this post was submitted on 15 Sep 2023
738 points (97.8% liked)

Technology

34862 readers
81 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

Idk if this is the right community for this conversation, but it's been on my mind and I want to share it with someone.

In the 00's every new thing we heard about the internet was exciting. There were new protocols, new ways to communicate, new ways to share files, new ways to find each other. Every time we heard anything new about the internet, it was always progress.

That lasted into the early teens and then things started changing. Things started stagnating. Now we're well into the phase where every new piece of news we hear is negative. New legislations, new privacy intrusions, new restrictions, new technologies to lock content away and keep us from sharing, or seeing the content we were looking for. New ways to force ads.

At one point the Internet was my most favorite thing in the world. Now I don't know if I even like it anymore. I certainly don't look forward to hearing news about it. It's sad, man. We've lost a lot. The mega corps took the internet from us, changed it from a million small sites that people created because they had big ideas, or were passionate about small ones, and turned it into a few enormous sites with no new ideas, no passion, just an insatiable desire for money.

We're at the end of an era, and unlike the last 20 years of progress, I don't think most of us will like what the next era brings.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (4 children)

We need an alternative to Email

[–] [email protected] 24 points 1 year ago* (last edited 1 year ago) (2 children)

What the fuck is wrong with email now ?

It's one of the only things that hasn't been ruined those past few internet decades, only slightly improved, and is still decentralized and can still allow you to self host, don't you touch it

[–] [email protected] 8 points 1 year ago (3 children)

Hard to selfhost and no E2EE by default I guess. First one can be blamed on Gmail and OutLook, second one is lack of mass PGP usage.

[–] [email protected] 6 points 1 year ago

Gmail is actually relatively chill accepting stuff from self-hosted MTAs, even new ones the IP of which hasn't established a reputation yet

Outlook is indeed rougher but none of them even come close to the awfulness that are Apple / icloud email servers

[–] [email protected] 5 points 1 year ago (1 children)

Hard to self host is one of those things that has now become received wisdom in tech circles. It isn’t hard to self host email. More people should do it.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Exactly right. I keep reading this and I never know how to respond, it really isn't that hard and it's worth it. I've posted this before here but personally I go with a postfix+mariadb+dovecot+postfixadmin+spamassassin+opendkim stack; it's extremely easy to set up (if you read the docs) and it has suited me perfectly. Once it's configured it's rock solid

Beyond the obvious privacy advantages, being able to generate an email alias at any time (to the point where you can create one dedicated for each shitty thing you subscribe to) is also very useful for spam protection / infinite free trials and the like. Also aliases redirecting towards many recipients for easy organizing / mailing-list-like behaviour

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

PGP itself is a bit of mess.

For one thing, there's really only one major/popular implementation of it these days, which is GPG. The codebase is arcane. Pretty major security vulnerabilities pop up constantly. It doesn't have stable funding. Several years ago the entire project almost collapsed when the world discovered it had been maintained for several years by a single person who didn't have any time or money to maintain it. The situation is a little bit better now, but not much.

(For this reason, people are starting to use age instead of gpg, as the code is much smaller, cleaner, forces safe defaults, and doesn't seem to have security problems)

But the bigger problem that was never properly solved with PGP is key distribution. How do you get somebody's key in the first place? Some people put their keys on their own personal (https) webpage, which is fine, but that's not a solution for everyone, and doesn't scale very well. Okay, so you might use a key server, but that has privacy implications (your identity is essentially public to the world) and centralizes everything down to a handful of small "trusted" key servers (since there would be no way to trust key servers in a decentralized way). We should probably just have email servers themselves serve keys somehow, but nobody's put that into the email standard protocols.

The fact that keys expire amplifies all the problems with key distribution, and encourages people to do really unsafe things with keys, like just blindly trust them. You can sign other people's keys for them, but that also does not scale very well.

The key distribution problem is something that things like Signal have "solved" with things like phone number verification, but there's really no clear way to solve it on something totally distributed like email.

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 5 points 1 year ago (1 children)

Is it encrypted while in transit between servers?

[–] [email protected] 3 points 1 year ago (1 children)

The answer is almost universally "no", if you didn't encrypt it yourself and are sending a cross-domain mail

[–] [email protected] 0 points 1 year ago (1 children)

I'm fairly sure connecting over TLS was the default last time I set up my server. But of course that only protects it from people snooping on the wires.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago)

Yes, but that's almost certainly you connecting to the pop3 server (usually indeed provides TLS), or the server connecting to a dedicated smarthost for delivery (sometimes does as well). But mail exchange between MTAs that don't use smarthosts but reach the MX destination directly is mostly unencrypted, through port 25

[–] [email protected] 4 points 1 year ago (2 children)
[–] [email protected] 7 points 1 year ago (1 children)
[–] [email protected] 0 points 1 year ago

That's by law, we need new politicians email is fine

[–] [email protected] 4 points 1 year ago

Easily intercepted, not encrypted by default

[–] [email protected] 2 points 1 year ago* (last edited 11 months ago)

[This comment has been deleted by an automated system]