I don’t think people could have predicted how big of a need privacy and security would be on the internet or that the western world would so quickly embrace fascism / authoritarianism after barely a generation has past since WWII

Hi. Nice write up. Throwing in my two cents.

I would not kill e-mail, only because it is still one of the few distributed messaging protocols out there which is common. I agree with you about the privacy and security issues - and I think about email as a fully public medium (think public mailing lists and so on). Totally unsuitable for second factor and private (1-1) communication though.

Sadly the only way this will change is if more services accept truly decentralized authentication AND they ALSO can implement moderation and spam control that can work with this. So for those of us on the technical side this means contributing for open source projects (e.g. lemmy, etc) with:

1. authentication back ends for TLS client certificates (if gemini can do it why can’t HTTP? browsers used to support this)
2. good moderation tools to prevent abuse that can work with such authentications - this means avoiding storing state on the service for a “sign up”; it can also mean implementing proof of patience/work e.g. a long time ago there was this for HTTP https://datatracker.ietf.org/doc/html/draft-sporny-http-proofs-01

Getting these two things right is hard work. You have implement somewhat annoying things in your interface like 1) your account only becomes active after X time or after approval 2) proof of work or rate limiting of posts, etc. But ultimately this already happens anyway in current systems, it is just opaque (and based on your IP/email/phone).

On another front, communicating privacy compromises about these things is really hard, imagine drawing a big fluxogram with a rule set for someone to follow

1. talking loudly in public -> e-mail/
2. … (insert your chat medium here - with analogy)
3. for really private conversations 1-1 -> SimpleX
4. everything else is rubbish and we have no idea what they do, assume someone is reading over your shoulder

I think there is one thing that we systematically get wrong - we continue to create tools that do both direct messaging (1-1) and large groups which causes people’s expectations of privacy to be wrong (e.g. end to end encrypted means nothing in a group chat w/ 1000 people and public access).

Finally for fun and laughs, try saying no when someone asks for your email/phone - behave like you have neither. Malicious compliance works wonders with this, give them their number as your number.

PS: I am going to steal this quote of yours “imagine paying to have your privacy disrespected” about phones. Hell I’m making t-shirts and stickers.

Technically any digital solution that allows anyone on the internet to send you data is a suitable replacement for e-mail.

Simple examples: sending a POST HTTP request to a given http or https URL; making a TCP connection to a given endpoint, sending the data then close the connection; making a TLS connection to a given domain and port, and send the data, etc.

The message format would be the same MIME stuff that e-mail uses, and the extensions that allow signatures and encryption.

Then the client that can send the messages would need to support at least the most common schemes, support should be able to be added to it using plugins.

A meta protocol should be made that allow clients to communicate with different solutions. Using an URI would be a good idea to identify the different protocols. Using the examples above the http post would use http: or https: URI scheme. The plain TCP one would use tcp: scheme. Plain TLS one would use tls: scheme, etc. If you want anonymity you would then use an .onion domain in the URI, or .i2p or something.

I’ve talked about this many times, but even technical people don’t seem to understand the point because EmAiL JuSt WoRks (except it doesn’t, due to deliverability issues and IP reputation). The point is that you would have total freedom to decide where and how you wish to set up your digital postbox (a postbox, not an account at a platform or in an app!).

The above method can be used to allow people who use different protocols to communicate.

If Alice decides to use a HTTPS post form, while Bob decides to use plain TLS. Alice can then use plain TLS to send message to Bob. But then Bob can post to Alice’s https form to respond. They can do so because the client they use knows what to do based on the URI. Alice’s URI would be a https one, Bob’s would be a tls one.

This seems to be unthinkable in all of the current messaging systems that require all users to use the very same protocol and even require users to have account on the same platform with the same provider.

Don’t kill emails. They’re the only way of cross-platform communication that we have remaining

I couldn’t keep reading this. Too detached from reality. Email is as secure as you should expect it to be, and it serves an important function. I assume you have no real workable alternative in mind.

Emails aren’t good. They’re still miles better than any of the alternatives.

New idea: TCP/IP is way too old and was never made to be secure(especially with ARP and DNS) so we need to kill them. We should definitely use Reticulum instead and use its LXMF to send messages and cryptographic identities to login to services.

Good luck getting people to change :)

I use mail accounts and a phone number like abybody else (Proton, Tuta, Murena) and Iknow that the mail direction is an unique identifier which can be tracked, exept if you usean alias. Because of this I avoid as much possible services or apps which need an account (the worse are those which say “Log in with Google or Facebook”). Naturally better are those which creat an user ID instead of an accoun and the best which don’t need an account an can be used anonym. Anyway the Q-Day is near, when any privacy measures and anything else are going to hell.

Q-Day refers to the moment when quantum computers become powerful enough to break current encryption methods, particularly RSA encryption that secures much of today’s internet communications^[1].

Recent estimates from cybersecurity experts suggest a one-in-three chance that Q-Day will occur before 2035^[1:1]. The Global Risk Institute’s latest assessment indicates a 15% chance it has already happened in secret^[1:2].

Major implications of Q-Day include:

• Vulnerability of encrypted data including emails, financial transactions, medical records, and military communications^[1:3]
• “Harvest now, decrypt later” attacks where nation-states collect encrypted data to decode once quantum computing capabilities mature^[1:4]
• Risk to critical infrastructure like power grids, military systems, and financial networks^[1:5]

Some companies have begun implementing quantum-resistant security measures:

• Apple introduced its PQ3 protocol in March 2024 for iMessage^[2]
• Signal has integrated quantum-resistant algorithms into its messaging platform^[2:1]
• NIST released its first set of post-quantum encryption standards in summer 2023^[1:6]

President Biden signed an executive order in early 2025 requiring government agencies to implement NIST’s quantum-resistant algorithms “as soon as practicable,” accelerating the previous 2035 deadline^[1:7].

Sorry, you've been blocked. Your IP address has been flagged for abuse.

Please enable JavaScript to continue.

Something went wrong, and we couldn't create your account. Please start over.

Your account has been flagged as spam.

My god how many times have I been through this… Living with debloated phone, hardened browser, VPN, Linux, sure isn’t easy every day :/// !

I totally agree, It shouldn’t be soo hard to value your own data/privacy and sometimes it feels like I’m fighting the wind.

Having your own domain would solve most of your complaints about email. It’s valid, controlled by you, filtered for spam however you desire, and you can have as many addresses on that domain as you want, without aliasing, and they’ll still all go to you.

I thought about this years ago and my best solution was a system to establish a profile, like a vCard with public/private keys that would generate SHA keys to authenticate with services to forward/verify communications. Instead of email, a key and domain or MX; instead of phone numbers a SHA number.

The user could burn contacts or accept invites and stuff.

One good thing from email is Delta chat. It’s encrypted messaging built on the email infrastructure which is decentralized. In principle that’s better than the likes of Signal, just not as refined yet. We shouldn’t kill all these existing things but rather leave them for applications that they work well for that benefit the people that need those things.

DEAR GOD YES