Having your own email/domain isn’t about privacy. Email has become essentially the key to almost everything in modern life. If I lose access to my email I lose access to basically everything I own and it would be a massive hassle to switch emails. Banks, schools, apps, etc. Often times these services won’t even let you change to a new email if you don’t have access to an existing one. Some use email as 2factor. It’s a nightmare. Owning your own domain separately is crucial. Who hosts your email matters less.
Is it known that domain registrars are better than GMail in this regard? Not asking sarcastically, but I had my domain taken over by registrar(not released to public, just registrar took control of it) after few week of notice when auto renew failed to charge my credit card, and my credit card was working fine elsewhere. Also many registrar like Namecheap cancelled subscription for Russian customers during this invasion. Not to mention incidents like [0]
Now you know why there are still some people that still take "web3" seriously. It's the only system where you are not at the mercy of some external entity to be always benevolent.
Seriously, ENS and Handshake alone should be enough of a reason to silence all of those who keep repeating "but blockchain has no real world applications".
And that's why web3 frustrates me to no end. Decentralized services were common in the "old" internet, web3 just takes than and adds a layer of ponzi and speculation on top of them.
If bittorent was invented today you'd have to buy into some pyramid scheme to use it.
Beyond that having a trusted third party does suck for some things, but at least it means that I have a recourse if something goes wrong. With cryptocrap I'm one hack away from losing my life savings, my domain, the history of all my transactions and even my monkey pictures!
Domains weren't decentralized at any point in history. IP address allocation is also managed centrally.
> but at least it means that I have a recourse if something goes wrong
Have you actually tried it out? I lost several domains through no fault of mine (2 times fault of registrar, 1 time fault of national TLD manager) and absolutely nobody helped me. Even tried suing - in 2 cases (the registrar fault) I got small monetary compensation for lost profit (so good luck with personal domains) but the domain was always lost forever. And when it was the TLD's fault I got nothing whatsoever.
The problem with decentralized systems that don't include a currency component is that there's no extrinsic incentive to contribute anything to the network, only to consume.
BitTorrent suffers from this problem; they even have a term for it: leeching. It's managed to survive despite this purely off of the generosity and goodwill of a community of dedicated users, but if BitTorrent were to ever have its eternal September moment I suspect the problem would quickly be felt rather acutely.
With other systems like decentralized cloud storage[1] or decentralized DNS[2] where (unlike with BitTorrent) there are no inherent practical limits on how many resources a single user can consume, the consequences of not including a currency component would be even more severe.
As for the "no recourse" problem, that's inherent to the very idea of self-sovereignty. Yes it's a weakness with decentralized systems, but it's also their greatest strength.
> If bittorent was invented today you'd have to buy into some pyramid scheme to use it.
Bitcoin was effectively invented 'today', yet you don't have to buy into a pyramid scheme to use it.[1] For example, you could simply use it for cross-border remittance to avoid paying Western Union's high fees, without ever holding bitcoin, by using an app like Strike to send dollars from the US to El Salvador (using bitcoin's instantaneous lightning network as the payment rails behind the scenes)[2]. Or you could prove the existence of a digital document at a certain time by using Peter Todd's Open Timestamps[3], which simply puts a hash or your file into an Op Return on bitcoin's blockchain. Or, you could work on developing software or providing support or writing tutorials for the bisq protocol, get paid for your work with their bisq token (which is simply colored bitcoin), and cash out to have you national currency dumped in your bank account using the bisq software which has been developed and supported by a decentralized community with its governance built directly on bitcoin.[4]
If you really still think bitcoin is a pyramid scheme, there's plenty or ways one could benefit from it without having to "buy in" or hold it. But if you put in the time and learn, you'll discover bitcoin is innovative technology, distinctly separate from the crypto space awash with scams and rug-pulls, like the fiat world already is.
Tell me how decentralized services allow applications to be permissionless, censorship- and sybil-resistant without a blockchain. I will make both of us rich.
Tells us how blockchain allows applications to be permissionless, censorship- and sybil-resistant in any way that matters and doesn't conflict with the use of said apps.
What are you afraid of, really? People that can make innovations?
My point was that the reason that people are doing all this work on the blockchain because no other solution has been shown to be better. Anyone that says "blockchain is not needed for that" should at least provide a better solution, or say "I actually prefer to keep the status quo".
I’m not the OP, but I think there is a very real concern that a single person or single group of people who create the “new better system” can significantly drain the resources of everyone else.
We actively see this all the time on smaller scales (credit cards, global franchises, FAANG), but the idea of someone doing it at a larger scale should make us hesitate.
- You do realize that the comment was tongue-in-cheek?
- There is no "resource draining" here. Even if someone found a way to solve the problem of distributed consensus without using a blockchain and found a way to make money out of it, they would be rich by wealth creation: new products, new services, new business.
> You do realize that the comment was tongue-in-cheek?
Why would I? It's well-established that tone does not come across through text.
> There is no "resource draining" here. Even if someone found a way to solve the problem of distributed consensus without using a blockchain and found a way to make money out of it, they would be rich by wealth creation: new products, new services, new business.
While I see what you're saying, I don't think I properly explained my point as yours is not a counter to it. By "resource draining" I mean that overall the creators could get richer compared to everyone else. Even if they took say $0.01 from every transaction those pennies slowly add up. A dollar 'spent' by changing hands 10 times is actually $0.90. A dollar 'spent' 100 times has been effectively drained of all it's value with that value funnelled to the hands of those running the system. In a scenario like that, wealth creation as you've defined it actually pours fuel on the fire. Every business uses a huge amount of transactions to pay operational costs, and all of their customers generate transactions every time they pay.
We currently have this playing out in various ways (for example franchise markups) and even though it's so highly fragmented it's still an issue where wealth is concentrating at the top. So it follows that if the rich get richer, the rest must get less rich by comparison.
because I am teaching myself to make stereograms. Lipton spent a few years in the 1970s figuring out how to make quality stereo movies with the goal of developing a better system for exhibiting stereo movies. In 1980 he wrote a book (that book) which was a lot like a PhD thesis, he then invented the modern system for 3D movies with circular polarized light and sold his company in 2005. In the end he "got rich" but it wasn't quick.
The blockhead ideology is a lot like the Amway ideology... Really working, creating something, building something, serving customers, is a lot of work for not enough remuneration. There's got to be some magic secret to riches without effort, and once you've got people to believe it exists, you can exploit them.
> Web3 is often more interested in moving money around (e.g. "Ponzi Schemes") than really creating anything.
And "Web 2.0" was more interested in taking some Unix utility and turning them into a web service that could be walled off and monetized. There hardly was any ~real innovation~.
There's plenty of really good criticisms of cryptocurrencies, but that's not one of them.
The whole point of proof of work is Sybil-resistance. Because your voting power is tied to your hash rate, you can't just conjure up a bunch of voting power by creating as many wallets as you want. Ethereum's move to proof of stake keeps Sybil resistance but trades the power consumption of PoW for some amount of centralisation (because you need to hold funds to vote).
Gas doesn't do much for Cybil resistance, it's largely meant to stop you from clogging up the network by publishing a transaction that executes the busy beaver function on some nasty input, or something similarly hostile.
> It's the only system where you are not at the mercy of some external entity to be always benevolent.
Until the owners of the network run away after extracting all the value they can, or they decide to fork it because it’s in their best interest, or they end it because it’s not as profitable as they wanted, or your exchange decides to halt trading so they don’t lose money, or, or, or.
It's a problem of most buzzwords, there is no formal definition and it largely depends on context.
If I were to give you my attempt of an definition, it would be: the main idea behind "web3" is to have systems where no single entity can gate-keep users. It's not supposed to be "better than web 1.0", but mostly to be a contrast with the "walled garden" platforms and social networks that defined "web 2.0".
So, by that definition, social media services powered by ActivityPub that allow communication between different services are a step towards web3 compared with the "web 2.0" social networks like Facebook or Twitter. Messaging protocols that Matrix, XMPP are a step towards web3 in comparison with basically any messenger protocol that is controlled by Big Tech, etc. Content distribution based on systems like IPFS are a step towards web3 in comparison with traditional websites.
The main thing is these systems still have central points where users can be controlled or censored. An user of Mastodon (or any federated service) can be kicked out by the server admin and will have no recourse to get access back.
To be fully permissionless, a distributed system needs to be able to reach consensus without having to appeal to any central authority. "Consensus" here means basically anything about the "state" of the distributed system: was this message really sent by Alice to Bob? If Charlie wants to buy an e-book from David, how can we verify if Charlie has sent the payment to David, and how can David prove that Charlie now has access to the e-book file? This is the part where blockchain helps.
Thanks; the last part seems like "non-repudiation" - I did not think we need either centralized entities OR blockchain for that; I may be wrong though?
Maybe it was a bad example to talk about messaging. It's not just the "is this data really who they claimed to be", but also "is this data part of transaction between multiple parties who do not trust each other"?
You need to have distributed consensus to avoid double-spending. Can you have distributed consensus without blockchain? Yes, but only if your participants are selected a priori, e.g, Distributed Paxos.
The problem that blockchains solve is that it is the only practical way to solve consensus between parties that do not trust each other and that are not pre-agreed on.
The "they" you denied existed, of course. Look, the frame of your argument here is "the blockchain won't ever unilaterally make decisions you don't like like a big centralized tech company". And they do, and have, multiple times in the past. And lots of people didn't like that, in each case.
No. You are talking about three different groups and you calling both by the same "they":
- One "they" is the Ethereum developers making new developments and proposing changes to the "main" blockchain.
- The other "they" is the thousands of people who are developing and using applications that can be used by the most people, and care (mostly) about having one blockchain where they can reach the most people.
- The third "they" are the ones running the nodes and making sure that the network is functional.
What I am saying is that none of these groups can unilaterally decide the course of the blockchain. Your confusion does not make my statement wrong.
You're splitting hairs. Sure, your carefully constructed "microtheys" don't have the power you fear. But someone does[1]. And they act. And have.
[1] As currently constructed, it (probably) requires a 51% attack by staked ETH owners. There's a lot more wealth concentration on the blockchain than you think there is, this isn't a lot of actual people!
I'm all for healthy skepticism, but you are far from it.
> There's a lot more wealth concentration on the blockchain
First, with Ethereum you need 67% of the staked ETH to make an attack on the network.
Second, stakers do not have power to change consensus rules. They are not able to dictate how people transact (not without losing their take) and they are not able to change transactions.
Third, do you understand that even if one single entity had that much power to launch an attack of the network, it would not be in their interest to do so? If the network got to be controlled by any single entity, the other people would simply lose confidence on it, they would stop using it and then all of the staked token would lose its value.
> Third, do you understand that even if one single entity had that much power to launch an attack of the network, it would not be in their interest to do so?
If that were true, then why was the Ethereum network attacked and forked last month?
I think what's happening here is that you've confusing "blockchain consensus" with "not evil", because you trust the giant faceless organization making decisions about the future of your activity in their system to act in something approximating your personal interests.
Just like people trust Google and Microsoft with their email. Get it now?
As to which entities are "really" more trustworthy, I'll just drop this link and flee: https://web3isgoinggreat.com/
What attack are you referring about? What fork are you talking about?
Please, provide actual information instead of throwing around sites that are clearly just helping you to confirm your biases.
> you've (sic) confusing "blockchain consensus" with "not evil" because you trust the giant faceless organization making decisions
Not really. The thing that I care about is self-sovereignty. I do not want to depend on a system where any single entity or institution (whether is a big corporation or a government) can have this type of control over me and that leave without choice.
But it seems that it doesn't really matter what I think though, you already have made your mind and you are not interested in a healthy discussion. Have a good one.
> What?! What attack are you referring about? What fork are you talking about?
Wait, really? On September 15th, someone attacked the Ethereum blockchain and stole all the value, handing it off to this other coin. Our coins are still there, but per current markets they're only worth 0.47% of the value they should have. I can't believe you missed that.
Now, obviously you think that's different. And that this giant act of fiat by a centralized operating body was a GOOD act of fiat by a centralized operating body. But it was still a giant act of fiat by a centralized operating body, which points out that the kind of "self-sovereignty" you believe in doesn't exist. You are and will always remain solvent at the whim of the people running the economy you're part of. That's simply the truth.
The difference is that you trust the ETH cabal where you don't trust email providers. And I think that's misplaced.
There was no "giant act of fiat". The merge only happened because the overwhelming majority of participants were in full support of such a change. At no single point of time, the ETH developers had any way to decree that the beacon chain was the only one that had any value.
> That's simply the truth.
Thank you though for finally showing that you are just full of dishonest rhetoric.
Explain how "government by the overwhelming majority" is consistent with "self-sovereignty"? Some people didn't want the merge to happen. It happened anyway. What about their "self-sovereignty"?
Again, you're just saying that you thought this fork was a good fork. And for the record: I agree, it was a good fork. But it was still a fork, and thus still a successful attack on the network. Someday, one of those attacks might be on your interests.
And your answer will be that you TRUST that it won't. But that is still an act of TRUST and not "sovereignty". If they want to steal your coins, they can. They've proved it multiple times.
So, getting back to the point this topic is about: does it really seem so odd that people trust Gmail? You have to trust people in this world to not mess up your stuff.
You really think that any of this BS rhetoric is flying?
> What about their "self-sovereignty"?
Self-sovereignty is not about "always getting things my way". Is about being able to participate in a system without having some higher authority controlling access.
> successful attack on the network.
A "successful" attack is when someone manages to subvert the system to do something for their personal favor. The system was not subverted. for the merge to happen, the rules had to be defined and followed by everyone. Fuck, the reason that the merge was postponed so many times is because they wanted to have SIX different clients that could reliably participate in the beacon chain.
> If they want to steal your coins, they can.
No one stole anything. The old ETH PoW chain is still there. No one's balances got altered. The fact that most people started seeing that as worthless was not "by fiat".
No. The "They" that did the fork only managed to do it because there was a majority consensus agreement to switch to the forked chain. If the majority refused to follow, there forked chain would have died or become a thing for the minority. Just like EthPOW vs ETH POS.
Seriously, why is it that every discussion about crypto has the same bullshit talking points? Do you guys have a list of "standard basic list of BS arguments that I will throw at the discussion just to see it sticks"? Is it ignorance? Is it malice?
> The "They" that did the fork only managed to do it because there was a majority consensus agreement to switch to the forked chain.
A majority you may not agree with. So you’re still at the mercy of external entities, contradicting your original point.
> Seriously, why is it that every discussion about crypto has the same bullshit talking points?
Because proponents keep repeating the same debunked invalid talking points. Like saying anything they disagree with is FUD. That expression has become the Godwin’s law of blockchain discussions: it doesn’t advance the conversation, it’s just shorthand for “I angrily disagree with you”.
> So you’re still at the mercy of external entities
The people that didn't agree with the "DAO fork" continued on the original chain. None of them were forced to follow the majority. This is a huge important difference.
> None of them were forced to follow the majority. This is a huge important difference.
Quite the contrary, it’s a meaningless difference. Most systems have that feature.
Imagine everyone in your friends circle uses Signal. Then they decide to change to WhatsApp but you and one other refuse to do so. No one forces you to follow the majority, you simply deal with the consequences of not doing so. For example, you may have less of a voice in the decision of where to go to dinner together because you're not part of the main conversation.
You are (once again?) changing the actors and the power relationships between them and pretending it doesn't matter.
It's one thing to have "your friends" moving from one network to another. It's a completely different thing to have a network where there is an owner who can kick you out unilaterally.
None of the people that are using Ethereum Classic are disallowed to ever use ETH if they so want. They haven't been censored to continue participating in that network. It's just that to participate they must accept that the consensus of truth has changed.
Don't attribute to malice what could simply be ignorance. Right now, people need to pit in some serious time (upwards of 100 hours minimum) learning about true decentralized open technologies like bitcoin, so I think uninformed ignorance is far more likely than malice in almost all cases... unless the uninformed person stands to profit from his or her ignorance.
I'm not sure Ethereum is anywhere near as decentralized and bitcoin, because the Ethereum foundation and the large stakeholders (now that they have the miners the boot) appear to wield a huge amount of power.
The most likely reason almost all of hackernews wants to do nothing but make fun of crypto and the people involved is they just don't understand it.
If only they invested the 100+ hours learning it like we did then maybe they would understand its value. I mean thats the only option - either its uninformed ignorance (which we think) or actual malice. There can't be a third option.
The thing I don't understand is the concept "majority" in the crypto space. There is no way to prove that one person doesn't control the majority of the voting power.
If I own a large portion of the supply split across several hundred wallets and I vote one way, smaller owners may be influenced by the appearance of hundreds of votes being cast one way vs the other. We see this in the real world, where some people are willing to just vote for what they think is the majority sentiment when they don't have strong opinions on a matter.
I've heard arguments along the lines of "those with more invested into the project should have more voting power" but that to me just sounds like an incentive to centralize.
If I'm a small player, I either go with the majority or see my investment become worthless, or in a fantasy world where crypto is used for anything other than wild speculation, I see my utility greatly diminished as I'm no longer able to interact with the "majority". Sure, I might still be able to interact with those left behind, but the pressure to move over to the majority fork is going to pull more and more people towards that.
I see federation of content as a much more approachable means to re-decentralization of the internet.
We still rely on centralized DNS. As we still rely on ISPs to make sure our packets can leave our local networks, and on international treaties to make sure we can communicate with networks in other countries, but unless you want everyone to start developing and maintaining a decentralized physical computer network for free, we'll always need to trust a number of institutions to do this thing where we can communicate with someone on the other side of the world within a few milliseconds.
Voting has nothing to with the consensus mechanisms to determine who is allowed to choose what block is appended to the chain. Why are you bringing up "voting" into the discussion here?
Noone is out to get you. The world is not trying to "FUD" their way to your own demise.
Its just... noone wants to hear people hawking their pedo pesos constantly and how "WEB3 (powered by pedo pesos) will help us all!".
Its tiring. I'm over it. Most of us are. We wish you no ill will or harm, heck most of us hope you all wake up, but in the meantime we don't want to hear it.
That's clearly not what forking means in this context. You can't make the existing "instance" run different code, and it's users don't have to care if you run your own modified copy.
If a project is actually decentralized, you can't simply fork the code to fork the community. In truly decentralized systems, the consensus rules define whether one is into the system or not.
The big problem here is that most of the systems in crypto are really startups run by a small group of founders. Very few of these projects are really decentralized.
Handshake was co-founded by the guy claiming to be a Korean prince who attacked (and killed) freenode and was very abusive to the open source projects formerly there. I wouldn't touch it. He is extremely litigative. ref: http://www.hashedpost.com/2018/11/hashed-people-handshake-co...
Well you are still at the mercy of whoever's maintaining the network, aka some random-ass people all over the world. Aside from the few main ones, crypto networks are infamously ever changing and you're more likely to register a domain on something that won't even exist in 2 years because it collapsed completely. Maybe Eth is to big to fail now, but maybe it isn't.
That is the kind of tired, cheap, wrong argument that it so easily debunked, but "skeptics" still keep using.
Let me see if you really interested in a healthy debate or just proud of your ignorance: do you know that when using web3 for domains, you'd still be running the email servers that use the traditional protocols? You won't be losing any of your messages. You'd still be authenticating against a traditional server.
There is nothing about using web3 for domains that would lead you to lost access to your data.
You're right, you won't lose access to your emails, you'll lose access to your address, which really is the bit that I care more about - losing ability to log into sites and services is what really scares me about losing my email.
But now the important question - how does a web3 domain name solve the domain problem any better than just buying a domain, especially considering that "Permission to fail" is being touted as a web3 feature?
> losing ability to log into sites and services is what really scares me about losing my email.
That is also not a problem. Maybe current "login with web3" implementations rely only on your primary ENS record for authentication, but there is nothing stopping a MFA system where the ENS name is only one of the factors.
E.g: you could build a system that uses ENS as the first factor and a regular PGP client cert as the second. There are also "social recovery" systems. Even if you lose your keys, you can have a secondary address that can vouch for you.
IOW, stop arguing like you are the only one aware of the current limitations and that the thousands of people working on the space are just stupid. Before spewing ignorant arguments, you should learn a thing or two .
Can you point me to a blog post that explains how to use web3 name assignment technologies, in combination with MFA, to own and manage a domain that is robust to DNS provider shenanigans, crypto hacks I can’t anticipate or understand, and targeted harassment?
This is a genuine question. I’m in the market for new tools to manage my personal and business domains.
not a direct answer, I think way to design this system would be to make an ENS (with a competing resolver technology) and point that to IPFS hashes
in parallel, you would also look into how to secure your address, where the ENS is stored in
IPFS doesn't offer compute nodes and databases, so you would design your web offering around not needing that, completely rule out that idea in favor of a different one, or incorporate a different solution in addition to your frontend
but basically the way you design web 3 applications is not the same as web 2 applications to begin with. trying to straddle both worlds results in the worse experience. most similarities I can think of are kind of like omnivores trying substitute tofu based foods and having a bad experience, and attributing that experience to non-meat diets when it is just worse than a pescatarian, vegan and vegetarian cuisine.
> how does a web3 domain name solve the domain problem any better than just buying a domain?
I don't see how you addressed that. Apparently we would need to implement whole new systems? I understand, you gotta bring try to bring it into the domain and get belligerent to obfuscate the answers to simple questions, but I don't see how this addresses my concern.
> stop arguing like you are the only one aware of the current limitations and that the thousands of people working on the space
Ah, ok, so this is all in theory. Simpler answer would be "it isn't, but maybe one day it is." Thanks, I read between the lines and answered my own question!
> Before spewing ignorant arguments, you should learn a thing or two.
> how does a web3 domain name solve the domain problem any better than just buying a domain?
Was that your question? The answer is simple: once you lease (ENS only works with leases, just like traditional domain registrars, so I'll void the term "buy") a web3 domain, there is no one that can unilaterally take it away from you.
> Ah, ok, so this is all in theory.
Not exactly. It's possible, but impractical. If you are willing to accept the really poor UX and the lack of general adoption, you could build such a system today.
> The answer is simple: once you lease (ENS only works with leases, just like traditional domain registrars, so I'll void the term "buy") a web3 domain, there is no one that can unilaterally take it away from you.
This is all in the context of someone who didn't pay their domain renewal, and so it lapsed a few weeks later. How would this system behave differently?
“Permission to fail” is a desirable property in a research setting, not a global name service. This justification is in tension with the one offered above, and there’s been no evidence so far that “web3” is becoming more resilient instead of less resilient.
This is a cop-out: of course there are people with absurd risk or reliability profiles, for whom just about anything might be suitable. The entire point of systems like DNS are that they’re universal substrates that don’t require any exceptional selection. Economies and ecosystems are built on reliable and universal substrates.
My perception of resiliency is based on this[1], which has reliably increased in volume and quantity by year.
An exploiter's bug bounty on a still functioning yield farm that flash loaned itself, getting frontrun by a MEV searcher because the exploiter didn't hide their transaction directly with a block producer via bribery? That sentence wasn't possible a year ago. And now we all know not to design a smart contract powering a farm that way. I don't view that as failure. A regulatory sandbox would have deliberated for 5 years before allowing a launch and still never found that problem, resulting in a following multi year pause, committee report, and disbanding. I view this much faster higher iterative version as a win.
It's not that it has no applications, it's that almost all applications it's suggested for wouldn't actually be improved by having a persistent history, write-only, distributed data backing. Until someone writes a blockchain protocol that allows data to be purged by an individual in a way that forces everyone else's records to update accordingly (i.e. to comply with laws around PII) web3 isn't a solution, it just makes the problem harder.
For the sake of argument, let's say that all email was hosted on ENS. Let's say that somebody, doesn't matter who, went ahead and forked the chain into ENS'. We now have two disconnected chains, ENS and ENS'. If I were to buy a domain on ENS', i would not also own the domain on ENS, so someone else buys that. Who now receives the mail sent to that domain?
If your choice in any way depends on the configuration of the mail server then your decentralized system has accomplished absolutely nothing, because the mail provider is still the gatekeeper.
That's the beauty of it - we'd have a decentralized marketplace for deciding which one counts! Every email sender can choose to use one or the other, and the best one should win in the marketplace of ideas!
> If your choice in any way depends on the configuration of the mail server then your decentralized system has accomplished absolutely nothing, because the mail provider is still the gatekeeper.
This is a strawman. If you are talking about a decentralized system, you don't need the mail provider to send the message for you. Your email application would (and should) be able to resolve the IP address of the destination server for you, and it would (and should) be able to verify that the end server is who the sender expects it to be.
So, what would happen is that if you are on ENS', your view of the network would follow the consensus established by the ENS' chain. If you try to send a message to an email server that is on ENS, they would fail to provide a valid confirmation that they can respond for the IP address that you think they are on. It would be akin to failing a DNSSEC query.
I’m not necessarily defending web3, but you’re asking the wrong question. Your same question could have been asked about email in general in the early aughts. But clearly, mass adoption happened, and the calculus changed. Sure, your statement is strictly correct, but completely uninteresting.
What question did I ask that was "the wrong question"? I thought both the questions I put were rhetorical. Let's try:
"What does email have to do with email domains?"
"How does one receive email from e.g. one's bank, at an email domain?"
No, I don't think my questions could equally have been asked about email in the early aughts (nor at any other time - those rewritten questions don't make sense).
Mass adoption had already happened by the early aughts; email was adopted universally in the corporate world in the mid-nineties.
Of course, what is interesting to you is your business.
All you need is to have DNS servers reading ENS' equivalent of MX records. Failing that, you can even have that implemented at the email client or OS level.
Sorry, but that seems to require that my bank and all my friends adopt some skanky modified DNS resolver. Is that right? How exactly does that benefit them?
And the alternative you're suggesting is that they replace their OS, or adopt some mutant mail client? Few of my friends have ever used a proper email client at all. And which alternative OS implements this? And again, what incentive do my correspondents have to switch OS?
Really, if this is "all I need", it's clearly not a proposal that has much to do with the real world.
If your friends wants to access a website that has been blocked by some authority, they can with this system. With the status quo, they can not.
> replace their OS or adopt some mutant mail client?
No, there is nothing stopping MS or Apple from adding this functionality to their own systems. All it would take is for them to see increased demand for it.
> not a proposal that has much to do with the real world.
What I am describing is a possible solution for a very specific problem, namely the lack of distributed identity systems (domain names) that are permissionless and censorship-resistant.
You are right that this is not a concern for the majority of people "in the real world", but the whole conversation started because someone is talking about how many people lost access to their emails and domains due to abuse/mismanagement/arbitrary rule enforcement from different domain registrars.
IOW, if you are okay with the status quo, good for you. But consider yourself privileged and don't dismiss the complaints of those who are building and asking for better alternatives.
> If your friends wants to access a website that has been blocked by some authority, they can with this system. With the status quo, they can not.
OK; if the blockage is that authoritative DNS records are unavailable, this system could help. At the cost of all visitors installing an alternative DNS client stack. But most websites subject to DNS blocking just move to a new domain; TPB seems to manage. More generally, you could simply move your DNS hosting out of the reach of the problematic authority. Unless the website owner made the mistake of using a subdomain of e.g. a repressive CCTLD.
> IOW, if you are okay with the status quo, good for you.
I'm not OK with the status-quo; we know DNS is problematic. But you suggested that this system is simple ("All you need is..."). You didn't mention that (a) the problem it addresses is constrained to the blocking of authoritative DNS, nor (b) that no alternative mail client or OS actually exists.
> At the cost of all visitors installing an alternative DNS client stack.
That will be a requirement only until the bigger players don't integrate this directly. Nothing stopping Cloudflare/Google/OpenDNS to provide integration with ENS.
Anyway, you make it sound like this is just a niche required by a few dozen people. The Brave browser is used by 60 million people already and can handle .eth TLD (and other TLDs from unstoppable domains) natively. It is not a big of a deal as you are making it out to be.
> More generally, you could simply move your DNS hosting out of the reach of the problematic authority.
Or we can build a system where we do not have to play whack-a-mole just to use a service?
> You didn't mention that (a) the problem it addresses is constrained to the blocking of authoritative DNS,
I said that is the most obvious benefit, but I didn't say it was constrained to that. Look up again at the top of the thread: people are getting shut out of "reputable" registrars established in "democratic jurisdictions" without recourse.
Ofcourse it could be part of the solution but just slapping current available solutions onto this problem won't solve it. It could be part of a solution I agree but in it's current state I rather not complicate this further with a technology in it's infancy.
> The other day someone suggested making real estate NFTs.
Looking at the current implementations, it is a terrible idea. But it doesn't mean that the problem can not be solved.
> What happens if the "owner" of some real estate loses their key?
Just spitballing here: take the idea of social recovery further to include the current legal institutions as a backup instead of the main authority. For example, a contract that manages such high-value NFTs could require a set of government-sanctioned notaries who would have permission to transfer the NFT to any new address. So if you are the owner and you lose the key (or you get hacked), you could be made whole by presenting some type of "real world" legal evidence to the notary.
For underlying security, of course. The point is that the ability to also tokenize a real physical asset opens a world of possibilities.
Can you take a collaterized loan on a share of your home from anyone in the world, if you have only the government database?
Can we have a "decentralized AirBnB" where you have can the NFT represents who have access to the house with "just a government database"?
Can you pool the resources from thousands of strangers to form a "REIT DAO", who then go on to invest on a scale that is only accessible for the Vanguards and Blackrocks around?
This would be simply too risky to be even considered by people if we constrain ourselves only to digital assets, but if we can have a system where the institutions work as a safeguard, why not leverage it?
What is the jurisdiction of "Tokenized Blockchain Corp"? What happens if you live on a country that is under economic sanctions? What happens if there is any type of rug pull? What happens if the Corp gets "too big to fail" and its managers corrupt it? I surely don't want to end up with another Tether in our hands.
We don't need to completely disrupt the current institutions, when they are functional and work in the interests of the people. Quite the opposite, when they are functional they are more efficient (time- and resource-wise) than any decentralized system.
Skipping the middleman doesn't solve any of these issues, except for the possibility that Tokenized Blockchain Corp is corrupt. So write an iron-clad contract with Tokenized Blockchain Corp regarding how your house is to be managed, and the courts will enforce it for you.
It can't be Tether because you can see that only one NFT is minted for your house.
The jurisdiction is, of course, where the house is.
Public Key Cryptography isn't an alternative to email. Public keys aren't a convenient way to refer to addressees, and PK algorithms are a very inefficient way of sending messages, which is why they are generally used to send the key for a symmetrically-encrypted transmission.
I see this advice (that you should use a custom domain) and it makes me a bit hesitant in that I’m not sure I necessarily trust a registrar more than I trust Google not to allow phishing/hijack/deletion.
That said there’s really two issues if you seperate out the inbox - access to new emails, and access to the historical emails you’ve accumulated. The second can be partially helped by downloading all mail + attachments from the server and keeping a backup.
The first is more complicated either way you look at it.
I find thinking about the whole thing far too stressful.
Especially now that so many of my photos and documents are 'backed up' to Google photos and drive.
Balancing the risk of these black swan events is beyond me. Why ever would Google ban me? But they might. Why ever would Tutanota mess up my private domain? Or ban me? But they might!
Both are risky, but at least you can decouple your address from your storage.
If something happens to your gmail, you lose both your address and your storage at once.
If it is your domain, you presumably still have access to your host (which may just be gmail). And if you lose access to your host, at least you can still redirect your domain somewhere else.
Nothing is foolproof, but you can split one large dependency into two smaller dependencies.
If you change your security model from gmail to a registrar you need to redo the risk assessment, or rely on someone else to do that risk assessment for your (i.e. base your decision on third-party recommendations/best practices).
A free service is covered under very different customer protection than a paid product, but your country of origin matter as does the country where the registrar is located and the country where the registry is located (registry is generally the upstream provider of the registrar). It would be difficult legal fight when the TLD is .eu, operated by Belgium company (EURid), with the domain registered by a American company (Namecheap), while you the customer is located in Russia. Your bank could also in theory be a forth country involved.
If you want legal protection as a domain owner the best advice is generally to use a cTLD of your own country with registrar located also within your own borders. It naturally depend a bit on how stable the country is and how good the customer protection laws.
I also strongly recommend against registrars where responsibility is on you to renew the domain, rather than those that have contracts that run continuously until cancellation (who will also bill you if you fail the payment). For domain names it is a better model for both the customer and registrar, in contrast for a subscription service like a news paper. It is a bad default to automatically loose the domain name.
If you live in Sweden, yes. Outside of that area I don't know. I can only guess that enforcing bills is something that is much harder once you pass national lines.
Is this really a thing? I had a .eu
domain for years. I only let it go this year(it was on annual renewal) . My registered address was and is still in UK and I never had any trouble from my registrar(eurodns) about the EU domain. Or do they do it based on the payment method? (I might have used an EU cc to renew)?
It seems .eu domains are more or less only available to people who live in the EU/EEA, hold EU/EEA citizenship or businesses that conduct business in the region.
And that was always so; it's not "more-or-less", you've never been able to have a .eu domain unless you "belong to" the EU, for various values of "belong to". Always read the T&C.
You're being downvoted but this is actually good advice.
As someone who worked in domain names for 5 years, I often suggest to either use one of the historical gTLDs (com, net, info, org) or the ccTLD of your country if it's popular enough (.fr for France, .uk/.co.uk for United Kingdom, etc.)
Never use the ccTLD of a different country than yours, eligibility rules can change with very short notice. For .eu the notice was long enough but nothing guarantees it to be the case. Some trendy ccTLDs also have crappy infrastructure (.so of Somalia for example has provoked at least one outage for Notion.so).
Be very careful with newGTLDs, some of these are outright scam. There are some reliable newGTLDS (.app/.dev from Google for example, yeah, even though it's Google they have to play by ICANN's rules) but if you don't know how to determine the reliability of a newGTLD, just stick with .com/.net.
As I said before, it does not matter. Before someone had an email address and now they don't, and it could happen to anyone with an .eu domain. This is what matters. It is an unreliable TLD for email addresses that you want to last.
Nothings perfect. I think if you use a reputable register with support and a paid email host with support you have less risk than a gmail where they can lock you out and you cant do password recovery because some filter triggered.
I would add two other things.
- Prepay the domain for a large number of years (10y) to avoid billing issues.
- Keep a local copy of your email on atleast one machine (either just in a desktop client, or do regular exports).
Yep. For the last month, I have been exclusively giving out GMail as "my personal email" instead of <personal domain>.ru, but it was more of an emotional thing. Thinking of it, I genuinely don't know which of these is less reliable in the long run for a Russian citizen: GMail, Russian registrar or a foreign registrar for <personal domain>.<some other TLD>.
I've used https://www.pairnic.com for ~15 years, and they're lovely. I've had domains expire several times, and they've never given me grief. They're small enough to give a shit.
But what's the alternative? Does SMTP even work without a domain? I dipped my toes in this far enough to connect a custom domain to a mailbox hosted by bluehost so I don't know too much but I always seek to separate from Google et al wherever possible. I thought the buck stops at DNS and domain registration though, short of like, that gnu internet project I vaguely remember, what's the alternative?
It is, but don't expecting people understand what komali@13.55.66.77 is a perfectly valid address, nor the anti-spam systems or designers of web/mail apps and services.
You can theoretically send email to an IP address directly, like someone@[127.0.0.1], but I imagine a lot of the programs and websites you'd want to use don't know that. And you're still left with the problem of needing to get that IP address from someone who can arbitrarily take it away from you.
So far Gandi was posted as reliable company and over last 10 years I had no issues with them. One good feature is that you dont have to be owner to renew domain name registered with them. So in case you temporary lose access to your account you can still pay for domains. They also allow to keep credit balance for auto renew.
I really didnt have much of issues to talk about so no idea how good is their support at solving them, but at least I have peace of mind when it comes to renewal.
Anybody can read my email, it's cleartext after all. ISP, registar, etc. I pay for my email as part of my yearly domain fee: 2 domains (personal and self employed work), 2 registars. I download them over POP3, store them locally in Thunderbird, backup them locally (encrypted disk) and remotely (duplicity, can't even remember, too early in the morning.) This protects me against some attacks, not against everything. The only online services I really care about are banks. Everything else is disposable. I call my customers, give them a new Google and AWS account, that's it. Or ask them to create an account for me until I sort out the problem. Protecting against state level actors is a different thing. No plans for that. After all they can knock my door and deal with me in person.
Go through that exercise of ditching that email. You will find out the 2-3 things you need absolute plan a/b/c for.
Seriously, reset your email password to something you can never remember and write it down and have someone hold it for a month (don’t tell them what is it, tuck it in an envelope). Let your mind run circles around your fears and you’ll find out how little that email account owns you.
Freezing one credit card will shut off all your frivolous subscriptions (Spotify, Netflix, Prime).
You’ll call your internet provider because you don’t want that cut off.
You’ll call your bank, brokerage.
You’ll remember your bosses contact info, and the one person at work you trust.
You’ll let the most important people know (could be as few as one) that you’re off the grid, in your terms. You’ll memorize their number.
You’ll realize all the people you could care less about, or they about you, if neither of you ever heard from each other again.
Kind of a freeing thing. Then you’ll make a new email, and you’ll never add that much cruft to it ever again.
If it is just an inconvenience, then this exercise is unnecessary. This is more for those who believe they cannot survive without it (inconvenience vs survival).
Look, it’s one thing to say “I cannot live without my kids”, and have some asshole say “ditch them. Move, adopt new ones, you’ll see how stupid that attachment is”.
You guys are literally acting like e-mail is some cornerstone of a life well lived.
I’ll agree with the insufferable part though :)
The rest of your comment, I’ll just attribute to you projecting, which we all do, no one is better.
You're the one attaching moral judgements to it. Speaking of projecting.
We're just saying that email is either necessary or a massive increase in convenience for engaging in a wide array of common digital interactions, including some that are extremely hard to get away from (utilities, banks, etc), and others that are part of what makes life worth living, rather than just subsistence survival (streaming services, online games, other luxuries).
Doing without something that's technically possible to avoid, but wastes a whole lot of your time and mental energy, and does not materially harm you in any way, does not make you a better person. Nor does it make you a worse person. It's something that's a personal choice.
Smugly presenting yourself as somehow better than us because you do without such things does make you a worse person.
I think you are just wrong. I simply provided some advice to someone who feels they can’t do without something that is possible to do without (or at least in a much more reduced manner).
But I do like the irony, some of you inferred I said “I am better than you”. The words are written by you - “makes you a worse person”, which I don’t need to make any inference on, I know what you said.
I’d give the same advice to anyone that believes they can’t live without coffee. Whether they drink it or not is none of my business, but their exclamation of an impossibility is something I might chime in on.
Start the thread again, I picked a specific thing to address with the GP. Don’t care if he/she uses email, the whole world uses email lol.
Just for shits and giggles:
I get a few text alerts from my bank, I check things out with the bank app. I read the utility mail (yes the paper bill) once a month. No email involved. If I lost my email, my bank and electricity would be fine. So would my internet. It’s not impossible.
Morality seeping into this discussion and holier than thou interpretations (casted on to me), are interesting and I’ll consider everyone’s input carefully and adjust going forward.
I see you are getting a lot of negative comments so wanted to let you know I agree this is a good thing. Creating chaos is the only way to take away power from digital bureaucracy and surveillance systems. Make multiple conflicting linkedin profiles in your name, share a WhatsApp account with friends, delete and recreate your Instagram profile every year.
> "Let your mind run circles around your fears and you’ll find out how little that email account owns you."
This year I have recieved an email from a city councill if a city where I no longer live, that were about to sue me for underpaying some
bill years ago.
If I followed your advise I would be on the hook for serous money and headache
That email could have been sitting in your junk folder for all you know. Even with access to your account it would have been a dumb way to serve someone a summons.
Following my advice or not, email could have still fucked you.
No, it sucks. A summons usually requires them to serve it for-sure somehow (in-person or someone in your home that accepts it for you).
They had no idea where you were, so you fell for the pre-action letter. They would have never gone through the trouble of where-in-America—are-you to sue you.
It’s all perspective. I think your phone number is more like water. If anything happens to your phone, you can simply take one physical trip down to your carriers store and get a new one with the same number. That’s water.
A bunch of email accounts that your whole life is tied down to where you can’t even get someone on customer service on the line 24/7? No, that’s Soda.
I’m just saying, this is the diet equivalent of giving up sugary drinks and switching to water.
It's actually an exercise in True freedom, trying to detach your life from all socials/spaces
Remove/minimize socials, move to multiple countries more than a couple times a year. form new friend groups/communities, learning to min-max essentials
Diet: try fasting, appreciate simple meals after a lengthy fast
Exactly! Good one. People just don't realize how much of this stuff is just jetsam and dross.
What the hell would happen if the service ever seriously failed for long periods or GPS failed overnight (which it easily could)? People would have to resort to what they did pre-internet. Back then, the world still worked (and some would argue even better because the internet 'toy' wasn't around to distract everyone and wreak havoc on the world).
Believe it or not, we actually built the modern world without email and the smartphone.
Using your own domain also has advantages in terms of being able to use aliases for different websites so (when, not if) an address gets leaked you can > /dev/null it.
If you're cheap like me you can give family members their own subdomain so everyone can have aliases for the cost of a single domain.
It's sad to think back on myself nearly two decades ago when Gmail first launched as invitation service and I thought I was being smart by not paying for my own domain, little did I know how evil Google would turn out to be in terms of locking people out of their own accounts with no recourse.
OK, but if the point was to obfuscate your "precious" address and use some other "throwaway" address, then this does not work. Your email address can be easily deconstructed and used for spam
What email do you use with domain registrar? I ended up switching most if mine domains to google domains simply because i find its ui more convenient for me, all eggs in one basket i guess. But how do you ensure that you aren’t gonna loose access to your domain account?
Given the way Google locks out accounts with no support or appeal I can't think of a worse registrar to use.
I use my ISP's email address with my registrar, if they want to keep getting paid each month its in their interests to keep that email address working.
At this point some government entity should provide a way to have an inalienable electronic address. There are strong protections for regular mail, that ensure that mail gets delivered. Cell carriers are required to port numbers. Since email addresses are tied to domain, there should be some usps-like service that allows to have an address, that can be related to a provider of your choosing. And this address is tied to your identity, which you can verify by physically visiting usps or dmv if all else fails.
Email is intrinsically an unreliable service, and always has been. It's a "best-effort" service. But at least email is honest about it up-front, and tries to address reliability in the RFCs.
That was in reference to regular mail. USPS was one of the first fed agencies and mail was one of the few original functionals of the central government. On top of USPS being one of the largest agencies, there is also legal protection against tempering with mail and usps has its own enforcement branch.
In case of email, it probably should simpler. Gov only serves as an address book, essentially. But does minimum of tech implementing it. Given how domain MX records work, does not seem possible. So i think email relay is the closest thing.
I think email is ever diminishing as a communication medium because it's just so terribly broken. You can't verify the sender is who they say they are, you can't be sure that the recipient receives your message and is the only one to see it.
I don't use it for personal communication anymore. With some businesses perhaps but most of that has relegated email to a buggy notification service ("come check our portal for your message") because email can't be trusted with confidential data.
It still has an important role in the identity process but that's mainly for historical reasons. It's also grossly unsuited for that and I don't understand why open ID federation like OpenID never took off.
With my own domain being hosted by Google Legacy Workspace or whatever they call it, I've been wondering about this, and wondering if there has there any evidence of Google cutting off an entire domain randomly.
To deal with that possibility I've been thinking what the easiest and most reliable way of providing a "failover" for my domain's mail is.
Buy Fastmail account (seriously, they should pay us money for advertising them so much).
In your DNS/registrar settings add Fastmail as a secondary MX, disable DKIM and SPF.
Customize it for your needs (necessary mailboxes/addresses/identities etc).
Switch over primary MX to FM (maybe keeping G as a secondary for a week).
Somewhat optional, but requires some effort - make G send any incoming email to some address not on your domain. You can buy some temp domain and slap it to FM too, it doesn't matter, except you would have two copies of mails for migration time.
After mails start to flow to FM reliably (not from Google) remove G. from MX records completely.
At this point you would know if something is wrong if some mail would be routed through G. instead of FM (by receiving them to that forwading address).
If everything is okay - remove your G. workplace so it has no chance to mess things up.
Before that move your mail from G to FM. If it's only thousands - even connecting Outlook (and maybe Thunderbird?) to both through IMAP and drag and drop mails from one account to another would work. If it's millions... clean up it first. You don't need news on newest sales from 2014.
PS I'm not moved out from my Gmail account but I culled things there HARD. I also moved everything worthy (notably - registrars and mail providers) to my personal domain mail addresses. If I lose it - it wouldn't be that painful anymore.
I know (and I even had one) but that's for users who actually bothered to use a referral, not for ones who saw so much adver^W mentions and just got an account.
I was being a bit sarcastic there, though. If anything, new clients => company receives money to stay afloat.
Heaven forbid, how did you become so utterly dependent on this technology? You're probably one of those who insists in using your phone instead of paying cash or using cards. You also probably use Twitter, Facebook and Google's Gmail too.
If so, then you can't be helped.
If you organize thing right you don't need to be so dependent on ephemeral technology (unless you're in Communist China, governments haven't made email compulsory yet. If they ever do then I'd demand free hardware to participate).
BTW, I'm not an email Luddite, I have and have had email addresses since the late 1970s (in the days before the internet) using The Source etc. and after that I've run my own email servers and so on. Right, I was in the vanguard of the email service but I've never let it rule me or my life.
P.S.: it really isn't that hard, for years I successfully ran a large IT department in a well-known organization and I refused to have an email address because I got damn sick of the CEO defaulting to email when all he had to do was to walk out of his office door and into mine—or use the good old POTS telephone! Yes, there are still many alternatives if you look (that is, unless you actually like being ruled over).
I think this is everywhere. In India, people in the departments, especially the Governments usually ask, "What is your Gmail?" Almost everyone uses Gmail here and it is extremely rare to find their own custom domain.
I'm actually surprised that the Government Departments do not have a service that takes care of these! They will fine Google but almost all of the government email IDs are Gmail.
I was one of those that distributed hundreds if not thousands of Gmail invites when it started. However, since 2010-ish, I left Gmail to be just for Newsletters, and the ones that I'm not serious about. I'm always reminded that a day will come when I will just have no access, lock out and be done with it.
I had used my name's domain and had used the web hosting provided email service and I felt nice using the likes of `webmaster@brajeshwar.com` (early 2000s). Then I got a shorter domain with our family domain and is, now, powered by Google Workspace (with a plan to move to the competitors soon before the yearly plan expires). I had so many domains under the Google Suite free version since its beta. I did upgraded my primary domain to the paid version, when I had few mail delivery issues so I can talk to a person and that was also the time I realize I cannot go back. That was almost/about 10 years ago.
I find it utterly astounding that not a single government has started an email service yet for its citizens, with all the legal protections of actual mail and such.
They wouldn't even need to run it, just create a legal category like "This account is officially registered to X and serves as a legal email account" that companies can apply for if they meet some standards.
Private companies provide it for free because they earn money from violating their users' privacy. They have proven incapable of providing a decent email service for free.
Which makes sense; "spend a lot of money providing a service for nothing in return" isn't a great business model.
It would be interesting to know how many of government agencies use Google email services? Is the email interaction between citizen and state now predominantly in the hands of a foreign third party?
In Netherlands: not just the government, also pretty much every major business and even Universities (Groningen comes to mind). And not just Google, but also Microsoft (Teams, Outlook, etc).
I've often wondered whether that is the real main reason why so little innovation comes out of Europe vs the US: everything of economic, academic and geopolitical importance in Europe is streamed straight to the US and the sender is paying for the service of having valuable information leakable.
Groningen is an outlier in using Google Workspace for email iirc. Most of the Dutch universities I came into contact with (including the one I used to attend) were deep into on-prem Exchange, with some moving to O365.
I was entering my e-mail address on booking.com recently ( format bookingcom@domain.tld ) and it thoughtfully suggested I'd made a typo, didn't I mean bookingcom@gmail.com?
Unpopular on HN, but I just don't see a problem with Google having my email, for what they provide me. Almost unlimited uptime, global redundancy, best search experience, storage all for free. I'm ok with the trade off for now.
What made me switch from Gmail is stories of people losing their entire account overnight with no possible appeal process due to an algorithm deciding there was suspicious activity.
Yeah, pretty much. Anecdata is the bane of everything big. In a country of 330M people, you'll have a horrific murder every week. You have a billion email users, someone's going to have trouble.
You do realize that, realistically, it's probably more likely that Fastmail will fail, or you'll accidentally lose control of your own domain (or have it stolen) than that Google or Microsoft or Yahoo will "lose your account overnight". There are "stories" about startups failing and domain troubles too.
That there are occasional errors in flagging accounts is one thing. That there's absolutely no recourse is another. Why would I want to do business with a company that works like that?
It's not the only reason, though. Just the thing that solidified the decision to leave. I just came to realize that I was depending on a shady entity for everything. The service I ended up paying for (which is similar to fastmail) can end up failing of course, but it'll take a while and I can always switch to something else once they go into administration. In comparison, I have no idea when or where Google might switch me off, especially since I do a lot of Android and Aurora store tinkering over various devices.
Even if Gmail was 100% reliable it would still make sense to not give them everything about my life. Besides, I also get much needed extra email features out of the change.
I used cloudflare to host a custom domain, and then use their ROBUST email routing service to, plus a send as record to essentially make my personal Gmail use an email address hosted with cloudflare. Then, I set proton mail as a recovery and use it for NOTHING but that. As close as you can get to total security with gmail as far as I am aware. If google ever shuts down my account, I just move to protonmail or MS365 and have all my stuff already linked to my domain.
Do you happen to have any actual cases you can point me to? I see this all the time in HN but it's never beyond "a buddy of mine said that he didn't do anything wrong and somehow they got locked out forever with no recourse".
Or it's someone saying that happened to themselves, and then they say they never did anything bad with their gmail. Which may or may not be true?
> Unfortunately, and for reasons that are still unclear, this triggered YouTube's auto-detect system for spam. Hundreds of accounts in Mark's 'community' have been banned. ... Being banned from your YouTube account is one thing; ... However, these fans' Google accounts were banned, meaning they lost access to their emails, ...
The accounts may have eventually been reinstated, but to me it showed a willingness to ban an entire google account from a minor infraction in some individual service, which I was just not comfortable taking the risk on.
Not exactly the same as what you're responding to, but very similar.
I got locked out of my Gmail for a few years because I moved internationally and Google decided it just didn't like my new ip. I had access to the recovery email and would even get, "someone attempted to sign in emails." But Google just wouldn't let me in at all. I contacted support and they were no help at all. I tried to vpn back to normal locations but at that point I was flagged or something. I would try every few months after I gave up. About 3 years later it just magically let me in and I got all my stuff back. Still have no actual idea why it happened.
One good case I can think of is Crinacle. Very popular for his audio measurements site and does YouTube.
His Google account got flagged for something suspicious, Google had it shut down and without good explanations. He can't even get help through YouTube support and while the old channel remains, the Google account behind it appears disabled today. The only choice he had was to file a request that lead to nowhere and he basically had to start with a new account and channel.
"The only choice he had was to file a request that lead to nowhere and he basically had to start with a new account and channel."
Incorrect.
Yes, that was, indeed, the only choice he had that was free, and from his living room, but he did have other choices.
Specifically: serving google with proper legal papers from his own lawyers that require responses. That costs google money. The money just keeps adding up and eventually a real person who has decision authority will look closely at the issue and fix the issue.
Assuming, of course, that the banning was improper - which I think we are all stipulating here ...
Isn't the point of the article that as a non-user of gmail you can't opt out of giving google all your email? It's nice that you get a service for providing your emails to google, but what do I get?
I mean, that's the whole point of communications though, isn't it? If I tell you something, you can do that you like with that information - tell someone else, hand it to a state government, publish it in a paper, or just upload it to the servers of a corporation that I dislike. If you don't trust what other people are doing with your data, you can freely choose not to give them your data - albeit perhaps by giving up some of your communication methods and making your life somewhat more complex.
I mean this is a fact of life for pretty much everything. You can’t opt out of USD if you want to participate in the global economy. You can’t opt out of barcode scanners if you want to purchase groceries. People will augment open standards with proprietary, 100% dependent processes either because they’re easier to work with or they same you money, and often that means customers in turn must interact with those proprietary systems to get anything done.
I exchange e-mails with people who don't use Gmail and it's pretty reliable. Let's not pretend that Google is the only company who knows how to run a mail server. In fact I have more problems with e-mails coming from Gmail accounts (low quality text/pain, broken threads, etc.).
Here's a hypothetical (although as of right now admittedly VERY unlikely scenario):
It's 2035. Google has continued a worldwide decline with the invention of several highly accurate AI drive search systems deeply integrated into technology. Their video streaming service, which started declinging in the mis 2020s has just closed down following years of losses.
To try and regain its financial footing Alphabet has decided to slimline its offerings, closing several loss making services, including Gmail.
Most users of Gmail have been using it for close to decates, and are only given a couple of months notice that they'll lose their email addresses that they've relied on for thousands of online services, banks, businesses, etc. With no secondary account recovery process, billions of online accounts will become inaccessible for millions of users across the world.
----
Sensationalist? Absolutely - but you get the picture. Relying on a free 3rd party email address vs paying ~$10/year for at very least your own domain with free forwarding to a basic free gmail account is worth it.
Not to mention, it seems Gmail is the overwhelming choice for pretty much everyone; over 75% of users on my service have a Gmail email. If Google did actually sunset Gmail I’m sure every website would implement an email change system pretty quick to make sure their own users aren’t left out on in the cold, unable to log in post-shutdown.
I have actually been receiving much spam from gmail addresses lately and have considered banning the domain altogether.
> I was surprised to find out that my friend Peter Eckersley — a very privacy conscious person who is Technology Projects Director at the EFF — used Gmail
I find that the EFF does this more often than not, like how they also criticize Amazon for giving police warrant-less access to Ring cameras... and then stream their online gatherings live on Twitch. I find their messaging sometimes does not tie well with their actions.
>police warrant-less access to Ring cameras... and then stream their online gatherings live on Twitch
Streaming a public event on twitch vs on-demand warrentless police access to on-prem cameras? Am I missing something or are these two things not just not in the neighborhood, they are on different planets.
>Am I missing something or are these two things not just not in the neighborhood, they are on different planets.
Amazon owns Twitch. I think OP is highlighting that the EFF speaks out against Amazon's privacy practices while simultaneously supporting Amazon financially.
That isn't supporting Amazon financially, that's meeting people where they live in a world you don't control.
This is like saying I'm a hypocrite for using crosswalks if I also believe that our cities shouldn't be dominated by cars. If it's true, it's not true in a way that's interesting or useful. It doesn't suggest my views are insincere or without merit. Maybe my views do suck, and maybe the EFF sucks too, but you're going to have to do more work to establish that than pointing out that we're imperfect beings living in a world that may thwart our intentions. You'll actually have to engage with the substance of the argument and the facts in dispute, and make the case that there's a deficiency there.
Are you offering to pay for them to host their own streaming solution and volunteering to handle technical support for users who have trouble with it?
This gotcha-game is tiring. People don't have to like Amazon to realize that they and YouTube are the only practical game in town for free live streaming.
Debian manages to do global streaming for DebConf every year using only libre software and VMs running Debian at cloud providers. Seems like this is their setup using ansible:
DebConf does host their own HLS streams. (They use video.js, which was started by the cofounders of my former employer Mux; I'm pretty familiar with it.)
I don't intend to suggest that it's impossible by any means; I've done it recently for a project of my own. But it's work, and it's expensive work, and it becomes a question of quality of experience. They make compromises to do their own hosting; bandwidth is always a little bit scarce and DebConf's live streams are 2Mbps @ 720p as a max rendition. For their audience, that might be fine. For others, it's not, and a good way to drive viewers away. I don't have an intuition as to whether the EFF's target audience feels that way, but their overlap with the free-software set isn't complete and wanting their live streams to look roughly competitive with everybody else's isn't unreasonable; how you look and the reliability/QoE of your stream does impact credibility.
The second tine of the fork is user accessibility. "It's just Twitch, everybody uses this" is a powerful argument for that accessibility if, unlike DebConf, you can't reasonably expect everybody to read a man page if there are problems.
Hmm, my memory tells me there was just a web page you could visit to watch them, plus links if you wanted to watch in an external media player. Post-conference you can look through the schedule to watch individual talks.
"Online gatherings" as in 1:M live streams, or "online gatherings" as in "pack everyone into a WebRTC room and hope it holds"? Because Twitch and YouTube do the former and I don't see anything in BBB that natively emits HLS or DASH. I see plugins that will talk to an RTMP server, but that leaves a very long row to hoe.
1:M live streaming is very, very difficult to get right--it's is why video providers can charge so much for private video in the first place.
Its not really the streaming persay its this is TV broadcast tech running over IP.
Its a networking problem, not a software issue. You will have to change the format or be independently wealthy to compete, 1:M will always by nature be a matter of outsized resources on the transmit versus receive side.
It's one of the reasons why these days I'm bearish on the future of independently-run video. The numbers are aggressively bad. People use YouTube and Twitch because they have to, not because they want to.
It works relatively well on a beefy BBB instance. Jitsi from my experience craps out on low-bandwidth scenarios, but I've attended BBB meetings of respectable size with no issue.
WebRTC as currently implemented has very hard and by its nature has very low audience caps. There's a reason why WebRTC-to-HLS gateways exist; WebRTC by itself isn't substitutable, and if you're going to act like this I'd think there's a pretty significant onus upon you to provide something substitutable.
The substitutable thing is "another content provider that does HLS or equivalent", and we're back where we started, because doing so independently, as discussed in another subthread, either costs a lot of money or comes with compromising tradeoffs, as well as a support burden that somebody has to pay for and do.
Independent web video is mostly awful. The best answers are bad ones. Sorry.
You can be against something and still find yourself having to use things you complain about.
Folks still eat food even though they are aghast at how farm workers are exploited in the world.
You can support robust public transportation yet drive a car due to poor-to-no public transit.
Sometimes, facebook is the best place to organize demonstrations against facebook.
Just because you have complaints about the world doesn't mean that you don't live in it and need to use it as designed. If you don't, how else do you expect to change it?
Food itself isn't optional, but folks that aren't absolutely poor generally have choices in which foods they eat.
You can spend more on eggs so the chickens are being treated slightly better.
You can look for meat that isn't produced using confinement farming.
You can buy fair trade coffee.
You can check out how the local grocery store treats its employees, and choose the one with the best treatment. You can try something similar with food producers.
If you have a local butcher, you might consider buying there instead of a factory meat plant.
You can vote for folks that will look out for workers (the ones working the fields and with animals), both in your country and abroad.
Most of these aren't available for folks that are poor enough: You can't very well shop ethically if you are stuck getting food from a food bank, for example, and you might understandably be more worried about getting enough calories for yourself or your child.
jjulius, I did not state that they were helping them financially, though I also had not thought of that. I think Twitch does not display ads on non-profits streams (is this right?), but it's also extra visitors at the end of the day.
My comment was more along the general line of criticizing something verbally, but then taking actions that, in my view, undermine that same message. Contrast this with the FSF, for example, which is feverishly uncompromising about its values.
That is a bit of my feeling too, funding aside. Often it appears that they are slapping Big Tech on the wrist. Still do great work in general though, just nitpicking since we're on the topic.
I find their messaging sometimes does not tie well with their actions.
Not everybody can be RMS. As an EFF supporter, I don't want them to waste my donations by withdrawing from the world and handicapping themselves unnecessarily.
Who says boycotting Amazon? Strawman much?
Rolling your own streaming solution is not hard these days, you have plenty of FOSS options to do that. But the EFF is too lazy to care.
> I have actually been receiving much spam from gmail addresses lately and have considered banning the domain altogether.
For some accounts I block all Gmail usernames ending with a number: from 0@gmail.com to 9@gmail.com. The only exceptions are addresses that I have added to my whitelist. A bit drastic, but it did wonders to my mailbox.
It’s pretty hard to distinguish spam accounts by domain. They skip domains regularly. Much more often than actual humans. If your spam filters are only able to filter by domain you might want to find some more sophisticated filters.
He's saying the @gmail.com domain is useless to him, because it he gets so much spam from it.
I could certainly see that being the case, and if you can block the whole domain and whitelist the few contacts you actually have, it probably could work decently well.
I experienced it maybe a couple of months ago. Then it went away. Since so many use gmail, it's only logical for the spammers to focus on playing gmail filters and one obvious factor would be using a gmail address as the source.
Yawn. That's a classic "you say we can improve society? yet you participate in society, curious". Yes they use Twitch because millions of people are there and they need to reach a wide audience.
You don't even know what you're talking about. Their gatherings don't address "millions", but are typically just a hundred or so guys, mostly other donors. This could be hosted fine on an alternative like BBB.
Writing lazy and uninformed comments like yours on HN certainly is a classic though.
Major vendors have realized this as well, and are putting less information in their emails as a result.
If you’re my customer and a Gmail user and I send you order details, financial/credit info, any number of things I might know about you that Google might not know already, Google learns that about you from me.
Instead, I’m going to send you an email that prompts you to come back to my site or app to get your tracking number or flight info or whatever.
It might not be some other communication service that kills email, but rather apps and push notifications trying to outmaneuver Google.
I don't know what you're talking about. I get order confirmations from retail stores all the time with full details of my order, every item listed in full detail, last 4 digits of credit card used, etc.
I see no change in this over time, nor do I know why companies would even care that an e-mail provider (including Google) would be able to read that information. I don't think this phenomenon exists at all.
The only thing I can imagine you referring to is companies having the tracking link open to their own page rather than directly to UPS/FedEx etc., but that's for totally separate reasons that you can see from Narvar's marketing.
> I see no change in this over time, nor do I know why companies would even care that an e-mail provider (including Google) would be able to read that information. I don't think this phenomenon exists at all.
Thanks, but so as far as I can tell from that, Amazon is the only company to have made this change, and it's pure speculation as to why.
I just checked my e-mails, and Target and Wal-Mart still include an itemized list in your order confirmation e-mail. So does Best Buy, J. Crew, GAP, Shopify, eBay, and literally every other store I order from.
So a single company made this change, and nobody knows why? That's not a phenomenon or trend.
I never thought about it like that. I've always considered it inconvenient to not have my order details in my email history when I do a search of all emails looking for when I bought a thing or something. Especially if I dont remember where or what.
I do appreciate the privacy that can come with that. However I think I still prefer being able to search my email history for receipts and other info. Or at least opt into receipt coming in email.
I'm too lazy to catalog things manually but I do on occasion want to search for things a little easier.
For me, owning my own email domain is far more about control than privacy. I currently use some MX and SMTP trickery to forward all of my email to Gmail, effectively using Gmail as my 'email client' - but because the domain is mine, I can change that without too much headache, unlike if I were just using an @gmail.com address.
You don’t own a domain name you rent it. If you ever forget to renew it or you are unable to renew it for some reason then it becomes available for anyone else to register. At that point the new owner can receive all your email and potentially access any accounts which use that email as 2FA. I’m not saying you should never do this but it’s not a silver bullet.
Making sure that your domain registration is always current is not a difficult thing, though. You can register for fairly long periods of time, and set up multiple alerts to manually renew long before it expires.
My register doesn’t allow registrations longer than 1 year. Their reason: “ We've found that longer registration periods lead to a higher chance of customers losing or forgetting their account details or missing notifications and ultimately letting their domains expire due to outdated contact information or expired credit card details.”
I’m wondering whether that’s valid and if I should find a new registrar…
That is made up reason. Extension periods depend on TLD providers. I've just checked and e.g. OVH lets me renew .com domain until 2030. You max our renewal now, then setup some "domains housekeeping" day in your yearly calendar to puth the expiration date every year. Pity I can't do that with some proven and basic hosting to prepaid a few years ahead.
yep cos of Covid namecheap sold my domain to a squatter who now wants $10k for something i've renewed for years for $12.
That was so shitty coming back round to reality and everything broken. Still upset about it. To this day I have no idea why the card didn't pay as always.
I don't know about the relationship to Covid, but it sounds like the person's credit card wasn't charged, thus the domain wasn't renewed. After the missed renewal, a squatter bought the domain in hopes of selling back to the original owner (renter) at a premium.
I think the lesson here is prepay for a domain for several years ahead if you plan to keep the domain long-term.
I'm not sure if this was added after your comment, but in the second line of their post jamiek88 said
> To this day I have no idea why the card didn't pay as always.
One can infer that the credit card did not auto-pay, the domain expired, and Namecheap immediately resold the domain to a squatter rather than first reaching out to jamiek88 to confirm that the non-renewal was intentional.
> Namecheap immediately resold the domain to a squatter
No I don't see how their post allows one to infer that Namecheap "immediately" resold the domain. Their policy is a 30 day grace period, and within that 30 days the domain should become non functional, so if you're actively using it then you would know something is up.
Sounds like jamiek88 was squatting on a somewhat desirable domain and is just sad they couldn't follow some basic instructions.
I have no idea what the "because of COVID" thing is about.
Breaking the site guidelines like this is definitely not ok and will get your account banned, regardless of how bad another comment is or you feel it is. If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.
Pay a bit more annually to a reputable DNS company. For example, I initially whet with GoDaddy, until about ten years ago when I read that they were shutting down people's domains simply upon a "we're investigating thisbperson, kill their domain" letter from the US Marshals (a Federal police force). Around the same time I heard about easyDNS in Canada, and discovered that they will only ever seize one of their customer's domains if they receive proper papers from a court---i.e. a search warrant. I like that they're committed to rule of law rather than politically motivated deplatforming.
How do your have your outgoing mail configured? Up until recently Gmail would let you send email from another domain, but they seem to have shut this down.
I have my domain hosted on a service that provides web hosting and email. I configured Gmail to pickup that email and merge with my gmail mails. I can choose to send as either my gmail address or my personal domain address. I just tried it now and it worked just fine.
To register a domain, you must provide an existing email address (not at that domain, of course). True story: I registered a domain with email from openmailbox.org. That email provider has closed, and my domain went puff with it.
Email is one technology with two quite different use cases: reply and noreply. The former is the sending and receiving of regular correspondence. The latter is the identity stuff and is the majority of my traffic: things like bills, receipts, tickets, reminders, security alerts, login confirmations, etc.
In 2022 I’m more worried about an unregulated company monopolising the noreply part. It’s an enormous part of my life.
And that's why services like Tutanota (https://tutanota.com/) and Proton Mail (http://protonmail.com/) offer the option to send password protected / encrypted email to third-party. This can be used to prevent Google or Microsoft from spying on your emails as the actual email is never sent to their server. Yes, sharing passwords beforehand can be a pain. But even if you SMS / message them the password, or just put hint to it in the subject - "the pass is your phone number" or "the pass is your fathers name" - it still creates an additional barrier for Google or Microsoft bots to index your email. While we may not be able to do this for every email, we certainly can do this for personal emails. This process also creates awareness in your social network, when they ask you why you are using such convoluted methods to send them email.
- These domains sound weird (for average Joe)
- Even if they office 5GB for they average Joe will try
- BTW, I bet they cannot do proper customer service if they have a 10th of the google's customers
- We at a German scientific institution got email services from a Berlin based (privacy first, eco-friendly) provider (starting with letter M-). We had significant issues with SSO, email-sync (in outlook), password resets were painful (as these were emailed to the admins in plain-text - seemingly someone manually reset it at the provider), No 2FA, calendar-sync worked awful in iPhones.
I'm still operating a personal email service. It's become more challenging, using TLS, DKIM, SPF, and anti-spam technologies, but I think it is still worth it to keep some measure of control. It makes troubleshooting easier when you can see the logs from the MTA. I've also become a fan of the OpenBSD smtpd/pf/spamd triumvirate for controlling spam. It's effective, without being super complicated.
google/gmail is also one of the principal agents which declares by fiat "your own domain self-run mail is spam because I think its spam" which then propagates to other mail providers.
SPF/DKIM no matter: if they decide it's spammy, un-doing this decision is appeal to a star chamber you cannot interact with directly.
Aside from the sharing of RBL lists, the reflexive bouncing of mails? SMTP error codes rejecting delivery transitively? Maybe I'm wrong and there is no information sharing here? Not impossible or implausible. Does Macys tell Gimbels?
Another effect here is volume. That's non communicating between the big players but would inevitably lead to similar outcomes if they rank domains by volume/score weights.
Hosting a small mail domain in Google is a good way not to get marked bad it seems. Postini filtering on your gsuite user side is an added bonus. I've yet to withdraw a domain from gsuite so I don't know how long it stays "acceptable" But I do know Gmail is one of the principal "not an acceptable sender" paths. As to how that flows or informs o365 or any other player, I may be making a bridge too far.
The discussion around email continues to come up time and time again. It yields significant power, it's your online identity effectively, used to access, communicate and unlock everything. We all have some level of discomfort with someone else owning the infrastructure for this having seen what happens if you get locked out. What is the answer? Is it really self hosting? Such a subpar experience. Consumers can't be expected to do that. Maybe it's about moving to something else with backwards compatibility with email but a system you can never be shut out of. If you're stuck with a @gmail.com domain, it's tough, but maybe the switch would be worth it in time.
Maybe it's like rent vs buy in real estate. There's no beating owning your own home. Costs more but no one can kick you out unless you stop paying your mortgage. You own it, it's your address, it holds all your possessions. But you don't build the house, someone else does, you just pay for it.
Well this leads to my next question. Community led infrastructure. Why is it not a thing? I think that's social housing in the real world. Why does it not exist for digital services? I know we open source things but nothing is run by a community. A potential outcome is to run email as a community.
I mean it's like any real world thing, potentially non profit. A group of people elected to run public services for everyone else which people pay a fair amount to use. Something that's constantly reviewed, where new members can join and others can move on.
Thanks for pointing those out. I think it could be done on a larger scale but only with buy in from the community and starting with one or two specific services e.g email or app infrastructure.
I remember when I was horrified that apps would ask for (or not…) all my contacts.
But then I realized most people on my contacts probably wouldn’t say no so someone could easily use that information to guesstimate my contacts by using everyone else’s contacts.
Unless the e-mail you send is either encrypted with something like PGP or whatever, or else you send it directly from your machine your friend's SMTP server, using TLS, then the operator of any SMTP forwarding host in between could have your e-mail, not to mention someone just snooping traffic.
Speaking of encrypted e-mail, if you send that to a gmail user, then Google only has the fact that that user received an e-mail of a certain size from you on a certain date. People who are paranoid about which data warehouse has their mail should be using encryption.
>...or else you send it directly from your machine your friend's SMTP server, using TLS, ...
That is normally what happens these days. Intermediate email forwarding is so rare as to be non-existent. Only a small percentage of email is sent unencrypted between servers[1].
Agreed that email should be encrypted and, perhaps more importantly, signed...
> Intermediate email forwarding is so rare as to be non-existent.
Where did you get this belief? Almost no e-mail user who uses a client to send SMTP right from their PC or mobile device can send directly to their destination, because they don't have a static IP address with e-mail reputation.
Directly to the destination meaning: looking up the MX record for the domain of target e-mail address, and contacting that host.
People who self-host such e-mail receiving hosts will themselves drop the connection from such a user, if they implement RBL-based anti-spam measures.
The popularity of ChromeOS in US schools means millions of kids require Gmail accounts (since ChromeOS requires sign-in the OS to full use).
It's probably true to say that almost every school kid in the US has been captured by Google's embrace.
The 'tech community' have little to say on the matter. In fact, developers are more likely to defend Google rather than question unprecedented levels of data collection.
This is false, most schools are using active directory SSO which happens to use Google for Education but could easily be migrated. In fact, many places have Microsoft 365 and Google working at the same time under the same SSO. Yes they are using "Gmail accounts" but that's a far cry from @gmail.com accounts.
The issue is that there are no proper replacements for Gmail. Too many people (whether opensource fellows or privacy or both) suggest do not use it but there are NO good answers. One cannot expect a local shop or university to host email services 24x7 AND provide world-class security. This is like excel/word/ppt becoming a default file format and use of MS office. Sure libreoffice works but when everyone is using MS products - one has no chance but to use MS.
hn always loves fastmail but I bet they cant run a billion logins.
No local govt or company has the employees to manage such good features.
(Example; I tried once to use apple email, calendar for 20 people. Too many sync problems. When asked in Apple forums they often told me Apple infra is designed for families and not for 20 people)
> One cannot expect a local shop or university to host email services 24x7 AND provide world-class security.
You're right! That doesn't mean you have to rely on The Borg. I rely on my ISP (admittedly an unusually good ISP); I pay them for mail service, a fiver a month, on my own domain. There are many dedicated commercial email providers that are reliable and secure, such as Fastmail (I've never tried Fastmail).
What I dislike is that email addresses have become the primary key of online identity. Many services don't even have usernames anymore. I still think that government should furnish something like an online postal address. Protected with gov issued hardware keys (U2F?), white listing for recipients maybe. To be used only for gov business, banking, gas, water, etc. If those things are essential to life, and in turn depend heavily on email (here they do for sure), they should not be handled by fickle Big Tech.
I started using my own domain names 20 years or so ago.
I let gandi.net host my mail and from what I know they haven’t been involved in any privacy related scandals.
I use rsync.net for my backups.
I avoid the American internet conglomerates software and services like the plague.
Eben Moglen, law professor and founder of the Software Freedom Law Center, gave a talk on privacy that discussed exactly this. I believe it was in 2011.
I would urge you also to consider that privacy is an ecological rather
than a transactional substance. This is a crucial distinction from what
you are taught to believe by the people whose job it is to earn off you.
Those who wish to earn off you want to define privacy as a thing you
transact about with them, just the two of you. They offer you free email
service, in response to which you let them read all the mail, and that’s
that. It’s just a transaction between two parties. They offer you free
web hosting for your social communications, in return for watching
everybody look at everything. They assert that’s a transaction in which
only the parties themselves are engaged.
This is a convenient fraudulence. Another misdirection, misleading, and
plain lying proposition. Because - as I suggested in the analytic
definition of the components of privacy - privacy is always a relation
among people. It is not transactional, an agreement between a listener
or a spy or a peephole keeper and the person being spied on.
If you accept this supposedly bilateral offer, to provide email service
for you for free as long as it can all be read, then everybody who
corresponds with you has been subjected to the bargain, which was
supposedly bilateral in nature.
(Full transcript available at [0], video at [1].)
Interestingly I see I'm not the first to quote this at length on HackerNews [2].
(Link-rot has eaten the original [0] URL, and archive.org is seemingly down, but I realise the irony in linking to Google's cached page, as well as their copy of the video.)
Is the fact that the sender and receiver of an email both have a copy surprising?
IIRC, no emails from Hillary Clinton's server, for example, were ever leaked from the server, but the public saw them because one of her regular correspondents had his email compromised.
> IIRC, no emails from Hillary Clinton's server, for example, were ever leaked from the server,
How do you know that. I dont want to make political comments on HN but her server was insecure at some time (aka no encryption) and then accessing the emails on her blackberry in foreign countries.
That we know of. If I remember, she hired some random 3rd party company from Denver to manager her servers. They of course didn't have any kind of security clearance.
The same goes for contacts by the way: you can be as careful as you wish keeping your phone number and address and e-mail address private, as long as you are friends with me and I keep my Google Contacts up to date, Google has that data. And I don't think this is avoidable, unless you consider complete isolation from human contact desireable.
I noticed this with Tiktok. I put in my number into my profile and got friend suggestions for nearly my entire contact list despite not giving access to it.
">I have run my own email server which I use for all of my non-work correspondence. I do so to keep autonomy, control, and privacy over my email"
if you want to retain control or privacy over correspondence, email is a horrible medium because by design anything can be forwarded, shared and copy&pasted trivially and this is done all the time. One guy is enough to leak an entire email chain. Good rule for email is, treat writing email as if you're speaking publicly.
Nobody under like 40 uses email for personal communication.
Yeah it's a legacy medium for stuff like your bank, maybe it's the least terrible option for B2B communication, but email has largely been replaced already.
It's the default: you need an email to make all those other accounts. Everyone has an email (assuming they have internet at all). Not everyone has a goofacetwat account, or whatever the newest thing is.
There is no way to retain or control privacy when you send some information to another person regardless of the medium - email or paper or verbal even - you lose control no matter what, since the counter party can now share the same information however they see fit.
this bothers me a lot. That bystanders can read my cleartext email is one thing. But that somebody hords and data-mines a huge quantity of them is a bit creepy to say the least, isn't it?
I would bounce gmail if my email provider offered that option.
From the perspective of yours truly (and probably not anyone else), there is a relatively simple solution to this problem. I have experimented with running SMTP peer-to-peer instead of peer-to-<third_party_intermediary>-to-peer. While I first did this using L2, before Wiregaurd, Tailscale or Headscale existed,^1 I see no reason it could not be done using today's popular L3 software. One approach is the sender and recipient each run their own SMTP server on an overlay network. Each network might have its own interface, /dev/tap[0-100] being one option. Is this perfect in every way. No. Nothing meets that standard. Does it work reliably. Yes. That is good enough for me. That it works is not surprising since the early internet did not have itermediaries like Google and the early mail RFCs had no conception of third party email providers let alone "webmail", now dominated by "Gmail". Needs of "users" do differ and intermediaries might serve a useful purpose for some, even those who can make a conscious choice. Personally I have no need to be able to email every address on the planet let alone allow them to email me! More practically, I can more easily maintain smaller lists of potential senders and recipients, i.e., "networks", each one a separate network interface. Again, needs will differ based on the user.
Third party email for personal use is like using a PO Box despite have private property, a house, and an address. There is no reason that everyone cannot have their own mailbox on their own property. Even more, instead of the post office managine these PO Boxes, email uses a private entity that is trying to sell advertising services, and/or brokering direct email marketing. Both systems, snail mail and email, have been largely co-opted by the potential for direct mail marketing, so-called "junk mail". Even if one never sees any junk in their inbox (thanks to "filters"), the junk mail senders are still influencing the system. The continued enablement and presence of those junk senders, who are still sending massive quantities of junk with the help of Big Email, is why third party email providers, like Gmail, block residential IP addresses. You own property, a house and an address but you cannot have your won mailbox. That is how third party email provision works.
1. Heck, one could probably use a "lightning" network too but folks today want to use peer-to-peer overlay networks for "crypto" exclusively, not messaging or any other useful activity. Go figure. This whole means of using networks without third party intermediaries is as old as computer networks themselves. Gamers have long used LANs and overlay networks for communication, since before the internet became popular. Arguably, we could think of everything we do on the internet as a "game" that justifies use of overlays.
> ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
As I (entirely non-lawyerly) interpret it, you could not do a GDPR request to delete the counterparty emails, because those are things written by you, not information about you. However, an email in which you state "I broke my leg today." would be personal data, because it can be connected to your identity and is information relating to you.
In all honesty, I think that would lead to some form of nationalization of Gmail to force it to continue as a service. Approximately half of Americans use Gmail and that is "too big to fail".
I tried to move away from the legacy free Google Apps thingy when they threatened to force everyone to pay business rates and even though Gmail isn't what it once was, the competition isn't great either. The one that everyone keeps raving about is located in Australia (which has non-existing data protection laws), most privacy-focused ones are cumbersome and annoying (limited functionality, no IMAP, only our own apps, etc.), the big commercial ones are expensive (this is for family), and a few were half broken (IMAP should work but never did etc.) ... I found a single one from Europe that came reasonably close to Gmail, but then Google decided to keep their Google Apps thingy free for non-commercial use, and I'm happy I don't have to worry about those email accounts for at least a couple more years. Gmail works well in all respects, is well-supported everywhere, and since I'm using my own domain I retain the option of switching if need be. I don't think I have a single person I actually exchange emails with that wouldn't leak them to Google anyway, so why bother.
