On 15/11/15 07:40, grarpamp wrote:
On Sat, Nov 14, 2015 at 5:17 AM, oshwm <oshwm@openmailbox.org> wrote:
Ok, how about this then...
Your idea on your blog is pretty cool but I think there is an even simpler way to handle this.
When you sign up for a new mail account, the mail provider...
... is still the weakest link. Anyone can design a scheme where users can turn the net black with encrypted email bodies. However these days, and really since day one, it has been known that email bodies are only half the problem in the full threat model. The other half is metadata. And now with them pushing code to you, it's become even worse.
So please stop talking about what you're going to bolt on to fix traditional centralised email services. They cannot be fixed, ever.
And start talking about what you're going to build to replace them. Or testing and contributing to development of proposed replacements.
Pride of owning yet another commercial central service is a tired old bitch. Pride of dropping a true anonymous encrypted p2p protocol that scales and reaches adoption... now that's priceless. Regarding some of the elements in the latter, Bram's Bittorrent made it, Satoshi's Bitcoin is doing quite well, as are things like I2P, many to list. You could be next with more...
I think we need to decide what we're trying to fix first. People were talking about GPG being difficult to use and so adoption is poor. What I suggested fixes the GPG is difficult issue - which ppl were accusing me of straw-manning and instead I should do something positive. So I did, I gave you the answer to GPG is hard. If you want to fix the lack of privacy with email as a whole then as I said a few emails back, a new protocol is required. Decentralisation is good. Some sort of mix network is good. I've heard people mention Pond as an alternative to email which I have no experience of but might be worth more investigation.