[Freedombox-discuss] my summary of yesterday's Hackfest

[ian at churchkey.org]

On 02/28/2011 09:55 AM, Michiel de Jong wrote:
> 
> addendum: after also reading the two recent threads about email on the
> mailing list, i think we should maybe discourage the use of email, yet
> still offer a pgp-enabled email client, and maybe an easy way to
> register your own domain name (from a choice of TLDs) and rent an
> in-the-cloud mailserver for it. however, the question is, if we want to
> promote something that is better than email, do we still want to promote
> pgp as an intermediate solution?

One point to consider is whether gpg is the only encryption scheme worth
examining. While the end-to-end encryption benefits of gpg are well
known, only a very small percentage of email users have gpg keys.
Something like running a mail server that only uses SMTP would ensure
that all your messages go _out_ in the clear. What happens to them
depends on who the recipients are.

There is only so much we can do to protect the contents of our messages
if the people we send them to make a practice of handing those messages
over to third parties like gmail. If we ensure that our messages go out
securely, then at least we have eliminated the intermediary network
snoopers, whether those are central ISPs or local wifi snoopers.

Which leaves open the larger strategic questions of whether we should be
focusing on integrating with existing communications like email, whether
email in particular is too difficult to get right or maintain, or if we
should move entirely to completely secure communication systems as Jonas
suggests.

While I have no personal love for email and see how popular gmail is as
a service, I think that if we pull too far away from how people
currently communicate we will end up buried beneath the network effects
of the many systems we seek to replace.

-Ian