A while ago I wrote about using Reddit as a blogging platform. This is good for people wanting another layer of indirection in order to obfuscate their identity. The person that introduced me to this idea does just that.
using Reddit as a blogging platform
Today I argued that there is no point in investing too much into email.
there is no point in investing too much into email
Mail is now but the medium of *bills and spam*. Messengers are the new mail and some people write very long messages indeed. The need to trust your provider remains but at least the cryptography seems to be solved, I hope? Or close to? I use Threema because it is not tied to a phone number, or WhatsApp as my fallback. Not ideal, but better than email.
Email is fundamentally insecure. And yet for a while I thought that if only I ran my own email server, I’d be a lot safer because the NSA would have to *intercept* my emails instead of being able to siphon them off a Google server. Remember SSL added and removed here? Well, now I think they probably *do* intercept most Internet mail traffic.
intercept most Internet mail traffic
I ran an email server on a Raspberry Pi for a while and decided to abandon this. The setup of Sendmail or Postfix, Dovecot, SPF1, DKIM, Greylisting, TLS, Spam Assassin, the updates, the issues around certificates, it was a lot of work and in the end I wondered what I was defending against. I feared that my most likely enemy would be common criminals and in that case, relying on Gmail is definitely safer.
You could say that snail mail just the same: bills and spam. And you’d be making my point. I write about two handwritten letters a year to my sister. Everything else is bills and spam. All the banks and insurances and other services I know want to move their billing online, that is to say, to email. Little do they know that half their bills are classified as spam. Not only does my email account get sent bills I don’t want to read, the bills I need, the bills I need to pay, I fetch them from the garbage dump of humanity, the Junk and Spam folder. Sad!
In short, email is the new snail mail. And messaging is the new mail. How do I write love messages to my wife? How do people congratulate her on her birthday? How are pictures shared with the family? It’s all messengers. Some are on Threema, some on WhatsApp, some on Facebook Messenger, maybe some are on Signal, but I definitely know that my wife only reads her email once a week or less. Too much spam. Too many newsletters. To much noise. Nobody she cares about reads email.
(Please contact me if you want to remove your comment.)
⁂
What is the difference between Email and a messenger except for the content? Isn’t Email much more versatile? Isn’t it just like being able to send a WhatsApp to Threema and vice versa?
– Stefan 2017-03-19 16:16 UTC
---
Email is insecure in transit unless you use end to end encryption. The popular messengers all added end to end encryption.
– Alex Schroeder 2017-03-19 16:37 UTC
---
So it’s a security issue? I’d say that the vast majority of the users of a messenger do not care about security. Otherwise WhatsApp would never have become that popular.
My guess is rather that messengers have become so popular because of the way conversations are displayed. While mails are displayed more or less chronologically, messengers achieve a more natural feeling to a conversation. Furthermore, mails still feel more letter like. This demands a more formal style than the short messenger messages.
– Stefan 2017-03-19 18:40 UTC
---
Oh, absolutely. My only argument is that there is no point adding encryption to mail anymore because nobody wants to read it anyway.
– AlexSchroeder 2017-03-19 21:30 UTC
---
Oh, and another link needs to be here: WhatsApp cofounder: Sorry developers, no API for you. He’s trying to avoid the “WhatsApp is full of spam and bills” trap. Yay!
WhatsApp cofounder: Sorry developers, no API for you
Perhaps that means companies wanting to send secure email might want to invest in encryption. But what they are doing instead is sending emails and telling you that you can pick up the actual “mail” in your “inbox” which lives on their website. Thus, they are in fact leveraging HTTPS to secure their “email” in transit.
– Alex Schroeder 2017-03-20 07:45 UTC
---
– Alex Schroeder 2017-03-20 08:02 UTC
---
There is also the property of the email system that it’s the internet’s ultimate method of authentication/identification. If I can access your email, I can reset *all* of your passwords, use 2FA, etc. I’ve got a feeling, as time goes on, email accounts will turn into largely unused “master accounts” and providers will have a lot of responsibility to maintain a secure service. You could argue we’re at this point already.
– Tom 2017-03-22 18:12 UTC
---
Indeed. “My 2FA is the *forgot my password* link.”
– Alex Schroeder 2017-03-23 12:14 UTC
---
Oops! “WhatsApp Business is an Android app which is free to download, and was built with the small business owner in mind. With the app, businesses can interact with customers easily by using tools to automate, sort, and quickly respond to messages.”
– Alex Schroeder 2018-05-14 09:21 UTC
---
Escape from the Zuckerborg: WhatsApp founder legs it. “In reporting Koum’s decision to leave, The Washington Post wrote that he had clashed with the rest of the Facebook board over two issues: user privacy, and encryption.”
Escape from the Zuckerborg: WhatsApp founder legs it
– Alex Schroeder 2018-05-14 09:22 UTC
---
A history of end-to-end encryption and the death of PGP.
A history of end-to-end encryption and the death of PGP
I do not have a good answer. I use plenty of email at work. I use plenty of email to talk to people who work (travel agents, for example). It still is the lowest common denominator. But I still feel like it’s on the way out. It’s no longer the default way of communicating online.
Would you mail your partner? I rarely do.
“What about autocrypt?” I was asked. I said: does it remove spam and bills and newsletters from your emails? Does it make email feel less like work? That’s the primary problem with email, and that’s why adding crypto to email is a wasted effort by now, it seems to me. The exact ways in which you might still add crypto don’t really matter because nobody wants to go back. If email clients look like chat, like Delta does it, then perhaps – if we don’t tell anybody that it’s email underneath.
– Alex Schroeder 2020-01-03 11:01 UTC