• snek_boiOP
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Interesting. Thanks for the reply!

    I have also chatted with Tutanota workers and I didn’t have the impression that they were not driven. In fact, I think about myself: if I was a good enough developer, experienced with their stack, I’d love to work with them just for what they stand up for regarding privacy and openness. It seems like a very gratifying way of spending my time.

    As to the closed platforms, I totally agree with your criticism in purely abstract terms; I don’t like that I need to rely on Tutanota for encrypted email instead of a federated system like XMPP or Matrix. However, Matrix has been an aspirational platform in which only my closest friends, and the wokest or tech-savvy acquaintances join. For a good chunk of my daily life, if I want libre, metadata-reduced, and encrypted communication, I have to rely on Tutanota’s closed email system.

    Do you think there’s a way of extending email (rather than “reinventing the wheel”) that’s also as simple as “give me your email and let’s agree on a password”?

    • 7heo
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      I have also chatted with Tutanota workers and I didn’t have the impression that they were not driven.

      Full disclosure, I have no idea about the position of the person I talked to. They sounded quite superior, so I am guessing they were talking about a subject that is their daily work (so I’m assuming dev). But it is far from mine (even though I would like to know as much as humanely possible, I have unfortunately no time to learn app development, browser development, and the related ins and outs), so I can’t judge how knowledgeable they were.

      It seems like a very gratifying way of spending my time.

      Definitely better than most jobs, yes. No questions there.

      However, Matrix has been an aspirational platform in which only my closest friends, and the wokest or tech-savvy acquaintances join.

      That is, IMHO, more related to politics and release timing than anything else. I have taken forever (only deployed a server 2 weeks ago) to try matrix because of all the associated complexity and inherent “nerd factor” (RTFM and all that, again, I have a pretty demanding job and a private life too - so I really appreciate a solution like signal, briar, simpleX, etc, that can stay out of the way while allowing me to use it until I have time to eventually review bits and pieces and then more). It’s a sad thing, but they missed a key wisdom from Linus Torvalds himself: make it as painless as possible for the user (after all, all salespeople know that a good sales opportunity is characterized by a “pain point” for the user).

      Do you think there’s a way of extending email (rather than “reinventing the wheel”) that’s also as simple as “give me your email and let’s agree on a password”?

      Great question, thank you for asking. And yes, absolutely. I believe MUAs have done a terrible job presenting the users with clear UI for PGP. The PEP project has gone farther than most, and contributed quite a bit, but in fine, I would posit that they all missed the mark in associating PGP encryption with an opt-in, additional feature, while, correctly implemented in the UI, it would actually be a very viable solution to combat spam, by defaulting to EE2E+signature for all emails. And thus, it could be a very good way to sell it to “normies”.

      This could still be done with a “normal” email interface, but enabling the whole automatic encryption+signature via a procedure similar to signal’s cryptographic verification.

      Also, the MUA should clearly manage the pgp keys by default, allowing their management via the OS as an opt-out, so to enforce sensible defaults, allow expiration extension, etc etc.