Asking the Hard Questions: Email

We all know email. It has been around for decades now. It's a mature system based on well-known protocols like SMTP, IMAP, POP3. Everybody uses it.

However, there are some that argue that this is a negative thing, and it is clear as to why. Email has been at the center of a lot of criticism and complaints, particularly about its security.
It's definitely messy when it comes to encryption. By default, no email is end-to-end encrypted. This means that communications can be intercepted by the service provider, or possibly by anyone in between if STARTTLS isn't enabled either
The only real way to achieve true end-to-end email encryption is through methods such as GPG. These methods can be more than a little unintuitive. Most mail clients have a third-party extension that offers this feature, with mixed results. On a personal note, I had a very bad experience with Enigmail, where it kept trying to generate its own keypairs for accounts and using them instead of only using the ones I told it to. Mutt's GPG is better in this regard, but I still have to figure out how to get that shit to work with multiple accounts. Some people find that these frustrations are enough for them to abandon the idea entirely, and just accept insecure email communications. That's certainly not a good sign. To a certain extent, email can seem like a dinosaur protocol held together with duct tape and glue.

This brings us to the question: Should society abandon email as we know it in favor of a communication system that prioritizes end-to-end encryption?
I've certainly seen some suggest this, particularly the EFF, who during the EFail panic prompted users to install Signal and use that instead. Furthermore, other encrypted chat choices are rising up, such as XMPP+OMEMO and Riot/Matrix.
This all sounds well and good. E2EE by default is always a good thing. I do have a few criticisms and concerns though.
For one, the shilling of signal in particular is a bit troublesome. Sure it's encrypted and "open", but it is still a very centralized system. The app only connects to one server, signal's, and that server handles everything. Outside of the code being open, how is this any more trustworthy than Whatsapp?
Another thing is that these protocols don't seem to fill in the email usecase. Emails are usually, well, mail. They're letters, and generally are long and carefully-composed. These chat apps and systems, while very secure, seem to be emulating instant messaging instead. They don't visually and UX-wise fill the same usecase as email.

So what do you think? Should we get rid of email? If so, what do you think should replace it? If not, how do you think email should evolve to deal with the challenges it faces in the modern technological landscape?

Attached: email-logo.jpg (1130x1015, 260.81K)

Other urls found in this thread:

technologyreview.com/s/610250/serious-quantum-computers-are-finally-here-what-are-we-going-to-do-with-them/
en.wikipedia.org/wiki/Post-quantum_cryptography
imperialviolet.org/2018/04/11/pqconftls.html
twitter.com/NSFWRedditGif

Use Proton tbh

Email is great and instant messaging doesn't replace it as you said.
Ha! Sounds like the EFF is compromised to me. The EFail thing was just about mail CLIENTS showing HTML (what they aren't supposed to do).

IMO just use PGP. It's fine, really.

...

End-to-End encryption is pointless when TPtB can capture all of your traffic and decrypt it whenever they want. At this point we have the computing power to decrypt anything we want as long as we have the money to throw into the problem and the harder to crack encryption methods like DSA have known vulnerabilities like limitations on how many times you can use a certain certificate. Or better yet, the government can just send a DMCA request against anyone who has data stored that you need.

Why aren't you blackpilled on data security yet?

If what you say is true, then even the US government can have their traffic captured and anybody can decrypt it whenever they want as long as they have the money to throw into the problem.

But do you have access to quantum computers?

Quantum computers don't exist retard

Really?

technologyreview.com/s/610250/serious-quantum-computers-are-finally-here-what-are-we-going-to-do-with-them/

"Last year, Gambetta and colleagues at IBM used a seven-qubit machine to simulate the precise structure of beryllium hydride. At just three atoms, it is the most complex molecule ever modeled with a quantum system. "

Quantum computers are an ongoing and unsolved research problem. The current state is that the computation results are not stable and not reliable for any kind of reliable application. We are on our way to reliable quantum computing but the day where we see reliable quantum computing is not today.

But don't you think "they" might have tech more advanced than what the public is let to know about?

While it's certainly possible, the leaders of the quantum computing are still publicly active and developing their fields. If the public leaders of quantum computing were working on top secret government projects, they would be completely forbidden to share any kind of new knowledge about what they're doing - their work would be secret knowledge. I am assuming that the public leaders of quantum computing are the only ones around and that there are aren't others at the same level (or beyond that level) who are working exclusively on secret government projects.

Email works well because its addresses are tied to DNS. You send mail to omg@wtf and the MX record of wtf tells you what machine to connect to try and deliver the mail. So your business can manage its mail internally, and you can have big centralized webmail products like protonmail and hotmail, and you can pay a few dollars a month for shared hosting and get email delivered to your own domain.
Any email replacement will need to share this property.
All of the obvious "why don't people just use that" prospective replacements don't work for the same reason Slack and Google Chat don't come with ircd ports: because businesses want control and lock-in. Twitter wants to sell you ads as you follow your timeline that they manage. Youtube doesn't want insurance ads to show up next to a video of a furry fucking a dog to death.

That's not quite a quantum computer. You get a ton of error in the results. This means that you are limited to what things you can use it for and algorithms that rely on there being no error will be unusable on current """quantum computers."""

The error is probabilistic, you can sample the results of the computation longer and get more accuracy. Including 99.9999% sure etc.

Some algorithms will have results which will converge to the correct answer faster than other by doing that. There are some which will take a very large number of samples as there is a small chance of the correct answer even making it to the end of the algorithm when you collapse the qbits and see the results.

OP here

Good stuff, and I agree. Centralization in general is a bad idea, and it is precisely the reason why repacing email is so hard. This is also why I agree with that the EFF was probably compromised or something like that. By not conforming to a standardized protocol, these 'services' can try to sell users on the latest hot 'feature', and increase their vendor lock-in. Centralized systems that feed into a single company's server are bad for privacy and security, because that business (theoretically at least) has access to everything. 'you are the product' in other words.

I would also like to provide some answers I have received elsewhere, roughly summarized:
1. Matrix could replace it. Although Matrix implementations right now seem mostly like texting, the protocol could be used for something like electronic mail, much like how delta.chat took email and made it look like an instant messenger. The French govt already apparently uses matrix in the place of email.
2. Lavabit is creating DIME, which looks to be a drop-in replacement protocol for email. It has DMTP (SMTP replacement) and DMAP (IMAP replacement). This system goes a step beyond end-to-end encryption, and adds onion routing to make it anonymous as well.
3. Autocrypt can ease the process of using GPG email. It does have the issue of going back to cleartext in some cases though, and whether it will work well with old-school GPG is an unknown. Maybe that will be resolved in future standard versions.

We should be looking into post-quantum cryptography before discussing what should the successor of email look like. I believe breaking current public key encryption algorithms with a quantum computer will become feasible in a couple decades, when most of us will still be alive.

en.wikipedia.org/wiki/Post-quantum_cryptography

Doesn't matter. Any protocol out there conforms to the newest encryption standards when the last encryption standard is rendered unsafe.

Not for records keeping.

Nope, you've got it exactly backwards. We should be discussing what the successor of email should look like and designing it such that asymmetric and symmetric encryption schemes can be slotted in and out of the protocol with a minimum of disruption. PQ crypto is already being worked on by a number of reputable groups, including djb's research group. When the algorithms are vetted and the implementations mature, they can be utilized.

It's similar to what's happening with TLS. There was already an experiment using PQ crypto for TLS connections.

imperialviolet.org/2018/04/11/pqconftls.html

Notice that it was an addition of a PQ scheme to TLS, not scrapping TLS and starting over.