One of the great benefits of Open Source
One of the great benefits of Open Source
Posted Nov 4, 2025 10:25 UTC (Tue) by sthibaul (✭ supporter ✭, #54477)In reply to: One of the great benefits of Open Source by taladar
Parent article: Debian to require Rust as of May 2026
mail and C nowadays have precisely been vastly improved upon over what they were in the 70s.
Posted Nov 5, 2025 8:40 UTC (Wed)
by taladar (subscriber, #68407)
[Link] (85 responses)
Just look at mail, we still don't have a reliable system in use everywhere that works for all the use cases to determine who actually sent a mail. DKIM, SPF, DMARC, ARC,... are all just patch work on top of a bad starting point and even with them use cases like forwarding and mailing lists don't work properly all the time. Not to mention that 90% of mail servers out there don't implement all of them. There is no end to end encryption, there is no authorization of contacts, mail uses half a dozen different encodings that literally nobody else uses and many implementations break some of the standard (e.g. the 1000 character a line limit) even though other parts (e.g. DKIM) require them (well, DKIM breaks at lines over 4096 IIRC).
And C is even worse in how much of the single core assumptions are baked directly into the model and how many things are left undefined or implementation defined in the standard because some compiler vendors in the 1980s couldn't agree on something.
Posted Nov 5, 2025 11:13 UTC (Wed)
by pizza (subscriber, #46)
[Link]
if by "improved" you mean "designed to be a walled garden owned/controlled by a single vendor that never interoperated with anything else" then sure..
Posted Nov 5, 2025 15:31 UTC (Wed)
by dskoll (subscriber, #1630)
[Link] (83 responses)
It's impossible to have the benefits of email:
without having to live with the downsides. I think it's a reasonable tradeoff; email security tools have gotten to the point where email is still useful and isn't totally overwhelmed with spam.
Posted Nov 5, 2025 16:03 UTC (Wed)
by paulj (subscriber, #341)
[Link] (75 responses)
It's perfectly doable.
Posted Nov 5, 2025 17:03 UTC (Wed)
by dskoll (subscriber, #1630)
[Link] (74 responses)
People who say it's perfectly doable never seem to have read this.
What's in it for me to spend money to send email? More to the point, what's in it for me to pay for emails sent out by my cron jobs or monitoring systems?
Posted Nov 5, 2025 17:06 UTC (Wed)
by dskoll (subscriber, #1630)
[Link] (1 responses)
Sorry, another followup. Another thing is you're not thinking like a criminal. A criminal won't be deterred by micro-payments or by having to use compute because they'll just steal those things from innocent victims. We already see compromised devices being massively weaponised in botnets. A botnet has vastly more computing power than you'll ever need to break through proof-of-work anti-spam systems.
Posted Nov 6, 2025 11:29 UTC (Thu)
by paulj (subscriber, #341)
[Link]
Posted Nov 6, 2025 11:26 UTC (Thu)
by paulj (subscriber, #341)
[Link] (71 responses)
Further, your comment above seemed (to me), to frame the problem more generally than just SMTP and seemed to refer to communication in general, that you could not have a series of benefits without the downsides (i.e., the various complex hack-on side-protocols to limit spam).
In general, we /do/ have a way. The technical ability is there.
Posted Nov 6, 2025 11:41 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (61 responses)
It's worth noting, in that context, that the thing that keeps killing micropayments is the cost of handling disputes; if I've been hacked, and the hacker has spent $10k of my money, it's well worth my while financially disputing all of those payments and getting as many undone as I can (via the courts if there's no dispute mechanism to avoid that), but each of the recipients has (relatively speaking) much less incentive to not just give in and let me get back my $0.001 or whatever that was spent with them. This essential asymmetry has to be addressed somehow - unless you're saying that people who get hacked "deserve" to lose large sums of money, of course.
Posted Nov 6, 2025 12:05 UTC (Thu)
by paulj (subscriber, #341)
[Link] (60 responses)
The question of theft of money, and what happens if the thief is caught but has already spent much of the money, and whether or not that money can be recovered from those who received it, is also a social one. And a question I'm sure long existed before computer, and one which already has a body of judicial decisions available to cover it (no idea what they are). If a thief spends X thousands of money stolen from me with some 3rd party, but that 3rd party acted in good faith and had no reason to believe the money was stolen, may I recover that money from that 3rd party? Leaving the 3rd party out of pocket?
I have no idea what the law says. I assume the answer is context and probably jurisdiction dependent. I doubt the issues are any different for computerised micro-payments (?).
Anyway, social questions, largely.
Note: Some common technological micro-payments are "transparent" - the transactions can easily be traced on a public electronic ledger, and it may therefore be easy for criminal investigators to find that a thief paid some (innocent) retailer X thousands, even if they never identify the thief. However, the CryptoNote paper exists, and I think in the future many (most?) micro-payments will use non-trivially-traceable ledgers. (It already is the case for some sectors that use distributed, online micro-payments).
Posted Nov 6, 2025 12:20 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (59 responses)
If you refuse to return the money, then you have yourself got into the realms of criminal activity. And as someone out $10,000, it's worth my while chasing all of it to get as much back as I can - but is it worth your while getting a criminal record over $0.001? If your answer to that is "no, I'd just return it to avoid this outcome", then you have ensured that spammers don't pay (since they use stolen resources), which destroys the economic incentives.
And it's this sort of social problem that you have to solve in order to make an e-mail replacement workable. The technology problems are trivial in comparison.
Posted Nov 6, 2025 14:09 UTC (Thu)
by paulj (subscriber, #341)
[Link] (58 responses)
Whether you hand me €x of stolen money or you send me €x worth of stolen micro-payment, by the law as you describe it, once I am made aware it was stolen I have to give it back to you. I'm not sure how the amount is that significant either - your argument seems to be cause the sum is miniscule it changes something. But...
If you lost €0.001 worth of micro-payments, are you going to bother tracking down where it went, finding out who is behind whatever address it went to, contacting them, etc. It's not worth your time. Also again:
> I think in the future many (most?) micro-payments will use non-trivially-traceable ledgers. (It already is the case for some sectors that use distributed, online micro-payments).
The micro-payment system can easily be one with a non-transparent ledger and distributed - no central authority that can look behind any curtain. In technical terms, your objections do not hold. A distributed, decentralised, permissionless, communication system can be constructed that puts a sufficiently high cost on spam to deter it, while incurring only trivial costs for nearly all users.
Posted Nov 6, 2025 14:28 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (57 responses)
But each of the recipients owes me a much smaller amount - how much time and effort are they going to put in to avoid me fraudulently getting a refund of €0.001? If the answer is "none", then spammers just demand refunds, and get them because you're not willing to put in any effort to stop me getting one fraudulently. If the answer is not "none", then you're risking a criminal conviction over what to me is €10,000, and to you is €0.001; how much time are you willing to put into defending yourself here, and why aren't you putting that time in to stopping spam already?
Posted Nov 6, 2025 14:55 UTC (Thu)
by paulj (subscriber, #341)
[Link] (56 responses)
In technical terms though: How do you know who received your micro-payments? The communication system consists of anonymous nodes, by design, precisely to avoid the problems you are trying to create for it.
1 The communication system can be designed to consist of relatively anonymous nodes, incentivised to provide service by the micro-payments
This technology exists, there are examples of all the pieces of this system and of some combinations of the pieces, in various applications. Some pieces are very widely used (e.g. an implementation of 2 is the dominant, universal even, form of payment system in some sectors). I don't know if there's a communication system based on all the elements of this model, but it can be.
There is Session messenger (getsession.org). It doesn't use micro-payments as of yet. It may do one day, if use gets big enough and spam / resource-abuse becomes an issue.
Posted Nov 6, 2025 14:58 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (55 responses)
Once again, this isn't about the technology - the technology exists, and can be made to work. It's about the social aspect; you're saying now that if I don't take a lot of care to avoid being hacked, I can lose all my money and have no recourse. That's not exactly a selling point of any system.
Posted Nov 6, 2025 15:28 UTC (Thu)
by paulj (subscriber, #341)
[Link] (54 responses)
Indeed, micro-payment systems tend to have better security features than the common banking system does.
Posted Nov 6, 2025 16:33 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (53 responses)
And again, as a social matter "the existing thing exposes you to risk, this thing means that it's harder to not expose yourself to that risk" is not a selling point. Unless I can completely remove myself from the existing thing (so no common banking system at all, for any purpose, including things like groceries), you're saying that I should accept more risk to make this thing happen; that is always going to be a hard sell.
Note, too, that the "common banking system" (at least here) is set up such that all transactions can be reversed, because I can, if the bank doesn't handle it internally, get a court order forcing the transaction to be reversed. That's my big security feature - none of my outgoing transactions are irreversible, if I'm willing to put the legwork in to have them reversed. I've not seen a micro-payment system with a similar guarantee of reversibility.
Posted Nov 6, 2025 17:15 UTC (Thu)
by paulj (subscriber, #341)
[Link] (52 responses)
There is little difference here - from my perspective - whether I use a credit card to make a payment from my normal bank account to my email provider, or whether I use a distributed, electronic payment system to make a payment to the same entity (there are numerous email hosting providers who accept both credit/debit cards and other non-fiat-money payment systems).
The design you're floating - with your email client somehow having full control over any balances (never mind significant) - seems somewhat insane, and so of course it's not how these things are designed, whether if it's with standard centralised payments systems, or more distributed, decentralised payment systems. ;)
The decentralised payment version can allow for things like recoverable balances. E.g., if I've made x amount available to top-up my balance with the communication system, that could be done by paying to a 1-of-2 multisig so that myself and the communication system can pay out from the balance. Which means I can take the balance back into my full control. With standard payments, if a communications provider goes bust, I will not get my balance back from the company. I'll have to wait for a receiver to come in, take control, and disburse my funds back. The distributed system, I can take my balance back, plus disbursement by the distributed system to some node can itself by protected by a wider consensus that the said node actually did some work to (help) send the message(s).
Posted Nov 6, 2025 17:19 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (47 responses)
Today, I compose the e-mail, I hit send, it goes. Job done.
In your system, you're suggesting that I compose the e-mail, I hit send, I get a prompt to go into my payments system to approve a top-up to the e-mail system, I have to go across to that, check that the top-up is reasonable, and permit it, and then it goes.
And I cannot square your talk about being able to recover the payment made for an e-mail that was sent and received by the recipient (but declared as spam) with the idea that this payment is a deterrent to spamming. Either it's irreversible (in which case, that's a whole new set of risks that isn't present in the current system), or I can have it reversed if I didn't send the e-mail personally, and e-mail is effectively free to criminals (since they hack systems, and their victims reverse the payments).
Posted Nov 7, 2025 10:30 UTC (Fri)
by paulj (subscriber, #341)
[Link] (46 responses)
I think you know fine well that paying for an online service does not imply that you then must manually take actions to pay at each and every use. You could pay in batches in advance - one very common model. Even LWN uses that! You need not even pay yourself. If ads make money for big tech, they'll continue to let you just pay with your eyeballs and data. Etc.
How the system itself manages distribution of payments does not of itself have to govern anything about what users do.
Anyway... this is a long side track away from topic of the story.
Posted Nov 7, 2025 11:03 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (45 responses)
You're looking only at the happy path, and saying "as long as this all works as intended, there's no problems". I'm looking at the edge cases, like "running out of credit just as you send an important e-mail", and asking how you solve that.
Posted Nov 7, 2025 13:21 UTC (Fri)
by paulj (subscriber, #341)
[Link] (44 responses)
Knowing when you need top up some balance for some service is just a general life thing, and has 0 specifically to do with online micro-payments. I irregularly use the train, and more than once I've been at my local station furiously typing CCV codes into my phone app to try get my "Leap" (mifare I think) card topped up, so I can tap in at the gate, as the train is approaching....
You're just trolling at this stage I feel. ;)
Posted Nov 7, 2025 13:47 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (37 responses)
Big tech are happy enough with the current SMTP + DMARC setup; it works for their needs, and they have no need to change it. What makes it worth their while contributing some of their profits to a third party?
And you're continuing to miss the point - you've added an extra way for me to lose my money, for no gain to me over the current system (SMTP + DMARC with a decent spam filter is very low on junk for me already, and the pain of dealing with disputes over money paid for delivery of mail to me would outweigh any reasonable payment).
I also note, now that I recall the previous conversation, that you never responded to this comment thread from over 2 years ago - did you actually receive the money I sent, or did it go missing? If it went missing, how do we dispute the transaction and ensure that it gets to either you or back to me?
Posted Nov 7, 2025 14:43 UTC (Fri)
by paulj (subscriber, #341)
[Link] (5 responses)
You currently already can lose your money if your computer is hacked, if you pay for email. If you're happy to sell your eyeballs and data, then in any new, (not email!) messaging system that used some online, distributed payments system to make spam uneconomic, you could use clients that sold your eyeballs and data to big-tech and *you* would no additional payment systems on your computer/client. Even if you chose to pay, it still need /not/ be an extra risk, because you may well be using this payment system for numerous things already.
As for your experience with the current email system and lack of spam, that's cause of a layer of crappy additional side-protocols which *still do not substantially stop spam* PLUS a filtering system to try separate out the deluge of spam that _still gets through_. All of which you _ALREADY PAY FOR_ - one way or another.
It's a _shit_ system. It _does not work_ - not even the big-tech companies manage to reliably stop spam by any means, and also do not manage to reliably separate the spam from the signal. There are regular false-positives, and many false-negatives in my Big-tech administered Inbox.
As for the 2yo comment. I never saw that somehow, till now. Or I saw meant, meant to check later and forgot! I'll try remember today :)
Posted Nov 7, 2025 15:36 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (4 responses)
And we know from SMS (which is charged per-message to the sending companies, even if you buy a bulk lot from a provider like Trello) that charging isn't enough to reliably stop spam, either; there's ways to get around charging, including outright fraud. From what you've described, you're going to recreate the problems SMS has, which include spam and financial problems, in order to get rid of the problems e-mail has; but then, why would I use the new protocol, and not SMS?
Posted Nov 7, 2025 16:04 UTC (Fri)
by paulj (subscriber, #341)
[Link] (3 responses)
So.... there often wasn't charging is what you're saying.
Posted Nov 7, 2025 16:08 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (2 responses)
The "charges undone by court order" is impossible to avoid without making your payment system in breach of anti money laundering regulations, and therefore illegal to use at scale.
Posted Nov 10, 2025 11:51 UTC (Mon)
by paulj (subscriber, #341)
[Link] (1 responses)
I'm no legal expert, but the existence of (on-chain) irreversible distributed payment systems and businesses created around them and/or using them (including very large and some heavily regulated ones) shows your belief here can not be true. The on-chain transaction can not be reversed, once confirmed, but businesses can always refund - by choice or legal order - some payment.
AFAIK, the likes of the EU are not trying to ban irreversible distributed payment systems.
Posted Nov 10, 2025 12:07 UTC (Mon)
by farnz (subscriber, #17727)
[Link]
What is not legal is a setup where the money can neither be retrieved directly by the sender, nor can the recipient be identified for the purposes of having the court order apply to them, too. Otherwise, how do you prove (as required by Russian, Chinese, EU and USA sanctions laws) that you're not sending money to a sanctioned entity directly?
Posted Nov 7, 2025 14:56 UTC (Fri)
by pizza (subscriber, #46)
[Link] (30 responses)
There's one more wrinkle, and it's a doozey. When money is involved, (or are otherwise exchanging some measure of "value" for a service) you're veering into the territory of [potentially heavily-]regulated commercial activities in most jurisdictions, and now you have to care about recordkeeping, paying taxes, etc. Not to mention any gateway to "real" payment systems will have their own voluminous technical+contractual requirements, etc etc.
> So, we come back round to why would anyone switch to a pay-to-mail system?
Especially to one that presupposes the existence of a spherical cow (==functioning micropayment system that's universally deployed.. with bidirectional transfers into arbitrary national currencies)
Posted Nov 7, 2025 15:58 UTC (Fri)
by paulj (subscriber, #341)
[Link] (29 responses)
I'm just saying, from a technical perspective, the original assertion that a set of constraints and desires for messaging systems was impossible to meet, other than without the specified downsides of current email.
Technically we have distributed protocols that can achieve the desired goals. Most of the issues raised in objection are just moot, as they apply to wider structures in use in society, long before computers. Valid objections are generally social, e.g. those in your reply.
On your specific points, vast vast majority of email providers are companies and already taking payment from /someone/ (whether the email sender, or the advertisers who want to place ads before the email senders). All the regulatory burdens are already there in that particular implementation of a messaging system, for essentially all entities involved in the operation of the underlying messaging system (the number of entities that are not corporations is pretty much 0 by comparison to the rest). Further, being involved in some miniscule way in the operation of a messaging system that uses micro-payments need not have regulatory or tax implications - most regimes have thresholds to exclude trivial cases from tax or regulatory burdens.
Posted Nov 7, 2025 18:01 UTC (Fri)
by anselm (subscriber, #2796)
[Link] (28 responses)
That may be the case, but today I am the email provider for myself and a few friends, and I would like to keep doing this. If, to continue to be my own email provider, I would have to connect to some payment system and deal with all the legal red tape required to be a commercial entity (and at least around here, “doing something on a sustained basis that involves other people and money” is the basic definition of “being a commercial entity”), then this would no longer be a viable proposition, and that would really suck. It may turn out that in the end I might not actually be liable to pay taxes, etc., but the red tape would still be there in order to get to that point.
Anyway, never mind micropayments, which are way too much of a hassle to be worthwhile. If we really want to fix email, the first thing to do is to stop sending email around on the off-chance. Instead, the email is stored at the sender's end and the receiver is notified that there is some email to pick up for them. The receiver can then decide whether they want it (based on whether the sender is on a list of approved senders, or the notification has the correct signature, or the hash for the actual mail doesn't show up in a spam database, or whatever) and pick it up from the sender's server if that is the case. This approach makes it harder for spammers to fake the sender's address (they could still try to send fake notifications but there wouldn't be anything on the sender's server to pick up; also the system would presumably validate that a notification for a message from sender@example.com actually comes from a server which is allowed to send notifications for example.com, à la SPF) and doesn't require receivers to download and store messages they're going to discard later because they're spam. Backscatter-type spam is eliminated completely because there is no need for “bounces” in the first place. Just a thought.
Posted Nov 10, 2025 11:43 UTC (Mon)
by paulj (subscriber, #341)
[Link] (27 responses)
Again, all jurisdictions I am familiar with have thresholds and exemptions for non-commercial and/or no-low revenue businesses. E.g., VAT... there are thresholds and you have to have a fairly non-trivial business before you are required to register for VAT. If you are not making money, there are no tax liabilities and unlikely to be even be reporting obligations (unless, again, you have some large revenue on which you're making no money). I am unsure what other regulations you think might apply to running a small commununication system for friends, for which you might have to have them contribute money in some online-payment system - even reporting obligations for financial transactions have thresholds that are at set at least €1000 across the EU.
Alternatively, just go anonymous. A system secured against spam by money, or other proof of resources, can have anonymous nodes.
So... it's just a strawman. There are no regulations nor taxes that would apply to some trivial-scale "friends and family" next-gen-email-replacement system.
There are open-source projects in this space already, and you can run their servers if you wish. E.g., Session (partly a signal fork, but replacing the messaging fabric). The notion you need to register a company and pay taxes to run a Session server and have it participate in the swarms is just flat out false.
Posted Nov 10, 2025 13:32 UTC (Mon)
by pizza (subscriber, #46)
[Link] (22 responses)
Methinks the "strawman" here is one of your own construction.
Remember, you're not interacting with "friends and family", you're interacting with everyone said friends+family communicates with, and that's going to necessarily include complete strangers and businesses of all sizes. (If it was just a closed friends+family system, you have an alternate trust system and can eschew all of this automagic micropayment system entirely!)
Meanwhile, if you interact with real-world currencies, you will run into voliminous regulations and the 5th circle of hell that are payment processing systems. This goes well beyond the scope of taxation; Look up the UCC sometime.
Posted Nov 10, 2025 14:11 UTC (Mon)
by farnz (subscriber, #17727)
[Link] (21 responses)
The moment money gets involved, though, I have to ensure that I don't attempt to pay for mail delivery to this person's mail server, because if I do so, I will be in breach of sanctions law. And the easiest way to handle this problem is to pay someone who already handles sanctions law as a matter of course - stop running my own server, and just pay for Google Workspace or similar.
Posted Nov 10, 2025 15:02 UTC (Mon)
by paulj (subscriber, #341)
[Link] (20 responses)
As stated before, it is technically possible to have a distributed system that includes or relies on a distributed ledger payment system where no one can determine from the ledger, with any useful certainty, how much was sent by whom to whom. Only the sender knows how much was sent to which sub-address. The recipient knows how much was received to which sub-address, but not the address from which it was sent. I.e., a CryptoNote protocol.
Such non-transparent payment systems will ultimately dominate in the space for online, decentralised, distributed payment systems (and already do!), precisely because the older technology of transparent public ledger systems become mired in unworkable regulations. Eventually, the regulatory system will lose here and have to concede - just like in the previous regulatory war on maths in the 90s.
Posted Nov 10, 2025 15:41 UTC (Mon)
by paulj (subscriber, #341)
[Link] (18 responses)
Ergo, users are not sending any money to any specific node. Ergo, users in regime X, where regime X dislikes another regime Y enough that it has punitive sanctions against people within the reach of regime X who might do such terrible things as send messages within a distributed system that happens to have some participant nodes located in or run by people in regime Y, can not be said to have interacted in any way with regime Y.
The shocking rise of illiberalism, even neo-fascism, *across the world* will simply accelerate the adoption of privacy-protecting distributed messaging and payment systems. (Session - getsession.org - possibly being the best of what is workable, at this time, in the messaging system space).
Posted Nov 10, 2025 21:07 UTC (Mon)
by pizza (subscriber, #46)
[Link] (17 responses)
LOLwut?
Party A wants to send email to party B. To do so a token of some "value" must be transferred that can be converted to/from "money" at either end.
No matter how much technical handwavery you layer in the middle, there's no escaping that fundamental fact, nor the fact that national governments have _very_ strong opinions (ie "laws" backed up by literal armies) on the subject of "transferring tokens of value".
It doesn't matter what value I transfer to a sanctioned entity, or how I do it. Legally it only matters that I did so (or directed someone else to do so on my behalf).
> The shocking rise of illiberalism, even neo-fascism, *across the world* will simply accelerate the adoption of privacy-protecting distributed messaging and payment systems.
I'd agree with you on the messaging front, but *payment systems* are another matter entirely. The fundamental problem with distributed payment systems is how said system converts into "real" currency on either end.
Posted Nov 11, 2025 10:37 UTC (Tue)
by paulj (subscriber, #341)
[Link] (16 responses)
To fight illiberalism requires the ability to associate. To fight illiberalism in a state that is willing to use the tools of control against opponents (as has now happened in a number of western "liberal democracies", against dissident motivations across the spectrum - it's not a question of left or right) requires the ability to associate anonymously (at least, anonymous to outsiders). Effective association requires some anonymity in communication, and in acquiring and distributing resources.
To object to such tools because "Lolwut? govs wont like it bruv" is simply not an argument worth considering.
Posted Nov 11, 2025 12:38 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (15 responses)
No, anonymity is helpful if you want to subvert a democracy. Crypto is helpful for paying agitators in a deniable way(e.g. where does Tommy Robinson get money for his luxury vacations?)
If you want to overthrow a dictatorship(what's the point of using euphemisms like illiberal?) what you need is a mass movement that is too big for the state to handle.
The greater control a state today has because of surveillance is because of the current state of technology, you are not changing that by getting democracies to restrain themselves with laws. A dictator will just ignore these, making them completely pointless.
Posted Nov 11, 2025 14:05 UTC (Tue)
by daroc (editor, #160859)
[Link]
(Remember Debian? This is a song about Debian ...)
Posted Nov 11, 2025 14:08 UTC (Tue)
by paulj (subscriber, #341)
[Link] (2 responses)
It is interesting to see how my generation of techies - who when they were young would have nearly all been involved in or at least strongly supported the cypherpunk movement and been against the government in the crypto-wars of the 90s - have with often become more conservative at least in terms of supporting state control. People who once would have invoked May's (popularised by Schneier) four horseman of the Internet as a derisory label, now invoke those horsemen in support of the ever broadening tech-panopticon surveillance state.
Posted Nov 11, 2025 15:34 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (1 responses)
It's possible to write a fictional scenario where these really are the bad guys, but currently on planet earth none of the far to few countries that are actually respecting the rule of law deserve to be overthrown.
Your specific example refers to Syria, the old regime would have collapsed years earlier if they hadn't been propped up by the drug trade and associated money laundering so crypto was very much on the wrong side there.
Posted Nov 11, 2025 17:59 UTC (Tue)
by paulj (subscriber, #341)
[Link]
Posted Nov 11, 2025 15:51 UTC (Tue)
by NAR (subscriber, #1313)
[Link] (10 responses)
In Hungary (an illiberal democracy) the mass movement (a new opposition party) that grew too big to handle was (partly) sparked by an anonymous report that the president pardoned a pedophile-enabler. As far as I know, the guy who noticed that pardon (buried in official communication) and sent it to the press is still anonymous. So having an anonymous communication format has it merits even if a mass movement is required to replace the government.
Posted Nov 11, 2025 16:48 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (9 responses)
it is in a democracy's own best interest that its citizens can communicate safely without being overheard.
Posted Nov 11, 2025 18:12 UTC (Tue)
by paulj (subscriber, #341)
[Link] (8 responses)
We want to communicate anonymously (from the POV of others), without being overheard. We have looked at our threat model and our security requirements, and determined it is best served by obtaining phones running GrapheneOS. You lack the resources to obtain such a phone, and further the regime you are in views the purchase of secure phones as very suspicious - and you are likely to be put (at a minimum) under observation if such a purchase is detected. We have determined that it is best I purchase the phone for you (you havn't the resources), and we do so as anonymously as possible (so we have at least some plausible deniability if detected, e.g. intercepted shipment). I am known, in the wider world, to be associated with you.
One option is for me to use Tor to go to an anonymous online bazaar. Then to use an anonymous distributed payment method to buy a GrapheneOS phone, and have it shipped it to you (ideally, some drop-box or shared address that is at least not /uniquely/ associated with you). You and I know, from experience of others, that there is a minimal intercept rate on such shipments.
This is NOT an unrealistic example of how anonymous communication systems AND anonymous payment systems can be used to help protect activism in some places.
Posted Nov 11, 2025 20:12 UTC (Tue)
by pizza (subscriber, #46)
[Link]
This is an example of a quasi-anoymous communication system that sorta works (except for the glaring problem that it's a literal *phone* which means you're going to be "anonymously" tracked by $telco and/or anyone running an ISMI catcher)
Take away the "phone" part of that and you can piggyback off of public/"open" wifi, again for varying degrees of anonymity. That said, a not-terribly-repressive regime can easily require folks to require some sort of government ID and/or tied to your device [1] as a condition to grant access to said wifi. And said regime can easily require all traffic to be routed through "great firewalls" or some other classification/inspection/tracking system [2]
And sure, you can interpose middlemen, but when $oppressive_regime has no qualms about disappearing its own citizens, all you'll accomplish is a slight delay in how long it takes your door to be kicked in.
> One option is for me to use Tor to go to an anonymous online bazaar. Then to use an anonymous distributed payment method
Again, the vulnerability here is the ability to convert this "payment method" into $national_currency on either end. Those exchanges are the choke points that governments can, and do, go after.
...I keep coming back to the "what threat vector are you trying to protect yourself against" question. Because a guido wielding a gympie trounces technical handwavery... every. single. time. (see xkcd #538)
[1] I experienced this a decade ago when traveling in the Middle East.
Posted Nov 12, 2025 13:12 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (6 responses)
It's unrealistic to the point where it looks like a parody. Is it intended as one?
Phones are widely available in almost all countries, it is rarely a hard to get item. In a country where they are hard to get, North Korea, they have implemented some kind of authorization scheme so only government provided phones can actually connect to the network, an activist firing up your graphene os phone will be arrested immediately.
(I believe they do have provisions for tourists calling abroad, but an activist trying this will be noticed and arrested)
Posted Nov 12, 2025 17:08 UTC (Wed)
by paulj (subscriber, #341)
[Link] (5 responses)
1. proceeds to give an example of a country where phone purchases generally are restricted as described
If your argument really is that activists never need to buy anything that may be sensitive, where anonymity is desirable, then it is your argument that is parody.
Posted Nov 12, 2025 17:10 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted Nov 12, 2025 19:02 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (3 responses)
> "It's so unrealistic it's a parody!"...
> 1. proceeds to give an example of a country where phone purchases generally are restricted as described
No, I'm pointing out that anybody trying to use your OS if likely to be arrested very quickly. The phone will need to authenticate itself to the network in order to prove that it is indeed an approved phone with the correct spyware installed.
> 2. fails to spot that my comment says "You lack the resources to obtain such a phone",
No, I'm saying that phones are ubiquitous, access to one is not a limitation and I'm saying that getting a Graphene OS phone is not going to help if you are physically in a dictatorship.
What activists need to do is to make their electronic signature as innocent as possible. One common tactic is to post coded messages to a popular forum that also used by normal people.
With your solution, as soon as the police finds the first activist with with a Graphene device, they will know what the traffic looks like and can use that that simply the search for the rest.
Posted Nov 12, 2025 19:28 UTC (Wed)
by pizza (subscriber, #46)
[Link]
Along those lines, the Iranian revolution in the late 70s was famously seeded via already-ubiquitous cassette tapes of Khomeni's speeches.
Posted Nov 13, 2025 10:11 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (1 responses)
Thus, your goal is to not do anything that would give the police a reason to look at you; you're reliant on the fact that there's more citizens than police, and thus they cannot monitor everyone in depth. The moment you do something that marks you out as "odd", you're either fully compliant with the regime (just slightly weird - maybe you like brandy more than vodka), or you're marked out as a troublemaker and they will find a way to get you.
Posted Nov 13, 2025 11:54 UTC (Thu)
by malmedal (subscriber, #56172)
[Link]
Posted Nov 10, 2025 16:13 UTC (Mon)
by Wol (subscriber, #4433)
[Link]
And as far as I can tell, both you and farnz are in violent agreement on this point!
As farnz keeps on banging on, the problem is SOCIAL, and there is no way from a SOCIAL perspective that anything like this will take off.
Cheers,
Posted Nov 10, 2025 17:48 UTC (Mon)
by anselm (subscriber, #2796)
[Link] (3 responses)
Sez you. When the tax man rings my doorbell I'll refer them to you.
Anyway, as I said, the whole payment-for-mail issue is moot as far as I'm concerned because, as I've outlined in my previous message, there are better approaches for “next-gen-email-replacement systems” that don't even involve money (let alone shady cryptocurrencies).
Incidentally, one problem that makes me not like the pay-to-play approach to email is that I run a bunch of mailing lists (some with a few hundred subscribers). If I need to pay a trivial amount for each email message sent across these lists, that trivial amount times the number of subscribers times the number of messages per day at some point becomes not quite so trivial anymore. The obvious solution to this is to charge mailing list subscribers, but then hey, suddenly instead of someone with a fun hobby I'm a news publisher running a paid-for service for the public and again all sorts of regulations start to apply (apart from the hassle connected with having to ensure that every subscriber puts their contribution into the kitty). Why would I ever go for that sort of thing when right now I don't need to pay anything above the cost of the mail server, which is a trivial amount?
Posted Nov 10, 2025 18:00 UTC (Mon)
by paulj (subscriber, #341)
[Link] (2 responses)
If your understanding of what I've been sketching is a system where you have to manually charge people each time they send their message to your distribution group, then... let's just leave this. (It's way OT anyway).
Also, again, there's no tax obligations for a group of people running systems for informal associations. There are all kinds of clubs out there, where people pay money to cover the costs the activity of that club (e.g. hosting a website, hosting races for things like running and cycling clubs, buying club kit, etc.), and it's all on an unincorporated basis and there are no tax obligations on the club or the person who handles the money for the specific activity that generated the cost, if there are only costs involved. Both English and Irish law definitely have the concept of unincorporated associations, I know this for a fact, and I'm pretty sure there is an equivalent in germanic jurisdictions - that probably then covers very large swathes of the world, given how many others derive from those in some way.
Posted Nov 10, 2025 18:04 UTC (Mon)
by paulj (subscriber, #341)
[Link]
Posted Nov 10, 2025 19:02 UTC (Mon)
by anselm (subscriber, #2796)
[Link]
Now you're building the strawman. Obviously, the way this would really work is that people subscribe to the mailing list in the way they would subscribe to a magazine, i.e., X amount of money/month gets you everything that goes through the list. You would calibrate X such that your cost to send N messages per month to M subscribers would be less than X*M. Depending on the readership and volume of your mailing list, X*M can be a non-trivial amount of money. You would still have to have some sort of infrastructure to sort out every subscriber's payments (especially since, for d…n sure, you don't want every subscriber to have to deal with the likes of Monero), and depending on how big X*M is, you're absolutely running a commercial enterprise here.
Again, the whole idea of founding an email system on micropayments is something that will never fly, anyway. There are better ways to fix email which also require large numbers of participants to warm to the idea but don't involve money.
Posted Nov 7, 2025 16:00 UTC (Fri)
by paulj (subscriber, #341)
[Link] (5 responses)
Posted Nov 7, 2025 16:14 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (4 responses)
From my end, this is undebuggable; I know how to handle it in normal cases, but not here.
With the conventional banking system (SWIFT, for example), I'd raise a complaint with my bank; they would then identify where they sent the money, and would either present to me proof that it had been received at the intended recipient, or refund me if they could not trace it to the destination I told them to send it to.
With the card system, I'd open a merchant dispute via my card company, and they'd give the merchant a chance to respond to the dispute (which identifies the transaction to the merchant as part of the dispute, so if it's just bad record keeping at their end, it gets fixed). If the merchant doesn't respond adequately, in the view of my card company, then I get a refund.
Posted Nov 7, 2025 16:54 UTC (Fri)
by paulj (subscriber, #341)
[Link] (3 responses)
I suspect your custodian has a minimum withdrawal amount, and the .012 XMR was well below that and hence was never sent. Whether that resulted in the amount being taken from your balance with them, I don't know. In which case, for tiny payments you would need to use a proper wallet under your control (e.g., Monerujo is on F-Droid, perhaps Cake wallet is good too). That's a social issue wrt demand, at this point in time - not a technical one.
Posted Nov 7, 2025 16:57 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (2 responses)
The reason for sending that much is that it put me just over their minimum withdrawal amount (I paid them £2.50 in total, including their fees, plus the cost of the Monero).
But again, this is a migration issue - I'm not plugged into the Monero ecosystem, and I have no idea how I'd get Monero other than via a company like Binance. Again, if your system depends on people plugging into Monero, how do you expect people to know this sort of detail?
And it's not like SWIFT, because with SWIFT, I identify the transaction to my bank, and they take responsibility for following through to confirm that it either arrived, or didn't. If it didn't arrive, they'll refund me - and I can try again. I'm not entirely sure what the equivalent is here.
Posted Nov 10, 2025 12:00 UTC (Mon)
by paulj (subscriber, #341)
[Link] (1 responses)
I don't think Binance list Monero anymore, cause Monero is too good at what it does. We're basically in the middle of a repeat of the US' war on cryptography in the 90s. Mostly led by the EU this time. Just like then, it will fail, cause you can not unlearn and ban math. The CryptoNote paper exists, it's a beautiful paper - probably one of the seminal works in distributed consensus along with the papers on Bitcoin, Paxos, Radia Perlman's Byzantine General Routing System paper/Ph.D., Lamport's clock, and such - and they can not make it go away. Just like in the 90s, they will lose. (I need to get a T-shirt printed with the key equations from CryptoNote, like the old RSA t-shirts from the first crypto war).
So yes, this technology is still early days, it is not well integrated into other things, and it won't be for a while for various social reasons around distributed payment technologies and the clash these cause with state desires for tight control. Distributed payment technologies will win out eventually though.
If you want an entity to deal with, who will handle everything and indemnify you, there will be such entities. The existence of a technology that allows anyone to participate does NOT prevent anyone setting up a business around it so you can have a more traditional interface to it.
Posted Nov 10, 2025 12:10 UTC (Mon)
by farnz (subscriber, #17727)
[Link]
It sounds, though, like what you're saying is "this technology is too new and unreliable for people not yet willing to dive in fully", which in turn makes it completely unsuitable for sending money to pay for e-mail delivery. I have to commit to replacing my existing financial management (which I'm happy with) with a new technology I don't fully understand or trust, replace my existing private mail server (which I'm happy with) with a new one that I don't fully understand or trust, and do so for questionable benefits (since the assertions around what's going to work in the new system are at odds with the history of Prestel and of SMS).
Posted Nov 6, 2025 17:21 UTC (Thu)
by dskoll (subscriber, #1630)
[Link] (3 responses)
Once again:
Posted Nov 7, 2025 10:34 UTC (Fri)
by paulj (subscriber, #341)
[Link] (2 responses)
Your mother? Probably nothing changes.... She keeps paying with her eyeballs and data. Others may choose to avoid that and pay actual money in some new communication system. That's how it already is today with email. The only thing that changes is that instead of layers of hacky side-protocols under the hood to try stop spam, you just have one clean micro-payment layer to make spam uneconomical. The business model around that, that affects UX, can vary in many ways.
You would not design a new messaging system in the way email is today.
Posted Nov 7, 2025 13:05 UTC (Fri)
by pizza (subscriber, #46)
[Link] (1 responses)
Of course not. You'd design it to be controlled by a single party (ie you), only accessible via official applications (backstopped by DRM), and explicitly monetized (everyone pays-to-use *and* forced unskippable advertisements) with all payments going solely to you.
(ie the wet dream of AT&T and what every big-tech's IM system aspires to be)
Posted Nov 7, 2025 13:16 UTC (Fri)
by dskoll (subscriber, #1630)
[Link]
pizza is right. Anything designed today would benefit oligarchs and data brokers and oppress its "users". We should thank our lucky stars email became entrenched before the Internet enshittified.
Posted Nov 6, 2025 15:20 UTC (Thu)
by dskoll (subscriber, #1630)
[Link] (8 responses)
In general, we /do/ have a way. The technical ability is there.
Well, I dispute that. As I pointed out, criminals will hack the system in a way that can't effectively be protected against without turning email into some walled-garden proprietary system.
But more to the point: Even if the technical ability were there, there's no incentive to switch. Anything that makes email more "secure" is also going to make it less convenient, and convenience is the #1 selling point of email.
Posted Nov 7, 2025 8:37 UTC (Fri)
by taladar (subscriber, #68407)
[Link] (7 responses)
The main selling point of email at this point is "everyone uses it", so basically just network effects.
Posted Nov 7, 2025 13:15 UTC (Fri)
by dskoll (subscriber, #1630)
[Link] (1 responses)
I have used email in all of those roles: As an end-user, as a programmer/admin trying to send email, and as a mail server administrator.
It's very convenient as an end-user, not too bad as a programmer, and a little annoying but manageable as a mail server administrator. I was also in the email security field for almost two decades and helped administer systems with hundreds of thousands of users... so I know email!
Don't discount the network effect. It's huge. And it's why none of the countless proposals similar to yours have ever gained much traction; people have viewed them as too much cost for too little benefit.
Posted Nov 7, 2025 13:23 UTC (Fri)
by raven667 (subscriber, #5198)
[Link]
I think you have greatly misjudged the experience of the person you are talking to, so this comment is probably a mistake.
Posted Nov 7, 2025 13:52 UTC (Fri)
by anselm (subscriber, #2796)
[Link] (4 responses)
The nice thing about email is that it works reasonably well for the vast majority of people without arbitrarily restricting the set of people one can communicate with to those who are prepared to subscribe to the same more-or-less-proprietary walled garden as oneself. Sure, Signal (for example) is nice but you only get to use it to talk to other people who are also on Signal, using a special program you need to install that is only good for talking to other people on Signal, and may or may not even be available for the platform you're using. If the people who run the Signal servers ever get tired of doing it¹ then congratulations, you get to find a new service where all the people hang out who you used to talk to on Signal, and hope that whatever program you need to use to get on that service will also run on the computer(s) you'd like to use. And so on².
With email at least, the underlying “mess of semi-underspecified standards” is sufficiently well-understood by enough people all over the place that the service itself will not be going away anytime soon. We cannot guarantee the eternal existence of any particular mail server instance or piece of software used to send or process email, but it is overwhelmingly likely that you will always be able to find some MUA that runs on your system (however unusual) and can connect to some MTA in order to get email from you to whoever@somewhere.com. In a pinch you could even write your own. For all its obvious shortcomings and all the legitimate criticism one could level at the email system, it's what we have, it's everywhere, and so far nobody, as in nobody, has been able to come up with a viable contender to replace it that doesn't involve a walled garden or single centralised point of failure of some kind. It may be “just network effects”, but those network effects are pretty hard to beat.
1. We can debate about how likely that is to happen, but in point of fact it's not as if you have a contract with the Signal people that says they can't simply stop providing the service to you whenever they feel like it. Certainly recently when the EU was debating forcing messenger services to scan messages for unwanted content, Signal was considering withdrawing from the EU altogether, which would obviously have sucked for Signal users in the EU (certainly those without the wherewithal to use a VPN to connect to somewhere where Signal is still available).
2. Sure, you could run your own Signal server, but then you would need to convince everyone you want to communicate with to use that particular server, too. (So instead you use Mastodon, but that of course comes with its own set of issues and restrictions, and of course you would need to convince everyone you want to communicate with to also use Mastodon.) With email, you can run your own server and it will generally be fine for communicating with people on arbitrary other servers.
Posted Nov 7, 2025 16:10 UTC (Fri)
by paulj (subscriber, #341)
[Link] (3 responses)
This isn't true. You may be able to receive email, but you will struggle to have others receive email you send, unless you spend a good bit of time configuring various hacky side-protocols and testing them and maintaining them. That's sort of the origin of this off-story-topic sub-thread.
Posted Nov 7, 2025 16:20 UTC (Fri)
by pizza (subscriber, #46)
[Link] (1 responses)
I set up DKIM on systems I administer nearly seven years ago. I don't recall it being particularly challenging (on the order of a few hours), and I am not exaggerating when I say it has required zero maintenance since.
Honestly, email barely even registers on the "list of headaches involved in running public-facing services" these days.
Posted Nov 7, 2025 18:59 UTC (Fri)
by dskoll (subscriber, #1630)
[Link]
Also. I've been hosting my own email on behalf of a company I used to own since 1999, and self-hosting my personal email since 2018. The initial setup took some time, but there's no ongoing maintenance needed for DKIM/DMARC/SPF unless you make changes to your network topology, and that hasn't yet happened for me. It's really not all that hard, and IMO we need a wide variety of email hosting providers and self-hosters to ensure that concentration amongst the Big Ones never reaches the point where they can unilaterally change the price of admission.
Posted Nov 7, 2025 17:14 UTC (Fri)
by anselm (subscriber, #2796)
[Link]
These days you can get nifty oven-ready container-based email systems – usually based on Postfix, Dovecot, and the like –which will take care of that stuff for you. But even setting up SPF and DKIM from scratch isn't exactly rocket science. There are loads of web pages which explain how to do it, in easy-to-follow steps, and doing just that will take you a long way towards being able to send email wherever you like.
I've been running mail servers (on my own behalf and that of various companies and non-profits) and teaching other people how to do it for 30+ years now, and it's generally not something I'm losing any sleep over. As far as I'm concerned, claims like “you will struggle to have others receive email you send” are wildly exaggerated.
Posted Nov 6, 2025 8:26 UTC (Thu)
by taladar (subscriber, #68407)
[Link] (6 responses)
That way I wouldn't have to e.g. login to my bank website to see their actual message or download their monthly list of transactions as a PDF just because email is insecure.
Messages that communication from other people with some kind of email notification tacked on could be sent directly to me as desktop notifications or phone push notifications by my server if I wish, maybe even according to some rules.
Email seems like a bad format for that.
Email as an account recovery or login control tool is also pretty bad, especially the way everyone uses email as logins and can thus associate my accounts on a vast number of platforms with each other once each of them had a data breach.
Posted Nov 6, 2025 8:46 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
And yet they were quite happy to send stuff by snail-mail, which is arguably even less secure!
Once you've verified the end points, email is as - or likely more - secure than snail mail. Sure stuff can get lost. Sure a determined cracker can steal email in transit. But the only place it's likely to get stolen from is the customer's own system, and forcing the customer to log in and retrieve a message or PDF provides absolutely no security there!
And as implemented, where you have to login to read messages, can be a disaster too. My "Building Society" (it was one - thanks to the mess of UK Banking reforms I don't have a clue what it is now) seems to be a bit clueless on that front. I got sent an important - time sensitive - message via their internal messaging systems, only for me never to see it because I got no notification whatsoever it was waiting for me. The zeroth rule of successful investing (which the investment firms are desperate for us to break because it earns them loads of lovely commission) is treat investments like mushrooms - leave them alone in the dark until they mature. Which I did, so I never logged in, and never saw the message ... WHOOPS!
Cheers,
Posted Nov 6, 2025 9:15 UTC (Thu)
by anselm (subscriber, #2796)
[Link] (1 responses)
My bank apparently thinks that PGP-encrypted email is secure enough to send me individual notices of transactions on my current account, but not secure enough to send me monthly statements or other types of communication. I should probably be grateful for small miracles.
Posted Nov 6, 2025 11:29 UTC (Thu)
by paulj (subscriber, #341)
[Link]
Posted Nov 6, 2025 14:38 UTC (Thu)
by dskoll (subscriber, #1630)
[Link] (2 responses)
I actually hate having to log in to some system or even visit a web site just to read a message that could have been sent by email. The absolute worst are the ones that send you an email just to tell you that you have a message you need to read. Just send me the damn message in the first place!!
I don't want phone or desktop notifications for most things. Those are far more intrusive than emails because they generally make a noise or pop something up that demands attention. A unexpected withdrawal from my account? Yes, interrupt me. A notification that my statement is ready? No, do not interrupt me! If I get too many notifications, I'll block them which will defeat the purpose of important notifications getting through.
I agree that relying on email for account recovery is not all that secure. But until everyone has a Yubikey that they never lose (plus a spare!) and uses it religiously, we're kind of stuck with best-effort mechanisms.
Posted Nov 6, 2025 15:14 UTC (Thu)
by geert (subscriber, #98403)
[Link] (1 responses)
Posted Nov 6, 2025 18:59 UTC (Thu)
by rschroev (subscriber, #4164)
[Link]
One of the great benefits of Open Source
One of the great benefits of Open Source
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
The technology may be there, but the reason e-mail is still so widely deployed is social, not technological, and your proposal (like many) doesn't answer a lot of social questions, not least "why should I, as someone who is well-served by the current state of affairs, switch?".
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
The law in my jurisdiction has a solution, but it trashes micropayments; the third party is required to return the money to me, and is out of pocket until they can identify the thief. They can recover their full costs (not just the money they returned to me, but all of the costs they incurred that way) from the thief once they've found the thief, but only if the thief actually has legitimate assets you can recover from. There are exceptions for someone acting as my agent (which cover banks, for example), but those exceptions require that the agent is appropriately licensed, and that we've got a pre-existing contractual relationship which agrees that you're acting as my agent.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
The reason it's a problem is that I lost €10,000 in total, as the hacker used my account to send ten million messages - it's worth my while chasing that much up.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
2 The micro-payments system can be designed to resist traceability
3 The distribution of the micro-payments by senders to the nodes of the communication system carrying out the work can be anonymised (e.g., see 2) and/or diffused such that even if 1 were not true - nodes were not anonymous - that it is not possible for you nor any general observer, nor even the recipient can know where a payment was sent from or to (obviously a recipient can know a payment went to it, but that's all).
So what you're saying is that if I'm hacked, the hacker can drain my accounts completely, leaving me destitute? Why would I sign up for this system over the existing e-mail system?
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Sure, but now you're telling me that, if I want to do e-mail, I have to expose my account details (which can thus be drained) to my e-mail system. That's a new avenue of attack, and given the amount of e-mail I send anyway, is one where I'm much more likely to not notice that One Weird Transaction that drains my accounts (because a transaction on every e-mail send is normal).
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
You're making it hard to send e-mail, then.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
If I pay in batches in advance, and I happen to run out of credit just as I send e-mail, how do I top-up without paying more? If I can send on credit, and top-up later, why wouldn't a spammer send on credit, and "forget" to top-up? Similar with big tech; if they're letting me pay with eyeballs and data, why wouldn't a spammer create many new accounts that they can use to send spam (as they already do today)?
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
So, we come back round to why would anyone switch to a pay-to-mail system?
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
It works well enough for most use cases - any new system has to have good reason to switch.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
No; there was charging done, but then fraud and other criminal activity meant that the money didn't actually transfer as intended, or the charges were undone by court order.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
You don't need to change the ledger - it's entirely allowable to have the original transaction in the ledger, and a later transaction that reverses the full effect of that previous transaction.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
vast vast majority of email providers are companies and already taking payment from /someone/ (whether the email sender, or the advertisers who want to place ads before the email senders).
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
And note that you can't control who your friends and family choose as mail providers. For example, my home mail server (used by 3 people - me, my spouse, my mother) regularly sends mail to a server belonging to a sanctioned entity. This is fine, legally speaking, because no money is involved; I'm forwarding data from my mother's mail client to her friend's mail server, and the mere act of forwarding data is not sanctioned.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
If you want to overthrow a dictatorship(what's the point of using euphemisms like illiberal?) what you need is a mass movement that is too big for the state to handle.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
[2] This capability continues to be demonstrated by China
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
2. fails to spot that my comment says "You lack the resources to obtain such a phone", so either I have to send you money somehow (anonymously) or I have to send a phone.
3. I may also be in the same restrictive regime, I just happen to have the resources to be buy the item.
4. There may be numerous other types of items useful to activism that one may wish to purchase for oneself or others anonymously.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
The key to this is that "innocent until proven guilty" is an artefact of liberal societies. If you're in an illiberal society of some form, once you've been identified as a troublemaker, you will be found guilty of something; if necessary, police will plant or forge evidence to show that you've been involved with something society at large considers abhorrent.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Wol
Email insecurity (was One of the great benefits of Open Source)
So... it's just a strawman. There are no regulations nor taxes that would apply to some trivial-scale "friends and family" next-gen-email-replacement system.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
If your understanding of what I've been sketching is a system where you have to manually charge people each time they send their message to your distribution group, then... let's just leave this.
Email insecurity (was One of the great benefits of Open Source)
OK, so how do we debug this? I sent the money, as far as I can tell, and you didn't receive it. My records show that I paid Binance to send 87774rpgLdmjCFLqyV3BYN6VwBzdvaVbccVUF2K3NHGEFyoQKxCTqcxeDcPHpQPixqitthXhYK5uGbYuFExff24ACiaAUkH a total of 0.012 Monero just before posting that comment; your records show that it never arrived.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
I'll ask Binance for those details; they did confirm that they sent 0.012 XMR, however, but didn't give me a transaction ID or a transaction view key at the time.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
I don't see how to set up a Monero wallet that accepts GBP; I sent you money using a payment from my credit card (which I paid off).
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Wol
Email insecurity (was One of the great benefits of Open Source)
That way I wouldn't have to e.g. login to my bank website to see their actual message or download their monthly list of transactions as a PDF just because email is insecure.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
After logging in securily, you can download the message, which is a PDF file containing a nice formal letter on government letterhead telling you you have a new document at another government site.
After logging in on the second site, you can finally enjoy the real document, which turns out not to be that urgent and important anyway...
Email insecurity (was One of the great benefits of Open Source)