|
|
Subscribe / Log in / New account

Security quotes of the week

[Posted January 29, 2025 by jake]

The most insidious thing about Big Tech's takeover of the internet isn't the concentration of power—it's how it's trained us to beg for scraps from our digital overlords.

Every week brings a new chorus of voices demanding that [insert tech giant] must "do better" or that [insert government agency] needs to "crack down" or that [insert billionaire] should swoop in to save us. We've become digital peasants, petitioning various lords and kings to please, please fix the internet for us.

[...] We all saw the tech oligarchs lined up behind Donald Trump at the inauguration. Any plan that involves having any of them "saving" or "fixing" the internet is not going to lead to good results. It's just going to lead to more power for the powerful, and less for the rest of us.

Instead, we need to look for more ways for users to empower themselves and to get out of this state of learned helplessness and demanding some more powerful entity "fix" everything that goes wrong.

Mike Masnick

Decentralization is itself a defensive countermeasure (code). When a service has diffuse power, it's harder for any one person to take it over. Federation adds another defensive layer, because users who don't like the way one server is run can move to another server, with varying degrees of data- and identity-portability. That makes it harder for server owners to squeeze users to make money (markets), and gives them an out if server owners try it anyway.

[...] That said, decentralization and federation are not perfect, set-and-forget defenses. Take email – the oldest, most successful federated system of them all. Email is nominally decentralized, but most email traffic goes through a handful of extremely large servers run by a cartel of companies (Google, Apple, Microsoft, and a few ISPs). These companies collude (or, more charitably, coordinate) to block email from non-cartel companies, in the name of fighting spam. This makes running your own mail server so hard that it is nearly impossible (that is, if you care about people actually receiving the email you send them).

Cory Doctorow
to post comments

Far from impossible

Posted Jan 30, 2025 16:54 UTC (Thu) by sethkush (subscriber, #107552) [Link] (7 responses)

As long as you play ball and set up DKIM, DMARC, SPF, and reverse DNS, your email should work fine so long as your IP isn't on a sketchy subnet.

The Comcast blocking mailman example from the linked article is unfortunate, and I'd usually rather not defend Comcast, but I could see my own rspamd setup having the same issue (and it has had similar issues in the past).

There's a ton of spam coming in at all times and false positives are hard to avoid. I don't think it's reasonable to attribute such blocks to malice or market power (though market power is still an obvious cause of other problems).

Far from impossible

Posted Jan 30, 2025 17:23 UTC (Thu) by jnareb (subscriber, #46500) [Link] (1 responses)

That's why books such as Michael W. Lucas: "Run Your Own Mail Server" exist.

Far from impossible

Posted Jan 31, 2025 4:17 UTC (Fri) by sethkush (subscriber, #107552) [Link]

My personal favourite resource is this blog post from an OpenSMTPD dev: https://poolp.org/posts/2019-09-14/setting-up-a-mail-serv...
I adapted it to Ubuntu because I find it easier to manage that way, but OpenSMTPD has been wonderful in terms of stability and documentation.

Far from impossible

Posted Jan 31, 2025 1:36 UTC (Fri) by NYKevin (subscriber, #129325) [Link] (2 responses)

> so long as your IP isn't on a sketchy subnet.

To my understanding, this is the big blocker for most folks. Subnets are judged "sketchy" by a wide array of different entities, applying different rubrics, over different timescales, and with different levels of willingness to tell you anything (in some cases, not even whether your IP address is on the naughty list). Appeals processes vary tremendously, but often range from Kafkaesque to nonexistent. I suspect, but do not know, that IPv6 gets even harsher treatment because it is so ridiculously easy to churn addresses if you find an ISP that assigns /64s dynamically - I would tend to assume that the only real option is to block the whole ASN.

Disclaimer: I work for Google, and Google is one of the (many, many) entities that blocks spam email based in part on IP addresses, see for example https://support.google.com/a/answer/81126. IMHO it is not 100% wrong to blame Google for self-hosted email being really difficult, given that Google does in fact require self-hosted email to jump through a bunch of hoops... but so does literally every other mail server of non-trivial size, mostly because there is little practical alternative. Obviously, this is just my personal opinion and not the official position of the company.

Far from impossible

Posted Jan 31, 2025 3:09 UTC (Fri) by dskoll (subscriber, #1630) [Link] (1 responses)

Most large providers have "Postmaster Tools" that let you improve deliverability.

I seem to have been lucky with my IP address; no deliverability issues to any of the major providers. I've had hiccups with delivering to Hotmail/Outlook, but Microsoft's postmaster tools are actually pretty good and they are fairly responsive. I've never had to test Google's equivalent, thankfully.

The one provider I still have problems with is Apple ("me.com"). Luckily, I have only one regular correspondent with a me.com email address and so I usually just text her instead.

The IP address is attached to a VPS at a hosting provider. I would definitely not attempt to deliver mail directly from a residential cable or DSL IP address.

Far from impossible

Posted Jan 31, 2025 11:38 UTC (Fri) by taladar (subscriber, #68407) [Link]

Most of those postmaster tools are less than useless unless you have a certain minimum volume of mail. Some don't even display data if you are under a few thousand mails a day.

Far from impossible

Posted Feb 6, 2025 18:14 UTC (Thu) by davidgerard (guest, #100304) [Link] (1 responses)

"Should" is such a great word.

As someone who had this problem, I assure you it's a frickin' PITA and I promptly advised that we never send email out through the SMTP and instead contract an email vendor (Mailchimp, Adestra etc) for anything customer-important. I remember we spent about six weeks supplicating toward Microsoft to get them to accept our mail.

That was in 2020, it'll be worse now.

If you have a business purpose that requires your email to get through, I strongly advise you to use a vendor.

Email is lost to decentralisation. People should no longer bring up email as an example of a successful decentralised system, because it is not in practice.

Far from impossible

Posted Mar 5, 2025 10:39 UTC (Wed) by smurf (subscriber, #17840) [Link]

Yes it's a PITA, but it's a manageable one. You run into a problem, you solve it, done. To me that happens every few months at most, and the rest of the time the mail server just chugs along.

The Internet treats censorship as damage...

Posted Feb 7, 2025 20:17 UTC (Fri) by Baylink (guest, #755) [Link] (1 responses)

and routes around it.
-- gnu@hoptoad

Is that still true?

It seems like the underlying argument here...

The Internet treats censorship as damage...

Posted Feb 8, 2025 23:44 UTC (Sat) by mathstuf (subscriber, #69389) [Link]

The Internet might, but how many users of the Internet still exist versus those that choose to live inside the walled gardens of social media?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds