this post was submitted on 25 Apr 2025
158 points (92.9% liked)
Technology
69347 readers
3185 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Chrome shouldn't be worth more than an IMAP client. If it is, then the web should be torn down and built anew.
You're not really buying the code, you're buying userbase, rights and patents (if any)
Yes, as a part of userbase I don't want to be on sale, thank you very much. Hence the comment above.
This is a part of how any business is valued. You don't just buy the building, stock, brand name, etc. You also buy the customer base. Any place you've ever done business with that later got sold, has made you a part of the sale technically.
Yeah unfortunately, if you're not paying to use it, you are the product. If you don't wanna be part of the sale you gotta stop using it.
Also in a similar topic, but not quite about chrome, Firefox is still the most popular browser that doesn't come preinstalled by default in any phone or mainstream device, that does not mean is free of issues but is sort of a lesser evil.
Doesn't mean your eyeballs don't have value.
IMAP is an incredibly simple protocol compared to the sum of all the protocols that are needed to implement a web browser.
A web browser also has to be way more performant.
Both an IMAP client and a web browser have to be reliable and secure. However achieving so in a system as complex as a web browser is incredibly expensive.
Web browsers are almost as complex as operating systems.
Complexity, performance, reliability and security on that level are expensive. You would be delusional to think a web browser should be worth as much as an IMAP client.
This is a problem with web browsers and that set of protocols, not with my comparison.
You still ultimately run networked sandboxed applications in a web browser and view hypertext, it's an unholy hybrid between two things that should be separated.
And it was so 20 years ago.
For the former Java applets and Flash were used a lot, as everyone remembers. The idea of a plugin was good. The reality was kinda not so much because of security and Flash being proprietary, but still better than today. For the latter no, you don't need something radically more complex than an IMAP client.
I think Sun and Netscape etc made a mistake with JavaScript. Should have made plugins the main way to script pages.
You think running Java applets and flash was better than what we have today? Now that is delusional!
Not exactly what I said. I think these two were bad, but the idea of plugins was good.
Especially the uncertainty of whether a user has a plugin for the specific kind of content.
One could use different plugins, say, that plugin to show flash videos in mplayer under Unices.
It's worse when everyone uses Chrome or something with modern CSS, HTML5 etc support.
The modularization was good. The idea that executable content can be different depending on plugins and is separated from the browser. I think we need that back.
And in some sense it not being very safe was good too. Everyone knew you can't trust your PC when it's connected to the Interwebs, evil haxxors will pwn you, bad viruses will gangsettle it, everything confidential you had there will turn up for all to see. And one's safety is not the real level of protection, but how it relates to perceived level of protection. That was better back then, people had realistic expectations. Now you still can be owned, even if that's much harder, but people don't understand in which situations the risk is more, in which less, and often have false feeling of safety.
One thing that was definitely better is - those plugins being disabled by default, and there being a gray square on the page with an "allow content" or something button. And the Web being usable in Lynx.
The modularization was a security nightmare. These plugins needed elevated privileges, a d they all needed to handle security themselves, and as I hope you are aware, Flash was atrocious with security.
Having a single "plugin" system means you only need to keep that one system secure. That's hard enough as it is, but it's at least tractible. And modern browsers have done a pretty good job securing the javascript sandbox.
I don't think that's true. I think there just weren't as many attacks because there weren't as many internet users. Yet I also remember getting viruses all the time (at least once/year) because of some vulnerability or another, and that's with being careful.
You should take off those rose colored glasses.
I appreciate that people not knowing as much about security is problematic, but that's because the average person is far more secure than they were even 10 years ago. Getting a virus is pretty rare these days, Microsoft has really stepped up their game with Wndows and browsers have as well. I haven't worried about getting a virus for many years now, and that's thanks to the proactive security work in sandboxing and whatnot that limits exploits.
A lot of the scams and whatnot these days either attack outdated systems (esp. insecure routers running default creds) or merely use social engineering because you can't simply use an off-the-shelf flash exploit or something to get privilege escalation to install your malware. Attacks certainly exist, but they're far less common than they were 10-20 years ago as people started being online constantly.
Yes, I am annoyed at JavaScript being enabled constantly and not having fine-grained control over specific permissions (mostly just location, mic, camera, and storage).
Unfortunately, that ship has sailed. But I still very much prefer the modern "everything uses JavaScript" to the old insecure Flash and Java applets.
Those - yes. But generally something running on a page receiving keystrokes when selected and drawing in a square and interpreting something can be done securely.
One can have such a sandbox for some generic bytecode separated from everything else on the page. Would be "socially" same as then, technically better.
Speaking of something that needs tearing down and building anew, email is a good candidate for that.
Speaking of such things, an email client or an email server are never as monopolistic as Chrome.
So maybe email is a good candidate for something that should be torn down and built anew right after the Web.
Also email doesn't have to be destroyed entirely, it's very modular.
Where they had UUCP paths, and now have addresses in some services, just need to have John Doe <3cec7f8c438fa578dbd3a1557b822df469490a12>, with 3cec7f8c438fa578dbd3a1557b822df469490a12 being a hash of "johndoe" here and a hash of his pubkey in reality, and his pubkey can be retrieved from some public directory.
And have the letter signed by it (and encrypted possibly, though this of course would hurt server-side solutions of spam problem).
Frankly they can have a common replacement, in my humble opinion. When separating identities from servers, one can do the same with websites. How is a newsgroup fundamentally different from a replicated website collaboratively edited? If a letter can have a universal identifier, what prevents one to put a hyperlink to it? If we need scripts, what prevents us from having them in a letter's content? If we need to reach a server by hostname and IP, what prevents us from doing just that from a letter, just the letter being the primary point of entry?
I just think that the old "vector hypertext Fidonet" joke is not so dumb, if you think what it could literally mean.
The problems with email are many but the two that would warrant rebuilding is that the technology is a mess of under specified 1970s "standards" and the fact that email should really be replaced with multiple different systems according to modern usage.
Only a tiny portion of modern emails really use the "anyone can send an email to anyone unannounced" capability that cause all the trouble with spam.
The usage for a password reset and universal access system for accounts all over should really be split into some kind of specialized system.
As for the rest, most emails seem to be messages from systems where we have accounts or performed some other kind of signup, those could easily be authenticated with a key provided at signup both to make filtering and easier and to be able to revoke authentication, not to mention prevent selling of addresses or usage by third parties after a security leak. A more structured format for common messages (e.g. invoices, notifications about instant messages on some website,...) would also be a good idea.
That's what Tox links had for spam protection, an identifier of user plus an identifier of a permission. Agree on this.
More structured ... I'm not sure, maybe a few types (not like MIME content type, but more technical, type not of content, but of message itself) of messages would be good - a letter, a notice, a contact request, a hypertext page, maybe even some common state CRUD (ok, this seems outside of email, I just aesthetically love the idea of something like an email collaborative filesystem with version control, and user friendly at the same time), a permission request/update/something (for some third resource).
Where a letter and a hypertext page would be almost open content as it is now, and a notice would have notice type and source, similarly with contact request (permission to write to us, like in normal Jabber clients, also solves those unannounced emails problem, sort of), and permission requests.
If so, then the password reset and such fit in well enough. Spam problem would be no more, at the same time all these service messages could be allowed, and having only ID and basic operational information wouldn't be used for spam.
That's how you get monetized spying enshittified email. Do you want monetized spying enshittified email?
Like Gmail?
Is that different from the unencrypted email we have now that is 99% spam and the other 99% are delivery problems due to anti-spam technologies?
maybe I'm doing something wrong but in the past 2 years none of my mails were spam
That is mostly because the big mail providers like GMail do not accept mails from just anyone anymore (part of the aforementioned anti-spam technologies) and put the rest of the spam into a separate folder.
I use protonmail