[HN Gopher] A realization of why email is critical infrastructur...
___________________________________________________________________
A realization of why email is critical infrastructure for the
Internet
Author : deafcalculus
Score : 282 points
Date : 2021-12-29 06:40 UTC (16 hours ago)
(HTM) web link (utcc.utoronto.ca)
(TXT) w3m dump (utcc.utoronto.ca)
| causi wrote:
| _Email is our only reliable communication method between
| different organizations._
|
| I'm still of the opinion there should be public-option internet
| services. Everyone deserves an e-mail address that cannot be
| taken away from them without a court order.
| DoItToMe81 wrote:
| Sounds horrible. Mobile phones are bad enough, I don't want any
| more 'guaranteed' ways to be contacted by work or other
| annoyances in my free time.
| sofixa wrote:
| That's where right to disconnect and anti-spam measures come
| in. I'm in France, and i have the right to refuse my employer
| contacting me outside of work hours, and they pay me if i
| don't. And since robocall spam is illegal, i get ~1 call
| every 4-5 months at most, to sell me a different internet or
| electricity or mobile plan, and they're obligated to respect
| my refusal to be contacted thereafter ( and all do).
| wott wrote:
| > And since robocall spam is illegal, i get ~1 call every
| 4-5 months at most, to sell me a different internet or
| electricity or mobile plan, and they're obligated to
| respect my refusal to be contacted thereafter ( and all
| do).
|
| You are just lucky with your number. We get an average of
| 10 calls a day. Yes, in France. Stuff like Bloctel do not
| work, it isn't respected. I don't even know if fake caller
| numbers are now finally disallowed, it doesn't look so;
| anyway they were allowed for a long time.
|
| Each time the government grants subsidies for whatever, it
| is immediately diverted by an enormous amount of companies
| which deal with the grey areas of the laws (laws concerning
| that subsidies and laws concerning solicitations), and if
| you have a residential number, you get spammed with
| commercial robot calls all the time (and then there are the
| 'empty' robot calls, too).
| bigger_inside wrote:
| also, (or: alternatively?) one that can't be/won't be blocked
| by the centralized services' spam filters. The biggest hurdle
| to running your own email server nowadays isn't the online time
| or the data volume or anything; it's that the existing
| institutions don't recognize you as part of the institutional
| club and block your messages...
|
| btw, Germany did this a decade ago: giving everyone an email
| account with the national mail service, as an "official email."
| I honestly don't know anyone here who uses it.
| merlinscholz wrote:
| Speaking of Germany, do you mean De-Mail? Because while it is
| similar to email, it is not email compatible and had a lot of
| shortcomings.
| pjc50 wrote:
| Given an account with the legal privilege to spam, how would
| you prevent it filling up everyone else's inboxes?
| eberkund wrote:
| Presumably it would be tied to an individual's identity
| which would make it easy to identify who was sending the
| email and fine them using existing anti-spam laws.
| BlueTemplar wrote:
| Yeah, that's the issue : how do you deal with bad actors like
| gmail or hotmail that by their sheer size seem to have lost
| all accountability ?
| vital_beach wrote:
| while I agree with the idea of emails that can't be arbitrarily
| shutdown, SSN-xx-HERE@citizen.gov sounds like all kinds of
| awful. It will either be instantly unusable or require a gov
| approved SPAM filter, both of which are bad. It also seems like
| a good vector to force a backdoor on all comms.
| pydry wrote:
| Having a government approved spam filter would be better than
| letting an oligopoly of five companies decide what
| constitutes spam.
|
| In fact, I can't think of a single market dominated by a
| handful of large companies hasnt been improved by the
| introduction of a government competitor.
|
| There's a reason telcos lobby hard against community
| broadband and that financial institutions dial back the
| usuriousness of their fees when the post office offers bare
| bones accounts.
| vladvasiliu wrote:
| I think the issue (as in the _what_ ) is that people should
| always be able to have a fallback option for sending and
| receiving email that's not at the whim of Google, MS et al.
|
| SSN-xx-HERE@citizen.gov is a _how_ , which may or may not be
| a good one. For one, here in France, the SSN isn't as
| important as it seems to be in the US, so its being public is
| probably less of an issue. This approach would still be bad
| for spam or whatever.
|
| Another _how_ could be by using the same kind of naming in
| use elsewhere, as in name.surname.213@citizen.gov. Except
| that not anyone would be able to randomly open an account.
| You 'd have to go through some kind of agency that would
| check your ID. This would allow them to expose a way of
| changing (in case its overrun by spam) or unlocking (in case
| of lost password) your account safely.
|
| We have a more or less similar thing in France with bank
| accounts: you have an "opposable right" (as in, undeniable)
| to have a basic bank account. Not sure if this is a French
| law or an EU directive, but I think the same could work for
| email.
| i5heu wrote:
| The same right about basic bank account is active in
| Germany. I have a few poor friends and it is amazing how
| important this right is. We need the same with internet-
| access and communication in general.
| vital_beach wrote:
| edit to add I agree. the comment below is just how I think
| it would actually turn out.
|
| ---
|
| Avoiding the SSN issue, I think this still comes down to
| either forcing 3rd parties to host email accounts or gov
| hosting said email accounts. The former leads to "free" but
| not free email (like TurboTax) with the former or an
| outright loss in privacy with the latter.
| vladvasiliu wrote:
| I get the privacy implications, but I'd say it may not be
| that big of an issue in practice, if we consider that
| these accounts would mainly (only?) serve to contact the
| government.
|
| There's of course the price issue, but that's the case in
| both situations (3rd party and gov hosting). Of course,
| at least in France, the government isn't known for always
| making the best choices cost-wise...
| lolsal wrote:
| > Everyone deserves an e-mail address that cannot be taken away
| from them without a court order.
|
| Why?
| jackson1442 wrote:
| Things you have to use email for:
|
| * applying for jobs
|
| * getting covid tests/vaccines
|
| * buying virtually anything online
|
| * interacting with the government online (I needed to provide
| an email address to update my driver's license and vehicle
| registration)
|
| * opening a bank account
|
| * renting an apartment
|
| These are important things, so we might as well have some
| _guaranteed_ way to access these services. Especially because
| you need an email to interact with a lot of government
| services.
| derbOac wrote:
| This was the idea behind the USPS originally, if you read
| records about it's founding. It wasn't intended to be about
| physical mail, but about "transmission of information" or
| something like that. It's actually kind of striking.
| ajuc wrote:
| People already have accounts in national databases and there's
| a notification system using e-mail, sms and phone. Why not just
| manage the e-mail for them (and if they want - they can forward
| it to their private e-mail of choice).
| ejb999 wrote:
| Is there somehow a lack of affordable - and in many cases free
| - email options that we need a government solution to this?
| vital_beach wrote:
| arbitrary account shutdown is a known issue with free email.
| losing your gmail account without explanation and with no
| recourse can be an awful situation for anyone, especially for
| vulnerable populations. This leaves the options of forcing
| private orgs to maintain email addresses or have a gov email
| for every citizen, both of which have significant drawbacks.
| vladvasiliu wrote:
| I think the issue is that since email is more and more
| required to interact with the Government services, they
| should also provide a usable alternative. Why have your
| citizens rely on random foreign services from which they may
| be cut off because a bot somewhere is having a bad day?
|
| In France at least, many people (mostly the elderly) are
| having a hard time using computers and such. Some Government
| agencies have dedicated personnel to help them with filling
| in the forms and such on dedicated computers. It could
| probably be easier for them if they also provided email
| instead of relying on a third party provider. Grandma lost
| her password? No biggie. If she has her ID, we can reset it
| for her. Good luck getting any kind of support from Google /
| Yahoo in such a case.
|
| Of course, I will explicitly say that I would be very much
| against such a service being _compulsory_ for the people. I
| just think it should exist.
| sofixa wrote:
| The post office ( La Poste) offer free emails, so there
| already is a non-foreign not-exactly-for-profit free email
| service out there. Plus all the ISPs also offer emails ( by
| default, you get an email with your plan, and on some ISPs
| you can't refuse it), but honestly that's just a terrible
| idea.
| vladvasiliu wrote:
| Of course, ISP email is a horrible idea, and I think the
| government should actively discourage people from using
| those for their services.
| lmm wrote:
| Price isn't the issue, the issue is that marginalised people
| can be denied service outright. E.g. if you don't have a
| phone you can't sign up for many of those services. If you
| have an unusual name you may be rejected. And if you have
| unpopular political views you may be kicked off.
| jiggunjer wrote:
| Cost aside, a solution needs to be highly available. Third
| party services can not guarantee your email will be available
| for the duration of your lifespan.
|
| There is also the issue of data stewardship, (democratic)
| governments can ensure independent reviews and be held
| accountable for security breaches and data misuse. They could
| also be held liable for losses incurred by service defects.
| threatofrain wrote:
| Hopefully this citizens email also comes with severe rules for
| commercial mail or else it'll soon be flooded with junk.
| adolph wrote:
| Just like how the highly regulated phone system dealt with
| voice and SMS spam.
| threatofrain wrote:
| Email is already flooded. We don't need your metaphor.
| lordnacho wrote:
| But we also all need to eat and use a toilet to live. Those
| seem to be provided by the market to a reasonable degree. Email
| is also pretty cheap and there's at least some choice among
| providers, though of course far fewer that food types.
| cycomanic wrote:
| Your toilet example actually proves the point. Generally,
| water and wastewater services are not private (I know there's
| exceptions and most are going terribly wrong). So yes
| everyone's ability to use a toilet is somewhat government
| guaranteed.
| kortilla wrote:
| Not exceptions (in the US at least). 1/4 water are private
| and 1/2 sewer is private: https://en.wikipedia.org/wiki/Wat
| er_privatization_in_the_Uni...
| AndrewDavis wrote:
| I don't think this is a fair comparison. You can replace a
| toilet, arguably upgrade to a better one with little to no
| disadvantage.
|
| Taking away an email address someone has had and is their
| primary point of contact for years, possibly decades is
| irreplaceable. Being able to create a new one isn't equal to
| the old one.
|
| Not sure about elsewhere in the world, but even regular mail
| isn't that painful in my country. Pay a nominal fee to
| Australia post and you can have all mail addressed to you
| forwarded from your old to new address for N months (or
| years).
| lordnacho wrote:
| This is a good point. Maybe there should be a free
| forwarding rule.
|
| I noticed that Yahoo now charges to forward email from my
| old address, which I think is unreasonable.
| zekica wrote:
| The reason there are as many food types is that you pay for
| food, while most people (except corporations) don't pay for
| email. This makes it so investments in food production can be
| returned without waiting for network effect / vendor lock-in
| to reach a significant level.
| Karrot_Kream wrote:
| Yeah but the existence of toilets is mandated by code. The
| existence of email isn't regulated in any way. Requiring non-
| commercial (<-- which is doing a lot of work here) email
| addresses would cause a robust market to appear overnight.
| BlueTemplar wrote:
| Wait, what do you mean by "non-commercial" ?
| Karrot_Kream wrote:
| Government related
| naasking wrote:
| > Everyone deserves an e-mail address that cannot be taken away
| from them without a court order.
|
| Not even a court order, arguably. Internet access and it's
| essential services like email, is arguably a human right in
| developed countries. Almost impossible to find employment
| without it.
| encryptluks2 wrote:
| I don't think email is the issue here but it is DNS. Email
| relies on DNS and unfortunately government and ISPs have too
| much control to take your domain or have it blocked.
| jiggunjer wrote:
| Define internet services, or do you mean email service?
|
| There are many decisions that impact the usability and cost of
| the service. Some people need high volume sending or large
| mailbox storage. Do you punish people for sending spam? Do you
| filter spam, if so, how. Do people need public terminals to
| access the service? Etc.
| causi wrote:
| I'm not saying it should be free. Quite the opposite. It
| should charge the user per-e-mail on an at-cost basis. It's a
| utility, not a hand-out. Think post office.
|
| _Do you punish people for sending spam?_
|
| Only by making them pay for every mail they send.
|
| _Do you filter spam, if so, how._
|
| On the receiving end. A plugin system would let people choose
| to subscribe to updated blocklists and filtering rules, just
| like modern adblocking.
|
| _Do people need public terminals to access the service?_
|
| Same way it is now. The vast majority of people have their
| own smart devices, and for the ones who don't there's the
| public library.
| adolph wrote:
| > Quite the opposite. It should charge the user per-e-mail
| on an at-cost basis.
|
| When you write "charge" do you mean money? When you say "at
| cost" do you mean at the cost of the sender, receiver,
| both?
|
| If charge means money, isn't money just a transaction cost
| inefficient method of proving stake? Maybe a new SMTP would
| ask the sending server to perform some work on behalf of
| the reciever in order for the recover to accept it.
| jiggunjer wrote:
| I think if people had to pay per email, email wouldn't have
| become as big as it is. Especially since in your scenario
| compromised credentials could incur financial losses.
| Turning it into a paid utility would cripple it.
|
| For many people, email is synonymous with free digital
| communication. Ideally such an essential service should not
| discriminate against homeless people or people with
| disabilities.
| BlueTemplar wrote:
| Then we should first make sure that a computer and
| Internet access are luxuries rather than necessities.
| jiggunjer wrote:
| Since we're regressing, maybe make water and electricity
| luxuries too.
| causi wrote:
| _Turning it into a paid utility would cripple it._ I don
| 't think I've made it clear enough that this is a
| proposed _addition_ to the current ecosystem.
|
| _Especially since in your scenario compromised
| credentials could incur financial losses_
|
| Why would you be liable for that? An equivalent of the
| FDIC would work fine.
| qybaz wrote:
| In this day and age of censorship, I feel the same about web
| hosting. The American government should provide their citizens
| with a small space of hosting to share their thoughts.
| moffkalast wrote:
| I do hope that web 3 brings a DNS service that can be bought
| once and owned forever that nobody can tear even from your
| cold dead hands. I'm not holding my breath though.
| abacadaba wrote:
| unstoppabledomains.com?
| topranks wrote:
| If there is a problem that web3 and blockchain can't solve
| I've yet to hear about it.
| hnbad wrote:
| On the contrary, I'd say I haven't yet heard of a problem
| that web3 and blockchain can solve better than other
| technologies.
|
| There are a lot of problems for which you can create
| solutions that involve web3 and blockchain but that
| doesn't mean that technology is necessary nor sufficient
| to solve those problems, nor that it is the best solution
| (or a good solution, at least).
|
| Web3 and blockchain do solve a number of problems in the
| specific scenario that you want to collaborate within
| domains controlled by the blockchain with individuals you
| actively distrust, though. With the obvious caveats that
| you have to trust the blockchain itself (which both in
| PoS and PoW means trusting people with sufficient wealth
| to control large portions of the infrastructure) and that
| everything you want to do has to be within domains
| controlled by the blockchain (whether the actual problems
| within that domain benefit from this or not).
|
| So in a sense the question becomes how much you are
| willing to sacrifice to be able to solve that class of
| problems instead of redefining the problem so it doesn't
| require a blockchain.
| root_axis wrote:
| I'm pretty sure they were being sarcastic.
| ghoward wrote:
| I tried to design one, using a blockchain. [1]
|
| It had all sorts of nice properties, including some
| resilience against Sybil attacks.
|
| The problem was that, even with the ability to "forget"
| unneeded blocks, the storage requirement was simply out of
| reach for the regular person. [2]
|
| And because it's out of reach of the regular person, it
| will inevitably centralize around companies that do it for
| people. And we're back to where we started.
|
| So that's why I gave up on the idea.
|
| [1]: https://gavinhoward.com/2020/07/decentralizing-the-
| internet-...
|
| [2]: https://gavinhoward.com/2021/03/setting-aside-an-idea-
| decent...
| lolsal wrote:
| > The American government should provide their citizens with
| a small space of hosting to share their thoughts.
|
| ... why? What are you basing this on legally/morally other
| than your own want?
| qybaz wrote:
| You could ask yourself the same question about all the
| public infrastructure that exists. I mean why even have
| roads, legally or morally??
| lolsal wrote:
| Roads serve the public interest and have been legislated
| into existence at the federal level[1]. Your turn.
|
| [1] - https://history.house.gov/Records-and-
| Research/Listing/lfp_0...
| qybaz wrote:
| Were roads legislated before they existed?
|
| Did they serve the public interest (as in, did everybody
| benefit from them) when they were starting to get built?
|
| That's precisely what will happen with what I proposed.
| shukantpal wrote:
| Instead of being controlled by the government, maybe we should
| make it easier to setup a mail server for your domain?
| encryptluks2 wrote:
| Domains are still controlled by the government.
| shukantpal wrote:
| That's true, but the government is still further away from
| control; besides, web3 is bringing decentralized DNS (see
| Handshake Protocol) to fix that.
| encryptluks2 wrote:
| Until they make it easy to bridge decentralized DNS
| queries with regular DNS even on mobile phones (without
| using a middleman) but apps that run and do this for
| users, then no web3 is not bringing decentralized email.
| Also, email providers would need to bridge decentralized
| DNS and it is in their interests not to. So Gmail,
| Outlook, etc which most companies have migrated to will
| not support it.
| ekianjo wrote:
| Great idea on the paper but public goods management is often
| worse than what you find everywhere else.
| OtomotO wrote:
| Would it suffice (tech aside for a moment!) if you could
| migrate your email adress with you from one provider to the
| next?
|
| Like for phone numbers (at least here you can migrate the whole
| number, even with ndc)
|
| The state could give out an emailadress like a social security
| number and you just use that as an alias and can choose
| whatever provider you want.
|
| And for these emailadresses the providers would be obliged to
| take you. (Like for mandatory insurances. We have them where I
| live)
| akvadrako wrote:
| You already can do that. Just buy a domain name, like
| mySSN.us. You are free to point it at any email provider of
| your choosing.
| OtomotO wrote:
| I do that, but you're still at the whim of a corpo and have
| no real legal right to that domain/email adresses.
|
| Also it's kind of technical. Perfect for a nerd like me,
| but e.g. for my mum? Nope!
| dento wrote:
| Regional domain providers, i.e. .cc country code domains,
| usually give you legal rights to that domain as long as
| you pay the fees.
| severino wrote:
| Interesting. So if you want to have some kind of legal
| protection over your domain, the best bet is buying a .cc
| domain (from the country you currently live in, I
| suppose) but no chance when buying a .com, .org domain,
| right?
| mark-wagner wrote:
| Yes, and .is (Iceland) is pretty good. See
| https://slc.is/#The%20Best%20TLD%20is%20Not%20.com which
| somewhat summarizes https://www.eff.org/files/2017/08/02/
| domain_registry_whitepa...
| akvadrako wrote:
| Once you buy it you have a legal right to it.
|
| It is a bit technical, but that can be solved without
| involving the government. You just need the registrar and
| email providers to talk to each other with OAuth plus
| some DNS delegation protocol.
| dazc wrote:
| This would also require everyone to have an email client to
| handle their email address though. I believe this the reason
| most folks have a gmail/outlook account because it's easy to
| set up and operate, not just because it gives them a unique-ish
| address?
| jackson1442 wrote:
| Almost every computer and phone ships with an email client
| installed.
| mark_l_watson wrote:
| Good points made in the article. Siloed services like Slack, etc.
| do have an advantage that you don't get SPAM. I prefer E-mail and
| SMS person to person communication but there is the SPAM...
|
| Most people in my family and closest friends prefer SMS, even
| texting large image and video files (not really what the protocol
| was designed for, right?). Anyway, I tend to use what my people
| use.
| mikotodomo wrote:
| I think I have used email once I can't even remember what it was
| for. But I think the story is more true for SMS. If SMS was taken
| down, nobody could use their money or social media.
| nunez wrote:
| Let's hope that email remains a "simple" protocol (envelopes are
| plaintext with some encoding, transmission is simple enough to do
| over Telnet) instead of something more complicated whose
| standards are drafted and maintained by the FAANG cabal.
| arpa wrote:
| Protocols over something, i forget.
| lwhi wrote:
| I really hope that we end up moving back towards supporting open
| protocols.
|
| I was heartened (and a little surprised) that Jack Dorsey
| recently mentioned that the draconian control of the Twitter API
| was the worst thing Twitter had done [1].
|
| The corporatisation of the Internet, has undone a lot of the
| great work that had traditionally underpinned the network.
|
| It feels like the slow, laborious and fundamentally equitable
| nature of standards ratification in the open has been seen to be
| at odds with the OKRs of tech businesses.
|
| Businesses that sell and work with natural resources are starting
| to wake up to the idea that a degree of cooperation and inter-
| market regulation with peer companies can positively impact
| individual performance. Sustaining business is even more
| fundamental than making profit.
|
| In the same sense; open protocols can help to develop rich and
| sustainable markets that benefit the consumer; as well as those
| businesses that operate in within it.
|
| [1] https://www.revyuh.com/news/software/developers/twitters-
| fou...
| cblconfederate wrote:
| ways to monetize "open" are missing
| JohnWhigham wrote:
| _I was heartened (and a little surprised) that Jack Dorsey
| recently mentioned that the draconian control of the Twitter
| API was the worst thing Twitter had done [1]._
|
| I wasn't, because he didn't do jack shit to change it. We hear
| this bullshit all the time; big actors sound off about what was
| wrong at their previous places, but rarely did they do anything
| to upset the apple cart.
| jrm4 wrote:
| I'd say (and I think this happens _quite_ often, moreso in
| politics) it is at least possible you may be overestimating
| his power to do so, perhaps at least by the time he realized
| it?
|
| Twitter wasn't his github repo, it was his gazillion dollar
| company that has to answer to a lot of stakeholders.
|
| (That being said, no reason to not get on them about it.)
| gjvc wrote:
| _It feels like the slow, laborious and fundamentally equitable
| nature of standards ratification in the open has been seen to
| be at odds with the OKRs of tech businesses._
|
| At the risk of sounding like I'm trivialising this comment
| (with which I completely agree), this difference in behaviours
| has as its root the difference between a long- vs short-term
| mindset.
| magpi3 wrote:
| It really is about incentives. When the government and
| universities were the primary agents influencing the internet,
| open protocols were favored I presume because they incentivized
| the decentralization that the internet was created for.
|
| Now private corporations are the primary agents of change, and
| they are driven by very different incentives. When was the last
| time you heard of a company based around open protocols being
| valued at a billion dollars?
|
| And the money involved is just too great. I don't see how
| anything is going to change.
| lwhi wrote:
| I'm quietly confident that it will. Much in life seems to
| follow the movement of a pendulum.
|
| I appreciate how the tide turned, but societies appetite
| changes over time; and the fact is, open protocols are not
| anti-profit, or anti-business.
| networkimprov wrote:
| And yet none of those corporations has displaced email,
| despite the fact that it has become a universal cyberattack
| channel, with a stagnant UX that doesn't address most real-
| world use cases for email!
|
| I saw a need for a safer, better, decentralized protocol for
| email, so I drafted one (TMTP) and implemented client &
| server. More at:
|
| https://mnmnotmail.org/ & https://twitter.com/mnmnotmail
|
| Related protocol projects in development include:
|
| https://mathmesh.com/
|
| https://en.wikipedia.org/wiki/Dark_Mail_Alliance
| lwhi wrote:
| Looks interesting.
|
| If your draft didn't take off, what do you think the main
| reason would be?
| networkimprov wrote:
| At this early stage, I'd say the biggest obstacle is
| reaching a wide enough audience; I have no prior fame,
| and no PR budget yet.
| magpi3 wrote:
| > I saw a need for a safer, better, decentralized protocol
| for email, so I drafted one (TMTP) and implemented client &
| server.
|
| We definitely do, and then we need big, heavy corporate
| advocates for this new protocol. That second part is the
| rub. I would argue that every company embraced email early
| only because proprietary formats that locked customers into
| a platform weren't yet a thing. Now that they are, it is so
| much harder to propose that we all "just get along" with
| shared protocols.
|
| Your work looks very interesting and I applaud you for
| taking this on. I will take a look. I am not entirely
| pessimistic. Have you thought about building a company
| around it?
| dspillett wrote:
| _> Email is our only reliable communication method between
| different organizations._
|
| For certain definitions of "reliable"!
|
| (though reliably _available_ at least which can 't be said for
| anything else, no matter how reliable in other senses)
| cube00 wrote:
| Microsoft is chipping away at this by getting governments on to
| Outlook 365 on the basis that if all departments use it it'll be
| secure between them and can gain Top Secret certification.
| mdavis6890 wrote:
| I always have this feeling that email is flawed and due for a
| complete overhaul or replacement - and then I think about it a
| little harder and I realize that it's actually really good at
| it's intended purpose.
|
| Other than fiddling around the edges with security improvements,
| spam filtering, and a few other nice-to-haves, there's not really
| much that need improvement.
|
| Some features of email that are nice:
|
| - It's completely open standard
|
| - I can host it myself if I want, or not.
|
| - It is completely decentralized and roughly point-to-point,
| subject to email routers.
|
| - Other than getting an email address, no other 'linkage' or
| prepwork with that person is required.
|
| - My address is not tied to any other service, like a phone
| number. (in contrast to e.g. WhatsApp)
|
| - It supports unsolicited communication from unsolicited sources
| (e.g. marketing)
|
| - It's easy to ignore communication I don't care about. (e.g.
| marketing)
|
| - Non-people are supported, like group emails/aliases
| (support@...)
|
| - I can trivially attach files, subject to some practical
| constraints
|
| - Email can be handled by the recipient in a wide variety of ways
| using different client mechanisms.
|
| - I can front-end my email in a variety of ways, such as with a
| contact form.
|
| Those are just the few I can think of off the top of my head. I'm
| sure there are others.
| fghgg wrote:
| I think Matrix has got allt hat as well.
|
| And it has the security improvements and others as well (see
| features of e.g. Discord or WhatsApp).
|
| Anyways, I don't think I still use email for its intended
| purpose anyways. It mainly became something to tie accounts to
| and to 2fa
| mdavis6890 wrote:
| More:
|
| - It is designed well for medium-length content, say a few
| paragraphs or so per message.
|
| - It works well, and is mostly understood to be used for
| asynchronous communication.
|
| - Easily and usefully searchable.
|
| - Captures state/context well.
|
| - Threaded
| jjav wrote:
| Indeed. While one can complain about this or that little
| detail, email is by far the best communications mechanism on
| (or off) the Internet.
|
| The key part of course is that it is completely open and
| standardized. Nobody owns it. That is a lesson that we should
| learn, but is every time forgotten.
|
| No proprietary walled garden can ever come close to the
| usefulness of email precisely because email is open and
| standard. With proprietary systems it is inevitable users are
| subject to the whim of the owner. Might not be able to get
| accounts, or be arbitrarily banned, or have the app only
| available on limited platforms, etc.
|
| I've been using email since the late 80s and more importantly
| I've had the exact same email address since the mid 90s. It's
| been hosted by multiple providers and the last decade I've been
| hosting it myself. But always the same domain and address.
|
| No proprietary system can ever compete.
| riffic wrote:
| email, as ancient and flawed as it is, is a shining example of
| the Lindy effect in play - the future life expectancy of a
| technology or an idea is proportional to its current age.
|
| https://en.wikipedia.org/wiki/Lindy_effect
|
| Any replacement will have to keep the above in mind because
| there's no test like the test of time.
| high_5 wrote:
| > There are a huge variety of intra-organizational communication
| systems, to the point where pretty much every large enterprise
| provider seems to have one (Slack, Microsoft Teams, Discord, etc
| etc).
|
| That's why I find Delta Chat piggybacking on Push-IMAP such an
| interesting concept: https://delta.chat
| Demcox wrote:
| I like the idea alot. Too bad the app thorws errors left and
| right with Gmail and Live making it unuseable to me...
| rakoo wrote:
| The only issue I've had in my limited use is that a Deltachat
| email triggers a notification on the desktop before it is
| moved to a Deltachat-specific folder. The solution is to
| configure Sieve filters to do this upon reception, but just
| saying that we've lost all 99% of potential users
| jve wrote:
| I set it up with gmail (It offered Oauth login which I did)
| and tried to chat with my exchange. First ping-pong had 0
| errors on Android.
| darau1 wrote:
| I've also used it successfully with gmail, and others.
| jve wrote:
| Oh, wow, finally something I started to "dream" about 2 years
| ago. Thanks for pointing out.
|
| Here's my ASK HN: https://news.ycombinator.com/item?id=22854641
| feldrim wrote:
| Well, in Estonia, they have a different approach.
|
| 1. If you are a citizen or a resident, you get an ID card to use
| for every public service. It's just a smart card with a
| government PKI.
|
| 2. The public services provide an email account that can only be
| used within the e-government services. The card is used for
| accessing those services.
|
| 3. The email service accepts either identity number or registry
| number of the recipient. So the recipient can be a legal entity.
|
| 4. You can and almost always do provide a forwarding address, so
| that you don't need to check.
|
| 5. You can't use it for other purposes. No RFC defined email
| address is shared with you. And it's just an internal system for
| official issues.
|
| I've heard some countries issue mailboxes for citizens but I am
| not aware of the general use of these. Also, email services were
| designed to be decentralized but evolved into centralized
| systems, a current and unsolved problem. I am not sure about the
| privacy and security of government provided email services.
| AnthonyMouse wrote:
| > If you are a citizen or a resident, you get an ID card to use
| for every public service. It's just a smart card with a
| government PKI.
|
| This is the biggest flaw in the design. Tying the ID card to a
| single identity.
|
| If you're using it with a bank, it needs to be tied to your
| bank account. If you're using it for physical access control at
| your company's building, it needs to be tied to your employee
| account. These are different things, and _should_ be different
| things, for security.
|
| You don't want a single system for everything. It makes the
| incentive to break it stronger, so it gets broken more often.
| It makes the consequences of it getting broken larger, so the
| damage when it happens multiplies. And it gets integrated into
| everything, so the amount of time it takes to roll out fixes
| increases. It's a security nightmare, and it gets polynomially
| worse the bigger the country is that tries to do it that way.
| (For reference, the GDP of Estonia is less than one third the
| revenue of Costco.)
| rjzzleep wrote:
| > This is the biggest flaw in the design
|
| No, it's solid design. It's a very simple safe primitive. You
| can build endless infrastructure on top of it. Similar to
| subkeys.
|
| For example a lot of businesses use Smart-ID on top of that.
| You need to tie the smartid stuff to your PKI identity. But
| after that you can just use that as identity.
|
| https://www.smart-id.com/
| AnthonyMouse wrote:
| > It's a very simple safe primitive. You can build endless
| infrastructure on top of it.
|
| It has nothing to do with the primitive. Someone will find
| a flaw in the implementation, or human flaws in the
| bureaucracy that administers it.
|
| And building infrastructure on top of it _is_ the flaw.
| These things should all be independent of one another.
| rjzzleep wrote:
| The flaw right now is that you guys believe that all
| online identity needs to be decoupled from the online
| identity. There are a couple things you guys dismiss or
| don't think about:
|
| 1. Contrary to systems such as the German one this
| identity system actually has a working upgrade and
| revokation path. The German one was is assuming that it's
| safe by design and the identity being fixed. The German
| ID keys don't have a revokation system and they don't
| expire either.
|
| 2. The baltic system has expiry's on these private keys.
| They are authenticated against your physical government
| issued ID with background checks being done by the
| current existing police/interpol infrastructure.
|
| These private keys are not isolated from your identity.
| You receive them from government institutions that use
| the exist physical identity infrastructure.
|
| The problem with people here is that they want the
| digital identity to be completely self contained. I get
| that sentiment and I don't disagree with it, but it's a
| completely different goal from what is being solved here.
|
| This solves - in a much better fashion - what a lot of
| "crypto" fanatics want governments to use.
| feldrim wrote:
| By public services, I meant the public services provided by
| the state. For instance, health insurance, family doctor
| application, taxes, etc.
|
| Banks require your ID whether it's smart or not. But it's not
| for payment purposes but for authentication. And they are not
| state bodies, but private commercial entities. They are not
| part of the PKI ecosystem of the state.
| AnthonyMouse wrote:
| > By public services, I meant the public services provided
| by the state. For instance, health insurance, family doctor
| application, taxes, etc.
|
| It's not clear why any of these things should be tied
| together even when they're all provided by the government.
|
| You may have to identify yourself to your employer for
| taxes, but why should they get the identity used for your
| healthcare when it isn't any of their business? All it does
| is create the potential for that to leak. Or vice versa.
| Your tax returns are none of the business of the doctor you
| asked out, so these things should not be tied together in
| any way.
|
| And the only reason the bank wants your government
| identification is that they're required to by law.
| Otherwise banks would widely offer numbered accounts. Even
| then this should only require the identity used for taxes
| and not the one used for healthcare or military service or
| professional licensing, none of which is any business of
| the bank.
| mrweasel wrote:
| A question about number 4. By forwarding address, do you mean
| to a real email address? Denmark has a similar solution, but it
| can only be accessed via the website or a mobile application.
| The idea is that the content will almost always contain person
| information, so it shouldn't be allowed to be transmitted via
| an unencrypted channel.
|
| Side note: Denmark has a one time pad instead of a smartcard. A
| smart phone app has since been added, and the one time pad will
| be discontinued in about a year, sadly.
| feldrim wrote:
| I have been in Estonia for a few months and get my TRP
| recently. It's new to me. But I heard that it's the same.
| It's just a notification probably. Yet, the term "forwarding
| address" makes me think it can be something else. I did not
| get any email from there yet, so I don't know actually.
|
| The PKI thing includes a physical ID card, a software
| solution called Smart-ID and a mobile solutions called Mobile
| ID. The software solutions are just authenticator apps that
| you've matched with your ID.
| iofiiiiiiiii wrote:
| > that can only be used within the e-government services
|
| > You can't use it for other purposes. No RFC defined email
| address is shared with you
|
| This is not entirely true. You get both:
|
| * idcode@eesti.ee can only be used by government senders.
|
| * you also get first.last.uniqueid@eesti.ee which works as a
| regular email address.
| feldrim wrote:
| Oh, I didn't know that. That's new to me.
| GuB-42 wrote:
| But is it really email as we know it? It looks more like a
| private message system like you find in forums and social
| networks.
|
| In France, we are not as advanced as Estonia when it comes to
| e-government services, but we have an official identification
| system called "France connect", and government services have
| private messaging systems to communicate with them. And I think
| many countries have similar systems. The only difference seems
| to be that it is better integrated in Estonia.
| 01acheru wrote:
| In Italy we have a worse version of what you described.
|
| 1. An ID card you can use to access some services (carta di
| identita digitale)
|
| 2. Another card you can use to access healthcare related
| services and some other services (carta nazionale servizi)
|
| 3. SPID: your digital ID to access yet some other services, and
| also some of the above services. It is not released by the
| government but by other authorized entities such as banks, the
| national mail service and others. You need to pay a small fee
| for the verification, and sometimes an annual fee. There are
| different SPID levels but no one actually knows the difference
| between them.
|
| 4. PEC (posta elettronica certificata): a digitally signed
| email box you can use to send/receive documents, invoices, etc.
| or simply messages. Those are legally attributed to you and you
| can use it to talk to government agencies instead of sending
| registered paper mail. As SPID it is issued by an authorized
| third party.
|
| We also have some smartphone apps that work as a combination of
| the above, and need some of the above to work.
|
| As you can see it is a mess, a waste of tax money and we will
| need to waste more money in the future to make this mess work.
|
| Nice :)
|
| Edit: and by the way when you need something really important
| all the above are useless: you either need to start hopping
| from a public office to another (we have a lot of them) and/or
| go to a notary (a kind of medieval bureaucrat you pay a lot of
| money to sign and stamp sheets of paper)
| teekert wrote:
| In the Netherlands we do have an inbox from the government
| ("Berichteninbox" which is optional, the alternative is
| snailmail), it's coupled to the Digital ID system (DigiD), both
| are apps and webservices. You can use DigiD to access
| information on your pension, or healthcare insurance etc. The
| inbox can be (optionally) coupled to many government
| organizations and you receive information on taxes for example.
| I like the way it works, it works best if you have an Android
| or iOS system, but you can use it without (fully on the web).
|
| Btw, a nice insight into email is also that it is one of the
| very few systems that decouples protocol from provider (Matrix
| and xmpp do that too, not widely adopted sadly) AND also has
| critical adoption (which Whatsapp also has in my country, sadly
| we are stuck with Meta there). We should never give up email
| because we will likely never get an open and free system like
| that back without some kind of government intervention. (Even
| though we all know email is a sub-optimal pile of hacks.)
| Freak_NL wrote:
| Using Berichtenbox is a liability. Once you activate the
| thing, all sorts of (semi-)government communication goes
| there, but you can't forward it or download it via an open
| API. You have to use their smartphone app or webapp.
|
| The notifications you can set up to a normal email address
| invariably only say that institution X sent you a message,
| but never specify the topic. That means you have to login to
| see if it is actually important and actionable or just
| something you already knew or a confirmation of something you
| submitted.
|
| Even worse is this common scenario:
|
| * Get notification that X sent something to Berichtenbox
|
| * Login to Berichtenbox (first get mobile phone for required
| 2FA)
|
| * Message says new information is available in X's web portal
|
| * Login to X's web portal (mijn.somethingsomething.nl)
|
| * Read totally pointless message that could even have been
| sent in plain email
|
| Compare this to the postal flow:
|
| * Get letter, read it
|
| I think these days you can deactivate Berichtenbox and
| receive important information via post again, but this was
| not an option in the first year or so, so even experimenting
| with it was risky.
| teekert wrote:
| Yeah, it does seem pretty bad indeed, especially for older
| or less tech inclined people. What would be a better
| solution? Perhaps Estonia's system. I guess many countries
| are starting their own experiments, in 10 years we may know
| what works well and what doesn't.
| m4rtink wrote:
| The Czech similar system (Datova Schranka) is similar and
| _even worse_ :
|
| * email notifications are unreliable * messages are
| considered delivered a week after landing in your data box,
| regardless of you reading them * _old messages are
| automatically deleted after 90 days_ (!!!) unless you pay
| for an expensive and cumbersome archive addon service
|
| Especially point number three makes the whole thing quite
| dangerous, not just liability - you might get an important
| message/request from the state while on long vacation/loose
| the notification and it will self erase - mission
| impossible style! And you will only find out when you re in
| trouble for not doing something important later...
|
| Unless you plan to work with the data box daily and
| manually check the messages its really dangerous to use it.
| Vinnl wrote:
| Importantly, though, that inbox is not an email inbox. This
| is what the process might look like (i.e. I've been through
| this):
|
| 1. You can an email in your regular email stating that there
| is a new message in your Berichteninbox. (No clickable link,
| presumably to avoid phishing.)
|
| 2. You go to mijn.overheid.nl to access your Berichteninbox.
| You sign in with DigID.
|
| 3. You open the mentioned message, which says a PDF with the
| actual letter is attached.
|
| 4. You open the PDF.
|
| 5. The PDF says you'll be able to file your tax returns a
| month from now.
| teekert wrote:
| Yes, that is the process, it's pretty involved indeed,
| biometric auth and apps opening other apps on mobile makes
| it bearable. But indeed, if you look at the number of
| successive actions in such a seemingly simple thing, it's
| quite a lot.
|
| BTW, if said PDF contains an iDeal payment link, you can
| switch to yet another app (your banking app) and back
| (probably via website in between) and immediately pay
| things. Which is nice, but again watching over the shoulder
| of someone going through these actions it may seem that the
| phone is going crazy switching between apps :)
| JohnWhigham wrote:
| I could only wish the US had something like that. _Very_ few
| Congresspeople could even succinctly describe email to you, let
| alone express the need for a system like this. And even if they
| could introduce a bill, Big Tech lobbyists would _instantly_
| swoop in and proclaim the idea as a threat to national
| democracy, and instead try to steer the legislator to just
| hosting entire thing on their platform instead. I fucking hate
| our federal government.
| feldrim wrote:
| There are a few issues. First, Estonia is a small country and
| it's relatively easier. Second, there's no legacy solution to
| comply with when a new feature is developed. US has both
| federal and local government systems, and many agencies with
| their own services. That creates an overhead for a new and
| standard[1] solution.
|
| [1] https://xkcd.com/927/
| nottorp wrote:
| Serious question. Does this government smart card work on
| anything but Windows? Or you need to buy a windows machine to
| go with your free smart card?
| EvanAnderson wrote:
| I can't rightly say that I am able to navigate the maze of
| standards and acronyms associated with smart cards, but the
| OpenSC tools on Linux have worked for me with a couple
| different smart cards (Nitrokey HSM and Taglio PIVKey). There
| are quirks. The Taglio PIVKey can't load certificates using
| OpenSC, but I've always generated the certificates on the
| device anyway.
| nottorp wrote:
| Just because there is smart card software for Linux it
| doesn't mean it will work with $SOME_GOVERNMENT's
| interfaces.
|
| Ofc in this case feldrim above pointed us to the
| mac/linux/etc downloads so the estonian government has
| actually heard there are other platforms besides Windows.
| feldrim wrote:
| Exactly. They have also a Github organization for the
| e-ID software repos. https://github.com/open-eid
| EvanAnderson wrote:
| Presumably you'll be using it with a browser. I'm sorry
| that I didn't clarify that assumption in my first
| response.
|
| I don't know about Estonia in particular but I'm guessing
| "$SOME_GOVERNMENT's interfaces" for most places is going
| to be HTTPS.
|
| So, with that in mind, I've used a Nitrokey HSM and a
| Taglio PIVKey with Firefox on Linux using the OpenSC
| tools PKCS 11 module. I would suspect any smart card
| supported by OpenSC will work fine in Firefox.
|
| From my reading, OpenSC is being distributed by the
| government of Estonia, so I suspect using it in a browser
| that supports PKCS 11 modules compatible with OpenSC on a
| Linux PC would work fine.
| amaccuish wrote:
| Yes, I use the eID software on Linux all the time. It is
| based on OpenSC and the main stuff in the browser is all
| standardised. OpenSC is loaded as a plugin to say
| Firefox, and most of the authentication is standard TLS
| client cert stuff.
|
| The app is used for changing PINs and there's another one
| for signing documents.
|
| Signing in the browser uses a extension, code here
| https://github.com/open-eid/chrome-token-signing
| feldrim wrote:
| Well, their website[1] has downloads for Linux, Android and
| iOS. But personally, I did not use any of them.
|
| [1] https://www.id.ee/en/article/install-id-software/
| cycomanic wrote:
| I always discover how Estonia is really amazing for lots of
| technology things. AFAIK they are by quite a margin the most
| advanced country in Europe when in comes to egovernment
| services. Moreover my (admittedly outside) impression is that
| they often go for technologically sound solutions not the ones
| which some large lobby organisation pushed for. This is
| particularly remarkable considering how small the country is,
| and in stark contrast to the mess that is egovernment services
| in Germany the richest country in Europe.
| vnorilo wrote:
| Yep - Here in Finland, just over the bay in the north, the
| Estonian e-prescription system is often quoted as much
| leaner, meaner and more functional than our own borked
| attempt, at a fraction of the cost.
| jamespwilliams wrote:
| It's partially the result of the 2007 cyberattacks they
| endured. After that, they started taking cybersecurity very
| seriously.
|
| https://www.bbc.com/news/39655415
| zigman1 wrote:
| Their development of IT public infrastructure is a bit more
| complex. The first thing was the political situation in the
| 90's during the transition. As they wanted to go as far
| away from communism as possible, they sliced away all the
| political tradition and old politicians. A lot of young
| people got a chance in politics and public policy making.
| They somehow understood that investing in technology is the
| way to go. But the real starter was the Progertiger
| program, which brought computers to public schools. By
| 1999, almost all the schools were connected to the internet
| (about 98% of them and you have to understand that Estonia
| has a lot of countryside and forrests).
|
| [0] https://www.tandfonline.com/doi/abs/10.1080/09523987.20
| 20.17...
| pydry wrote:
| Their e voting system source code looked pretty bad.
|
| Quite apart from that, if they really took cyberattacks
| seriously theyd be voting with pen and paper.
| feldrim wrote:
| I haven't seen the code nor read about it. But I'll have
| a look at it after this comment. Thanks.
|
| The e-vote thing seems like an issue of reputation now. I
| don't think any politician would dare to change this. It
| would be possible only if a huge campaign involving a
| foreign interference becomes successful among the voters.
| anticodon wrote:
| Size of the country is also something to consider. Population
| of the whole Estonia is fewer than population of a single
| city in other country. Area of the Estonia is also minuscule.
|
| What works for a tiny state isn't always appropriate for a
| big state.
| FuriouslyAdrift wrote:
| Estonia is the founding member of the NATO Cooperative Cyber
| Defence Centre of Excellence... they've been at the forefront
| for a long time. https://ccdcoe.org/
| laurent92 wrote:
| But Estonia has vote by internet, which guarantees that it's
| possible to forge an election. Just this item brings them
| back to pre-democracy times.
| 101008 wrote:
| Estonia is the one that also provided digital citizenship,
| right?
| feldrim wrote:
| Not citizenship but residency, hence e-residency[1]. It
| actually means you can start a business here and pay your
| taxes here but you can be anywhere else in the world.
|
| [1] https://www.e-resident.gov.ee/
| smokeyfish wrote:
| Yes
| simongray wrote:
| If we are to believe the EU, they are #1 in digital public
| services and have a respectable place in overall
| digitalisation of society: https://ec.europa.eu/commission/pr
| esscorner/detail/en/ip_21_...
| fredley wrote:
| Probably because they're so small they're overlooked by the
| salespeople and lobbyists from the big corps. I imagine that
| helps a lot. In the UK there are plenty of smart people in
| Government who can and would build things in a sensible way
| (and sometimes they do!), but there are also legions of
| smooth talking salespeople who usually bend the ministers'
| ears more easily.
| toyg wrote:
| This is the right answer.
|
| If I'm Fujitsu or Accenture and I lose $BigCountryContract,
| it's a Big Deal and somebody is not going to get his fat
| bonus. If I lose Estonia, "Whatever, it was pennies
| anyway". Smaller orgs also don't have the sort of complex
| bespoke requirements that allow consulting firms to really
| entrench themselves.
| pibechorro wrote:
| Decentralization is the way forward
| danlugo92 wrote:
| Yep, we already have the most resilient, decentralized
| and safe public key infrastructure in place working in
| the real world for more than a decade now ;)
| pydry wrote:
| The self developed UK government online services tend to be
| pretty good (sometimes very good!). It's the stuff they
| outsource to government contractors whose CEOs play golf
| with government ministers that are universally terrible.
| tarkin2 wrote:
| This "playing golf with government minister" should be
| called out for what it is: a probable or possible bribe.
| It won't be money in a brown paper bag but the result
| will be the same. It's endemic. We like to think bribery
| and corruption happens to other countries but there's
| plenty of it in the UK: it's just higher up the totem
| pole and largely accepted.
| wholinator2 wrote:
| Agreed, though I've always had this thought: How do we
| know it's not money in a brown paper bag/briefcase. I
| mean, could they not transfer physical money as easily as
| they transfer words and secret deals. Golf courses are
| huge, golf carts can have large compartments and be
| loaded up directly from a car. I know the thought is,
| "well why would they do that, surely there's an easier
| alternative", but my point is that it's not would, it's
| could.
| wholinator2 wrote:
| And I guess my counterpoint is that could is a very very
| large potentially unusably large category of possible
| actions, and would is a much more tightly controlled set
| of realized actions we believe might happen again.
|
| But then would has the potential of misdirection. Your
| believed set of would's might be entirely separate from
| the realized would's of the individual. Could is wider
| but has less room for interpretation or propagandizing.
| Exactly my point in the above post: why wouldn't they be
| able to transfer money. My set of would's include those
| deliberate obvious actions, especially if all kinds of
| other things happen on golf courses. Anyways, I'm
| rambling, have a nice day. :)
| toyg wrote:
| _> How do we know it 's not money in a brown paper
| bag/briefcase_
|
| One of the problems is that some of these checks can only
| be performed much later.
|
| The most common currency of choice, for modern bribes, is
| the promise of a fat gig in the private sector when the
| political career ends. As the public demands younger and
| younger political classes, with lower and lower salaries,
| while maintaining an appetite for career-ending scandals
| and relatively short terms in office, it's inevitable
| that individuals will tend towards ensuring their future
| survival. Such promises need no paper trail, are trivial
| to keep, and are effectively invisible for years. When
| they're realized, it's typically too late to do anything
| about the original source of corruption, and the new guys
| in power have no incentive to cut that income source for
| them; in fact, they now know it works and are more likely
| to tap it for themselves.
| Sebb767 wrote:
| > As the public demands younger and younger political
| classes, with lower and lower salaries
|
| Looking into the US senate, I fail to see that trend. In
| the last presidential election, both candidates were
| older than my grandparents.
|
| Even in my country, seeing a really young person in a
| political position is very rare. They exist (if you
| define "young" as under 40), but they are rare. I don't
| think age worries are a factor at all.
| toyg wrote:
| My outlook is European. In the US the political career is
| indeed longer, because there are effectively more levels
| (EU Parliament and Commission are still largely
| considered a step down from national-level politics,
| silly as it might sound). But the selectiveness (only two
| senators per state, often lasting decades) makes it
| similarly treacherous at the mid-level.
|
| _> They exist (if you define "young" as under 40)_
|
| In political terms, at the (European) national level,
| "young" is typically under 50, and "old" is over 70.
| Acquiring reputation and solid power base takes time.
|
| Looking at the UK: Tony Blair was considered very young
| when he became PM at 44; Thatcher was 53, Major 57, Brown
| 56, and most of their predecessors were much older.
| Cameron was 43 but again May was 59 and Johnson 55.
| Backbenchers will typically enter Parliament around
| 35-40.
|
| In Italy you can basically add 10 to all those numbers;
| the current PM (or PdCM, for the purists) is 73.
| fisherjeff wrote:
| Senators are old but many of their staffers are young,
| underpaid, and, through their job, well-connected to
| industry. Perfect recipe for a revolving door.
| truffdog wrote:
| Their staff- who do the research and write the laws- are
| almost entirely under 30 though.
| Bud wrote:
| You're not paying attention to the salaries part, though.
|
| Look at the pay for members of the House and Senate, in
| real dollars, over the last 50 years. Also pay attention
| to how much stupid noise there is about how members of
| Congress are supposedly overpaid. The pay for _all US
| Senators combined_ (under $18M) is less than half of what
| LeBron James makes (over $41M) in salary alone in a year.
| spc476 wrote:
| But until relatively recently (2018 perhaps?) Congress
| was legally allowed to profit with insider trading
| (probably due to Article I, section 6, paragraph 1 of the
| Constitution).
| b3morales wrote:
| That's not a very informative comparison. LeBron James is
| a outlier's outlier in a sector that already has
| exceptional pay. Senators' salaries would more usefully
| be compared to the (upper) middle-class white-collar
| workforce that they would most likely occupy if they
| weren't in office.
| mbg721 wrote:
| In the US there's a huge disconnect between national and
| local political positions; the national politicians are
| largely 80 years old and have enough muscle from their
| party structure and the media to be essentially scandal-
| proof. The voters don't like that but can't really fix
| it; local politicians, who _are_ younger, see the big-
| time corruption in Washington and assume that 's how
| things get done, and all of a sudden you have things like
| a majority of Cincinnati city council being investigated
| by the FBI.
| mcdonje wrote:
| Same thing in the US. I always laugh whenever I see a
| list of corrupt countries and the US isn't near the top.
| Codifying bribery into law as lobbying and superpacs
| doesn't make it not bribery.
| marcosdumay wrote:
| That's because the US has a low amount of corruption on
| the positions that face the public.
|
| It's also because most of those lists are ordered by a
| "perception index", that is the kind of bullshit that
| increases if your government does an awareness program
| and if corruption fighting gets on the news.
| mcdonje wrote:
| So, ironically, corruption reduction efforts can raise a
| country's rank on such lists.
| jrgaston wrote:
| Spot on: "Codifying bribery into law as lobbying and
| superpacs doesn't make it not bribery"
| jve wrote:
| Good for our neighbors (And Hi!). Latvia is also advanced in
| regards to eservices :)
|
| We also get state issued ID card with PKI. We can access tons
| of services. Last I read I can buy a house, fully remotely.
| Including notary services via video call + all parties need
| to sign stuff with our ID card.
|
| We get health results via email as an encrypted pdf, where
| password is given at the time when I submit samples.
|
| Many business also use ID card to sign contracts between
| parties.
|
| Bank transactions involve Smart-ID, 2FA app that I have to
| authorize via ID card for remote setup for any new device.
| (It involves generating new certificates) Smart-ID is
| developed by Estonia and is very convenient, secure way to
| authorize payments.
|
| As of communication, no state issued email. However we
| usually get email notifications, for example from state tax
| service, that we should log in and read whatever we have to.
| feldrim wrote:
| The application allows Latvian ID card to be used in the
| Settings tab. So I learnt that it's applicable to your
| country too. I recently moved to Tallinn and just became a
| resident. The thing is they are capable of doing lots of
| things. And still, there are many things that can be
| improved.
| thejosh wrote:
| In Australia we have mygov, which is a bit of a mess.
| hestefisk wrote:
| Adding to that, even worse, each state are also implementing
| their own identity solutions. Take Service NSW which is an
| expensive front-end built on Salesforce, with its digital
| drivers license. Each platform has its own digital identity
| system, which is just waste of taxpayer money.
| cesarb wrote:
| That still has the same issue mentioned in the article: it
| works fine inside an organization (the organization being, in
| this case, the whole country), but not between different
| organizations. For instance, how would I, a Brazilian, send a
| message to someone using that system?
| EvanAnderson wrote:
| I still have a vague hope that the United States Postal Service
| could be "pivoted" into being a PKI provider and distribute
| physical tokens to citizens. They already have substantial
| procedures and infrastructure for verifying identity. There
| would be problems, to be sure, but I'd much rather get my
| ubiquitous PKI for citizens from the USPS than the banks or
| "tech giants".
| derbOac wrote:
| I'd like to see the USPS expanded to become a public /
| municipal ISP of sorts.
|
| If you read about the history of the institution, this is
| really what was intended in its constitutional incorporation.
| It really wasn't about physical mail per se, and you can't
| hold the founders accountable to something that was outside
| the realm of imagination at the time.
|
| There's all sorts of information-structural things that are
| in the bounds of the USPS per the intent of its creation.
| throwaway6734 wrote:
| It's a real shame the USPS didn't jump on email at the start
| and become an email provider
| rtourn wrote:
| They still can. A government doesn't have the need for
| first mover advantage because they have the power to make
| the official version. Also, the technology is very mature
| and best practices are better known. The userbase has been
| trained. And it's cheaper for them to do it now.
|
| Though an official united states citizen email address has
| its own pitfalls for abuse, scams, and fraud.
| jeffbee wrote:
| Nothing about their organization prepares them for doing
| this. Having 50000 branch offices and half a million
| employees is their superpower.
| nyokodo wrote:
| > I still have a vague hope that the United States Postal
| Service could be "pivoted" into being a PKI provider
|
| It's going to be an uphill battle or impossible as PKIs are
| too obscure for the average citizen to understand the
| benefits and any whiff of a federal ID card will be treated
| like the mark of the communist coup beast.
| aeternum wrote:
| This would be great for things like voting, but I think it
| could also be easily abused.
|
| Many services would want to use your PKI token as
| identification, we would likely give up a lot of privacy
| because of its existence/ease-of-use.
| leros wrote:
| Email is your proof of identity. It's absolutely critical.
|
| Anyone with your email can not only impersonate you, but gain
| access to many of your online accounts.
| encryptluks2 wrote:
| This is also why you should use aliases for each site you
| register for.
| anderspitman wrote:
| The ability to send messages is perhaps the less interesting role
| of email. I think maybe the real value comes from providing
| globally unique, federated identities. It's not perfect, but it's
| pretty dang good.
|
| If for no other reason, this is why no closed system will never
| supplant email. Even the biggest walled gardens like GOOG and FB
| bow to the power of email identities in the end, as the preferred
| (maybe even only) way to recover an account.
| badrabbit wrote:
| Please HN, let email die. it is unsecurable (universal) in
| transit or storage (mta's) and because of its reliability and
| universal adoption a ton of security depends on it like a very
| rotten and rusted link in a chain even a small child can break.
| It is an almost 4 decade old tech where any security you find for
| it is purely opportunistic.
|
| I am very concerned how people here are stating how good, simple
| and reliable it is. They are not wrong but so is IPv4 and the C
| language. Sentiment has no place in a building a secure and
| proper future technology.
| dqv wrote:
| I don't get it. I was waiting for you to say "in favor of..."
| but you never got to that part. Let email die in favor of what?
| What is the viable alternative?
|
| Not a single messaging app I've used comes close to email. And
| I can't use one messaging app, I have to have 6! I would be way
| more willing to move on from email if a solid viable
| alternative came along. XMPP, for example, is still too
| ephemeral and barely anyone uses it.
| badrabbit wrote:
| How can there be a replacement if we can't even acknowledge
| the problem. Did you see how many people disliked what I
| said? Should there be solutions awaiting people's recognition
| of the problem? I remember similar sentiment a decade ago
| when I was saying similar things about https.
| aero-glide2 wrote:
| I was suprised to learn WhatsApp uses XMPP. Would be nice if
| all popular chat applications are interoperable.
| BlueTemplar wrote:
| "Is based on" rather than "uses" - AFAIK they deliberately
| broke compatibility ?
|
| (Ditto with Facebook Messenger and at least one of the
| Google chats ?)
| pmlnr wrote:
| FB uses MQTT; Google chats, who knows.
| zaik wrote:
| I decided to delete all messaging apps except an email and an
| XMPP client (Internet Standards instead of proprietary
| protocols). 90% of my messages are to relatively few people
| (close friends or family members). For an acceptable
| messaging experience you just need to get those people on
| XMPP. The other 10% can still reach me via email or SMS.
| diegocg wrote:
| And your suggested replacement is...?
|
| You seem to have missed the point of the article. Email is a
| necessity - there is no alternative.
| fghgg wrote:
| Matrix?
|
| But good luck moving people off email
| cycomanic wrote:
| Yes email is old and has lots of issues, it is still by a large
| margin the best we have. Name one protocol/program/service that
| comes anywhere close in its usefulness.
| badrabbit wrote:
| Sort of my point. It is shit but it is neccesary, any
| replacement is predicated on popular acceptance of the
| problem.
| heresie-dabord wrote:
| I agree with the parent.
|
| E-mail is grotesquely expensive to manage because of its
| weaknesses and its use as a vector of attack.
|
| The best replacement solution is an organisational portal that
| people use to communicate with the organisation and
| upload/download documents. Some governments and banks have
| already been handling interactions with external entities and
| citizens/customers this way for years.
|
| The upload and download tunnel is secure, the receiver can scan
| the uploaded information (detonate in a sandbox if necessary),
| and the sender can trust the messages and documents that are
| downloaded.
| ThePhysicist wrote:
| E-Mail is one of the last remaining federated systems on the
| Internet, but I doubt it will survive long as the large players
| slowly sabotage it. I think already more than 90 % of all e-mails
| are delivered by three or four large companies, which is a trend
| that will continue.
| bullen wrote:
| They have been trying to sabotage it for two decades, they
| can't because it is distributed.
|
| Just like HTTP/1.1 can't be deprecated because too much
| infrastructure depends on it.
|
| These protocols are simple and as complexity fails we all need
| to go back to them!
| ThePhysicist wrote:
| But HTTP is client/server whereas e-mail is server/server (or
| client/server/server/client). Small independent server
| operators are at the mercy of the large companies as those
| can just stop processing their e-mails (which they already
| often do). That's different for HTTP (though gatekeeping
| happens there too via discoverability and other mechanisms).
| bullen wrote:
| Both HTTP and SMTP are client/server because you cannot
| read SMTP without a "client"... The crucial part of these
| protocols are simple text that use DNS for distributing the
| connecting.
|
| HTTP can be used for server to server too... and I
| recommend it.
|
| So to repeat you need to implement HTTP, SMTP and DNS in
| you server software so that you can self host all 3 on your
| own hardware.
|
| This means asking your fiber ISP to open all ports (25, 53,
| 80) and give you a static IP!
|
| DNS is centralized for now... but eventually it wont be.
| ThePhysicist wrote:
| I'm not saying you can't do it, I'm saying it won't help
| you because nobody will want to "play" with you. Open
| protocols mean nothing if the playing field is not level
| and the big guys can just bully around smaller players in
| whichever way they wont. That's not a problem that can be
| solved by technology (IMHO).
| bullen wrote:
| I have my own domains and people play with me all the
| time?
|
| The big players are going to get pretty mean when
| electricity costs rise.
|
| So the playing field will level by itself.
|
| I use Raspberry 2/4 in my home cloud that I can keep
| powered through a 48 hour power failure.
|
| There is no economic power, there is only energy (coal,
| oil and gas that is turned into electricity (the grid,
| wind, solar and hydro requires hydrocarbons to
| make/sustain)); the way to compete is to lower your
| energy costs by making better systems.
| layer8 wrote:
| A lot of businesses host their own email, if not on Linux then
| using Microsoft Exchange (see e.g. [1]). While that is being
| somewhat decreased by the cloud trend, I don't see it going
| away, as those businesses generally like keeping their
| independence.
|
| [1] https://news.ycombinator.com/item?id=26362178
| nunez wrote:
| I don't think email is as decentralized and federated as it used
| to be.
|
| In theory, email is a service that is simple enough for anyone to
| run themselves. Most Linux distros come with sendmail, so
| theoretically it should be as easy as reading the manual and
| exposing some ports. Spam is performed server side both at the
| origin and at the destination to mitigate bad actors, and because
| email is simple, there should be no shortage of clients to choose
| from.
|
| In reality, 1/4 of all email users globally are on Gmail. Apple
| Mail is the most popular mail client followed by Outlook, then
| Gmail. SMTP and IMAP are theoretically simple, but the bellwether
| providers use APIs on top of these protocols that have added some
| functionality at the expense of restricting the proliferation of
| email clients. Many large companies that used to run their own
| email (through Exchange, Zimbra, etc) are moving to hosted Office
| 365 or Google Workspace. One major AWS-scale outage in Gmail or
| Azure will incite (and has caused) serious panic and disruption
| (which is great for SREs like me since we'll continue to get paid
| serious money to keep all this stuff running while maintaining a
| healthy work-life balance, but I digress).
|
| Furthermore, one doesn't simply "stand up" their own email server
| unless they don't care about landing in people's spam folders.
|
| Additionally, many companies outside of the US _do_ use WhatsApp
| (Facebook) for official communication. I'd posit that this trend
| is only accelerating.
|
| I agree that email is fundamental technology, but I can see a
| future where it disappears in favor of something like federated
| Slack (or, worse, instant messaging centralized and controlled by
| the FAANG cabal with insurmountable cost-of-entry). Given the
| suppression of "free speech" on Twitter et al during peak
| COVID/peak insurrection (for valid reasons), this is slightly
| worrying.
| layer8 wrote:
| The thing is, you can have your email address(es) under your
| own domain, and change mail hosting providers while keeping
| your email address(es). It's true that too few people are doing
| that.
|
| Apart from that, email is not going anywhere (not going away)
| anytime soon as the standard medium for B2B communication. And
| in B2C communication as well, an email address is the one
| baseline you can count on everyone having. I don't see that
| being replaced by anything proprietary either.
| zaphar wrote:
| Email's federation is an escape hatch. It's presence means that
| I can go to any provider I want to if I'm dissatisfied with my
| current provider. I can even run my own as a last resort. (Or
| first resort if that's your preferred mode of operation). Until
| that escape hatch disappears, which is unlikely, I will always
| have choice of providers.
|
| I don't have whatsapp, or discord for that matter. I have slack
| for work but I don't use it externally. I will probably never
| have those systems for my personal communication which means
| that if a company wants to communicate to me they are going to
| have to use email, full stop. I think there is a large barrier
| to email ever going away. Removing it from the market would
| require coordination that most companies and providers will
| probably never want to engage in. It's a lowest common
| denominator that all of them will want to support to avoid
| their users getting silo'd into a system that is not theirs.
| wombatmobile wrote:
| > Email is our only reliable communication method between
| different organizations.
|
| Actually, that's snail mail.
| lrem wrote:
| Snail mail to my work address has about nine months average
| latency these days.
| SargeDebian wrote:
| I think you'll find it hard to send me a physical mail through
| my employer. Especially with the office in lockdown it may not
| be read for weeks.
| zekica wrote:
| The biggest blunder for me is that there were usable
| decentralized communication options before that were popular, but
| because of trying to monetize user's data FAANG started to
| tighten their grip on any decentralized solution, and I think
| they succeeded. They are already trying do to email the same
| thing they did to XMPP and RSS.
| cpach wrote:
| I'm not convinced that XMPP is actually such a great protocol.
| (I used it for many years.)
| lrem wrote:
| It's objectively awful... But when you step back a tiny bit,
| that doesn't matter. What matters is the inter-organizational
| community it achieved. If these organizations wanted to
| continue, they could come up with a negotiation technique
| like in http - both ends can use whatever fancy thing they
| both support, but fall back unto riding dinosaurs if that's
| the only thing that works.
| rakoo wrote:
| I often swing between longing for a federated protocol that
| can be managed by technical people and used by everyone, like
| XMPP, and something more P2P to reduce centralization and
| allow everyone to instantly "open an account" with no need
| for technical skills, but that still needs some kind of
| relays for asynchronous communication, like ssb. None are
| technically perfect (although I really like the simplicity
| and extensibility of XMPP) but in the end what matters is not
| that: it's about how the protocols are used, how they allow
| all of us to communicate, how they give more power to those
| who aren't already using the internet to exchange
| information. And that is not a technical problem
| twobitshifter wrote:
| Do we know how great the centralized protocols are?
| cpach wrote:
| AFAICT there's no better secure IM protocol than Signal's.
| hansel_der wrote:
| email likewise lives on "not so great" protocols.
|
| "perfect is the enemy of good"
| pjmlp wrote:
| Before Internet we had centralized networking, BBS, Compserve,
| and similar online services accessed point to point via modem
| services.
|
| What is old is new again.
| peoplefromibiza wrote:
| That's only because running TCP/IP over a 1200 bits per
| seconds connection was close to impossible, but Fidonet had >
| 40 thousands nodes connect by 1990, so decentralization was
| already a thing back then.
|
| When modems became fast enough to handle a TCP/IP connection
| it was ~1994 and by then Internet was already (relatively)
| cheap and available.
| nsonha wrote:
| if this was twitter I would've commented with that meme of Newman
| from Seinfeld
| [deleted]
| bullen wrote:
| I'm going to build my instant messaging on top of SMTP adding a
| list of allowed "from" addresses.
|
| SMTP will prevail and at some point all the messaging will be
| done over it just like HTTP/1.1...
| encryptluks2 wrote:
| I'd suggest everyone setup a custom domain with SimpleLogin and
| start using aliases for every site. Also, use isync and
| goimapnotify to backup your email automatically. Then if Google
| or some other company shuts you out of your hosted email you can
| easily get back up on a new provider and not need to change your
| email address which almost every site you register on now
| requires.
| hprotagonist wrote:
| If nothing else, the freenode/libera hard fork showed that IRC is
| not only a federated protocol, it's one that is relatively easy
| to pick up and move!
| Arathorn wrote:
| > As j. b. crawford notes, the prospect for another federated,
| Internet wide communication system seem very remote at this point
| in time, so email is it.
|
| I really don't think this is true, and is defeatist at best. SIP
| and XMPP both had a good shot at creating a federated Internet-
| wide communication system, and we are doing our best to build one
| with Matrix or die trying.
| upofadown wrote:
| A short message instant messaging system can not replace a long
| message offline capable system like email. They are
| fundamentally different things.
|
| The achievable security is significantly higher for an offline
| capable medium for example:
|
| * https://articles.59.ca/doku.php?id=em:emailvsim
|
| It is clear to me at least that we are stuck with at least 2
| problems here. I have wondered if you could at least generalize
| the two modes in a way that would allow you to have one client
| and let the user decide.
| rakoo wrote:
| Both Matrix and XMPP can be used as instant messengers _and_
| asynchronous long-form messengers. They both have
| asynchronous encryption, and have had it for years now.
| zaik wrote:
| What's wrong with XMPP except Google decided to shut their
| instance down?
| MattJ100 wrote:
| Nothing. XMPP has an active community, mature servers for
| every kind of deployment, and many clients under active
| development for a range of platforms.
|
| My personal focus within the community these days is with
| improving the ecosystem UX through initiatives like
| https://docs.modernxmpp.org/
|
| You can follow XMPP development via the community newsletter
| (email or RSS): https://xmpp.org/newsletter/
| sneak wrote:
| Matrix is crap, though, and doesn't solve any new problems.
___________________________________________________________________
(page generated 2021-12-29 23:02 UTC)