
Show HN: FWD:Everyone – Making email into a social network - Alex3917
https://www.fwdeveryone.com/t/RtYWs75qQTyNfnepPpom_A/sxsw-advice-timers
======
Alex3917
Submission statement: For a long time I thought it would be cool to read the
email of tech industry leaders and celebrities. I thought it was a dumb idea,
but then a friend encouraged me to go out and actually ask some folks if
they'd use it. And surprisingly a lot of the folks we talked with told us that
if we built it then they'd use tho product.

Different people we talked with had different use cases. Some people were sick
of answering the same question from dozens of different people. For college
professors, fifty years ago their correspondence would get donated to their
university library, but now that it's in their inbox that will all get lost
unless there is some way to archive it. And for entrepreneurs, their email is
content they're already creating that could be used to promote their startups,
it's just that they're getting cheated out of their followers.

So while for me it was all about getting a chance to peek inside the private
lives of really interesting and accomplished individuals, for these folks they
see it as a way to maintain a blog with 10x less effort. So we tried to build
something that would fulfill both use cases.

In a couple months we'll also have public and private organizations. So with
public organizations, you'll be able to, say, subscribe to all the public
email from Steadfast VC partners. Or with private organizations, you'll be
able to share email privately within your business and tag it with things like
the project name, 'decision', 'deadline', etc. (Charging for private
organizations will be our business model.)

~~~
Alex3917
We just added a screencast (sans audio) on the front page to give a quick
overview of the functionality of the site. We also added a couple example
threads to the logged out page, so if you click the titles you'll get taken to
the thread page.

This front page stuff was just redone within the last couple hours, so we'll
clean up the design over the next couple days.

------
pbiggar
Love it!

Some comments:

\- I want to upload a thread, and it asks me to give Oauth to my entire email.
That's a little too much! Can't I just forward an email? I figured that was
the point, given the name. I just CC everyone@fwdeveryone.com and it gets
published.

\- I dunno if I want to include the entire thread when I forward. I'd
personally rather CC justthismessage@fwdeveryone.com when I'm writing an
email, and get _only_ this message, with the context cut out for privacy.

~~~
Alex3917
Thanks! With respect to just forwarding the thread, that was the original
idea. The reason we've moved away from that though is, counterintuitively, for
security reasons.

Basically we wanted to make posting email double opt-in, so that you can't
publish emails from other people without their permission. The problem is that
without OAuth you would be able to change the text of the conversations, and
also who the messages were coming from. So although we could still have a
permission mechanism, it wouldn't really be enforceable. And worse, anyone
getting a permission request would have to reread the entire thread to figure
out whether the uploader had changed the text of the conversation.

When we build a Gmail plugin we might be able to get around Oauth if we're
able to forward each message in the thread, since I think we'd be able to
verify the authenticity of the messages with DKIM. I haven't fully looked into
this yet.

For now what you can do is make multiple gmail addresses and/or revoke the
oauth access after each time you use the service. (We do this with our own
accounts dozens of times per day while testing the site, and it hasn't caused
any issues.) I think also a lot of people in the tech community are more
comfortable authing their work email accounts than their personal email
accounts, so we're not necessary counting on seeing a huge wave of adoption
until we have the organization features in a couple months.

With respect to not including certain messages, that's a feature we currently
have with Oauth. You can redact any text within the message bodies, which then
isn't stored in our database. And you can also exclude messages entirely from
the thread, and again the text of those messages isn't stored in our database
either.

We're going to add more fine-grained privacy settings in the future so that
way you can white list certain people and organizations and whatever. But for
launch we wanted to keep everything super simple, and make sure your first
experience with the site isn't getting doxxed by your friends or whatever even
if that means not getting any super viral content on day one.

~~~
pbiggar
Ah, I see. I guess you'll have to weigh whether that giant obstacle to
adoption is worth that feature. My bet is that it won't be.

------
tylershuster
Imo as a mediocre web developer and huge fan of open and decentralized
technology, this is the way that social networking should be done, at least
until a reliable standard becomes available for social networking. It doesn't
depend on a monolithic system, and seems to be backwards compatible. Thoughts?

~~~
amsheehan
Interesting thoughts. I think one of the draws of email for us is that it is
an open technology. The other platforms for communication are great too, we
just think that part of emails staying power is the result of it having open
protocols.

We also think a lot of really great things get talked about over email that
aren't inherently private. Conversations that showcase deep knowledge and
understanding through the lens of relationships. For us, that's the magic.

------
markonfire
whoa cool! Will you guys have a private side to this thing? I'd love to be
able to show a thread to only to colleagues in the newsroom as a story
develops, and then open source my reporting once it's published.

~~~
Alex3917
Thanks! And yes, we're going to have both private and public organizations.
(Like GitHub we'll offer free public repos and paid private repos.) We
actually already have a lot of the API code for this, but we still need a
couple more passes at the UI on some of the views.

We're also working on commenting, a gmail plugin, and a bunch of other stuff.

~~~
alooPotato
Founder of Streak here, love the idea. If you're making gmail plugin, we
published the www.inboxsdk.com to make it really easy to make them. Happy to
help if you have any questions/issues....

~~~
Alex3917
Thanks! We are definitely going to build on InboxSDK, we have a couple months
of other features to build out first though.

------
phantom_oracle
Can someone with some good security/email knowledge tell me if email spoofing
is a thing (or will be possible) here?

~~~
Alex3917
When you preview a thread we get that data directly from the Gmail API on our
servers. This means that if your email is properly configured with SPF and
DKIM, it shouldn't be possible for someone else to spoof your email before we
retrieve it.

Once we have a copy of your email, we then take a hash of the messages before
sending the text to the users. When we get the text back from the users (who
can make highlights or redactions), we compare the text we receive back with
the hash of the original message and throw an exception if the hashes don't
match. We then delete the hash from our database, and store an encrypted copy
of the message. The message remains encrypted until each of the message
contributors gives permission. If this doesn't happen then the encrypted
thread is deleted from our servers.

So yeah, we were pretty OCD about making sure that if something shows up in
everyone's newsfeed that it was actually both written by you and approved for
publication by you.

------
fiatjaf
I like it, but even with the screencast I don't understand how this works.

