It is so hard to get an email address without providing an email or SMS verification. Like 9/10 on the internet difficulty scale.
Any site that lets you receive email for example by generating a random inbox seems to be blocked by the more full-featured ones that let you send email. I’ve spent the last week trying to get an email address doing lots of searches and trying to signup for any email address at all without success.
This makes sense if you understand that bots cause problems universally but at the same time the personal information strategy isn’t working. Spammers have no problem getting email accounts and every other kind of account. It’s the honest person who won’t go to the dark side and pay for stolen accounts that is in the worst shape.
Maybe you want to setup your own mail server? Ther you need a domain name and registars want even more information. Many of them give you privacy on your domain records, but this is no defense from the surveillance state.
If as said in the sidebar mass surveillance is about mass control, and not justice, then email is an extremely important technology to start supporting for privacy and freedom.
Spam and abuse are problems to be sure but there must be other ways to solve them than by providing information that links back to the real world.
Now what can we do about it?
email is an extremely important technology to start supporting for privacy and freedom
No: email, even when encrypted, leaks plenty of metadata. From a privacy perspective it has been a lost cause for decades. We need new protocols.
I think tox might be a good fit.
Are there even any candidates at the moment? What would a next gen email look like, one that didn’t leak metadata?
Matrix is the successor to email. Open spec, encryption-first design, federated, much easier to self host and possibly p2p in the future.
It leaks plenty of metadata. Also it’s hardly easy to self-host.
How do you avoid leaking metadata to your server in a federated system?
By using onion routing to connect to it, as Briar does. Also by not having a server at all, again as Briar does.
Briar’s server is the app itself, all federation metadata concerns also apply to p2p federation. Your briar app leaks metadata to every other device it talks with.
I don’t think that is true. Matrix could be the successor to mailing lists, as it has interesting properties (anti-censorship, consensus-building) for that usecase. But so far matrix implementations are too reliant on huge databases to become practical… I hope the situation continues to improve in the coming years.
Does the matrix protocol even enable an inbox-message-delivery type of communication similar to email, or is it all about room synchronisation?
At least with the current clients even a 1to1 chat is a room state synchronised across the involved servers, and doesn’t lend itself to managing messages in an inbox very well.
Its even better than email in that regard, you have to accept a message request before they can spam you. And it looks really no different from email, with a list of conversations being equivalent to your inbox.
Link please, most of the search results for that don’t seem to be what you’re referring to.
And isn’t there a way to sign into things with Matrix? Like OAuth? I thought I heard of that somewhere.
No matrix has its own auth system for signing into it. But more importantly they have bridges that can connect matrix rooms to other services, like IRC, xmpp, etc.
Briar is a good example.
Whether fit for purpose working receive email addresses are a requirement to obtain many services. I should be more precise though, if we are creating services that we want to be usable with privacy, then we should not support email as a requirement for use. Since the case is that many services do require email, I mean to focus here on supporting this anonymous email facility.
I know this isn’t super helpful in answering your question, but it would be nice if we didn’t need to rely on technology like email for account creation at all. The domain name provider njalla allows for account creation using an XMPP address, and the VPN provider mullvad generates a random string of numbers as your username. If only the rest of the web followed suit.
Right. It’s not just about the question but looking a little deeper to get to what it means to have a free culture. What’s required. What would be done differently. This was just a specific challenge that made sense to step back a little from. If there’s a principle it should be honesty about why identifying information is required and looking for alternatives.
Protonmail doesn’t require an email or phone number. It just requiers your IP address for sign up
Hosting your own receive only email is not so difficult, so you can use that for signing up on all sorts of services and forward messages to a XMPP address that looks the same.
When people complain that you never reply, just tell them to contact you through xmpp ;)
See table “Email Hosting market share table” https://www.datanyze.com/market-share/email-hosting--23
Google has 34% market share, Microsoft has 30%, GoDaddy has 15%, and the other 6 providers on that top 10 list are all under 3% each. 3 private, for-profit corporations handle 79% of all email.
If you want to re-decentralize email, and the web overall, you have to figure out what to do about the increasing concentration of Internet infra into an ever-smaller number of hands. I’m guessing there is not a technical solution to this.
I’m guessing there is not a technical solution to this
We need dead simple turn key solutions for self hosted services. Simple as setting up a wifi router or some other consumer focused device.
We need dead simple turn key solutions for self hosted services.
Does anyone have experience with FreedomBox? (https://freedombox.org/)
It looks very interesting…
Users get to use networks on terms dictated by their ISP’s. My ISP blocks self-hosted email. They did so because it was not in their interest – spammers were using the functionality to run spam ops. They still allow for self-hosting, but as self-hosting becomes more popular, ISPs’ residential networks are going to become a security minefield and an increasing liability. They will tighten the screws on what people are allowed to self-host and how, or they’ll just make it painful to impossible.
You could do a “self-hosted” turnkey email VPS, I guess, but then the users have to rent and spin up VPS’s.
