this feeling that email is flawed and due for a complete overhaul or replacement - and then I think about it a little harder and I realize that it's actually really good at it's intended purpose.
Other than fiddling around the edges with security improvements, spam filtering, and a few other nice-to-haves, there's not really much that need improvement.
Some features of email that are nice:
- It's completely open standard
- I can host it myself if I want, or not.
- It is completely decentralized and roughly point-to-point, subject to email routers.
- Other than getting an email address, no other 'linkage' or prepwork with that person is required.
- My address is not tied to any other service, like a phone number. (in contrast to e.g. WhatsApp)
- It supports unsolicited communication from unsolicited sources (e.g. marketing)
- It's easy to ignore communication I don't care about. (e.g. marketing)
- Non-people are supported, like group emails/aliases (support@...)
- I can trivially attach files, subject to some practical constraints
- Email can be handled by the recipient in a wide variety of ways using different client mechanisms.
- I can front-end my email in a variety of ways, such as with a contact form.
Those are just the few I can think of off the top of my head. I'm sure there are others.
Indeed. While one can complain about this or that little detail, email is by far the best communications mechanism on (or off) the Internet.
The key part of course is that it is completely open and standardized. Nobody owns it. That is a lesson that we should learn, but is every time forgotten.
No proprietary walled garden can ever come close to the usefulness of email precisely because email is open and standard. With proprietary systems it is inevitable users are subject to the whim of the owner. Might not be able to get accounts, or be arbitrarily banned, or have the app only available on limited platforms, etc.
I've been using email since the late 80s and more importantly I've had the exact same email address since the mid 90s. It's been hosted by multiple providers and the last decade I've been hosting it myself. But always the same domain and address.
email, as ancient and flawed as it is, is a shining example of the Lindy effect in play - the future life expectancy of a technology or an idea is proportional to its current age.
> There are a huge variety of intra-organizational communication systems, to the point where pretty much every large enterprise provider seems to have one (Slack, Microsoft Teams, Discord, etc etc).
That's why I find Delta Chat piggybacking on Push-IMAP such an interesting concept: https://delta.chat
The only issue I've had in my limited use is that a Deltachat email triggers a notification on the desktop before it is moved to a Deltachat-specific folder. The solution is to configure Sieve filters to do this upon reception, but just saying that we've lost all 99% of potential users
I don’t think email is as decentralized and federated as it used to be.
In theory, email is a service that is simple enough for anyone to run themselves. Most Linux distros come with sendmail, so theoretically it should be as easy as reading the manual and exposing some ports. Spam is performed server side both at the origin and at the destination to mitigate bad actors, and because email is simple, there should be no shortage of clients to choose from.
In reality, 1/4 of all email users globally are on Gmail. Apple Mail is the most popular mail client followed by Outlook, then Gmail. SMTP and IMAP are theoretically simple, but the bellwether providers use APIs on top of these protocols that have added some functionality at the expense of restricting the proliferation of email clients. Many large companies that used to run their own email (through Exchange, Zimbra, etc) are moving to hosted Office 365 or Google Workspace. One major AWS-scale outage in Gmail or Azure will incite (and has caused) serious panic and disruption (which is great for SREs like me since we’ll continue to get paid serious money to keep all this stuff running while maintaining a healthy work-life balance, but I digress).
Furthermore, one doesn’t simply “stand up” their own email server unless they don’t care about landing in people’s spam folders.
Additionally, many companies outside of the US _do_ use WhatsApp (Facebook) for official communication. I’d posit that this trend is only accelerating.
I agree that email is fundamental technology, but I can see a future where it disappears in favor of something like federated Slack (or, worse, instant messaging centralized and controlled by the FAANG cabal with insurmountable cost-of-entry). Given the suppression of “free speech” on Twitter et al during peak COVID/peak insurrection (for valid reasons), this is slightly worrying.
The thing is, you can have your email address(es) under your own domain, and change mail hosting providers while keeping your email address(es). It's true that too few people are doing that.
Apart from that, email is not going anywhere (not going away) anytime soon as the standard medium for B2B communication. And in B2C communication as well, an email address is the one baseline you can count on everyone having. I don't see that being replaced by anything proprietary either.
Email's federation is an escape hatch. It's presence means that I can go to any provider I want to if I'm dissatisfied with my current provider. I can even run my own as a last resort. (Or first resort if that's your preferred mode of operation). Until that escape hatch disappears, which is unlikely, I will always have choice of providers.
I don't have whatsapp, or discord for that matter. I have slack for work but I don't use it externally. I will probably never have those systems for my personal communication which means that if a company wants to communicate to me they are going to have to use email, full stop. I think there is a large barrier to email ever going away. Removing it from the market would require coordination that most companies and providers will probably never want to engage in. It's a lowest common denominator that all of them will want to support to avoid their users getting silo'd into a system that is not theirs.
The biggest blunder for me is that there were usable decentralized communication options before that were popular, but because of trying to monetize user's data FAANG started to tighten their grip on any decentralized solution, and I think they succeeded. They are already trying do to email the same thing they did to XMPP and RSS.
It's objectively awful... But when you step back a tiny bit, that doesn't matter. What matters is the inter-organizational community it achieved. If these organizations wanted to continue, they could come up with a negotiation technique like in http - both ends can use whatever fancy thing they both support, but fall back unto riding dinosaurs if that's the only thing that works.
I often swing between longing for a federated protocol that can be managed by technical people and used by everyone, like XMPP, and something more P2P to reduce centralization and allow everyone to instantly "open an account" with no need for technical skills, but that still needs some kind of relays for asynchronous communication, like ssb. None are technically perfect (although I really like the simplicity and extensibility of XMPP) but in the end what matters is not that: it's about how the protocols are used, how they allow all of us to communicate, how they give more power to those who aren't already using the internet to exchange information. And that is not a technical problem
They are "great" from the perspective that the non-tech-savvy user somehow can get into using these. This did not work for XMPP (they need to learn that they need to pick a provider and a client; then they need to deal with entering the credentials into the client; then they need to solve problems like history synchronization and access from multiple devices; and finally voice/video/filesharing over XMPP is a disaster).
I agree onboarding can be a hurdle (for any decentralized network). These days many XMPP clients support invitations which make the process much easier (see https://blog.prosody.im/great-invitations/ ).
This easy onboarding is a fundamental part of Snikket - allowing you to bring groups of people onto XMPP by just sharing a link with them.
That's only because running TCP/IP over a 1200 bits per seconds connection was close to impossible, but Fidonet had > 40 thousands nodes connect by 1990, so decentralization was already a thing back then.
When modems became fast enough to handle a TCP/IP connection it was ~1994 and by then Internet was already (relatively) cheap and available.
E-Mail is one of the last remaining federated systems on the Internet, but I doubt it will survive long as the large players slowly sabotage it. I think already more than 90 % of all e-mails are delivered by three or four large companies, which is a trend that will continue.
But HTTP is client/server whereas e-mail is server/server (or client/server/server/client). Small independent server operators are at the mercy of the large companies as those can just stop processing their e-mails (which they already often do). That's different for HTTP (though gatekeeping happens there too via discoverability and other mechanisms).
Both HTTP and SMTP are client/server because you cannot read SMTP without a "client"... The crucial part of these protocols are simple text that use DNS for distributing the connecting.
HTTP can be used for server to server too... and I recommend it.
So to repeat you need to implement HTTP, SMTP and DNS in you server software so that you can self host all 3 on your own hardware.
This means asking your fiber ISP to open all ports (25, 53, 80) and give you a static IP!
DNS is centralized for now... but eventually it wont be.
I'm not saying you can't do it, I'm saying it won't help you because nobody will want to "play" with you. Open protocols mean nothing if the playing field is not level and the big guys can just bully around smaller players in whichever way they wont. That's not a problem that can be solved by technology (IMHO).
I have my own domains and people play with me all the time?
The big players are going to get pretty mean when electricity costs rise.
So the playing field will level by itself.
I use Raspberry 2/4 in my home cloud that I can keep powered through a 48 hour power failure.
There is no economic power, there is only energy (coal, oil and gas that is turned into electricity (the grid, wind, solar and hydro requires hydrocarbons to make/sustain)); the way to compete is to lower your energy costs by making better systems.
A lot of businesses host their own email, if not on Linux then using Microsoft Exchange (see e.g. [1]). While that is being somewhat decreased by the cloud trend, I don't see it going away, as those businesses generally like keeping their independence.
> As j. b. crawford notes, the prospect for another federated, Internet wide communication system seem very remote at this point in time, so email is it.
I really don’t think this is true, and is defeatist at best. SIP and XMPP both had a good shot at creating a federated Internet-wide communication system, and we are doing our best to build one with Matrix or die trying.
It is clear to me at least that we are stuck with at least 2 problems here. I have wondered if you could at least generalize the two modes in a way that would allow you to have one client and let the user decide.
Both Matrix and XMPP can be used as instant messengers and asynchronous long-form messengers. They both have asynchronous encryption, and have had it for years now.
Nothing. XMPP has an active community, mature servers for every kind of deployment, and many clients under active development for a range of platforms.
My personal focus within the community these days is with improving the ecosystem UX through initiatives like https://docs.modernxmpp.org/
Microsoft is chipping away at this by getting governments on to Outlook 365 on the basis that if all departments use it it'll be secure between them and can gain Top Secret certification.
The ability to send messages is perhaps the less interesting role of email. I think maybe the real value comes from providing globally unique, federated identities. It's not perfect, but it's pretty dang good.
If for no other reason, this is why no closed system will never supplant email. Even the biggest walled gardens like GOOG and FB bow to the power of email identities in the end, as the preferred (maybe even only) way to recover an account.
Email is a pile of garbage created with the same mentality of web and UN*X. This stupid shit in 2000 and 2020 still sends my IP address to the receiver for no reason so I have to use the web interface which removes it but then I can't control headers so I probably can't use PGP because some idiot wants to use that S/MIME shit (which was unsurprisingly broken due to the E-Fail bug). Coming up with a bunch of ad-hoc key-value pairs with keys you hope people will adhere to is not engineering. It's web shotting. When you do this it makes a sound of web being shot like *THWIP*.
Coming up with yet another way of encoding key-value pairs (or any type of serialization) is not engineering; you have not addressed the concrete problem in any way what so ever other than explaining what the syntax will be.
Like wtf is wrong with you people? How hard is it to call encrypt_message(your_message) and verify_message(their_message) without introducing RCE vulns? There is nothing hard about delimiting different entries in a list (for argv or whatever). This is pre-school stuff. The reason people omit it is becaues UN*X makes the path of least resistance to be insecure shit like system(), but even then it's still easy to work around it time after time if you are above the age of 12.
Federation is also a hare-brained concept. Why in the hell do I want my address to be qualified with some stupid string? Is this so I can make a group and LARP about firing missiles from mydomain.com to yourdomain.com? How is it possible that XMPP was created with the same idiotic concept once we already knew email was garbage? Federation is absolutely and thorougly pointless. The literal only reason it makes any sense is because if it was fully centralized, the service would just be dead once comapny #1 dies.
I'd suggest everyone setup a custom domain with SimpleLogin and start using aliases for every site. Also, use isync and goimapnotify to backup your email automatically. Then if Google or some other company shuts you out of your hosted email you can easily get back up on a new provider and not need to change your email address which almost every site you register on now requires.
Email is the last stand against millisecond invasiveness of tech in every living second of our lives.
The reason that large companies struggle or fail to implement systems like slack and teams is not because they are superior to email. Its because these huge corporation treat employees as faceless cogs in a machine. Email fails email delays email sucks everyone knows this and accepts it so it becomes the only way to take a break from the corporate pressure cooker.
I suspect in the future small companies that treat their employees as human and can use better tools effectively will eventually take over sufficient market shares to force large companies (they already are really) reevaluate the dispensibility of its workforce.
Another insane feature of WhatsApp (besides using phone number for an internet service) is that it only runs on Android and iOS (the web client is only some kind of "remote access" to the app, which requires the app to constantly run).
I actually run Android-x86 VM on a server because of WhatsApp, which I need for work. And it has some problems, for example to allow the browser to access the app, you need to scan a QR code - but I did not find a webcam emulator (think: v4l2-loopback on normal Linux) for Android or a way to emulate a webcam in VirtualBox or Qemu, so I need to copy the VM image to a computer with physical webcam, scan the code by pointing the webcam to the screen, and then copy it back to the server. WTF.
Or am I missing something? How do people without smartphones use WhatsApp (for communicating on a computer)?
Good points made in the article. Siloed services like Slack, etc. do have an advantage that you don’t get SPAM. I prefer E-mail and SMS person to person communication but there is the SPAM…
Most people in my family and closest friends prefer SMS, even texting large image and video files (not really what the protocol was designed for, right?). Anyway, I tend to use what my people use.
Let’s hope that email remains a “simple” protocol (envelopes are plaintext with some encoding, transmission is simple enough to do over Telnet) instead of something more complicated whose standards are drafted and maintained by the FAANG cabal.
I think I have used email once I can't even remember what it was for. But I think the story is more true for SMS. If SMS was taken down, nobody could use their money or social media.
Please HN, let email die. it is unsecurable (universal) in transit or storage (mta's) and because of its reliability and universal adoption a ton of security depends on it like a very rotten and rusted link in a chain even a small child can break. It is an almost 4 decade old tech where any security you find for it is purely opportunistic.
I am very concerned how people here are stating how good, simple and reliable it is. They are not wrong but so is IPv4 and the C language. Sentiment has no place in a building a secure and proper future technology.
I don’t get it. I was waiting for you to say “in favor of…” but you never got to that part. Let email die in favor of what? What is the viable alternative?
Not a single messaging app I’ve used comes close to email. And I can’t use one messaging app, I have to have 6! I would be way more willing to move on from email if a solid viable alternative came along. XMPP, for example, is still too ephemeral and barely anyone uses it.
I decided to delete all messaging apps except an email and an XMPP client (Internet Standards instead of proprietary protocols). 90% of my messages are to relatively few people (close friends or family members). For an acceptable messaging experience you just need to get those people on XMPP. The other 10% can still reach me via email or SMS.
I wish I could get people on XMPP, but I just accepted that, to communicate with my family, I need to use iMessage. I've had businesses try to get us to use their closed source communication thing and it just didn't work. Logging on to their weird thing every week or so to communicate with them and having to do any transactional communication manually just isn't really that great.
As far as XMPP for business, there are still things I really appreciate about email - threading/subjects to isolate different interactions being one. I would still love to be able to have it as a tool for bvb comms. Email is a very nice archival tool for both correspondence and documents. It's one of the few things in my life that is mostly organized and gives me easy access to things I need. Recently someone from a government agency said "you never sent x document" and I was able to go back in my email and say "yes I did on this date, I will send it to you again".
How can there be a replacement if we can't even acknowledge the problem. Did you see how many people disliked what I said? Should there be solutions awaiting people's recognition of the problem? I remember similar sentiment a decade ago when I was saying similar things about https.
Yes email is old and has lots of issues, it is still by a large margin the best we have. Name one protocol/program/service that comes anywhere close in its usefulness.
E-mail is grotesquely expensive to manage because of its weaknesses and its use as a vector of attack.
The best replacement solution is an organisational portal that people use to communicate with the organisation and upload/download documents. Some governments and banks have already been handling interactions with external entities and citizens/customers this way for years.
The upload and download tunnel is secure, the receiver can scan the uploaded information (detonate in a sandbox if necessary), and the sender can trust the messages and documents that are downloaded.
1. If you are a citizen or a resident, you get an ID card to use for every public service. It's just a smart card with a government PKI.
2. The public services provide an email account that can only be used within the e-government services. The card is used for accessing those services.
3. The email service accepts either identity number or registry number of the recipient. So the recipient can be a legal entity.
4. You can and almost always do provide a forwarding address, so that you don't need to check.
5. You can't use it for other purposes. No RFC defined email address is shared with you. And it's just an internal system for official issues.
I've heard some countries issue mailboxes for citizens but I am not aware of the general use of these. Also, email services were designed to be decentralized but evolved into centralized systems, a current and unsolved problem. I am not sure about the privacy and security of government provided email services.