Pride and Legacy Thinking is a Tired Old Bitch
On Sat, Nov 14, 2015 at 5:17 AM, oshwm <oshwm@openmailbox.org> wrote:
Ok, how about this then...
Your idea on your blog is pretty cool but I think there is an even simpler way to handle this.
When you sign up for a new mail account, the mail provider...
... is still the weakest link. Anyone can design a scheme where users can turn the net black with encrypted email bodies. However these days, and really since day one, it has been known that email bodies are only half the problem in the full threat model. The other half is metadata. And now with them pushing code to you, it's become even worse. So please stop talking about what you're going to bolt on to fix traditional centralised email services. They cannot be fixed, ever. And start talking about what you're going to build to replace them. Or testing and contributing to development of proposed replacements. Pride of owning yet another commercial central service is a tired old bitch. Pride of dropping a true anonymous encrypted p2p protocol that scales and reaches adoption... now that's priceless. Regarding some of the elements in the latter, Bram's Bittorrent made it, Satoshi's Bitcoin is doing quite well, as are things like I2P, many to list. You could be next with more...
On 15/11/15 07:40, grarpamp wrote:
On Sat, Nov 14, 2015 at 5:17 AM, oshwm <oshwm@openmailbox.org> wrote:
Ok, how about this then...
Your idea on your blog is pretty cool but I think there is an even simpler way to handle this.
When you sign up for a new mail account, the mail provider...
... is still the weakest link. Anyone can design a scheme where users can turn the net black with encrypted email bodies. However these days, and really since day one, it has been known that email bodies are only half the problem in the full threat model. The other half is metadata. And now with them pushing code to you, it's become even worse.
So please stop talking about what you're going to bolt on to fix traditional centralised email services. They cannot be fixed, ever.
And start talking about what you're going to build to replace them. Or testing and contributing to development of proposed replacements.
Pride of owning yet another commercial central service is a tired old bitch. Pride of dropping a true anonymous encrypted p2p protocol that scales and reaches adoption... now that's priceless. Regarding some of the elements in the latter, Bram's Bittorrent made it, Satoshi's Bitcoin is doing quite well, as are things like I2P, many to list. You could be next with more...
I think we need to decide what we're trying to fix first. People were talking about GPG being difficult to use and so adoption is poor. What I suggested fixes the GPG is difficult issue - which ppl were accusing me of straw-manning and instead I should do something positive. So I did, I gave you the answer to GPG is hard. If you want to fix the lack of privacy with email as a whole then as I said a few emails back, a new protocol is required. Decentralisation is good. Some sort of mix network is good. I've heard people mention Pond as an alternative to email which I have no experience of but might be worth more investigation.
On Sun, Nov 15, 2015 at 4:06 AM, oshwm <oshwm@openmailbox.org> wrote: You rightly and smoothly integrated crypto into every existing app so that people can use crypto. As with my Apple comment, that's respectable, I believe smooth integration is possible such that it ends up being used without much thought. So that's cool, and attaiinable. But note the fatal error: "into every *existing* app". There is no practical threat against crypto itself. However we have serious threats to the privacy once thought achievable with crypto alone... rooted in the protocols and centralization of every *existing* app. So privacy is now unsolvable with them still in the picture, no matter what crypto you throw at it or how you throw it. And if you integrate crypto into them as they exist today, you become fucked forever [1]... because you've just now given sheep the crypto they subliminally want in the back of their head, and thus to them the problem is solved. But we know it's not. It doesn't cover metadata nor misplace of trust in central authority. I say you must say fuck the current apps and hold out the crypto integration for better replacements that address those issues as well. Otherwise it's still a soggy sandwich. The question is perhaps, central or decentral. I believe that with the right approach,cpunks can make decentral a mass market win. [1] As in: "Now that we have IPv6, it's going to last a hell of a long time."
participants (2)
-
grarpamp -
oshwm