The email monopolies annoy me the most when other apps assume you have gmail/apple/etc.
Notion recently launched email integration that only works with GMail, and all the marketing was basically "we added Email to Notion" instead of "we added _Gmail_ to Notion".
I ranted about this before, tailscale doesn't allow you to signup with your own username/password, they expect you to use google/facebook/microsoft accounts (or bring your own OIDC server, which is overkill if you are an individual user). As someone who got his google account blocked and got locked out of half of the internet, I can only warn anybody from ever using 3rd party logins.
Tailscale is heavily focused on authorization (authz; what you can do), and considers strict identity verification (authn) crucial to that goal. So they chose to delegate the latter problem to a party that's already solved it better than Tailscale could. This is reasonable and I'm with them.
But I do agree with you on your point; once you lose your Google account, you lose a lot more - including your personal TS network, which may include offsite devices, grandparents' PC, etc.
Unfortunately your TS account is also heavily tied to the chosen ID provider, I don't think you can change it at all (even if you go thru support). I would prefer to be able to link two IDs to a single TS account (e.g. Google and Apple), perhaps be able unlink the one I don't want anymore. I see a security concern in there (you either have a weak link, or you can't unlink an account you don't control anymore), but it would still be nice.
> I don't think you can change it at all (even if you go thru support)
I thought you could, but there's one exception (that I can't recall). If you signed up with that specific OIDC provider, you can't switch but you can with the other stock OIDC providers.
Have you seen headscale? It's a bit of work if you don't have a selfhosting setup but it enables you to use the service without being at the whim of Tailscale.
Ironically the reason headscale exists is at the whim of tailscale. Because tailscale allows headscale to use their client. If they revoked that ability, which they reserve the right to and could do at any time, headscale would be non viable as software for most use cases
More annoying than that is the email monopoly operators deciding any non-monopoly email is spam, effectively driving businesses into their corporate packages. As a business, you have no guarantee that if you run your email server or have a hosting company run it, you'll actually be reaching customers.
And worse, your customers blame you instead of the provider, forcing the switch even more. "I don't have any problems with other emails, it must be your fault."
It's frustrating because it sidelines everyone who made a conscious choice to use alternatives or self-host, and it normalizes the idea that Gmail = email
one thing: given that gmail is free includes forwarding and all-but-unlimited storage, I work around these limitations with a (free) new gmail account that I use for notion etc.
(this issue also affects Advanced Protection gmail users, who are often blocked from various integrations... the workaround is to create a gmail account for those and setup bi-directional filtering/forwarding...)
If they add Microsoft they will probably cover 99% of companies from small to medium - including practically every tech startup along with all the small creators and note taking influencers.
It is. But if a provider is not taking junk mail seriously, what is the alternative?
There is a limit to have much effort the receiving network can be expected put into filtering yahoo ham from the yahoo spam, and a limit to even how possible it is to reliably perform that filtering. Just expecting your users to put up with the influx of junk you can't filter (without too many false positives) and putting up with the processing load of attempts to filter it, are not valid options beyond a certain point. Yahoo knew they were a problem for some time before others started blocking mail from them en-mass and did nothing, or at least nothing useful, to fix it at their end despite warnings.
Also, “choice of email provider” is not a protected class in any jurisdiction that I know of.
As I see it, the problem is that the email address has been conflated with your identity, and that is extremely problematic. It should only ever have been a somewhat transient reachability identifier. As an identity it then gets linked to concepts like authorization and trust, eg "we'll send this code to your email, because we implicitly trust that only you can see your email, and that youll always be able to get to it."
Every so often one sees a cri de coeur from someone who has learned this lesson the hard way when Google locks them out of their account, the key to their digital life evaporates, there's nothing they can do about it.
Alternative identifiers exist, eg handles on sites like HN, but they are second-order artifacts of the email as ID.
Given the stakes, then, you have to decide whether to try and control your identity by bulding your own infra for email (domain, mail server, dkim etc and a fair bit of hell), paying for someone to run the infra (eg getting a proton or fastmail address), and hoping they dont enshittify or fail, or letting Google or Microsoft control it and hoping you dont fall foul of them. All these options have drawbacks.
Side musing follows: I dont know what the solution to identity is on the Internet. A very long time ago, X.509 certs issued by quasi government authorities was mooted as part of a international directory system. I can see a future authoritarian state falling in love with this idea again, esp with the resulting lack of anonymity,..but also the ability to "kill" people on the Internet simply by revoking their cert.
You don't need to reinvent the wheel to have a "somewhat safe email". Just own a personal domain and host it on migadu, mailcheap, mxroute, Zoho or any other provider.
I've ranted about this before, but setting up or migrating semi-selfhosted personal services like that is a lot of hassle, even if you're used to cosplaying as a sysadmin.
Migrating DNS providers is a pain - recently done it twice. Transfer itself is reasonable with most providers. Importing/exporting a BIND-formatted zone file is sometimes unheard of, as is setting custom TTL; you'll have to go through a stupid form. One provider tries to hold your hand so tightly it won't let you set CAA with iodef, only issue/issuewild.
Migrating email is a pain. Yes! You can just point your MX elsewhere, and that is brilliant. You still want to copy over all your email, and given IMAP has won, if you don't have a recent backup (who does back up their email?), losing your old account sucks.
Fixing up your email clients is also troublesome. You can't just CNAME smtp.yourdomain.com to smtp.example.com, because that's nuts, so changing providers from example.com to beispiel.de requires a couple more dances; provider docs also suck, and email clients usually fail a dozen times before you can find the right incantation. You could set up your own autodiscover, but that requires an HTTPS server.
Yes there are providers that sell a full package and do all the initial setup for you, but that's not the point of owning your domain.
Yeah, I sometimes do sysadmin stuff for fun. None of this is fun.
The lock-in does have the bonus that it's practically impossible for someone else to take over your email address. Forgetting to update your credit card for renewal, long term afk/coma, death etc. are all issues with having your own domain and I decided to move away from that model.
It's the other way around in my opinion. With your own domain you own your identity. By ceding it to someone else you risk losing it at a whim of some algorithm or bot or by forgetting password, or getting locked out for some other reason.
The problem is that you can't own a domain, you only lease it for a limited time. If you fail to pay the lease, you automatically lose it, and someone else can automatically get it, and there's nothing you can do about it. Domain names are worse than email providers from this point of view, since even if you lose your Gmail account, Google will typically not give it out to someone else, at least for some time.
Your point that phone numbers and mailing addresses work in much the same way is true - but I don't think these have ever been quite as directly tied to identity as email is on the web.
Traditionally, for anything that's even slightly important, either your physical presence ultimately acted as your identity, or significant legal liability protected the non-physical identity (that is, if a court sends an important letter to you at some address, someone else who moved in to that address faces significant legal penalties if they open that letter).
Not just email - today it's almost impossible to have a decent life without a (smart) phone and being tied-in through OTP verification.
All these things have become so essential that it's shocking that it's not regulated like a utility (or even as a right given their systemic imposition).
OTP verification can largely be worked around because so many sites still use SMS codes which a dumb phone can handle. Similarly, 2FA codes can be handled on a PC without requiring a smart phone. It adds hurdles but can be done.
Where it becomes challenging is situations where smart phones truly are required. When I attended college football games last fall, all tickets were e-tickets. You were required to present a QR code on your device or your ticket stored in Apple Wallet or Google Wallet. I ran into the same situation with my local theater's ticketing. You haven't lived until you've witnessed an audience with an average age of 70 try to figure out their tickets on their smartphones when they've never used them for that before nor had any notion that was even POSSIBLE.
I don't understand why client certificates aren't way more common as a second factor. They have existed forever, are available on all platforms, they are phishing resistant (unlike OTP, and don't get me started on SMS), browsers or OSs could generate them during setup, and you could enroll them seamlessly with one click. Instead we had to invent new things like passkeys which do essentially the same thing.
You can use client certificates even with IMAP and SMTP.
Client certs are great, but the UI for them is bad and browser vendors are making it worse, for example they killed <keygen> so you have to tell people to run OpenSSL commands in a terminal during signup.
> I don't understand why client certificates aren't way more common as a second factor.
I think there are some significant limitations to client certificates as a general-purpose 2FA mechanism.
Reusing the same certificate would make you trivially trackable across the web. You could create a unique certificate for every origin, but you need a way to permanently store the certificate. That becomes a problem if you want to secure them with hardware tokens where storage is limited. Yubikey 5 series can only store a handful of certificates.
Passkeys (i.e. resident FIDO2 keys) aren't intended to be a second factor, they're intended to be the only factor but they also require storage. Yubikey 5 can only store 25 resident keys, for example.
Non-resident FIDO2 keys (previously U2F) are what's traditionally used for 2FA. The hardware token derives key material from its master key and credential ID provided by the browser and the server, so it doesn't require any storage.
But can be easily stolen by malware (unless someone adds a client cert OS support? intriguing idea). But so can passkeys stored on the same device, so I don't know.
Long time ago browsers even had a widget to generate client certs natively! But it was removed, probably because of lack of use.
Okay, I know that and I agree, but I wasn't talking about PGP. Client certificates are much easier to use. They can be self-signed and the whole trust issue disappears.
Because certificates are too complex for non-techies. Most of my sysadmin and dev colleagues have no clue how they work. Most of them have have access to SECTIGO CERTIFICATE MANAGER, a web UI to sign and issue certificates. Yet, every time someone needs a certificate, I get a call and asked the same questions over and over again.
Now expect aunt Lottie to use certificates? Yeah, sure.
I've used several similar services, but usually you can print out the QR code and present that instead (yes, I know: you have to have a way of receiving and printing that, but you don't need to have a smart phone). This is also handy if you might run out of battery or network on your phone.
> Side musing follows: I dont know what the solution to identity is on the Internet.
I was fond of how Keybase brought to life [1] identity proofs (linking and validating your different online identities) in a very easy to use platform. Pity it went away; feels like a loss for the internet.
Right, but I want to validate my identity for cases where it is important to me. I also want to prevent others from assuming my identity in cases where it doesn't really matter (until it does). My identity here is not the same identity use on Reddit. At the same time being erroneously linked to someone else's posts on Reddit because they use this username could be a real problem. At he same time, I don't necessarily want my posts here to be linked to posts at Reddit or X or wherever. Rinse and repeat across thousands of web sites.
It's a problem with no easy solutions. In part, because no two users want exactly the same solution.
For example, I always use email login, never a phone number or Github or Facebag, and I barely have a presence on Google's panopticon, so never with my Google account. If a site demands it I just don't use it.
I also pay Fastmail to host my domain email, so that really helped get off Google. Yeah I gotta remember to renew every 10 years or whatever, plus $15/yr for fastmail; but what's the other option, I learn some SMTP package? No thanks.
If you don't want to link your email and your identity, you can use aliasing services like SimpleLogin. I have a separate email alias for every account, such as hackernews.ci72j@slmail.me, and only use my personal email for personal communications.
> paying for someone to run the infra (eg getting a proton or fastmail address), and hoping they dont enshittify or fail
I don’t experience them doing that. They’re email companies going strong. Maybe they get sold in some decades, and you move on. But I’ve had FastMail for one decade now, and it’s remained the same throughout. Including the minor UI bugs in their email client. But I’d much rather live with those than suddenly they’re also an AI company.
> For almost 15 years, I have run my own email server which I use for all of my non-work correspondence. I do so to keep autonomy, control, and privacy over my email and so that no big company has copies of all of my personal email. [...] A few years ago, I was surprised to find out that my friend [...] a very privacy conscious person who is [...] at the EFF — used Gmail.
Almost the exact same situation here, except my friend was once at an EFF-related organization.
I think a lot of things, like the tech industry turning into '80s Wall Street bros, wore down some of his on-principle determination. And when life got too busy, he gave up, and moved to GMail. I was very surprised to learn.
Another friend, who in school was one of those MIT student Linux hackers who had serious OPSEC as ordinary practice, once he had kids, and had to think about continuity of all the things he ran if something should happen to him, ended up moving home stuff to popular Apple and Google services.
I think in general treating email any other way than "everyone will eventually read your mail" makes no sense. Email communication, from forwarding to how people archive, to copy-pasting provides no security and is so brittle, just assume anything you write in an email is for public consumption. Reminds me of a post from a few years ago about encrypted mail as a security LARP (https://www.latacora.com/blog/2020/02/19/stop-using-encrypte...)
If you want secure messaging that nobody else will snoop on use an application dedicated to.. secure messaging. It's never what email was for and it's not how it's being used.
Exactly. Email is never an organized channel for communication. It only makes sense in the corporate world.
For users who don't pay for their personal email, email is nothing but a marketing channel and a very inefficient one at that. All the companies and corporations and people try to pretend to make email addresses look confidential and private. But the reality is they just see it as a way to spam you with ads and promotions and meaningless clickbait messages.
The idea of unsubscribing from emails from corporations and agencies is again just an act of pretense. 95% of the cases, it's not done in one click and involves a series of a few confusing steps. Even from a technology perspective, email is fucked and a legacy artifact as of today.
I would love to see a more secure protocol to replace it, where the recipient always has full control over all the messages that he can ever receive.
> For users who don't pay for their personal email, email is nothing but a marketing channel and a very inefficient one at that.
I have a paid personal email plan on my own domain name. (Mostly to get aliases and plus addresses). It is setup very well and filters spam very efficiently, compared to some 'corporate-standard' filters on other services. But I still have to use my gmail address because most individual contacts wouldn't see my mails otherwise since they are on gmail, hotmail, etc. And for many official websites, my email addresses are 'not valid email addresses'. Granted that my TLD .space isn't an official sounding one, but it's used by exactly two types of users - people who use it as their space, and people/organizations working on space tech. So I pay, but I'm still forced to watch them spam. Honestly, I believe that email is now a captured monopoly (cartelopoly?).
> I would love to see a more secure protocol to replace it, where the recipient always has full control over all the messages that he can ever receive.
I wholeheartedly agree. Email is an awesome idea. But its age is starting to show. We need something with security and encryption built-in, much fewer moving parts (Can we integrate MTA, MDA, WebUI, spam filters, DKIM, etc into just one?), option to opt out of rich formatting (the HTML and AMP junk), dynamic updates, etc and proper spam filtering, etc. We should also have a way to disincentivize or punish big players from rejecting valid emails. Perhaps it can use HTTPS to overcome those pesky corporate reverse proxies and firewalls.
But the idea of having a domain name as a namespace for users is still precious.
> 95% of the cases, it's not done in one click and involves a series of a few confusing steps.
My experience has been the complete opposite as someone who had to it recently. Only a handful made it more arduous than a single click. I was surprised.
The words probably get read somewhere on the way to the destination and in the future someone will probably unpin the pretty picture that has been decorating the notice board, turn it over and read what is on the other side.
Article is from 2014 where this was more of a valid concern. These days I don't think people send email for anything other than external communication with businesses. And only in western countries.
The only personal electronic communication I use are the only two widely deployed federated protocols: email and SMS. Everything else involves compromises to enter a walled garden that offers no value to me.
Is SMS federated though? Genuine question. As far as I know it requires manual each-to-each setup on MNO level thus very fragile when we talk about cross-border or even cross-operator messaging. It is nowhere near email in terms of federation.
Sure but you do understand that makes you the outlier these days, right?
Most people are on Facebook Messenger or Whatsapp or Signal or a dozen similar platforms. I try to use Signal for most communications but have friends and family that won't move to it, so I also use Whatsapp or plain SMS with them.
I mean, for normal people that is exactly how it’s being used. Your receipts for everything are automatically emailed with all kinds of private info for example. Nobody, and I mean nobody, is expecting those receipts to be public. And since all that is in your email you reasonably expect your other email to be private as well.
Email is auth now. People do not use email the way you are describing.
One of the biggest issues with the way the modern internet works is that it technically works the way GP describes but people believe it works the way you describe.
Even assuming all encryption is configured correctly at the endpoints so we can discount the risk of mid-transit interception and comprehension (do I assume CVS has encryption set up correctly on their outbound receipt emails? I do not...) People think it's like the postal network but it's more like the mail lands at the post office and they hand you a copy of it, while they retain the originals.
e2e encryption with s/mime is the answer, unless y’all think otherwise.
I played around with it the other day. Installed actalis/digicert s/mime cert on client. Sent emails between the 2 addresses. Emails decrypted locally on clients but same message sent on webmail client is encrypted/unreadable (besides subject line)
Tony the tiger says "that's grrrrreat." Now, send an e2e encrypted to another email that is not yours and see how long it takes them to understand what you sent. PGP for email has been around for a very long time, and there's a reason it is unheard of by the general public. it is a pain in the ass.
Or, it's just too good. Why did it take so long to have encrypted DNS? Another example, https, which uses tls for secure communication still manages to leak the domain name because the Server Name Indication in the ClientHello is sent in plain text before encryption is established. The solution, ECH, is no where to be seen.
The folks that read your e-mail and monitor your online presence do not want you to use these tools.
If e2ee became common, Google would offer a way to upload your private key or generate it for you (like proton mail does, IIRC), so you can conveniently read your mail in the web client, undermining the whole idea behind e2ee.
Does it undermine the whole idea? You can just assume that everyone with a @gmail account may be compromised (just like people with work email don't really own their mailbox), and keep your secure communication with the others.
That's the value of the stock, which is distinct from the quality of the product. You can make a lot of money selling bad products for a high price. (At least if they are bad for users but good for businesses)
You are really claiming that Google doesnt want your data? And claiming that big companies in general don't want your data? It's so absurd that i am not sure i understand your comment correctly.
It is an absolute 100% guarantee that Google wants your data
I think the person you're replying to is trying to make the point that people are generally OK with this, as long as it does not have an adverse impact on their personal lives. The hacker cloning the hard drive is likely to leverage this data to defraud or blackmail them, but Google et. al are not.
This is like the 'I have nothing to hide' argument against strict privacy measures. Individual bits of your information may not have much value. But the aggregate of all your information is something else. It may yield data that you don't expect it to contain. I can easily get your health, wealth, politics, relationship and even your exact address from it even if you never mention any of it. And the ways in which they can be used against you is also something you're unlikely to consider unless you're in a profession that does it - law enforcement, insurance companies, racial profilers, PR companies, lobbyists, ...
Another issue is that you are just worried about only your own data. But if Cambridge Analytica is any lesson, its that an entire section of a population can be targeted all at once using such data. And the outcome is no less disastrous than targeting individuals.
> They want some statistics. Not my personal information
I can guarantee you that's wrong - after the shenanigans they pulled to force me to register my CC and to prevent its deletion. But what's more pertinent here is that statistics is a sort of mathematical summary of a raw data. And that summary changes (into a different type of information) based on the statistical analysis you do on the raw data. I don't think you need an elaboration for this. But this is precisely the reason I believe that they will keep all your personal data in their raw form for as long as their resources permit.
> Maybe they want it for a good cause, who knows?
As they say, fool me once, shame on you. Fool me twice...
I think of it more of an aesthetic preference. While I use gmail today I don't negatively view people who choose to self host.
Some people are militant about editors, others are "discerning" (snobbish?) about operating systems or ONLY using free software. It takes all types and they help keep the world going.
It's like a high maintenance garden feature. It signals a few things about you: high technical capacity, unusual amounts of free time, unusual priorities.
It's nice to feel like you have some semblance of control in your life, even if it's in a very small way. Everyone has to draw the line between security and convenience somewhere, but I still feel catharsis when I see someone taking a stand and doing the hard thing, even if I myself choose not to do that.
When the panopticon eventually processes all if its collected data, and winds up scoring you as above some threshold of having the wrong opinions, or being associated with those who do, you may come to a different conclusion.
We're now very much living in the time when this kind of thing is likely to happen, it's no longer theory or paranoia anymore. Why would powers that be stop at snooping on 20k when we can now basically do it to everyone? I mean, look at the present news cycle and think for a second.
Oh thank god Google has stayed so principled under political pressure! Even with the threat of being broken up, they’ve been a rock. And rest easy—your Gmail definitely isn’t being quietly indexed and funneled into some RAG system to help certain friendly agencies flag “disloyal” citizens for... let’s say, enhanced oversight.
As for “Don’t be evil” disappearing from their core values? Totally normal. Just streamlining the brand, I’m sure.
And of course, I hardly know anyone who’s lost years of email, only to have Google’s famously responsive support team leap into action and do absolutely nothing to recover it.
You don't have to have paranoia or self-host, I think it's enough to just use a smaller email provider to try and keep some diversity in the ecosystem, so I use Fastmail instead of Google Apps (now Workspace or whatever) that I used to use.
Some people choose to have principles and live by them. Self-hosting email isn't really worth the hassle IMO, but switching to a smaller provider is (I moved to Fastmail).
I mean, it's not that hard to "de-google, de-openai, de-meta, de-microsoft your life"
- Don't use gmail
- Don't use chatGPT
- Don't use facebook
- Don't use windows
That's pretty easy if you use a Mac, and I qualify for all of those just because I don't want to use any of the above. I also don't use Twitter, so bonus!
Not that my email is of any value to anyone other than myself, but just not liking any of the services above is sufficient...
Individually, yes, our email doesn't amount to much. But when you can aggregate it, feed it into an LLM, etc.
Kind of like how individually, our little lives and our circle of boring friends doesn't amount to much, but Facebook is one of the most profitable companies in history.
The flip side is that no one person can really do anything about it. If I delete my facebook account, so what? There would need to be aggregate and mass action--against which there are so many prisoner-dilemma-esque barriers that its never going to happen.
All the comments reacting with hate because they know, deep down, it’s true. They’re not the main character. Nobody cares about their hyper encrypted nix home server with the perfect firewall setup. And they’re certainly not getting those hours of their life back.
If someone wants to kill you, they can. Get over it. It is silly to lock your door as even a low skilled person with right tools can break in a locked house easily.
"If someone powerful wants your encrypted data, they will have it. It's dumb."
But that's not at all the case, you can definitely encrypt data in a way that no one can break it.
Even if you assume there's an all powerful state that can decrypt everything. There's a distribution of malicious actors with varying degrees of power, you'll at least agree that not all eavesdroppers can decrypt your comms, they most certainly will be a minority, and an infitesimally small minority at that point. You can encrypt such that you protect yourself against the 99th percentile.
Regarding what you have to protect, you could be in charge of an organization, and you don't need to encrypt data yourself but consider how data is encrypted by your vendors, and when those vendors get hacked or their db's leaked, you can assess how it affects your company.
Just in general, knowing the many complexities of how data is encrypted and not encrypted and accessed and leaked and subpoenad, is much more useful than the binary of "THEY" have my data or "THEY" don't
I have my personal email set to Gsuite. I hide nothing. It’s in my DNS MX. Just look it up before you send me a message on my personal. Since MX records are what you need in the first place, it’s what you should be checking. If someone wants to opt out, they are welcome to.
Only by a very wide definition of "having" your email. Having data in one of your servers means not much if it's not usable or findable.
Can a government submit a subpoena to Gmail asking for your emails? Unlikely, they would just answer that you are not a client of theirs and as such they don't have your emails.
Can they submit a subpoena asking Google to hand over all of the emails that your clients sent or received from your address? Sure they can. It's going to be a way harder sell to the judge and the reason and burden of proof will be that much higher, as it would essentially be closer to fishing or mass surveillance. But it's something that I can see passing for cases of national security or child abuse. Nothing I would personally worry about, but I understand if you want to wear a tinfoil hat.
>Google received requests for user information for about 900,000 accounts
I'm responsible for a few of those btw. All for e-mails clearly related to malware operations, to help with the investigation. It's not like anyone cares what John Doe talks about with his grandma and Netflix support. Well, maybe some do, but that's probably 1% of that 900k.
Am I the one that is a decade behind the times? You are the one citing a case from 15 years ago, lol.
Also, I'm not sure what seems to be contradicting here. The exception that you are brining up proves the rule. If I say that humans have five fingers in each hand, will bringing up the famous case of the sixed fingered lady be relevant at all to the discussion? Especially if I worded it specifically saying that "most" humans have 5 fingers? Check my wording, I said unlikely.
The fact is, most government agencies do not have access to your emails, let's say that the NSA does, which is debatable, great, that is 0.01% of the government, and probably 0% of companies (that are not Google), unless they submitted a subpoena as part of some litigation.
Feel free to obsess about the one or two agencies that have access to emails for national security reasons, and feel free to lump it into "THE government". But I don't think you'll ever make any important nuanced cybersecurity trade offs with that attitude, you'll just want to encrypt everything until none of your users can do shit (if you have users at all, you may not even be able to get a job because you are doubtful of sending your resume to anyone, and you might be too busy configuring your own email server instead of just using gmail and doing other productive stuff.)
Yeah, and also the post office has all of your mail (because they can/do scan it), and pretty much anyone can intercept SMS, only slightly harder to intercept voice calls on PSTN, and SMTP has always been unencrypted. Private databases sold to the government by corporations already have your job history, political affiliations, sexuality, etc.
Most communications throughout history have not been secure. Despite this, it hasn't been abused nearly as much as it could be. I'm not sure if it's because the scale is difficult, or the technical side, or nobody thinks to suggest it to the despots. It's probably a combination of things. Ironically we tend to fear the abuse of power when it doesn't happen, and then ignore or accept it when it does happen. So the fear/hang-wringing/jumping-through-hoops seems pointless.
I still believe that if you really are concerned about what you're saying, you should say it in a clandestine way. E2E encryption is like a giant red flag saying "I might be doing something shady". Asking grandma about her special cakes [when she doesn't bake] will fly under the radar unless someone is looking really hard.
Even though the post office can scan your mail, they don't keep a copy of all of it. They can't retroactively scan all of your communications years later. This is an enormous differencs in practice.
The same goes for intercepting SMS: unless someone has been targeting you for years, your past messages are safe.
I hope you have a reference as to how an optic fiber cable can be tapped like that. I also hope you've seen how heavily jacketed these cables are. The cables are so sensitive to mechanical disturbances (but without interference to communication) that it can often sense itself getting shifted around. Tapping it will require a lot more than that. How do you avoid such tip offs?
And as far as I know, emails are not E2E encrypted, but they are almost always encrypted in transit. Why go through all the trouble just to get encrypted data?
Now I concede that all those things (OFC, TLS) may have vulnerabilities that can theoretically be exploited. But do you send such valuable information over the internet that it's worth their cost and effort to retrieve it? And if your answer is yes by some chance, would you transmit it without taking adequate security measures?
In comparison, Google and the others have billions of emails simply sitting unencrypted in their storage, ready for access at zero cost. I can't see your argument contradicting the information security risk posed by these companies.
>I hope you have a reference as to how an optic fiber cable can be tapped like that. I also hope you've seen how heavily jacketed these cables are.
LMGTFY [1][2]. I'm wondering at which point will we reach that utopic nirvana when HN and internet users in general will take the initiative and 30 seconds of their time to google something they find perplexing/unreal instead of going like "uhm, source?".
> I'm wondering at which point will we reach that utopic nirvana when HN and internet users in general will be able to google something they find perplexing/unreal before asking others to do it for them.
Look. Perhaps you should use a bit more discretion before you decide to come out all guns blazing on sarcasm and condescendation. I have some professional experience in the field - and it tells me there are many inconsistencies in your argument. And yes, I did 'the google' before typing the previous reply. I could of course be just ignorant about the latest achievements. But that's where references matter. That's all I asked for.
So here is the problem. Operation Ivy Bell happened in mid 1960s to mid 1970s. If you knew the communication infrastructure of that time, you would have realized that it was distinctly NOT optic fiber. Those came much later. But what really confirmed that doubt is that they used the induction principle of a transformer to tap the cable. That won't work on optic fibers. That's not how the EM field propagates in an OFC - they're more similar to waveguides than telephone cables.
And this distinction certainly matters here. Today's world is certainly not the same as in 60s. The sort of high-volume communication didn't exist back then. Neither did the ability to listen to or manipulate so many people all at once. Today's dangers - like the one with email messages - didn't exist back then. Back then 'cable' leaks like this used to happen. But have you heard of anything similar to Hillary's email leak or the Halloween mails?
>I have some professional experience in the field [...] That won't work on optic fibers.
I'm not a professional in this field like you, but even I know that undersea fiber optic cables have actively powered repeaters/amplifiers spread across their length, so it's logical to assume those amplifiers, with their 16kW power source, generate quite some EMF at repeater points that could be picked up via side channel analysis by sophisticated and well funded state actors like US submarines equipped with dedicated surveillance equipment, as we can infer from the Snowden NSA leaks.
I did consider the possibility of tapping signals using the EMI from the repeaters and amplifier pumping lasers. But an OFC carries an incredible amount of data over several individual fibers. And each individual fiber carries several channels using multiplexing (WDM). I don't think that their timing is synchronized either. In short, I find it hard to believe that these signals can be practically tapped from the EMI from the supporting systems. Of course, I could be completely wrong. I wouldn't mind being proven with any sort of relevant literature.
> Despite this, it hasn't been abused nearly as much as it could be.
Yes, because a few decades ago a total surveilance of a population would have needed a signifikant part of the population to do the surveilance or base your surveilance on statistical chance. If you ever get the chancs to inform yourself about the way the GDR/Stasi watched its citizens before the fall of the Berlin Wall, go for it.
I previously described the recent technological advances as a shift of the above-mentioned ratio: Never in history could a dictator know more of the communications of all his citizens with less people being in on it. Never before in history could a dictator pretend the populus was on his side with less people then now.
These changed ratios already altered the face of politics, and I am pretty sure this wasn't it.
And for your grandma example: Metadata isn't encrypted nearly anywhere. If your grandmas network looks as if she makes a special, explosive kind of dough (or this ever gets mentioned anywhere), the timing of your message and whom you are sending it to might be enough for them to send you to a secret prison without due process. Correctness of such accusations is only a requirement when you don't have absolute powers and dictators will always find someone to blame, otherwise they would look weak.
>Never in history could a dictator know more of the communications of all his citizens
One must be incredibly naive to think only dictators have this capability and not democratically elected governments. Just start a protest and find out just how quickly the government unlocks Godlike surveillance capabilities to be used against you. Hell, even a Tweet might do in places like UK or Germany.
They don't even have to send the police to the streets to beat you up or throw you in a van like in the USSR, they can just debank you like the trucker protestors in Canada and the problem solves itself peacefully.
The email monopolies annoy me the most when other apps assume you have gmail/apple/etc.
Notion recently launched email integration that only works with GMail, and all the marketing was basically "we added Email to Notion" instead of "we added _Gmail_ to Notion".
I ranted about this before, tailscale doesn't allow you to signup with your own username/password, they expect you to use google/facebook/microsoft accounts (or bring your own OIDC server, which is overkill if you are an individual user). As someone who got his google account blocked and got locked out of half of the internet, I can only warn anybody from ever using 3rd party logins.
Tailscale is heavily focused on authorization (authz; what you can do), and considers strict identity verification (authn) crucial to that goal. So they chose to delegate the latter problem to a party that's already solved it better than Tailscale could. This is reasonable and I'm with them.
But I do agree with you on your point; once you lose your Google account, you lose a lot more - including your personal TS network, which may include offsite devices, grandparents' PC, etc.
Unfortunately your TS account is also heavily tied to the chosen ID provider, I don't think you can change it at all (even if you go thru support). I would prefer to be able to link two IDs to a single TS account (e.g. Google and Apple), perhaps be able unlink the one I don't want anymore. I see a security concern in there (you either have a weak link, or you can't unlink an account you don't control anymore), but it would still be nice.
I raised a ticket as i created mine as a test using Apple login and wanted to change. Was basically told to just create a new account with them.
> I don't think you can change it at all (even if you go thru support)
I thought you could, but there's one exception (that I can't recall). If you signed up with that specific OIDC provider, you can't switch but you can with the other stock OIDC providers.
Have you seen headscale? It's a bit of work if you don't have a selfhosting setup but it enables you to use the service without being at the whim of Tailscale.
Ironically the reason headscale exists is at the whim of tailscale. Because tailscale allows headscale to use their client. If they revoked that ability, which they reserve the right to and could do at any time, headscale would be non viable as software for most use cases
More annoying than that is the email monopoly operators deciding any non-monopoly email is spam, effectively driving businesses into their corporate packages. As a business, you have no guarantee that if you run your email server or have a hosting company run it, you'll actually be reaching customers.
And worse, your customers blame you instead of the provider, forcing the switch even more. "I don't have any problems with other emails, it must be your fault."
It's frustrating because it sidelines everyone who made a conscious choice to use alternatives or self-host, and it normalizes the idea that Gmail = email
I hear you!
one thing: given that gmail is free includes forwarding and all-but-unlimited storage, I work around these limitations with a (free) new gmail account that I use for notion etc.
(this issue also affects Advanced Protection gmail users, who are often blocked from various integrations... the workaround is to create a gmail account for those and setup bi-directional filtering/forwarding...)
If they add Microsoft they will probably cover 99% of companies from small to medium - including practically every tech startup along with all the small creators and note taking influencers.
Exactly. I wanted to try Superhuman.com, and they only support Gmail and Outlook. I use Fastmail.
We're building what you're looking for!
Had the same problems myself so decided to build a product I actually needed.
https://marcoapp.io
I remeber even I was applying for a job but the company's spam filter automatically bounced back everything from Yahoo. Fun.
In fairness, there was a time when yahoo's network was a major source of junk mail.
That's discrimination of people by their email address.
It is. But if a provider is not taking junk mail seriously, what is the alternative?
There is a limit to have much effort the receiving network can be expected put into filtering yahoo ham from the yahoo spam, and a limit to even how possible it is to reliably perform that filtering. Just expecting your users to put up with the influx of junk you can't filter (without too many false positives) and putting up with the processing load of attempts to filter it, are not valid options beyond a certain point. Yahoo knew they were a problem for some time before others started blocking mail from them en-mass and did nothing, or at least nothing useful, to fix it at their end despite warnings.
Also, “choice of email provider” is not a protected class in any jurisdiction that I know of.
As I see it, the problem is that the email address has been conflated with your identity, and that is extremely problematic. It should only ever have been a somewhat transient reachability identifier. As an identity it then gets linked to concepts like authorization and trust, eg "we'll send this code to your email, because we implicitly trust that only you can see your email, and that youll always be able to get to it."
Every so often one sees a cri de coeur from someone who has learned this lesson the hard way when Google locks them out of their account, the key to their digital life evaporates, there's nothing they can do about it.
Alternative identifiers exist, eg handles on sites like HN, but they are second-order artifacts of the email as ID.
Given the stakes, then, you have to decide whether to try and control your identity by bulding your own infra for email (domain, mail server, dkim etc and a fair bit of hell), paying for someone to run the infra (eg getting a proton or fastmail address), and hoping they dont enshittify or fail, or letting Google or Microsoft control it and hoping you dont fall foul of them. All these options have drawbacks.
Side musing follows: I dont know what the solution to identity is on the Internet. A very long time ago, X.509 certs issued by quasi government authorities was mooted as part of a international directory system. I can see a future authoritarian state falling in love with this idea again, esp with the resulting lack of anonymity,..but also the ability to "kill" people on the Internet simply by revoking their cert.
You don't need to reinvent the wheel to have a "somewhat safe email". Just own a personal domain and host it on migadu, mailcheap, mxroute, Zoho or any other provider.
I've ranted about this before, but setting up or migrating semi-selfhosted personal services like that is a lot of hassle, even if you're used to cosplaying as a sysadmin.
Migrating DNS providers is a pain - recently done it twice. Transfer itself is reasonable with most providers. Importing/exporting a BIND-formatted zone file is sometimes unheard of, as is setting custom TTL; you'll have to go through a stupid form. One provider tries to hold your hand so tightly it won't let you set CAA with iodef, only issue/issuewild.
Migrating email is a pain. Yes! You can just point your MX elsewhere, and that is brilliant. You still want to copy over all your email, and given IMAP has won, if you don't have a recent backup (who does back up their email?), losing your old account sucks.
Fixing up your email clients is also troublesome. You can't just CNAME smtp.yourdomain.com to smtp.example.com, because that's nuts, so changing providers from example.com to beispiel.de requires a couple more dances; provider docs also suck, and email clients usually fail a dozen times before you can find the right incantation. You could set up your own autodiscover, but that requires an HTTPS server.
Yes there are providers that sell a full package and do all the initial setup for you, but that's not the point of owning your domain.
Yeah, I sometimes do sysadmin stuff for fun. None of this is fun.
Yep, you own your domain, you own your mailbox and can take it with you anywhere once a service gets bad or dies.
The real problem comes when your email address is owned by someone else (eg. @gmail.com).
That’s the definition of lock-in.
The lock-in does have the bonus that it's practically impossible for someone else to take over your email address. Forgetting to update your credit card for renewal, long term afk/coma, death etc. are all issues with having your own domain and I decided to move away from that model.
It's the other way around in my opinion. With your own domain you own your identity. By ceding it to someone else you risk losing it at a whim of some algorithm or bot or by forgetting password, or getting locked out for some other reason.
The problem is that you can't own a domain, you only lease it for a limited time. If you fail to pay the lease, you automatically lose it, and someone else can automatically get it, and there's nothing you can do about it. Domain names are worse than email providers from this point of view, since even if you lose your Gmail account, Google will typically not give it out to someone else, at least for some time.
True-ish.
OTOH - before email existed, the critical "how do we contact the real you?" identifiers were phone numbers and mailing addresses.
And if you failed to pay your phone bill, or rent, or property taxes...the exact same problem - someone else would get "your" identifier.
Your point that phone numbers and mailing addresses work in much the same way is true - but I don't think these have ever been quite as directly tied to identity as email is on the web.
Traditionally, for anything that's even slightly important, either your physical presence ultimately acted as your identity, or significant legal liability protected the non-physical identity (that is, if a court sends an important letter to you at some address, someone else who moved in to that address faces significant legal penalties if they open that letter).
Losing access is disruptive but far less of an issue than a malicious actor getting access.
I would bet/hope that I can live longer than most IT companies.
The day outlook.com goes up for open registration I think there'll be enough going on that I won't care too much about my email. :)
microsoft forgot to renew hotmail.co.uk
and passport.com, which was their SSO login system
Not just email - today it's almost impossible to have a decent life without a (smart) phone and being tied-in through OTP verification.
All these things have become so essential that it's shocking that it's not regulated like a utility (or even as a right given their systemic imposition).
OTP verification can largely be worked around because so many sites still use SMS codes which a dumb phone can handle. Similarly, 2FA codes can be handled on a PC without requiring a smart phone. It adds hurdles but can be done.
Where it becomes challenging is situations where smart phones truly are required. When I attended college football games last fall, all tickets were e-tickets. You were required to present a QR code on your device or your ticket stored in Apple Wallet or Google Wallet. I ran into the same situation with my local theater's ticketing. You haven't lived until you've witnessed an audience with an average age of 70 try to figure out their tickets on their smartphones when they've never used them for that before nor had any notion that was even POSSIBLE.
I don't understand why client certificates aren't way more common as a second factor. They have existed forever, are available on all platforms, they are phishing resistant (unlike OTP, and don't get me started on SMS), browsers or OSs could generate them during setup, and you could enroll them seamlessly with one click. Instead we had to invent new things like passkeys which do essentially the same thing.
You can use client certificates even with IMAP and SMTP.
Client certs are great, but the UI for them is bad and browser vendors are making it worse, for example they killed <keygen> so you have to tell people to run OpenSSL commands in a terminal during signup.
> I don't understand why client certificates aren't way more common as a second factor.
I think there are some significant limitations to client certificates as a general-purpose 2FA mechanism.
Reusing the same certificate would make you trivially trackable across the web. You could create a unique certificate for every origin, but you need a way to permanently store the certificate. That becomes a problem if you want to secure them with hardware tokens where storage is limited. Yubikey 5 series can only store a handful of certificates.
Passkeys (i.e. resident FIDO2 keys) aren't intended to be a second factor, they're intended to be the only factor but they also require storage. Yubikey 5 can only store 25 resident keys, for example.
Non-resident FIDO2 keys (previously U2F) are what's traditionally used for 2FA. The hardware token derives key material from its master key and credential ID provided by the browser and the server, so it doesn't require any storage.
Client certs were amazing, wholeheartedly agree!
I see you are suffering from something that always happened to me when championing them: they were so unknown that people assumed you meant PGP…sigh.
>they are phishing resistant
But can be easily stolen by malware (unless someone adds a client cert OS support? intriguing idea). But so can passkeys stored on the same device, so I don't know.
Long time ago browsers even had a widget to generate client certs natively! But it was removed, probably because of lack of use.
All is lost the moment you have malware on your device. It can just steal the session key after authentication.
The main reason that PGP did not catch on, as only the most tech savy were able to understand how the chain worked.
Okay, I know that and I agree, but I wasn't talking about PGP. Client certificates are much easier to use. They can be self-signed and the whole trust issue disappears.
Because certificates are too complex for non-techies. Most of my sysadmin and dev colleagues have no clue how they work. Most of them have have access to SECTIGO CERTIFICATE MANAGER, a web UI to sign and issue certificates. Yet, every time someone needs a certificate, I get a call and asked the same questions over and over again.
Now expect aunt Lottie to use certificates? Yeah, sure.
All we need is a magic button that says "enroll this browser". I'm sure aunt Lottie can handle that.
And yet, PGP still sucks, so it's not that easy, no?
I don't follow. I wasn't talking about PGP.
I've used several similar services, but usually you can print out the QR code and present that instead (yes, I know: you have to have a way of receiving and printing that, but you don't need to have a smart phone). This is also handy if you might run out of battery or network on your phone.
The question is: can we build a decentralized identity layer that's actually usable and respects privacy?
[dead]
> Side musing follows: I dont know what the solution to identity is on the Internet.
I was fond of how Keybase brought to life [1] identity proofs (linking and validating your different online identities) in a very easy to use platform. Pity it went away; feels like a loss for the internet.
[1] https://news.ycombinator.com/item?id=7453360
Right, but I want to validate my identity for cases where it is important to me. I also want to prevent others from assuming my identity in cases where it doesn't really matter (until it does). My identity here is not the same identity use on Reddit. At the same time being erroneously linked to someone else's posts on Reddit because they use this username could be a real problem. At he same time, I don't necessarily want my posts here to be linked to posts at Reddit or X or wherever. Rinse and repeat across thousands of web sites.
It's a problem with no easy solutions. In part, because no two users want exactly the same solution.
For example, I always use email login, never a phone number or Github or Facebag, and I barely have a presence on Google's panopticon, so never with my Google account. If a site demands it I just don't use it.
I also pay Fastmail to host my domain email, so that really helped get off Google. Yeah I gotta remember to renew every 10 years or whatever, plus $15/yr for fastmail; but what's the other option, I learn some SMTP package? No thanks.
If you don't want to link your email and your identity, you can use aliasing services like SimpleLogin. I have a separate email alias for every account, such as hackernews.ci72j@slmail.me, and only use my personal email for personal communications.
Until slmail.me disappears and all your logins stop working and can no longer be changed.
All you mentioned are better than the SSN
> paying for someone to run the infra (eg getting a proton or fastmail address), and hoping they dont enshittify or fail
I don’t experience them doing that. They’re email companies going strong. Maybe they get sold in some decades, and you move on. But I’ve had FastMail for one decade now, and it’s remained the same throughout. Including the minor UI bugs in their email client. But I’d much rather live with those than suddenly they’re also an AI company.
> For almost 15 years, I have run my own email server which I use for all of my non-work correspondence. I do so to keep autonomy, control, and privacy over my email and so that no big company has copies of all of my personal email. [...] A few years ago, I was surprised to find out that my friend [...] a very privacy conscious person who is [...] at the EFF — used Gmail.
Almost the exact same situation here, except my friend was once at an EFF-related organization.
I think a lot of things, like the tech industry turning into '80s Wall Street bros, wore down some of his on-principle determination. And when life got too busy, he gave up, and moved to GMail. I was very surprised to learn.
Another friend, who in school was one of those MIT student Linux hackers who had serious OPSEC as ordinary practice, once he had kids, and had to think about continuity of all the things he ran if something should happen to him, ended up moving home stuff to popular Apple and Google services.
This is also true for our DNA, because of companies like 23AndMe!
Genotyping platforms are an entirely different beast I think.
> if all of your friends use Gmail, Google has your email anyway
the last time I emailed a friend was probably 5 years ago. Email is for much more personal stuff.
AKA, "Shadow profiling" - you can prevent it somewhat by sending Gmail users Protonmail or Tuta's password encrypted email.
which in many cases they just won't open and then complain about it
Tangentially this is also why email encryption is effectively impossible.
Needs to consider the other big email providers too.
Yes, Microsoft has a rather large portion of corporate and business email, a very large portion of it.
Email is completely broken.
Efforts like DIME[0] do not have anywhere the traction they should.
0. https://en.wikipedia.org/wiki/Dark_Mail_Alliance
I think in general treating email any other way than "everyone will eventually read your mail" makes no sense. Email communication, from forwarding to how people archive, to copy-pasting provides no security and is so brittle, just assume anything you write in an email is for public consumption. Reminds me of a post from a few years ago about encrypted mail as a security LARP (https://www.latacora.com/blog/2020/02/19/stop-using-encrypte...)
If you want secure messaging that nobody else will snoop on use an application dedicated to.. secure messaging. It's never what email was for and it's not how it's being used.
Exactly. Email is never an organized channel for communication. It only makes sense in the corporate world. For users who don't pay for their personal email, email is nothing but a marketing channel and a very inefficient one at that. All the companies and corporations and people try to pretend to make email addresses look confidential and private. But the reality is they just see it as a way to spam you with ads and promotions and meaningless clickbait messages.
The idea of unsubscribing from emails from corporations and agencies is again just an act of pretense. 95% of the cases, it's not done in one click and involves a series of a few confusing steps. Even from a technology perspective, email is fucked and a legacy artifact as of today.
I would love to see a more secure protocol to replace it, where the recipient always has full control over all the messages that he can ever receive.
> For users who don't pay for their personal email, email is nothing but a marketing channel and a very inefficient one at that.
I have a paid personal email plan on my own domain name. (Mostly to get aliases and plus addresses). It is setup very well and filters spam very efficiently, compared to some 'corporate-standard' filters on other services. But I still have to use my gmail address because most individual contacts wouldn't see my mails otherwise since they are on gmail, hotmail, etc. And for many official websites, my email addresses are 'not valid email addresses'. Granted that my TLD .space isn't an official sounding one, but it's used by exactly two types of users - people who use it as their space, and people/organizations working on space tech. So I pay, but I'm still forced to watch them spam. Honestly, I believe that email is now a captured monopoly (cartelopoly?).
> I would love to see a more secure protocol to replace it, where the recipient always has full control over all the messages that he can ever receive.
I wholeheartedly agree. Email is an awesome idea. But its age is starting to show. We need something with security and encryption built-in, much fewer moving parts (Can we integrate MTA, MDA, WebUI, spam filters, DKIM, etc into just one?), option to opt out of rich formatting (the HTML and AMP junk), dynamic updates, etc and proper spam filtering, etc. We should also have a way to disincentivize or punish big players from rejecting valid emails. Perhaps it can use HTTPS to overcome those pesky corporate reverse proxies and firewalls. But the idea of having a domain name as a namespace for users is still precious.
> 95% of the cases, it's not done in one click and involves a series of a few confusing steps.
My experience has been the complete opposite as someone who had to it recently. Only a handful made it more arduous than a single click. I was surprised.
I consider it to be like a postcard.
The words probably get read somewhere on the way to the destination and in the future someone will probably unpin the pretty picture that has been decorating the notice board, turn it over and read what is on the other side.
Article is from 2014 where this was more of a valid concern. These days I don't think people send email for anything other than external communication with businesses. And only in western countries.
The only personal electronic communication I use are the only two widely deployed federated protocols: email and SMS. Everything else involves compromises to enter a walled garden that offers no value to me.
Is SMS federated though? Genuine question. As far as I know it requires manual each-to-each setup on MNO level thus very fragile when we talk about cross-border or even cross-operator messaging. It is nowhere near email in terms of federation.
Sure but you do understand that makes you the outlier these days, right?
Most people are on Facebook Messenger or Whatsapp or Signal or a dozen similar platforms. I try to use Signal for most communications but have friends and family that won't move to it, so I also use Whatsapp or plain SMS with them.
My experience in 2025 must be extremely different from yours. I don't even know what alternate channels you might have in mind.
Chat. Matrix for nerds, discord for gamers and redditors, telegram for everyone else who cares and imessage/rcs for those who don’t.
Exactly zero people I regularly communicate with other than my teenage son uses any of those regularly.
The only people who use RCS to contact me are businesses sending notifications or spam.
Unlike e-mail where I do get personal correspondence regularly.
I don't expect my experience is typical, but I don't think yours are either - we all live in bubbles.
[dead]
I mean, for normal people that is exactly how it’s being used. Your receipts for everything are automatically emailed with all kinds of private info for example. Nobody, and I mean nobody, is expecting those receipts to be public. And since all that is in your email you reasonably expect your other email to be private as well.
Email is auth now. People do not use email the way you are describing.
One of the biggest issues with the way the modern internet works is that it technically works the way GP describes but people believe it works the way you describe.
Even assuming all encryption is configured correctly at the endpoints so we can discount the risk of mid-transit interception and comprehension (do I assume CVS has encryption set up correctly on their outbound receipt emails? I do not...) People think it's like the postal network but it's more like the mail lands at the post office and they hand you a copy of it, while they retain the originals.
Some previous discussions:
(2022) https://news.ycombinator.com/item?id=33304075
(2014) https://news.ycombinator.com/item?id=7731022
e2e encryption with s/mime is the answer, unless y’all think otherwise.
I played around with it the other day. Installed actalis/digicert s/mime cert on client. Sent emails between the 2 addresses. Emails decrypted locally on clients but same message sent on webmail client is encrypted/unreadable (besides subject line)
Tony the tiger says "that's grrrrreat." Now, send an e2e encrypted to another email that is not yours and see how long it takes them to understand what you sent. PGP for email has been around for a very long time, and there's a reason it is unheard of by the general public. it is a pain in the ass.
Indeed it is, for now.
Even Zimmermann appeared to have given up on it.
https://www.vice.com/en/article/even-the-inventor-of-pgp-doe...
It's been going on at least as long as Year of the Linux Desktop. Stop trying to make fetch happen.
Or, it's just too good. Why did it take so long to have encrypted DNS? Another example, https, which uses tls for secure communication still manages to leak the domain name because the Server Name Indication in the ClientHello is sent in plain text before encryption is established. The solution, ECH, is no where to be seen.
The folks that read your e-mail and monitor your online presence do not want you to use these tools.
If e2ee became common, Google would offer a way to upload your private key or generate it for you (like proton mail does, IIRC), so you can conveniently read your mail in the web client, undermining the whole idea behind e2ee.
Does it undermine the whole idea? You can just assume that everyone with a @gmail account may be compromised (just like people with work email don't really own their mailbox), and keep your secure communication with the others.
I mean yeah, the point the article is making would be true non the less, so e2ee is not the answer to the problem.
As a bonus your emails will stay protected from the person you send them to as well.
It's easier to get someone to install Signal than all of that.
Google's products are garbage - any honest person can report on the degeneration of their services. That's what happens with monopolies over time.
Google would like you to think they're a God's-eye master of reality of course... but they're not. Just another corporate flop, like IBM etc.
IBM stock is currently valued at $231.59 billion.
Seems like a pretty nice gig, being a corporate flop.
Alphabet is at a $2T market cap, and its core products like Gmail, Google Analytics, and the search engine are garbage at this point.
That's the value of the stock, which is distinct from the quality of the product. You can make a lot of money selling bad products for a high price. (At least if they are bad for users but good for businesses)
Because social media. The same goes for a phone number. If your contacts give out a phone book, your number is leaked.
[dead]
[dead]
[flagged]
We need more people that are willing to stand on their principles not less.
Often these measures are a rational reaction to unethical companies that don’t deserve a relationship with us however convenient that may be.
Simplest explanation is often the most accurate.
A big company wants my data, or is it just an idiot who cloned my hard drive?
Just an idiot who cloned my hard drive is the most likely scenario.
You are really claiming that Google doesnt want your data? And claiming that big companies in general don't want your data? It's so absurd that i am not sure i understand your comment correctly.
It is an absolute 100% guarantee that Google wants your data
They want some statistics. Not my personal information (I have nothing of value).
Maybe they want it for a good cause, who knows?
Would I really trust a random interneter over a company that has a reputation to keep? You overestimate my political biases.
Advertising companies including google make many billions by gathering, using, selling the personal information of people just like you
I think the person you're replying to is trying to make the point that people are generally OK with this, as long as it does not have an adverse impact on their personal lives. The hacker cloning the hard drive is likely to leverage this data to defraud or blackmail them, but Google et. al are not.
In fact, Google is heavily incentivized to not defraud or blackmail users.
It decreases the odds those users will keep sending Google easy-to-digest data in the future.
> (I have nothing of value).
This is like the 'I have nothing to hide' argument against strict privacy measures. Individual bits of your information may not have much value. But the aggregate of all your information is something else. It may yield data that you don't expect it to contain. I can easily get your health, wealth, politics, relationship and even your exact address from it even if you never mention any of it. And the ways in which they can be used against you is also something you're unlikely to consider unless you're in a profession that does it - law enforcement, insurance companies, racial profilers, PR companies, lobbyists, ...
Another issue is that you are just worried about only your own data. But if Cambridge Analytica is any lesson, its that an entire section of a population can be targeted all at once using such data. And the outcome is no less disastrous than targeting individuals.
> They want some statistics. Not my personal information
I can guarantee you that's wrong - after the shenanigans they pulled to force me to register my CC and to prevent its deletion. But what's more pertinent here is that statistics is a sort of mathematical summary of a raw data. And that summary changes (into a different type of information) based on the statistical analysis you do on the raw data. I don't think you need an elaboration for this. But this is precisely the reason I believe that they will keep all your personal data in their raw form for as long as their resources permit.
> Maybe they want it for a good cause, who knows?
As they say, fool me once, shame on you. Fool me twice...
I think of it more of an aesthetic preference. While I use gmail today I don't negatively view people who choose to self host.
Some people are militant about editors, others are "discerning" (snobbish?) about operating systems or ONLY using free software. It takes all types and they help keep the world going.
It's like a high maintenance garden feature. It signals a few things about you: high technical capacity, unusual amounts of free time, unusual priorities.
It's nice to feel like you have some semblance of control in your life, even if it's in a very small way. Everyone has to draw the line between security and convenience somewhere, but I still feel catharsis when I see someone taking a stand and doing the hard thing, even if I myself choose not to do that.
There are a few other reasons to degoogle than paranoia. The most obvious reason are the surprise bans.
Nope, Google is a friend. It keeps my records outside of reach of possible lower actors.
If it turns out to be an enemy, then everyone's screwed either way.
No, not everyone, just random people who suffer false positives by the abuse sensing algorithms
When the panopticon eventually processes all if its collected data, and winds up scoring you as above some threshold of having the wrong opinions, or being associated with those who do, you may come to a different conclusion.
We're now very much living in the time when this kind of thing is likely to happen, it's no longer theory or paranoia anymore. Why would powers that be stop at snooping on 20k when we can now basically do it to everyone? I mean, look at the present news cycle and think for a second.
Oh thank god Google has stayed so principled under political pressure! Even with the threat of being broken up, they’ve been a rock. And rest easy—your Gmail definitely isn’t being quietly indexed and funneled into some RAG system to help certain friendly agencies flag “disloyal” citizens for... let’s say, enhanced oversight.
As for “Don’t be evil” disappearing from their core values? Totally normal. Just streamlining the brand, I’m sure.
And of course, I hardly know anyone who’s lost years of email, only to have Google’s famously responsive support team leap into action and do absolutely nothing to recover it.
> just a waste of life to spend so much time to de-google, de-openai, de-meta, de-microsoft your life.
Glad you did not include "de-apple". iCloud is now my only email provider, I moved to it many years ago. With my own domain too.
Don't have to de-apple if you never appled.
You don't have to have paranoia or self-host, I think it's enough to just use a smaller email provider to try and keep some diversity in the ecosystem, so I use Fastmail instead of Google Apps (now Workspace or whatever) that I used to use.
Some people choose to have principles and live by them. Self-hosting email isn't really worth the hassle IMO, but switching to a smaller provider is (I moved to Fastmail).
> irrational decisions of making your email less secure(by trying to host it yourself)
data-less attack on some very widely used open source software.
I mean, it's not that hard to "de-google, de-openai, de-meta, de-microsoft your life"
- Don't use gmail
- Don't use chatGPT
- Don't use facebook
- Don't use windows
That's pretty easy if you use a Mac, and I qualify for all of those just because I don't want to use any of the above. I also don't use Twitter, so bonus!
Not that my email is of any value to anyone other than myself, but just not liking any of the services above is sufficient...
err. apple should be on that list.
err, no it shouldn't.
That's not a very compelling argument.
Neither was the other person's.
Individually, yes, our email doesn't amount to much. But when you can aggregate it, feed it into an LLM, etc.
Kind of like how individually, our little lives and our circle of boring friends doesn't amount to much, but Facebook is one of the most profitable companies in history.
The flip side is that no one person can really do anything about it. If I delete my facebook account, so what? There would need to be aggregate and mass action--against which there are so many prisoner-dilemma-esque barriers that its never going to happen.
[flagged]
[flagged]
All the comments reacting with hate because they know, deep down, it’s true. They’re not the main character. Nobody cares about their hyper encrypted nix home server with the perfect firewall setup. And they’re certainly not getting those hours of their life back.
I can downvote this with a clean conscience because I don't have a home server but aside from that you almost got me 100%.
[flagged]
If someone wants to kill you, they can. Get over it. It is silly to lock your door as even a low skilled person with right tools can break in a locked house easily.
huh?
If I send an encrypted email to someone I trust to decrypt it, then they won't have it.
I agree with the sentiment, but E2E encryption exists and is technically possible.
Yeah. But that's too much paranoia even for me, a schizophrenic.
If someone powerful wants your encrypted data, they will have it. It's dumb.
In my case, it would make them look like fools. Not even a dick pick or secret affair to blackmail me. Just a dumb guy.
I care for my privacy, but I truly have nothing of importance to hide to the point of taking those extra steps.
"If someone powerful wants your encrypted data, they will have it. It's dumb."
But that's not at all the case, you can definitely encrypt data in a way that no one can break it.
Even if you assume there's an all powerful state that can decrypt everything. There's a distribution of malicious actors with varying degrees of power, you'll at least agree that not all eavesdroppers can decrypt your comms, they most certainly will be a minority, and an infitesimally small minority at that point. You can encrypt such that you protect yourself against the 99th percentile.
Regarding what you have to protect, you could be in charge of an organization, and you don't need to encrypt data yourself but consider how data is encrypted by your vendors, and when those vendors get hacked or their db's leaked, you can assess how it affects your company.
Just in general, knowing the many complexities of how data is encrypted and not encrypted and accessed and leaked and subpoenad, is much more useful than the binary of "THEY" have my data or "THEY" don't
I have my personal email set to Gsuite. I hide nothing. It’s in my DNS MX. Just look it up before you send me a message on my personal. Since MX records are what you need in the first place, it’s what you should be checking. If someone wants to opt out, they are welcome to.
Only by a very wide definition of "having" your email. Having data in one of your servers means not much if it's not usable or findable.
Can a government submit a subpoena to Gmail asking for your emails? Unlikely, they would just answer that you are not a client of theirs and as such they don't have your emails.
Can they submit a subpoena asking Google to hand over all of the emails that your clients sent or received from your address? Sure they can. It's going to be a way harder sell to the judge and the reason and burden of proof will be that much higher, as it would essentially be closer to fishing or mass surveillance. But it's something that I can see passing for cases of national security or child abuse. Nothing I would personally worry about, but I understand if you want to wear a tinfoil hat.
Semantics and nuance matter.
What a blissfully-naive take. You're more than a decade behind the times.
https://en.m.wikipedia.org/wiki/PRISM
In 2023, Google received requests for user information for about 900,000 accounts, and complied with ~80% of them, and both numbers are on the rise.
https://transparencyreport.google.com/user-data/overview
>Google received requests for user information for about 900,000 accounts
I'm responsible for a few of those btw. All for e-mails clearly related to malware operations, to help with the investigation. It's not like anyone cares what John Doe talks about with his grandma and Netflix support. Well, maybe some do, but that's probably 1% of that 900k.
Am I the one that is a decade behind the times? You are the one citing a case from 15 years ago, lol.
Also, I'm not sure what seems to be contradicting here. The exception that you are brining up proves the rule. If I say that humans have five fingers in each hand, will bringing up the famous case of the sixed fingered lady be relevant at all to the discussion? Especially if I worded it specifically saying that "most" humans have 5 fingers? Check my wording, I said unlikely.
The fact is, most government agencies do not have access to your emails, let's say that the NSA does, which is debatable, great, that is 0.01% of the government, and probably 0% of companies (that are not Google), unless they submitted a subpoena as part of some litigation.
Feel free to obsess about the one or two agencies that have access to emails for national security reasons, and feel free to lump it into "THE government". But I don't think you'll ever make any important nuanced cybersecurity trade offs with that attitude, you'll just want to encrypt everything until none of your users can do shit (if you have users at all, you may not even be able to get a job because you are doubtful of sending your resume to anyone, and you might be too busy configuring your own email server instead of just using gmail and doing other productive stuff.)
Yeah, and also the post office has all of your mail (because they can/do scan it), and pretty much anyone can intercept SMS, only slightly harder to intercept voice calls on PSTN, and SMTP has always been unencrypted. Private databases sold to the government by corporations already have your job history, political affiliations, sexuality, etc.
Most communications throughout history have not been secure. Despite this, it hasn't been abused nearly as much as it could be. I'm not sure if it's because the scale is difficult, or the technical side, or nobody thinks to suggest it to the despots. It's probably a combination of things. Ironically we tend to fear the abuse of power when it doesn't happen, and then ignore or accept it when it does happen. So the fear/hang-wringing/jumping-through-hoops seems pointless.
I still believe that if you really are concerned about what you're saying, you should say it in a clandestine way. E2E encryption is like a giant red flag saying "I might be doing something shady". Asking grandma about her special cakes [when she doesn't bake] will fly under the radar unless someone is looking really hard.
the post office scans the exterior, not the contents. That is a significant difference.
The post office and even the ISP are not as big as Google and don't have nearly as much control and data on everybody worldwide.
~98% of SMTP is encrypted. https://transparencyreport.google.com/safer-email/overview
Intercepting USPS mail and telephone calls are both serious federal crimes.
This isn't really a great analogy.
Even though the post office can scan your mail, they don't keep a copy of all of it. They can't retroactively scan all of your communications years later. This is an enormous differencs in practice.
The same goes for intercepting SMS: unless someone has been targeting you for years, your past messages are safe.
Also ripping up envelopes and reading them in way that the receiver wont notice don't scale very well.
> Despite this, it hasn't been abused nearly as much as it could be
How would you classify submarines parked next to fiber optic cables slurping up data?
I hope you have a reference as to how an optic fiber cable can be tapped like that. I also hope you've seen how heavily jacketed these cables are. The cables are so sensitive to mechanical disturbances (but without interference to communication) that it can often sense itself getting shifted around. Tapping it will require a lot more than that. How do you avoid such tip offs?
And as far as I know, emails are not E2E encrypted, but they are almost always encrypted in transit. Why go through all the trouble just to get encrypted data?
Now I concede that all those things (OFC, TLS) may have vulnerabilities that can theoretically be exploited. But do you send such valuable information over the internet that it's worth their cost and effort to retrieve it? And if your answer is yes by some chance, would you transmit it without taking adequate security measures?
In comparison, Google and the others have billions of emails simply sitting unencrypted in their storage, ready for access at zero cost. I can't see your argument contradicting the information security risk posed by these companies.
>I hope you have a reference as to how an optic fiber cable can be tapped like that. I also hope you've seen how heavily jacketed these cables are.
LMGTFY [1][2]. I'm wondering at which point will we reach that utopic nirvana when HN and internet users in general will take the initiative and 30 seconds of their time to google something they find perplexing/unreal instead of going like "uhm, source?".
[1] https://en.wikipedia.org/wiki/Operation_Ivy_Bells
[2] https://www.nytimes.com/2005/02/20/politics/new-nuclear-sub-...
> I'm wondering at which point will we reach that utopic nirvana when HN and internet users in general will be able to google something they find perplexing/unreal before asking others to do it for them.
Look. Perhaps you should use a bit more discretion before you decide to come out all guns blazing on sarcasm and condescendation. I have some professional experience in the field - and it tells me there are many inconsistencies in your argument. And yes, I did 'the google' before typing the previous reply. I could of course be just ignorant about the latest achievements. But that's where references matter. That's all I asked for.
So here is the problem. Operation Ivy Bell happened in mid 1960s to mid 1970s. If you knew the communication infrastructure of that time, you would have realized that it was distinctly NOT optic fiber. Those came much later. But what really confirmed that doubt is that they used the induction principle of a transformer to tap the cable. That won't work on optic fibers. That's not how the EM field propagates in an OFC - they're more similar to waveguides than telephone cables.
And this distinction certainly matters here. Today's world is certainly not the same as in 60s. The sort of high-volume communication didn't exist back then. Neither did the ability to listen to or manipulate so many people all at once. Today's dangers - like the one with email messages - didn't exist back then. Back then 'cable' leaks like this used to happen. But have you heard of anything similar to Hillary's email leak or the Halloween mails?
>I have some professional experience in the field [...] That won't work on optic fibers.
I'm not a professional in this field like you, but even I know that undersea fiber optic cables have actively powered repeaters/amplifiers spread across their length, so it's logical to assume those amplifiers, with their 16kW power source, generate quite some EMF at repeater points that could be picked up via side channel analysis by sophisticated and well funded state actors like US submarines equipped with dedicated surveillance equipment, as we can infer from the Snowden NSA leaks.
I did consider the possibility of tapping signals using the EMI from the repeaters and amplifier pumping lasers. But an OFC carries an incredible amount of data over several individual fibers. And each individual fiber carries several channels using multiplexing (WDM). I don't think that their timing is synchronized either. In short, I find it hard to believe that these signals can be practically tapped from the EMI from the supporting systems. Of course, I could be completely wrong. I wouldn't mind being proven with any sort of relevant literature.
If the post office (or somebody else) reads your mail that's a federal crime.
Your analogy is moot.
> Despite this, it hasn't been abused nearly as much as it could be.
Yes, because a few decades ago a total surveilance of a population would have needed a signifikant part of the population to do the surveilance or base your surveilance on statistical chance. If you ever get the chancs to inform yourself about the way the GDR/Stasi watched its citizens before the fall of the Berlin Wall, go for it.
I previously described the recent technological advances as a shift of the above-mentioned ratio: Never in history could a dictator know more of the communications of all his citizens with less people being in on it. Never before in history could a dictator pretend the populus was on his side with less people then now.
These changed ratios already altered the face of politics, and I am pretty sure this wasn't it.
And for your grandma example: Metadata isn't encrypted nearly anywhere. If your grandmas network looks as if she makes a special, explosive kind of dough (or this ever gets mentioned anywhere), the timing of your message and whom you are sending it to might be enough for them to send you to a secret prison without due process. Correctness of such accusations is only a requirement when you don't have absolute powers and dictators will always find someone to blame, otherwise they would look weak.
>Never in history could a dictator know more of the communications of all his citizens
One must be incredibly naive to think only dictators have this capability and not democratically elected governments. Just start a protest and find out just how quickly the government unlocks Godlike surveillance capabilities to be used against you. Hell, even a Tweet might do in places like UK or Germany.
They don't even have to send the police to the streets to beat you up or throw you in a van like in the USSR, they can just debank you like the trucker protestors in Canada and the problem solves itself peacefully.