1. If you are a citizen or a resident, you get an ID card to use for every public service. It's just a smart card with a government PKI.
2. The public services provide an email account that can only be used within the e-government services. The card is used for accessing those services.
3. The email service accepts either identity number or registry number of the recipient. So the recipient can be a legal entity.
4. You can and almost always do provide a forwarding address, so that you don't need to check.
5. You can't use it for other purposes. No RFC defined email address is shared with you. And it's just an internal system for official issues.
I've heard some countries issue mailboxes for citizens but I am not aware of the general use of these. Also, email services were designed to be decentralized but evolved into centralized systems, a current and unsolved problem. I am not sure about the privacy and security of government provided email services.
I still have a vague hope that the United States Postal Service could be "pivoted" into being a PKI provider and distribute physical tokens to citizens. They already have substantial procedures and infrastructure for verifying identity. There would be problems, to be sure, but I'd much rather get my ubiquitous PKI for citizens from the USPS than the banks or "tech giants".
I always discover how Estonia is really amazing for lots of technology things. AFAIK they are by quite a margin the most advanced country in Europe when in comes to egovernment services. Moreover my (admittedly outside) impression is that they often go for technologically sound solutions not the ones which some large lobby organisation pushed for. This is particularly remarkable considering how small the country is, and in stark contrast to the mess that is egovernment services in Germany the richest country in Europe.
In Italy we have a worse version of what you described.
1. An ID card you can use to access some services (carta di identità digitale)
2. Another card you can use to access healthcare related services and some other services (carta nazionale servizi)
3. SPID: your digital ID to access yet some other services, and also some of the above services. It is not released by the government but by other authorized entities such as banks, the national mail service and others. You need to pay a small fee for the verification, and sometimes an annual fee. There are different SPID levels but no one actually knows the difference between them.
4. PEC (posta elettronica certificata): a digitally signed email box you can use to send/receive documents, invoices, etc. or simply messages. Those are legally attributed to you and you can use it to talk to government agencies instead of sending registered paper mail. As SPID it is issued by an authorized third party.
We also have some smartphone apps that work as a combination of the above, and need some of the above to work.
As you can see it is a mess, a waste of tax money and we will need to waste more money in the future to make this mess work.
Nice :)
Edit: and by the way when you need something really important all the above are useless: you either need to start hopping from a public office to another (we have a lot of them) and/or go to a notary (a kind of medieval bureaucrat you pay a lot of money to sign and stamp sheets of paper)
In the Netherlands we do have an inbox from the government ("Berichteninbox" which is optional, the alternative is snailmail), it's coupled to the Digital ID system (DigiD), both are apps and webservices. You can use DigiD to access information on your pension, or healthcare insurance etc. The inbox can be (optionally) coupled to many government organizations and you receive information on taxes for example. I like the way it works, it works best if you have an Android or iOS system, but you can use it without (fully on the web).
Btw, a nice insight into email is also that it is one of the very few systems that decouples protocol from provider (Matrix and xmpp do that too, not widely adopted sadly) AND also has critical adoption (which Whatsapp also has in my country, sadly we are stuck with Meta there). We should never give up email because we will likely never get an open and free system like that back without some kind of government intervention. (Even though we all know email is a sub-optimal pile of hacks.)
A question about number 4. By forwarding address, do you mean to a real email address? Denmark has a similar solution, but it can only be accessed via the website or a mobile application. The idea is that the content will almost always contain person information, so it shouldn't be allowed to be transmitted via an unencrypted channel.
Side note: Denmark has a one time pad instead of a smartcard. A smart phone app has since been added, and the one time pad will be discontinued in about a year, sadly.
> If you are a citizen or a resident, you get an ID card to use for every public service. It's just a smart card with a government PKI.
This is the biggest flaw in the design. Tying the ID card to a single identity.
If you're using it with a bank, it needs to be tied to your bank account. If you're using it for physical access control at your company's building, it needs to be tied to your employee account. These are different things, and should be different things, for security.
You don't want a single system for everything. It makes the incentive to break it stronger, so it gets broken more often. It makes the consequences of it getting broken larger, so the damage when it happens multiplies. And it gets integrated into everything, so the amount of time it takes to roll out fixes increases. It's a security nightmare, and it gets polynomially worse the bigger the country is that tries to do it that way. (For reference, the GDP of Estonia is less than one third the revenue of Costco.)
That still has the same issue mentioned in the article: it works fine inside an organization (the organization being, in this case, the whole country), but not between different organizations. For instance, how would I, a Brazilian, send a message to someone using that system?
But is it really email as we know it? It looks more like a private message system like you find in forums and social networks.
In France, we are not as advanced as Estonia when it comes to e-government services, but we have an official identification system called "France connect", and government services have private messaging systems to communicate with them. And I think many countries have similar systems. The only difference seems to be that it is better integrated in Estonia.
I could only wish the US had something like that. Very few Congresspeople could even succinctly describe email to you, let alone express the need for a system like this. And even if they could introduce a bill, Big Tech lobbyists would instantly swoop in and proclaim the idea as a threat to national democracy, and instead try to steer the legislator to just hosting entire thing on their platform instead. I fucking hate our federal government.
I really hope that we end up moving back towards supporting open protocols.
I was heartened (and a little surprised) that Jack Dorsey recently mentioned that the draconian control of the Twitter API was the worst thing Twitter had done [1].
The corporatisation of the Internet, has undone a lot of the great work that had traditionally underpinned the network.
It feels like the slow, laborious and fundamentally equitable nature of standards ratification in the open has been seen to be at odds with the OKRs of tech businesses.
Businesses that sell and work with natural resources are starting to wake up to the idea that a degree of cooperation and inter-market regulation with peer companies can positively impact individual performance. Sustaining business is even more fundamental than making profit.
In the same sense; open protocols can help to develop rich and sustainable markets that benefit the consumer; as well as those businesses that operate in within it.
It really is about incentives. When the government and universities were the primary agents influencing the internet, open protocols were favored I presume because they incentivized the decentralization that the internet was created for.
Now private corporations are the primary agents of change, and they are driven by very different incentives. When was the last time you heard of a company based around open protocols being valued at a billion dollars?
And the money involved is just too great. I don't see how anything is going to change.
It feels like the slow, laborious and fundamentally equitable nature of standards ratification in the open has been seen to be at odds with the OKRs of tech businesses.
At the risk of sounding like I'm trivialising this comment (with which I completely agree), this difference in behaviours has as its root the difference between a long- vs short-term mindset.
I was heartened (and a little surprised) that Jack Dorsey recently mentioned that the draconian control of the Twitter API was the worst thing Twitter had done [1].
I wasn't, because he didn't do jack shit to change it. We hear this bullshit all the time; big actors sound off about what was wrong at their previous places, but rarely did they do anything to upset the apple cart.
Email is our only reliable communication method between different organizations.
I'm still of the opinion there should be public-option internet services. Everyone deserves an e-mail address that cannot be taken away from them without a court order.
> Everyone deserves an e-mail address that cannot be taken away from them without a court order.
Not even a court order, arguably. Internet access and it's essential services like email, is arguably a human right in developed countries. Almost impossible to find employment without it.
also, (or: alternatively?) one that can't be/won't be blocked by the centralized services' spam filters. The biggest hurdle to running your own email server nowadays isn't the online time or the data volume or anything; it's that the existing institutions don't recognize you as part of the institutional club and block your messages...
btw, Germany did this a decade ago: giving everyone an email account with the national mail service, as an "official email." I honestly don't know anyone here who uses it.
This was the idea behind the USPS originally, if you read records about it's founding. It wasn't intended to be about physical mail, but about "transmission of information" or something like that. It's actually kind of striking.
People already have accounts in national databases and there's a notification system using e-mail, sms and phone. Why not just manage the e-mail for them (and if they want - they can forward it to their private e-mail of choice).
Define internet services, or do you mean email service?
There are many decisions that impact the usability and cost of the service. Some people need high volume sending or large mailbox storage. Do you punish people for sending spam? Do you filter spam, if so, how. Do people need public terminals to access the service? Etc.
while I agree with the idea of emails that can't be arbitrarily shutdown, SSN-xx-HERE@citizen.gov sounds like all kinds of awful. It will either be instantly unusable or require a gov approved SPAM filter, both of which are bad. It also seems like a good vector to force a backdoor on all comms.
This would also require everyone to have an email client to handle their email address though. I believe this the reason most folks have a gmail/outlook account because it's easy to set up and operate, not just because it gives them a unique-ish address?
But we also all need to eat and use a toilet to live. Those seem to be provided by the market to a reasonable degree. Email is also pretty cheap and there's at least some choice among providers, though of course far fewer that food types.
In this day and age of censorship, I feel the same about web hosting. The American government should provide their citizens with a small space of hosting to share their thoughts.
I always have this feeling that email is flawed and due for a complete overhaul or replacement - and then I think about it a little harder and I realize that it's actually really good at it's intended purpose.
Other than fiddling around the edges with security improvements, spam filtering, and a few other nice-to-haves, there's not really much that need improvement.
Some features of email that are nice:
- It's completely open standard
- I can host it myself if I want, or not.
- It is completely decentralized and roughly point-to-point, subject to email routers.
- Other than getting an email address, no other 'linkage' or prepwork with that person is required.
- My address is not tied to any other service, like a phone number. (in contrast to e.g. WhatsApp)
- It supports unsolicited communication from unsolicited sources (e.g. marketing)
- It's easy to ignore communication I don't care about. (e.g. marketing)
- Non-people are supported, like group emails/aliases (support@...)
- I can trivially attach files, subject to some practical constraints
- Email can be handled by the recipient in a wide variety of ways using different client mechanisms.
- I can front-end my email in a variety of ways, such as with a contact form.
Those are just the few I can think of off the top of my head. I'm sure there are others.
Indeed. While one can complain about this or that little detail, email is by far the best communications mechanism on (or off) the Internet.
The key part of course is that it is completely open and standardized. Nobody owns it. That is a lesson that we should learn, but is every time forgotten.
No proprietary walled garden can ever come close to the usefulness of email precisely because email is open and standard. With proprietary systems it is inevitable users are subject to the whim of the owner. Might not be able to get accounts, or be arbitrarily banned, or have the app only available on limited platforms, etc.
I've been using email since the late 80s and more importantly I've had the exact same email address since the mid 90s. It's been hosted by multiple providers and the last decade I've been hosting it myself. But always the same domain and address.
email, as ancient and flawed as it is, is a shining example of the Lindy effect in play - the future life expectancy of a technology or an idea is proportional to its current age.
> There are a huge variety of intra-organizational communication systems, to the point where pretty much every large enterprise provider seems to have one (Slack, Microsoft Teams, Discord, etc etc).
That's why I find Delta Chat piggybacking on Push-IMAP such an interesting concept: https://delta.chat
I don’t think email is as decentralized and federated as it used to be.
In theory, email is a service that is simple enough for anyone to run themselves. Most Linux distros come with sendmail, so theoretically it should be as easy as reading the manual and exposing some ports. Spam is performed server side both at the origin and at the destination to mitigate bad actors, and because email is simple, there should be no shortage of clients to choose from.
In reality, 1/4 of all email users globally are on Gmail. Apple Mail is the most popular mail client followed by Outlook, then Gmail. SMTP and IMAP are theoretically simple, but the bellwether providers use APIs on top of these protocols that have added some functionality at the expense of restricting the proliferation of email clients. Many large companies that used to run their own email (through Exchange, Zimbra, etc) are moving to hosted Office 365 or Google Workspace. One major AWS-scale outage in Gmail or Azure will incite (and has caused) serious panic and disruption (which is great for SREs like me since we’ll continue to get paid serious money to keep all this stuff running while maintaining a healthy work-life balance, but I digress).
Furthermore, one doesn’t simply “stand up” their own email server unless they don’t care about landing in people’s spam folders.
Additionally, many companies outside of the US _do_ use WhatsApp (Facebook) for official communication. I’d posit that this trend is only accelerating.
I agree that email is fundamental technology, but I can see a future where it disappears in favor of something like federated Slack (or, worse, instant messaging centralized and controlled by the FAANG cabal with insurmountable cost-of-entry). Given the suppression of “free speech” on Twitter et al during peak COVID/peak insurrection (for valid reasons), this is slightly worrying.
The thing is, you can have your email address(es) under your own domain, and change mail hosting providers while keeping your email address(es). It's true that too few people are doing that.
Apart from that, email is not going anywhere (not going away) anytime soon as the standard medium for B2B communication. And in B2C communication as well, an email address is the one baseline you can count on everyone having. I don't see that being replaced by anything proprietary either.
Email's federation is an escape hatch. It's presence means that I can go to any provider I want to if I'm dissatisfied with my current provider. I can even run my own as a last resort. (Or first resort if that's your preferred mode of operation). Until that escape hatch disappears, which is unlikely, I will always have choice of providers.
I don't have whatsapp, or discord for that matter. I have slack for work but I don't use it externally. I will probably never have those systems for my personal communication which means that if a company wants to communicate to me they are going to have to use email, full stop. I think there is a large barrier to email ever going away. Removing it from the market would require coordination that most companies and providers will probably never want to engage in. It's a lowest common denominator that all of them will want to support to avoid their users getting silo'd into a system that is not theirs.
The biggest blunder for me is that there were usable decentralized communication options before that were popular, but because of trying to monetize user's data FAANG started to tighten their grip on any decentralized solution, and I think they succeeded. They are already trying do to email the same thing they did to XMPP and RSS.
E-Mail is one of the last remaining federated systems on the Internet, but I doubt it will survive long as the large players slowly sabotage it. I think already more than 90 % of all e-mails are delivered by three or four large companies, which is a trend that will continue.
A lot of businesses host their own email, if not on Linux then using Microsoft Exchange (see e.g. [1]). While that is being somewhat decreased by the cloud trend, I don't see it going away, as those businesses generally like keeping their independence.
> As j. b. crawford notes, the prospect for another federated, Internet wide communication system seem very remote at this point in time, so email is it.
I really don’t think this is true, and is defeatist at best. SIP and XMPP both had a good shot at creating a federated Internet-wide communication system, and we are doing our best to build one with Matrix or die trying.
It is clear to me at least that we are stuck with at least 2 problems here. I have wondered if you could at least generalize the two modes in a way that would allow you to have one client and let the user decide.
Microsoft is chipping away at this by getting governments on to Outlook 365 on the basis that if all departments use it it'll be secure between them and can gain Top Secret certification.
The ability to send messages is perhaps the less interesting role of email. I think maybe the real value comes from providing globally unique, federated identities. It's not perfect, but it's pretty dang good.
If for no other reason, this is why no closed system will never supplant email. Even the biggest walled gardens like GOOG and FB bow to the power of email identities in the end, as the preferred (maybe even only) way to recover an account.
Email is a pile of garbage created with the same mentality of web and UN*X. This stupid shit in 2000 and 2020 still sends my IP address to the receiver for no reason so I have to use the web interface which removes it but then I can't control headers so I probably can't use PGP because some idiot wants to use that S/MIME shit (which was unsurprisingly broken due to the E-Fail bug). Coming up with a bunch of ad-hoc key-value pairs with keys you hope people will adhere to is not engineering. It's web shotting. When you do this it makes a sound of web being shot like *THWIP*.
Coming up with yet another way of encoding key-value pairs (or any type of serialization) is not engineering; you have not addressed the concrete problem in any way what so ever other than explaining what the syntax will be.
Like wtf is wrong with you people? How hard is it to call encrypt_message(your_message) and verify_message(their_message) without introducing RCE vulns? There is nothing hard about delimiting different entries in a list (for argv or whatever). This is pre-school stuff. The reason people omit it is becaues UN*X makes the path of least resistance to be insecure shit like system(), but even then it's still easy to work around it time after time if you are above the age of 12.
Federation is also a hare-brained concept. Why in the hell do I want my address to be qualified with some stupid string? Is this so I can make a group and LARP about firing missiles from mydomain.com to yourdomain.com? How is it possible that XMPP was created with the same idiotic concept once we already knew email was garbage? Federation is absolutely and thorougly pointless. The literal only reason it makes any sense is because if it was fully centralized, the service would just be dead once comapny #1 dies.
I'd suggest everyone setup a custom domain with SimpleLogin and start using aliases for every site. Also, use isync and goimapnotify to backup your email automatically. Then if Google or some other company shuts you out of your hosted email you can easily get back up on a new provider and not need to change your email address which almost every site you register on now requires.
Email is the last stand against millisecond invasiveness of tech in every living second of our lives.
The reason that large companies struggle or fail to implement systems like slack and teams is not because they are superior to email. Its because these huge corporation treat employees as faceless cogs in a machine. Email fails email delays email sucks everyone knows this and accepts it so it becomes the only way to take a break from the corporate pressure cooker.
I suspect in the future small companies that treat their employees as human and can use better tools effectively will eventually take over sufficient market shares to force large companies (they already are really) reevaluate the dispensibility of its workforce.
Another insane feature of WhatsApp (besides using phone number for an internet service) is that it only runs on Android and iOS (the web client is only some kind of "remote access" to the app, which requires the app to constantly run).
I actually run Android-x86 VM on a server because of WhatsApp, which I need for work. And it has some problems, for example to allow the browser to access the app, you need to scan a QR code - but I did not find a webcam emulator (think: v4l2-loopback on normal Linux) for Android or a way to emulate a webcam in VirtualBox or Qemu, so I need to copy the VM image to a computer with physical webcam, scan the code by pointing the webcam to the screen, and then copy it back to the server. WTF.
Or am I missing something? How do people without smartphones use WhatsApp (for communicating on a computer)?
Good points made in the article. Siloed services like Slack, etc. do have an advantage that you don’t get SPAM. I prefer E-mail and SMS person to person communication but there is the SPAM…
Most people in my family and closest friends prefer SMS, even texting large image and video files (not really what the protocol was designed for, right?). Anyway, I tend to use what my people use.
Let’s hope that email remains a “simple” protocol (envelopes are plaintext with some encoding, transmission is simple enough to do over Telnet) instead of something more complicated whose standards are drafted and maintained by the FAANG cabal.
I think I have used email once I can't even remember what it was for. But I think the story is more true for SMS. If SMS was taken down, nobody could use their money or social media.
Please HN, let email die. it is unsecurable (universal) in transit or storage (mta's) and because of its reliability and universal adoption a ton of security depends on it like a very rotten and rusted link in a chain even a small child can break. It is an almost 4 decade old tech where any security you find for it is purely opportunistic.
I am very concerned how people here are stating how good, simple and reliable it is. They are not wrong but so is IPv4 and the C language. Sentiment has no place in a building a secure and proper future technology.
I don’t get it. I was waiting for you to say “in favor of…” but you never got to that part. Let email die in favor of what? What is the viable alternative?
Not a single messaging app I’ve used comes close to email. And I can’t use one messaging app, I have to have 6! I would be way more willing to move on from email if a solid viable alternative came along. XMPP, for example, is still too ephemeral and barely anyone uses it.
Yes email is old and has lots of issues, it is still by a large margin the best we have. Name one protocol/program/service that comes anywhere close in its usefulness.
E-mail is grotesquely expensive to manage because of its weaknesses and its use as a vector of attack.
The best replacement solution is an organisational portal that people use to communicate with the organisation and upload/download documents. Some governments and banks have already been handling interactions with external entities and citizens/customers this way for years.
The upload and download tunnel is secure, the receiver can scan the uploaded information (detonate in a sandbox if necessary), and the sender can trust the messages and documents that are downloaded.
feldrim|4 years ago
1. If you are a citizen or a resident, you get an ID card to use for every public service. It's just a smart card with a government PKI.
2. The public services provide an email account that can only be used within the e-government services. The card is used for accessing those services.
3. The email service accepts either identity number or registry number of the recipient. So the recipient can be a legal entity.
4. You can and almost always do provide a forwarding address, so that you don't need to check.
5. You can't use it for other purposes. No RFC defined email address is shared with you. And it's just an internal system for official issues.
I've heard some countries issue mailboxes for citizens but I am not aware of the general use of these. Also, email services were designed to be decentralized but evolved into centralized systems, a current and unsolved problem. I am not sure about the privacy and security of government provided email services.
EvanAnderson|4 years ago
cycomanic|4 years ago
01acheru|4 years ago
1. An ID card you can use to access some services (carta di identità digitale)
2. Another card you can use to access healthcare related services and some other services (carta nazionale servizi)
3. SPID: your digital ID to access yet some other services, and also some of the above services. It is not released by the government but by other authorized entities such as banks, the national mail service and others. You need to pay a small fee for the verification, and sometimes an annual fee. There are different SPID levels but no one actually knows the difference between them.
4. PEC (posta elettronica certificata): a digitally signed email box you can use to send/receive documents, invoices, etc. or simply messages. Those are legally attributed to you and you can use it to talk to government agencies instead of sending registered paper mail. As SPID it is issued by an authorized third party.
We also have some smartphone apps that work as a combination of the above, and need some of the above to work.
As you can see it is a mess, a waste of tax money and we will need to waste more money in the future to make this mess work.
Nice :)
Edit: and by the way when you need something really important all the above are useless: you either need to start hopping from a public office to another (we have a lot of them) and/or go to a notary (a kind of medieval bureaucrat you pay a lot of money to sign and stamp sheets of paper)
teekert|4 years ago
Btw, a nice insight into email is also that it is one of the very few systems that decouples protocol from provider (Matrix and xmpp do that too, not widely adopted sadly) AND also has critical adoption (which Whatsapp also has in my country, sadly we are stuck with Meta there). We should never give up email because we will likely never get an open and free system like that back without some kind of government intervention. (Even though we all know email is a sub-optimal pile of hacks.)
nottorp|4 years ago
mrweasel|4 years ago
Side note: Denmark has a one time pad instead of a smartcard. A smart phone app has since been added, and the one time pad will be discontinued in about a year, sadly.
AnthonyMouse|4 years ago
This is the biggest flaw in the design. Tying the ID card to a single identity.
If you're using it with a bank, it needs to be tied to your bank account. If you're using it for physical access control at your company's building, it needs to be tied to your employee account. These are different things, and should be different things, for security.
You don't want a single system for everything. It makes the incentive to break it stronger, so it gets broken more often. It makes the consequences of it getting broken larger, so the damage when it happens multiplies. And it gets integrated into everything, so the amount of time it takes to roll out fixes increases. It's a security nightmare, and it gets polynomially worse the bigger the country is that tries to do it that way. (For reference, the GDP of Estonia is less than one third the revenue of Costco.)
cesarb|4 years ago
iofiiiiiiiii|4 years ago
> You can't use it for other purposes. No RFC defined email address is shared with you
This is not entirely true. You get both:
* idcode@eesti.ee can only be used by government senders.
* you also get first.last.uniqueid@eesti.ee which works as a regular email address.
GuB-42|4 years ago
In France, we are not as advanced as Estonia when it comes to e-government services, but we have an official identification system called "France connect", and government services have private messaging systems to communicate with them. And I think many countries have similar systems. The only difference seems to be that it is better integrated in Estonia.
JohnWhigham|4 years ago
thejosh|4 years ago
lwhi|4 years ago
I was heartened (and a little surprised) that Jack Dorsey recently mentioned that the draconian control of the Twitter API was the worst thing Twitter had done [1].
The corporatisation of the Internet, has undone a lot of the great work that had traditionally underpinned the network.
It feels like the slow, laborious and fundamentally equitable nature of standards ratification in the open has been seen to be at odds with the OKRs of tech businesses.
Businesses that sell and work with natural resources are starting to wake up to the idea that a degree of cooperation and inter-market regulation with peer companies can positively impact individual performance. Sustaining business is even more fundamental than making profit.
In the same sense; open protocols can help to develop rich and sustainable markets that benefit the consumer; as well as those businesses that operate in within it.
[1] https://www.revyuh.com/news/software/developers/twitters-fou...
magpi3|4 years ago
Now private corporations are the primary agents of change, and they are driven by very different incentives. When was the last time you heard of a company based around open protocols being valued at a billion dollars?
And the money involved is just too great. I don't see how anything is going to change.
gjvc|4 years ago
At the risk of sounding like I'm trivialising this comment (with which I completely agree), this difference in behaviours has as its root the difference between a long- vs short-term mindset.
JohnWhigham|4 years ago
I wasn't, because he didn't do jack shit to change it. We hear this bullshit all the time; big actors sound off about what was wrong at their previous places, but rarely did they do anything to upset the apple cart.
cblconfederate|4 years ago
causi|4 years ago
I'm still of the opinion there should be public-option internet services. Everyone deserves an e-mail address that cannot be taken away from them without a court order.
naasking|4 years ago
Not even a court order, arguably. Internet access and it's essential services like email, is arguably a human right in developed countries. Almost impossible to find employment without it.
OtomotO|4 years ago
Like for phone numbers (at least here you can migrate the whole number, even with ndc)
The state could give out an emailadress like a social security number and you just use that as an alias and can choose whatever provider you want.
And for these emailadresses the providers would be obliged to take you. (Like for mandatory insurances. We have them where I live)
bigger_inside|4 years ago
btw, Germany did this a decade ago: giving everyone an email account with the national mail service, as an "official email." I honestly don't know anyone here who uses it.
derbOac|4 years ago
ajuc|4 years ago
shukantpal|4 years ago
jiggunjer|4 years ago
There are many decisions that impact the usability and cost of the service. Some people need high volume sending or large mailbox storage. Do you punish people for sending spam? Do you filter spam, if so, how. Do people need public terminals to access the service? Etc.
vital_beach|4 years ago
dazc|4 years ago
DoItToMe81|4 years ago
ejb999|4 years ago
ekianjo|4 years ago
lolsal|4 years ago
Why?
lordnacho|4 years ago
threatofrain|4 years ago
qybaz|4 years ago
mdavis6890|4 years ago
Other than fiddling around the edges with security improvements, spam filtering, and a few other nice-to-haves, there's not really much that need improvement.
Some features of email that are nice:
- It's completely open standard
- I can host it myself if I want, or not.
- It is completely decentralized and roughly point-to-point, subject to email routers.
- Other than getting an email address, no other 'linkage' or prepwork with that person is required.
- My address is not tied to any other service, like a phone number. (in contrast to e.g. WhatsApp)
- It supports unsolicited communication from unsolicited sources (e.g. marketing)
- It's easy to ignore communication I don't care about. (e.g. marketing)
- Non-people are supported, like group emails/aliases (support@...)
- I can trivially attach files, subject to some practical constraints
- Email can be handled by the recipient in a wide variety of ways using different client mechanisms.
- I can front-end my email in a variety of ways, such as with a contact form.
Those are just the few I can think of off the top of my head. I'm sure there are others.
jjav|4 years ago
The key part of course is that it is completely open and standardized. Nobody owns it. That is a lesson that we should learn, but is every time forgotten.
No proprietary walled garden can ever come close to the usefulness of email precisely because email is open and standard. With proprietary systems it is inevitable users are subject to the whim of the owner. Might not be able to get accounts, or be arbitrarily banned, or have the app only available on limited platforms, etc.
I've been using email since the late 80s and more importantly I've had the exact same email address since the mid 90s. It's been hosted by multiple providers and the last decade I've been hosting it myself. But always the same domain and address.
No proprietary system can ever compete.
riffic|4 years ago
https://en.wikipedia.org/wiki/Lindy_effect
Any replacement will have to keep the above in mind because there's no test like the test of time.
fghgg|4 years ago
And it has the security improvements and others as well (see features of e.g. Discord or WhatsApp).
Anyways, I don't think I still use email for its intended purpose anyways. It mainly became something to tie accounts to and to 2fa
mdavis6890|4 years ago
- It is designed well for medium-length content, say a few paragraphs or so per message.
- It works well, and is mostly understood to be used for asynchronous communication.
- Easily and usefully searchable.
- Captures state/context well.
- Threaded
high_5|4 years ago
That's why I find Delta Chat piggybacking on Push-IMAP such an interesting concept: https://delta.chat
jve|4 years ago
Here's my ASK HN: https://news.ycombinator.com/item?id=22854641
Demcox|4 years ago
nunez|4 years ago
In theory, email is a service that is simple enough for anyone to run themselves. Most Linux distros come with sendmail, so theoretically it should be as easy as reading the manual and exposing some ports. Spam is performed server side both at the origin and at the destination to mitigate bad actors, and because email is simple, there should be no shortage of clients to choose from.
In reality, 1/4 of all email users globally are on Gmail. Apple Mail is the most popular mail client followed by Outlook, then Gmail. SMTP and IMAP are theoretically simple, but the bellwether providers use APIs on top of these protocols that have added some functionality at the expense of restricting the proliferation of email clients. Many large companies that used to run their own email (through Exchange, Zimbra, etc) are moving to hosted Office 365 or Google Workspace. One major AWS-scale outage in Gmail or Azure will incite (and has caused) serious panic and disruption (which is great for SREs like me since we’ll continue to get paid serious money to keep all this stuff running while maintaining a healthy work-life balance, but I digress).
Furthermore, one doesn’t simply “stand up” their own email server unless they don’t care about landing in people’s spam folders.
Additionally, many companies outside of the US _do_ use WhatsApp (Facebook) for official communication. I’d posit that this trend is only accelerating.
I agree that email is fundamental technology, but I can see a future where it disappears in favor of something like federated Slack (or, worse, instant messaging centralized and controlled by the FAANG cabal with insurmountable cost-of-entry). Given the suppression of “free speech” on Twitter et al during peak COVID/peak insurrection (for valid reasons), this is slightly worrying.
layer8|4 years ago
Apart from that, email is not going anywhere (not going away) anytime soon as the standard medium for B2B communication. And in B2C communication as well, an email address is the one baseline you can count on everyone having. I don't see that being replaced by anything proprietary either.
zaphar|4 years ago
I don't have whatsapp, or discord for that matter. I have slack for work but I don't use it externally. I will probably never have those systems for my personal communication which means that if a company wants to communicate to me they are going to have to use email, full stop. I think there is a large barrier to email ever going away. Removing it from the market would require coordination that most companies and providers will probably never want to engage in. It's a lowest common denominator that all of them will want to support to avoid their users getting silo'd into a system that is not theirs.
zekica|4 years ago
cpach|4 years ago
pjmlp|4 years ago
What is old is new again.
ThePhysicist|4 years ago
bullen|4 years ago
Just like HTTP/1.1 can't be deprecated because too much infrastructure depends on it.
These protocols are simple and as complexity fails we all need to go back to them!
layer8|4 years ago
[1] https://news.ycombinator.com/item?id=26362178
Arathorn|4 years ago
I really don’t think this is true, and is defeatist at best. SIP and XMPP both had a good shot at creating a federated Internet-wide communication system, and we are doing our best to build one with Matrix or die trying.
upofadown|4 years ago
The achievable security is significantly higher for an offline capable medium for example:
* https://articles.59.ca/doku.php?id=em:emailvsim
It is clear to me at least that we are stuck with at least 2 problems here. I have wondered if you could at least generalize the two modes in a way that would allow you to have one client and let the user decide.
zaik|4 years ago
sneak|4 years ago
cube00|4 years ago
anderspitman|4 years ago
If for no other reason, this is why no closed system will never supplant email. Even the biggest walled gardens like GOOG and FB bow to the power of email identities in the end, as the preferred (maybe even only) way to recover an account.
unixbane|4 years ago
Coming up with yet another way of encoding key-value pairs (or any type of serialization) is not engineering; you have not addressed the concrete problem in any way what so ever other than explaining what the syntax will be.
Like wtf is wrong with you people? How hard is it to call encrypt_message(your_message) and verify_message(their_message) without introducing RCE vulns? There is nothing hard about delimiting different entries in a list (for argv or whatever). This is pre-school stuff. The reason people omit it is becaues UN*X makes the path of least resistance to be insecure shit like system(), but even then it's still easy to work around it time after time if you are above the age of 12.
Federation is also a hare-brained concept. Why in the hell do I want my address to be qualified with some stupid string? Is this so I can make a group and LARP about firing missiles from mydomain.com to yourdomain.com? How is it possible that XMPP was created with the same idiotic concept once we already knew email was garbage? Federation is absolutely and thorougly pointless. The literal only reason it makes any sense is because if it was fully centralized, the service would just be dead once comapny #1 dies.
DAY OF THE SEAL SOON
encryptluks2|4 years ago
citizenpaul|4 years ago
The reason that large companies struggle or fail to implement systems like slack and teams is not because they are superior to email. Its because these huge corporation treat employees as faceless cogs in a machine. Email fails email delays email sucks everyone knows this and accepts it so it becomes the only way to take a break from the corporate pressure cooker.
I suspect in the future small companies that treat their employees as human and can use better tools effectively will eventually take over sufficient market shares to force large companies (they already are really) reevaluate the dispensibility of its workforce.
The death of email is a social not tech problem.
Jenda_|4 years ago
I actually run Android-x86 VM on a server because of WhatsApp, which I need for work. And it has some problems, for example to allow the browser to access the app, you need to scan a QR code - but I did not find a webcam emulator (think: v4l2-loopback on normal Linux) for Android or a way to emulate a webcam in VirtualBox or Qemu, so I need to copy the VM image to a computer with physical webcam, scan the code by pointing the webcam to the screen, and then copy it back to the server. WTF.
Or am I missing something? How do people without smartphones use WhatsApp (for communicating on a computer)?
leros|4 years ago
Anyone with your email can not only impersonate you, but gain access to many of your online accounts.
encryptluks2|4 years ago
mark_l_watson|4 years ago
Most people in my family and closest friends prefer SMS, even texting large image and video files (not really what the protocol was designed for, right?). Anyway, I tend to use what my people use.
nunez|4 years ago
dspillett|4 years ago
For certain definitions of “reliable”!
(though reliably available at least which can't be said for anything else, no matter how reliable in other senses)
bullen|4 years ago
SMTP will prevail and at some point all the messaging will be done over it just like HTTP/1.1...
mikotodomo|4 years ago
hprotagonist|4 years ago
h0nd|4 years ago
wombatmobile|4 years ago
Actually, that’s snail mail.
SargeDebian|4 years ago
lrem|4 years ago
arpa|4 years ago
nsonha|4 years ago
unknown|4 years ago
[deleted]
badrabbit|4 years ago
I am very concerned how people here are stating how good, simple and reliable it is. They are not wrong but so is IPv4 and the C language. Sentiment has no place in a building a secure and proper future technology.
dqv|4 years ago
Not a single messaging app I’ve used comes close to email. And I can’t use one messaging app, I have to have 6! I would be way more willing to move on from email if a solid viable alternative came along. XMPP, for example, is still too ephemeral and barely anyone uses it.
cycomanic|4 years ago
diegocg|4 years ago
You seem to have missed the point of the article. Email is a necessity - there is no alternative.
heresie-dabord|4 years ago
E-mail is grotesquely expensive to manage because of its weaknesses and its use as a vector of attack.
The best replacement solution is an organisational portal that people use to communicate with the organisation and upload/download documents. Some governments and banks have already been handling interactions with external entities and citizens/customers this way for years.
The upload and download tunnel is secure, the receiver can scan the uploaded information (detonate in a sandbox if necessary), and the sender can trust the messages and documents that are downloaded.