Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Posted Nov 6, 2025 15:28 UTC (Thu) by paulj (subscriber, #341)In reply to: Email insecurity (was One of the great benefits of Open Source) by farnz
Parent article: Debian to require Rust as of May 2026
Indeed, micro-payment systems tend to have better security features than the common banking system does.
Posted Nov 6, 2025 16:33 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (53 responses)
And again, as a social matter "the existing thing exposes you to risk, this thing means that it's harder to not expose yourself to that risk" is not a selling point. Unless I can completely remove myself from the existing thing (so no common banking system at all, for any purpose, including things like groceries), you're saying that I should accept more risk to make this thing happen; that is always going to be a hard sell.
Note, too, that the "common banking system" (at least here) is set up such that all transactions can be reversed, because I can, if the bank doesn't handle it internally, get a court order forcing the transaction to be reversed. That's my big security feature - none of my outgoing transactions are irreversible, if I'm willing to put the legwork in to have them reversed. I've not seen a micro-payment system with a similar guarantee of reversibility.
Posted Nov 6, 2025 17:15 UTC (Thu)
by paulj (subscriber, #341)
[Link] (52 responses)
There is little difference here - from my perspective - whether I use a credit card to make a payment from my normal bank account to my email provider, or whether I use a distributed, electronic payment system to make a payment to the same entity (there are numerous email hosting providers who accept both credit/debit cards and other non-fiat-money payment systems).
The design you're floating - with your email client somehow having full control over any balances (never mind significant) - seems somewhat insane, and so of course it's not how these things are designed, whether if it's with standard centralised payments systems, or more distributed, decentralised payment systems. ;)
The decentralised payment version can allow for things like recoverable balances. E.g., if I've made x amount available to top-up my balance with the communication system, that could be done by paying to a 1-of-2 multisig so that myself and the communication system can pay out from the balance. Which means I can take the balance back into my full control. With standard payments, if a communications provider goes bust, I will not get my balance back from the company. I'll have to wait for a receiver to come in, take control, and disburse my funds back. The distributed system, I can take my balance back, plus disbursement by the distributed system to some node can itself by protected by a wider consensus that the said node actually did some work to (help) send the message(s).
Posted Nov 6, 2025 17:19 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (47 responses)
Today, I compose the e-mail, I hit send, it goes. Job done.
In your system, you're suggesting that I compose the e-mail, I hit send, I get a prompt to go into my payments system to approve a top-up to the e-mail system, I have to go across to that, check that the top-up is reasonable, and permit it, and then it goes.
And I cannot square your talk about being able to recover the payment made for an e-mail that was sent and received by the recipient (but declared as spam) with the idea that this payment is a deterrent to spamming. Either it's irreversible (in which case, that's a whole new set of risks that isn't present in the current system), or I can have it reversed if I didn't send the e-mail personally, and e-mail is effectively free to criminals (since they hack systems, and their victims reverse the payments).
Posted Nov 7, 2025 10:30 UTC (Fri)
by paulj (subscriber, #341)
[Link] (46 responses)
I think you know fine well that paying for an online service does not imply that you then must manually take actions to pay at each and every use. You could pay in batches in advance - one very common model. Even LWN uses that! You need not even pay yourself. If ads make money for big tech, they'll continue to let you just pay with your eyeballs and data. Etc.
How the system itself manages distribution of payments does not of itself have to govern anything about what users do.
Anyway... this is a long side track away from topic of the story.
Posted Nov 7, 2025 11:03 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (45 responses)
You're looking only at the happy path, and saying "as long as this all works as intended, there's no problems". I'm looking at the edge cases, like "running out of credit just as you send an important e-mail", and asking how you solve that.
Posted Nov 7, 2025 13:21 UTC (Fri)
by paulj (subscriber, #341)
[Link] (44 responses)
Knowing when you need top up some balance for some service is just a general life thing, and has 0 specifically to do with online micro-payments. I irregularly use the train, and more than once I've been at my local station furiously typing CCV codes into my phone app to try get my "Leap" (mifare I think) card topped up, so I can tap in at the gate, as the train is approaching....
You're just trolling at this stage I feel. ;)
Posted Nov 7, 2025 13:47 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (37 responses)
Big tech are happy enough with the current SMTP + DMARC setup; it works for their needs, and they have no need to change it. What makes it worth their while contributing some of their profits to a third party?
And you're continuing to miss the point - you've added an extra way for me to lose my money, for no gain to me over the current system (SMTP + DMARC with a decent spam filter is very low on junk for me already, and the pain of dealing with disputes over money paid for delivery of mail to me would outweigh any reasonable payment).
I also note, now that I recall the previous conversation, that you never responded to this comment thread from over 2 years ago - did you actually receive the money I sent, or did it go missing? If it went missing, how do we dispute the transaction and ensure that it gets to either you or back to me?
Posted Nov 7, 2025 14:43 UTC (Fri)
by paulj (subscriber, #341)
[Link] (5 responses)
You currently already can lose your money if your computer is hacked, if you pay for email. If you're happy to sell your eyeballs and data, then in any new, (not email!) messaging system that used some online, distributed payments system to make spam uneconomic, you could use clients that sold your eyeballs and data to big-tech and *you* would no additional payment systems on your computer/client. Even if you chose to pay, it still need /not/ be an extra risk, because you may well be using this payment system for numerous things already.
As for your experience with the current email system and lack of spam, that's cause of a layer of crappy additional side-protocols which *still do not substantially stop spam* PLUS a filtering system to try separate out the deluge of spam that _still gets through_. All of which you _ALREADY PAY FOR_ - one way or another.
It's a _shit_ system. It _does not work_ - not even the big-tech companies manage to reliably stop spam by any means, and also do not manage to reliably separate the spam from the signal. There are regular false-positives, and many false-negatives in my Big-tech administered Inbox.
As for the 2yo comment. I never saw that somehow, till now. Or I saw meant, meant to check later and forgot! I'll try remember today :)
Posted Nov 7, 2025 15:36 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (4 responses)
And we know from SMS (which is charged per-message to the sending companies, even if you buy a bulk lot from a provider like Trello) that charging isn't enough to reliably stop spam, either; there's ways to get around charging, including outright fraud. From what you've described, you're going to recreate the problems SMS has, which include spam and financial problems, in order to get rid of the problems e-mail has; but then, why would I use the new protocol, and not SMS?
Posted Nov 7, 2025 16:04 UTC (Fri)
by paulj (subscriber, #341)
[Link] (3 responses)
So.... there often wasn't charging is what you're saying.
Posted Nov 7, 2025 16:08 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (2 responses)
The "charges undone by court order" is impossible to avoid without making your payment system in breach of anti money laundering regulations, and therefore illegal to use at scale.
Posted Nov 10, 2025 11:51 UTC (Mon)
by paulj (subscriber, #341)
[Link] (1 responses)
I'm no legal expert, but the existence of (on-chain) irreversible distributed payment systems and businesses created around them and/or using them (including very large and some heavily regulated ones) shows your belief here can not be true. The on-chain transaction can not be reversed, once confirmed, but businesses can always refund - by choice or legal order - some payment.
AFAIK, the likes of the EU are not trying to ban irreversible distributed payment systems.
Posted Nov 10, 2025 12:07 UTC (Mon)
by farnz (subscriber, #17727)
[Link]
What is not legal is a setup where the money can neither be retrieved directly by the sender, nor can the recipient be identified for the purposes of having the court order apply to them, too. Otherwise, how do you prove (as required by Russian, Chinese, EU and USA sanctions laws) that you're not sending money to a sanctioned entity directly?
Posted Nov 7, 2025 14:56 UTC (Fri)
by pizza (subscriber, #46)
[Link] (30 responses)
There's one more wrinkle, and it's a doozey. When money is involved, (or are otherwise exchanging some measure of "value" for a service) you're veering into the territory of [potentially heavily-]regulated commercial activities in most jurisdictions, and now you have to care about recordkeeping, paying taxes, etc. Not to mention any gateway to "real" payment systems will have their own voluminous technical+contractual requirements, etc etc.
> So, we come back round to why would anyone switch to a pay-to-mail system?
Especially to one that presupposes the existence of a spherical cow (==functioning micropayment system that's universally deployed.. with bidirectional transfers into arbitrary national currencies)
Posted Nov 7, 2025 15:58 UTC (Fri)
by paulj (subscriber, #341)
[Link] (29 responses)
I'm just saying, from a technical perspective, the original assertion that a set of constraints and desires for messaging systems was impossible to meet, other than without the specified downsides of current email.
Technically we have distributed protocols that can achieve the desired goals. Most of the issues raised in objection are just moot, as they apply to wider structures in use in society, long before computers. Valid objections are generally social, e.g. those in your reply.
On your specific points, vast vast majority of email providers are companies and already taking payment from /someone/ (whether the email sender, or the advertisers who want to place ads before the email senders). All the regulatory burdens are already there in that particular implementation of a messaging system, for essentially all entities involved in the operation of the underlying messaging system (the number of entities that are not corporations is pretty much 0 by comparison to the rest). Further, being involved in some miniscule way in the operation of a messaging system that uses micro-payments need not have regulatory or tax implications - most regimes have thresholds to exclude trivial cases from tax or regulatory burdens.
Posted Nov 7, 2025 18:01 UTC (Fri)
by anselm (subscriber, #2796)
[Link] (28 responses)
That may be the case, but today I am the email provider for myself and a few friends, and I would like to keep doing this. If, to continue to be my own email provider, I would have to connect to some payment system and deal with all the legal red tape required to be a commercial entity (and at least around here, “doing something on a sustained basis that involves other people and money” is the basic definition of “being a commercial entity”), then this would no longer be a viable proposition, and that would really suck. It may turn out that in the end I might not actually be liable to pay taxes, etc., but the red tape would still be there in order to get to that point.
Anyway, never mind micropayments, which are way too much of a hassle to be worthwhile. If we really want to fix email, the first thing to do is to stop sending email around on the off-chance. Instead, the email is stored at the sender's end and the receiver is notified that there is some email to pick up for them. The receiver can then decide whether they want it (based on whether the sender is on a list of approved senders, or the notification has the correct signature, or the hash for the actual mail doesn't show up in a spam database, or whatever) and pick it up from the sender's server if that is the case. This approach makes it harder for spammers to fake the sender's address (they could still try to send fake notifications but there wouldn't be anything on the sender's server to pick up; also the system would presumably validate that a notification for a message from sender@example.com actually comes from a server which is allowed to send notifications for example.com, à la SPF) and doesn't require receivers to download and store messages they're going to discard later because they're spam. Backscatter-type spam is eliminated completely because there is no need for “bounces” in the first place. Just a thought.
Posted Nov 10, 2025 11:43 UTC (Mon)
by paulj (subscriber, #341)
[Link] (27 responses)
Again, all jurisdictions I am familiar with have thresholds and exemptions for non-commercial and/or no-low revenue businesses. E.g., VAT... there are thresholds and you have to have a fairly non-trivial business before you are required to register for VAT. If you are not making money, there are no tax liabilities and unlikely to be even be reporting obligations (unless, again, you have some large revenue on which you're making no money). I am unsure what other regulations you think might apply to running a small commununication system for friends, for which you might have to have them contribute money in some online-payment system - even reporting obligations for financial transactions have thresholds that are at set at least €1000 across the EU.
Alternatively, just go anonymous. A system secured against spam by money, or other proof of resources, can have anonymous nodes.
So... it's just a strawman. There are no regulations nor taxes that would apply to some trivial-scale "friends and family" next-gen-email-replacement system.
There are open-source projects in this space already, and you can run their servers if you wish. E.g., Session (partly a signal fork, but replacing the messaging fabric). The notion you need to register a company and pay taxes to run a Session server and have it participate in the swarms is just flat out false.
Posted Nov 10, 2025 13:32 UTC (Mon)
by pizza (subscriber, #46)
[Link] (22 responses)
Methinks the "strawman" here is one of your own construction.
Remember, you're not interacting with "friends and family", you're interacting with everyone said friends+family communicates with, and that's going to necessarily include complete strangers and businesses of all sizes. (If it was just a closed friends+family system, you have an alternate trust system and can eschew all of this automagic micropayment system entirely!)
Meanwhile, if you interact with real-world currencies, you will run into voliminous regulations and the 5th circle of hell that are payment processing systems. This goes well beyond the scope of taxation; Look up the UCC sometime.
Posted Nov 10, 2025 14:11 UTC (Mon)
by farnz (subscriber, #17727)
[Link] (21 responses)
The moment money gets involved, though, I have to ensure that I don't attempt to pay for mail delivery to this person's mail server, because if I do so, I will be in breach of sanctions law. And the easiest way to handle this problem is to pay someone who already handles sanctions law as a matter of course - stop running my own server, and just pay for Google Workspace or similar.
Posted Nov 10, 2025 15:02 UTC (Mon)
by paulj (subscriber, #341)
[Link] (20 responses)
As stated before, it is technically possible to have a distributed system that includes or relies on a distributed ledger payment system where no one can determine from the ledger, with any useful certainty, how much was sent by whom to whom. Only the sender knows how much was sent to which sub-address. The recipient knows how much was received to which sub-address, but not the address from which it was sent. I.e., a CryptoNote protocol.
Such non-transparent payment systems will ultimately dominate in the space for online, decentralised, distributed payment systems (and already do!), precisely because the older technology of transparent public ledger systems become mired in unworkable regulations. Eventually, the regulatory system will lose here and have to concede - just like in the previous regulatory war on maths in the 90s.
Posted Nov 10, 2025 15:41 UTC (Mon)
by paulj (subscriber, #341)
[Link] (18 responses)
Ergo, users are not sending any money to any specific node. Ergo, users in regime X, where regime X dislikes another regime Y enough that it has punitive sanctions against people within the reach of regime X who might do such terrible things as send messages within a distributed system that happens to have some participant nodes located in or run by people in regime Y, can not be said to have interacted in any way with regime Y.
The shocking rise of illiberalism, even neo-fascism, *across the world* will simply accelerate the adoption of privacy-protecting distributed messaging and payment systems. (Session - getsession.org - possibly being the best of what is workable, at this time, in the messaging system space).
Posted Nov 10, 2025 21:07 UTC (Mon)
by pizza (subscriber, #46)
[Link] (17 responses)
LOLwut?
Party A wants to send email to party B. To do so a token of some "value" must be transferred that can be converted to/from "money" at either end.
No matter how much technical handwavery you layer in the middle, there's no escaping that fundamental fact, nor the fact that national governments have _very_ strong opinions (ie "laws" backed up by literal armies) on the subject of "transferring tokens of value".
It doesn't matter what value I transfer to a sanctioned entity, or how I do it. Legally it only matters that I did so (or directed someone else to do so on my behalf).
> The shocking rise of illiberalism, even neo-fascism, *across the world* will simply accelerate the adoption of privacy-protecting distributed messaging and payment systems.
I'd agree with you on the messaging front, but *payment systems* are another matter entirely. The fundamental problem with distributed payment systems is how said system converts into "real" currency on either end.
Posted Nov 11, 2025 10:37 UTC (Tue)
by paulj (subscriber, #341)
[Link] (16 responses)
To fight illiberalism requires the ability to associate. To fight illiberalism in a state that is willing to use the tools of control against opponents (as has now happened in a number of western "liberal democracies", against dissident motivations across the spectrum - it's not a question of left or right) requires the ability to associate anonymously (at least, anonymous to outsiders). Effective association requires some anonymity in communication, and in acquiring and distributing resources.
To object to such tools because "Lolwut? govs wont like it bruv" is simply not an argument worth considering.
Posted Nov 11, 2025 12:38 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (15 responses)
No, anonymity is helpful if you want to subvert a democracy. Crypto is helpful for paying agitators in a deniable way(e.g. where does Tommy Robinson get money for his luxury vacations?)
If you want to overthrow a dictatorship(what's the point of using euphemisms like illiberal?) what you need is a mass movement that is too big for the state to handle.
The greater control a state today has because of surveillance is because of the current state of technology, you are not changing that by getting democracies to restrain themselves with laws. A dictator will just ignore these, making them completely pointless.
Posted Nov 11, 2025 14:05 UTC (Tue)
by daroc (editor, #160859)
[Link]
(Remember Debian? This is a song about Debian ...)
Posted Nov 11, 2025 14:08 UTC (Tue)
by paulj (subscriber, #341)
[Link] (2 responses)
It is interesting to see how my generation of techies - who when they were young would have nearly all been involved in or at least strongly supported the cypherpunk movement and been against the government in the crypto-wars of the 90s - have with often become more conservative at least in terms of supporting state control. People who once would have invoked May's (popularised by Schneier) four horseman of the Internet as a derisory label, now invoke those horsemen in support of the ever broadening tech-panopticon surveillance state.
Posted Nov 11, 2025 15:34 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (1 responses)
It's possible to write a fictional scenario where these really are the bad guys, but currently on planet earth none of the far to few countries that are actually respecting the rule of law deserve to be overthrown.
Your specific example refers to Syria, the old regime would have collapsed years earlier if they hadn't been propped up by the drug trade and associated money laundering so crypto was very much on the wrong side there.
Posted Nov 11, 2025 17:59 UTC (Tue)
by paulj (subscriber, #341)
[Link]
Posted Nov 11, 2025 15:51 UTC (Tue)
by NAR (subscriber, #1313)
[Link] (10 responses)
In Hungary (an illiberal democracy) the mass movement (a new opposition party) that grew too big to handle was (partly) sparked by an anonymous report that the president pardoned a pedophile-enabler. As far as I know, the guy who noticed that pardon (buried in official communication) and sent it to the press is still anonymous. So having an anonymous communication format has it merits even if a mass movement is required to replace the government.
Posted Nov 11, 2025 16:48 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (9 responses)
it is in a democracy's own best interest that its citizens can communicate safely without being overheard.
Posted Nov 11, 2025 18:12 UTC (Tue)
by paulj (subscriber, #341)
[Link] (8 responses)
We want to communicate anonymously (from the POV of others), without being overheard. We have looked at our threat model and our security requirements, and determined it is best served by obtaining phones running GrapheneOS. You lack the resources to obtain such a phone, and further the regime you are in views the purchase of secure phones as very suspicious - and you are likely to be put (at a minimum) under observation if such a purchase is detected. We have determined that it is best I purchase the phone for you (you havn't the resources), and we do so as anonymously as possible (so we have at least some plausible deniability if detected, e.g. intercepted shipment). I am known, in the wider world, to be associated with you.
One option is for me to use Tor to go to an anonymous online bazaar. Then to use an anonymous distributed payment method to buy a GrapheneOS phone, and have it shipped it to you (ideally, some drop-box or shared address that is at least not /uniquely/ associated with you). You and I know, from experience of others, that there is a minimal intercept rate on such shipments.
This is NOT an unrealistic example of how anonymous communication systems AND anonymous payment systems can be used to help protect activism in some places.
Posted Nov 11, 2025 20:12 UTC (Tue)
by pizza (subscriber, #46)
[Link]
This is an example of a quasi-anoymous communication system that sorta works (except for the glaring problem that it's a literal *phone* which means you're going to be "anonymously" tracked by $telco and/or anyone running an ISMI catcher)
Take away the "phone" part of that and you can piggyback off of public/"open" wifi, again for varying degrees of anonymity. That said, a not-terribly-repressive regime can easily require folks to require some sort of government ID and/or tied to your device [1] as a condition to grant access to said wifi. And said regime can easily require all traffic to be routed through "great firewalls" or some other classification/inspection/tracking system [2]
And sure, you can interpose middlemen, but when $oppressive_regime has no qualms about disappearing its own citizens, all you'll accomplish is a slight delay in how long it takes your door to be kicked in.
> One option is for me to use Tor to go to an anonymous online bazaar. Then to use an anonymous distributed payment method
Again, the vulnerability here is the ability to convert this "payment method" into $national_currency on either end. Those exchanges are the choke points that governments can, and do, go after.
...I keep coming back to the "what threat vector are you trying to protect yourself against" question. Because a guido wielding a gympie trounces technical handwavery... every. single. time. (see xkcd #538)
[1] I experienced this a decade ago when traveling in the Middle East.
Posted Nov 12, 2025 13:12 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (6 responses)
It's unrealistic to the point where it looks like a parody. Is it intended as one?
Phones are widely available in almost all countries, it is rarely a hard to get item. In a country where they are hard to get, North Korea, they have implemented some kind of authorization scheme so only government provided phones can actually connect to the network, an activist firing up your graphene os phone will be arrested immediately.
(I believe they do have provisions for tourists calling abroad, but an activist trying this will be noticed and arrested)
Posted Nov 12, 2025 17:08 UTC (Wed)
by paulj (subscriber, #341)
[Link] (5 responses)
1. proceeds to give an example of a country where phone purchases generally are restricted as described
If your argument really is that activists never need to buy anything that may be sensitive, where anonymity is desirable, then it is your argument that is parody.
Posted Nov 12, 2025 17:10 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted Nov 12, 2025 19:02 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (3 responses)
> "It's so unrealistic it's a parody!"...
> 1. proceeds to give an example of a country where phone purchases generally are restricted as described
No, I'm pointing out that anybody trying to use your OS if likely to be arrested very quickly. The phone will need to authenticate itself to the network in order to prove that it is indeed an approved phone with the correct spyware installed.
> 2. fails to spot that my comment says "You lack the resources to obtain such a phone",
No, I'm saying that phones are ubiquitous, access to one is not a limitation and I'm saying that getting a Graphene OS phone is not going to help if you are physically in a dictatorship.
What activists need to do is to make their electronic signature as innocent as possible. One common tactic is to post coded messages to a popular forum that also used by normal people.
With your solution, as soon as the police finds the first activist with with a Graphene device, they will know what the traffic looks like and can use that that simply the search for the rest.
Posted Nov 12, 2025 19:28 UTC (Wed)
by pizza (subscriber, #46)
[Link]
Along those lines, the Iranian revolution in the late 70s was famously seeded via already-ubiquitous cassette tapes of Khomeni's speeches.
Posted Nov 13, 2025 10:11 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (1 responses)
Thus, your goal is to not do anything that would give the police a reason to look at you; you're reliant on the fact that there's more citizens than police, and thus they cannot monitor everyone in depth. The moment you do something that marks you out as "odd", you're either fully compliant with the regime (just slightly weird - maybe you like brandy more than vodka), or you're marked out as a troublemaker and they will find a way to get you.
Posted Nov 13, 2025 11:54 UTC (Thu)
by malmedal (subscriber, #56172)
[Link]
Posted Nov 10, 2025 16:13 UTC (Mon)
by Wol (subscriber, #4433)
[Link]
And as far as I can tell, both you and farnz are in violent agreement on this point!
As farnz keeps on banging on, the problem is SOCIAL, and there is no way from a SOCIAL perspective that anything like this will take off.
Cheers,
Posted Nov 10, 2025 17:48 UTC (Mon)
by anselm (subscriber, #2796)
[Link] (3 responses)
Sez you. When the tax man rings my doorbell I'll refer them to you.
Anyway, as I said, the whole payment-for-mail issue is moot as far as I'm concerned because, as I've outlined in my previous message, there are better approaches for “next-gen-email-replacement systems” that don't even involve money (let alone shady cryptocurrencies).
Incidentally, one problem that makes me not like the pay-to-play approach to email is that I run a bunch of mailing lists (some with a few hundred subscribers). If I need to pay a trivial amount for each email message sent across these lists, that trivial amount times the number of subscribers times the number of messages per day at some point becomes not quite so trivial anymore. The obvious solution to this is to charge mailing list subscribers, but then hey, suddenly instead of someone with a fun hobby I'm a news publisher running a paid-for service for the public and again all sorts of regulations start to apply (apart from the hassle connected with having to ensure that every subscriber puts their contribution into the kitty). Why would I ever go for that sort of thing when right now I don't need to pay anything above the cost of the mail server, which is a trivial amount?
Posted Nov 10, 2025 18:00 UTC (Mon)
by paulj (subscriber, #341)
[Link] (2 responses)
If your understanding of what I've been sketching is a system where you have to manually charge people each time they send their message to your distribution group, then... let's just leave this. (It's way OT anyway).
Also, again, there's no tax obligations for a group of people running systems for informal associations. There are all kinds of clubs out there, where people pay money to cover the costs the activity of that club (e.g. hosting a website, hosting races for things like running and cycling clubs, buying club kit, etc.), and it's all on an unincorporated basis and there are no tax obligations on the club or the person who handles the money for the specific activity that generated the cost, if there are only costs involved. Both English and Irish law definitely have the concept of unincorporated associations, I know this for a fact, and I'm pretty sure there is an equivalent in germanic jurisdictions - that probably then covers very large swathes of the world, given how many others derive from those in some way.
Posted Nov 10, 2025 18:04 UTC (Mon)
by paulj (subscriber, #341)
[Link]
Posted Nov 10, 2025 19:02 UTC (Mon)
by anselm (subscriber, #2796)
[Link]
Now you're building the strawman. Obviously, the way this would really work is that people subscribe to the mailing list in the way they would subscribe to a magazine, i.e., X amount of money/month gets you everything that goes through the list. You would calibrate X such that your cost to send N messages per month to M subscribers would be less than X*M. Depending on the readership and volume of your mailing list, X*M can be a non-trivial amount of money. You would still have to have some sort of infrastructure to sort out every subscriber's payments (especially since, for d…n sure, you don't want every subscriber to have to deal with the likes of Monero), and depending on how big X*M is, you're absolutely running a commercial enterprise here.
Again, the whole idea of founding an email system on micropayments is something that will never fly, anyway. There are better ways to fix email which also require large numbers of participants to warm to the idea but don't involve money.
Posted Nov 7, 2025 16:00 UTC (Fri)
by paulj (subscriber, #341)
[Link] (5 responses)
Posted Nov 7, 2025 16:14 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (4 responses)
From my end, this is undebuggable; I know how to handle it in normal cases, but not here.
With the conventional banking system (SWIFT, for example), I'd raise a complaint with my bank; they would then identify where they sent the money, and would either present to me proof that it had been received at the intended recipient, or refund me if they could not trace it to the destination I told them to send it to.
With the card system, I'd open a merchant dispute via my card company, and they'd give the merchant a chance to respond to the dispute (which identifies the transaction to the merchant as part of the dispute, so if it's just bad record keeping at their end, it gets fixed). If the merchant doesn't respond adequately, in the view of my card company, then I get a refund.
Posted Nov 7, 2025 16:54 UTC (Fri)
by paulj (subscriber, #341)
[Link] (3 responses)
I suspect your custodian has a minimum withdrawal amount, and the .012 XMR was well below that and hence was never sent. Whether that resulted in the amount being taken from your balance with them, I don't know. In which case, for tiny payments you would need to use a proper wallet under your control (e.g., Monerujo is on F-Droid, perhaps Cake wallet is good too). That's a social issue wrt demand, at this point in time - not a technical one.
Posted Nov 7, 2025 16:57 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (2 responses)
The reason for sending that much is that it put me just over their minimum withdrawal amount (I paid them £2.50 in total, including their fees, plus the cost of the Monero).
But again, this is a migration issue - I'm not plugged into the Monero ecosystem, and I have no idea how I'd get Monero other than via a company like Binance. Again, if your system depends on people plugging into Monero, how do you expect people to know this sort of detail?
And it's not like SWIFT, because with SWIFT, I identify the transaction to my bank, and they take responsibility for following through to confirm that it either arrived, or didn't. If it didn't arrive, they'll refund me - and I can try again. I'm not entirely sure what the equivalent is here.
Posted Nov 10, 2025 12:00 UTC (Mon)
by paulj (subscriber, #341)
[Link] (1 responses)
I don't think Binance list Monero anymore, cause Monero is too good at what it does. We're basically in the middle of a repeat of the US' war on cryptography in the 90s. Mostly led by the EU this time. Just like then, it will fail, cause you can not unlearn and ban math. The CryptoNote paper exists, it's a beautiful paper - probably one of the seminal works in distributed consensus along with the papers on Bitcoin, Paxos, Radia Perlman's Byzantine General Routing System paper/Ph.D., Lamport's clock, and such - and they can not make it go away. Just like in the 90s, they will lose. (I need to get a T-shirt printed with the key equations from CryptoNote, like the old RSA t-shirts from the first crypto war).
So yes, this technology is still early days, it is not well integrated into other things, and it won't be for a while for various social reasons around distributed payment technologies and the clash these cause with state desires for tight control. Distributed payment technologies will win out eventually though.
If you want an entity to deal with, who will handle everything and indemnify you, there will be such entities. The existence of a technology that allows anyone to participate does NOT prevent anyone setting up a business around it so you can have a more traditional interface to it.
Posted Nov 10, 2025 12:10 UTC (Mon)
by farnz (subscriber, #17727)
[Link]
It sounds, though, like what you're saying is "this technology is too new and unreliable for people not yet willing to dive in fully", which in turn makes it completely unsuitable for sending money to pay for e-mail delivery. I have to commit to replacing my existing financial management (which I'm happy with) with a new technology I don't fully understand or trust, replace my existing private mail server (which I'm happy with) with a new one that I don't fully understand or trust, and do so for questionable benefits (since the assertions around what's going to work in the new system are at odds with the history of Prestel and of SMS).
Posted Nov 6, 2025 17:21 UTC (Thu)
by dskoll (subscriber, #1630)
[Link] (3 responses)
Once again:
Posted Nov 7, 2025 10:34 UTC (Fri)
by paulj (subscriber, #341)
[Link] (2 responses)
Your mother? Probably nothing changes.... She keeps paying with her eyeballs and data. Others may choose to avoid that and pay actual money in some new communication system. That's how it already is today with email. The only thing that changes is that instead of layers of hacky side-protocols under the hood to try stop spam, you just have one clean micro-payment layer to make spam uneconomical. The business model around that, that affects UX, can vary in many ways.
You would not design a new messaging system in the way email is today.
Posted Nov 7, 2025 13:05 UTC (Fri)
by pizza (subscriber, #46)
[Link] (1 responses)
Of course not. You'd design it to be controlled by a single party (ie you), only accessible via official applications (backstopped by DRM), and explicitly monetized (everyone pays-to-use *and* forced unskippable advertisements) with all payments going solely to you.
(ie the wet dream of AT&T and what every big-tech's IM system aspires to be)
Posted Nov 7, 2025 13:16 UTC (Fri)
by dskoll (subscriber, #1630)
[Link]
pizza is right. Anything designed today would benefit oligarchs and data brokers and oppress its "users". We should thank our lucky stars email became entrenched before the Internet enshittified.
Sure, but now you're telling me that, if I want to do e-mail, I have to expose my account details (which can thus be drained) to my e-mail system. That's a new avenue of attack, and given the amount of e-mail I send anyway, is one where I'm much more likely to not notice that One Weird Transaction that drains my accounts (because a transaction on every e-mail send is normal).
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
You're making it hard to send e-mail, then.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
If I pay in batches in advance, and I happen to run out of credit just as I send e-mail, how do I top-up without paying more? If I can send on credit, and top-up later, why wouldn't a spammer send on credit, and "forget" to top-up? Similar with big tech; if they're letting me pay with eyeballs and data, why wouldn't a spammer create many new accounts that they can use to send spam (as they already do today)?
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
So, we come back round to why would anyone switch to a pay-to-mail system?
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
It works well enough for most use cases - any new system has to have good reason to switch.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
No; there was charging done, but then fraud and other criminal activity meant that the money didn't actually transfer as intended, or the charges were undone by court order.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
You don't need to change the ledger - it's entirely allowable to have the original transaction in the ledger, and a later transaction that reverses the full effect of that previous transaction.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
vast vast majority of email providers are companies and already taking payment from /someone/ (whether the email sender, or the advertisers who want to place ads before the email senders).
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
And note that you can't control who your friends and family choose as mail providers. For example, my home mail server (used by 3 people - me, my spouse, my mother) regularly sends mail to a server belonging to a sanctioned entity. This is fine, legally speaking, because no money is involved; I'm forwarding data from my mother's mail client to her friend's mail server, and the mere act of forwarding data is not sanctioned.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
If you want to overthrow a dictatorship(what's the point of using euphemisms like illiberal?) what you need is a mass movement that is too big for the state to handle.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
[2] This capability continues to be demonstrated by China
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
2. fails to spot that my comment says "You lack the resources to obtain such a phone", so either I have to send you money somehow (anonymously) or I have to send a phone.
3. I may also be in the same restrictive regime, I just happen to have the resources to be buy the item.
4. There may be numerous other types of items useful to activism that one may wish to purchase for oneself or others anonymously.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
The key to this is that "innocent until proven guilty" is an artefact of liberal societies. If you're in an illiberal society of some form, once you've been identified as a troublemaker, you will be found guilty of something; if necessary, police will plant or forge evidence to show that you've been involved with something society at large considers abhorrent.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Wol
Email insecurity (was One of the great benefits of Open Source)
So... it's just a strawman. There are no regulations nor taxes that would apply to some trivial-scale "friends and family" next-gen-email-replacement system.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
If your understanding of what I've been sketching is a system where you have to manually charge people each time they send their message to your distribution group, then... let's just leave this.
Email insecurity (was One of the great benefits of Open Source)
OK, so how do we debug this? I sent the money, as far as I can tell, and you didn't receive it. My records show that I paid Binance to send 87774rpgLdmjCFLqyV3BYN6VwBzdvaVbccVUF2K3NHGEFyoQKxCTqcxeDcPHpQPixqitthXhYK5uGbYuFExff24ACiaAUkH a total of 0.012 Monero just before posting that comment; your records show that it never arrived.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
I'll ask Binance for those details; they did confirm that they sent 0.012 XMR, however, but didn't give me a transaction ID or a transaction view key at the time.
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
I don't see how to set up a Monero wallet that accepts GBP; I sent you money using a payment from my credit card (which I paid off).
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)