It is so hard to get an email address without providing an email or SMS verification. Like 9/10 on the internet difficulty scale.
Any site that lets you receive email for example by generating a random inbox seems to be blocked by the more full-featured ones that let you send email. I’ve spent the last week trying to get an email address doing lots of searches and trying to signup for any email address at all without success.
This makes sense if you understand that bots cause problems universally but at the same time the personal information strategy isn’t working. Spammers have no problem getting email accounts and every other kind of account. It’s the honest person who won’t go to the dark side and pay for stolen accounts that is in the worst shape.
Maybe you want to setup your own mail server? Ther you need a domain name and registars want even more information. Many of them give you privacy on your domain records, but this is no defense from the surveillance state.
If as said in the sidebar mass surveillance is about mass control, and not justice, then email is an extremely important technology to start supporting for privacy and freedom.
Spam and abuse are problems to be sure but there must be other ways to solve them than by providing information that links back to the real world.
Now what can we do about it?
email is an extremely important technology to start supporting for privacy and freedom
No: email, even when encrypted, leaks plenty of metadata. From a privacy perspective it has been a lost cause for decades. We need new protocols.
Are there even any candidates at the moment? What would a next gen email look like, one that didn’t leak metadata?
Briar is a good example.
Matrix is the successor to email. Open spec, encryption-first design, federated, much easier to self host and possibly p2p in the future.
It leaks plenty of metadata. Also it’s hardly easy to self-host.
How do you avoid leaking metadata to your server in a federated system?
By using onion routing to connect to it, as Briar does. Also by not having a server at all, again as Briar does.
Briar’s server is the app itself, all federation metadata concerns also apply to p2p federation. Your briar app leaks metadata to every other device it talks with.
No. Data sent between nodes e.g. messages, images and status is not a leak. It is what the applications are supposed to handle. Third parties do not receive data or metadata.
If you have any reliable source to back your claims please share it.
I don’t think that is true. Matrix could be the successor to mailing lists, as it has interesting properties (anti-censorship, consensus-building) for that usecase. But so far matrix implementations are too reliant on huge databases to become practical… I hope the situation continues to improve in the coming years.
Link please, most of the search results for that don’t seem to be what you’re referring to.
Does the matrix protocol even enable an inbox-message-delivery type of communication similar to email, or is it all about room synchronisation?
At least with the current clients even a 1to1 chat is a room state synchronised across the involved servers, and doesn’t lend itself to managing messages in an inbox very well.
Its even better than email in that regard, you have to accept a message request before they can spam you. And it looks really no different from email, with a list of conversations being equivalent to your inbox.
An SMTP server can be set up to only accept email from addresses in your contact list, if that method of spam rejection is desired.
All the matrix clients I’ve tried look nothing like a typical old school (thunderbird/eudora/mutt/outlook) email inbox. It’s all IRC-style chat.
I consider email excellent for exchanging and filing letters/correspondence. Conversations do happen over email but a conversational/chat layout like gmail/matrixelement can be more suited for that communication mode.
Neither email nor chat chat layouts seem useful for (especially multi-party) discussions, where a threaded conversational layout such as used in zulip/lemmy/ discourse are more suited.
And isn’t there a way to sign into things with Matrix? Like OAuth? I thought I heard of that somewhere.
No matrix has its own auth system for signing into it. But more importantly they have bridges that can connect matrix rooms to other services, like IRC, xmpp, etc.
Whether fit for purpose working receive email addresses are a requirement to obtain many services. I should be more precise though, if we are creating services that we want to be usable with privacy, then we should not support email as a requirement for use. Since the case is that many services do require email, I mean to focus here on supporting this anonymous email facility.
I think tox might be a good fit.
First of all, Tox does not protect metadata at all. Secondly, it comes out of 4chan and its approach to security is pretty questionable.
I know this isn’t super helpful in answering your question, but it would be nice if we didn’t need to rely on technology like email for account creation at all. The domain name provider njalla allows for account creation using an XMPP address, and the VPN provider mullvad generates a random string of numbers as your username. If only the rest of the web followed suit.
Right. It’s not just about the question but looking a little deeper to get to what it means to have a free culture. What’s required. What would be done differently. This was just a specific challenge that made sense to step back a little from. If there’s a principle it should be honesty about why identifying information is required and looking for alternatives.
I personally think email is a good default because it’s standard and everyone has it. But i would appreciate if my identity on federated networks was not tied to a single server’s address, but rather to a cryptographic key like the ZOT protocol does.
It’s good it’s easy to guess where to reach me from my address. It’s also good if i can change this network location anytime if the server who gave me services goes down.
See table “Email Hosting market share table” https://www.datanyze.com/market-share/email-hosting--23
Google, Microsoft, and Godaddy collectively control 79% of the email market. You effectively can’t deliver email if they – the first two in particular – say you can’t. So every other provider has to dance to their tune. This is, at this point, an economic problem.
If you want to re-decentralize email, and the web overall, you have to figure out what to do about the increasing concentration of Internet infra into an ever-smaller number of hands. I’m guessing there is not a technical solution to this.
I’m guessing there is not a technical solution to this
We need dead simple turn key solutions for self hosted services. Simple as setting up a wifi router or some other consumer focused device.
Users get to use networks on terms dictated by their ISP’s. My ISP blocks self-hosted email. They did so because it was not in their interest – spammers were using the functionality to run spam ops. They still allow for self-hosting, but as self-hosting becomes more popular, ISPs’ residential networks are going to become a security minefield and an increasing liability. They will tighten the screws on what people are allowed to self-host and how, or they’ll just make it painful to impossible.
You could do a “self-hosted” turnkey email VPS, I guess, but then the users have to rent and spin up VPS’s. You could run a VPS provider that provides an API to streamline the process, but now you’re positioning yourself to be the next big cloud provider instead of decentralizing the web.
You make very valid points. What do you think is a scalable, decentralized solution to this problem? What if we decentralized ISPs themselves with mesh networks like Althea?
Decentralizing network ownership is the best way to go imho. Start building locally-owned and controlled networks! Then start building connections between them!
Althea is just a cryptoscam like any other. We don’t need cryptocurrencies to build network, we need people who step up, raise funds and build infrastructure. There’s quite a bunch of self-organized networking projects across the planet and it doesn’t take much resources/experience to build one (although it’s better to have on the team at the very least one person who knows their way around a local datacenter / internet exchange point). If you have more questions about it, we can open a dedicated thread :)
Althea is just a cryptoscam like any other.
Disclaimer: I don’t advocate for any type of scam. I was just using that as an easy example. ;)
If you have more questions about it, we can open a dedicated thread
Please do. When you say self-organized networking projects, do you mean something like a community owned ISP that provides internet access to the community that owns it?
When you say self-organized networking projects, do you mean something like a community owned ISP that provides internet access to the community that owns it?
There’s different models.
-
guifi.net is a federation of (for/non)-profit ISPs mutualizing infrastructure for all to use
-
ffdn.org is a federation of small local non-profit ISPs who deploy their own infra where they can and rent it where they can’t ; the ISP is autonomous and owns the network, and all “customers” are voting members of the associations
-
freifunk.net is a decentralized, self-organized public hotspot network: they provide with router firmware you can setup on your premises to provide anonymous (well, there is authentication but no logs) internet access, where traffic is routed via VPN to a regional datacenter to then reach out to the broader Internet
-
bandwidth coops like gitoyen.org, which mutualize the cost of transit for smaller peers (transit has crazy economies of scale where smaller providers pay over 100 times the price of a big provider, for 1Mbit/s at the 95th centile)
There’s also other projects such as Rhizomatica in latin america, or optic fiber coop ISPs in rural England, and probably many others, but i’m not as familiar with those. Still worth mentioning is NYCMesh which has a nice map which can give you an idea what infra for a local wireless ISP looks like.
-
We need dead simple turn key solutions for self hosted services.
Does anyone have experience with FreedomBox? (https://freedombox.org/)
It looks very interesting…
There’s plenty of solutions like that. Freedombox appears to be stable and well-maintained but doesn’t have a lot of “apps”. Libreserver is more experimental but has strong security features and even an experimental mesh mode (local nodes disconnected from Internet). Yunohost is very popular and has plenty of packages.
There’s also more “pro” solutions for collective hosts. AlternC is a distro used by many hosting coops, ISPConfig is also quite widespread.
Maybe we need identity bootstrap processes that are compatible with a variety of confirmation processes?
Kind of like how verification of DNS domain ownership can be done in a few different ways
Or even like how keybase.io supports multiple proofs
I think what you’re talking about is called IndieAuth and is widespread on the indieweb.
deleted by creator
Does this not require a domain name?
deleted by creator
deleted by creator
It is not an issue of cost, but of the email address catch22. A new identity has no email and doesn’t .ml require that for registration?
You can use a pseudonymous or temporary address to setup your domain name. My blog runs on a domain i obtained from a free DNS provider (a small non-profit) from a pseudonymous address i got from a friend-of-a-friend-of-a-friend who runs a mail server.
*per annum
Any guides you know of?
Protonmail doesn’t require an email or phone number. It just requiers your IP address for sign up
danwin1210.de has been my go-to Email for years.
Hosting email is hard so big props to whomever’s running that. Will try it thanks.
I wonder if such new accounts are even trustworthy! Sowing doubts is such a great strategy by such non-existent entities!
