Hacker News new | past | comments | ask | show | jobs | submit login

I just had to think a bit in the opposite direction, with respect to email. Archiving some correspondence from other contexts into it. There's a very handy tool for the archiving I'm interested in.

But... under U.S. law, online email storage over X... (I forget the exact count, something over 100 days) days old, is open to examination without a warrant.

Not that I've anything particular to hide. But moving my personal correspondence in that direction?

I may spin up a an email server under my own sub-net, just to make use of this tool and capture its output. But I'm strongly disinclined to put it on a publicly facing email server.




The 100 day warrantless examination is an interesting point. Are you suggesting the government doesn't have access to your correspondence on other platforms? You can at least run your own email server.


It depends on the platform, and on ongoing developments in law, regulation, and third-party cooperation (one big way U.S. governments get around their own restrictions is by soliciting (often, paid) data from third parties not bound by such restrictions).

Anyway, they may well have this data. Some other data, more likely not.

And, even where they may have -- or have access to, this data, retention periods may be significantly shorter. At least, the retention periods that aren't shrouded in secrecy in e.g. a large campus in the middle of Utah.

Not email, but more and more social/communications platforms are offering to archive your data in your Google Drive account. Now, maybe with a privately held passphrase to AES encryption, some might consider that ok. But that is not what these services are offering.

For the majority of people, "Who cares?" And there is value to keeping your life free of unnecessary friction.

But, more and more of this stuff is getting supeonaed in divorce cases, employment disputes, etc., etc.

Though, I suppose if you maintain private access to the messages, and don't share them, you are still a candidate for contempt of court.

Anyway, I'm not interested in accumulating more of my social life into a data store that, here in the U.S., has less constraints against third-party (here, meaning particularly, government) access.


Ok but what is the alternative for online communication?


I think there are many pieces of that puzzle floating around. Fastest replacement might be if someone can make an app to encrypt on device replies via email.

but that's not all.. if a pw protected chunk was sent back to a buddypress activity or message reply and could be decoded there... then people could setup a wordpress/buddypress for family and a separate install for friends..

Options to get rss read of activity, or get emailed activity and replies. Could just email a reply back with a plugin, but that's currently in the clear. It could just be a notice that ScreenName X posted a reply on the Activity Group Y.. click to read.. and it's trivial to make those things private / login needed kind of privacy at that point.

So solve email encrypt on device, send to server which I think can hold data encrypted with php 7, and it would need to be decrypted within wordpress/buddypress for friends / family there when they logged in .. then there are most of the other pieces for mutliple messaging different contacts and groups.. it's all there.

I am sure there are other similar projects with similar hooks where a similar thing could be streamlined / integrated with just on device email, with options to beef up the privacy to make it better. Would be nice to addin sms texting to the mix for notifications and replies somehow.

most people know using email, and buddypress can be very similar to fbook for layout, so familiar to most I think. It's all close.


Well, I like the idea of end-to-end encryption, combined with storage/archiving on equipment under my own control.

Email seems fine, if it's your own server and you can keep it secure. Including, secure from some legal argument that they can knock on your door or the data center's and just have a look at whatever they want.

There was a fellow in the UK who used assymmetric keys to encrypt all his inbound email, holding it on the server in encrypted form where the paired key was not on the server but rather available only to his email client.

Then, you have the problem of security in transit. That email doesn't offer, inherently. And most of your correspondents won't use PGP/GPG nor SMIME.

I just had another friend start using WhatsApp. Is it really secure? I don't know. At least, she'll use it.

WhatsApp offers to archive your correspondence to Google Drive. I haven't turned that on.

I've tried brining up Signal with a few friends, but they won't give it the time of day. (Unlike the Washington, DC crowd, who now appear to be flocking to it in minor degree.)

The tool I might use is for SMS/MMS. It used to also offer to archive WhatsApp conversations, but that's been discontinued.

Umm...

https://f-droid.org/en/packages/com.zegoggles.smssync/

It's also on Play.

https://play.google.com/store/apps/details?id=com.zegoggles....

So yeah, this isn't any "big security context". Just my personal stuff. But the default is to put the messages into Gmail. On the one hand, actually convenient. On the other... just, no.

I have a bootlooped Nexus 5x with a bunch of SMS/MMS I never backed up. Including, I now realize, from a friendship that's ended. I'd kind of like to have some of those. So, I'd like to be pro-active with regard to the next phone that's going to crap out on me.

----

P.S. In short, I think I basically agree with you. Decentralized, and under one's own control.

It's just that:

Email doesn't secure the transport, and many people won't secure their messages before transport.

If it's not your own email server, under your control including perhaps physical, law in the U.S. with respect to email designates older messages as quasi-abandoned and "up for grabs".

And I forgot to mention the many posts/comments I've been reading here, about how more and more difficult it's becoming to run your own email server, not just in terms of securing it but also because more and more email providers are shit-canning any emails that don't appear to be blessed by their counterparts.

Anyway, I'm not promoting the idea that I have some particularly good answer. Rather, just food for thought.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: