Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To be fair, some of us have been calling attention to this problem for a long ass time, and nothing is being done about it.

E-mail needs to be a regulated utility, given that getting locked out of one’s email happens all the time with catastrophic consequences.



Don't single out email. The problem is much larger than that. Any big megacorp nowadays figured out that the best way to do whatever they are doing is to provide the service to the median consumer, and just cut the rest out as perfectly as they can. It started with the idiotic get a number to wait in line at the branch offices, IVR audio labyrinths on the phone, completely useless self-service portals, and now there are no branch offices anymore, and in many cases the "helpdesk" is just a dumb caricature of a robot in a fucking submenu of a tragedy of a hacked together mobile app.

Sure, it's great that gmail is cheap, after all "it's free". But Google (and MSFT, fuck outlook.com in particular for their completely anti-competitive spam "protection" that only accepts email from other big providers) cross-finances gmail from their ad business, completely distorting every kind of service and product markets.

---

For email in particular what's needed is a LetsEncrypt-like community-driven solution for reputation management and acceptance of emails from reputable sources by the big inbox providers.


Why does email need to be a regulaty utility when there are other methods of communication?


Great question!

The long version (if it’s patronising please skim forward, I’m writing as an explainer for anyone else that comes along):

E-mail was originally a means to communicate informally between two participants over the Internet.

In this early version of the system the message would leave your machine, go to your Mail server, then the recipients mail server, then their inbox. This would complete the transmission and a copy would exist at both ends.

Companies providing ostensibly free online e-mail inboxes have slick sign-up funnels that on the surface seem to be offering a very similar system as the one above, with very little in the way of regulation around either the sign-up funnel or the mailbox (and which do not explain the catastrophic life consequences that can occur as a result of losing access to your mailbox).

These new mailboxes work differently from those of the early Internet, though:

1) Your mail is sent to your mail server. A copy may or may not be retained locally.

2) Your mail server transmits the message to the recipients mail server as before.

3) The recipient receives a notification of the e-mail and may or may not retain a copy locally.

This infrastructure is ubiquitous and now not quite 30 years after the early Internet we have an issue where you’ll be required to have an e-mail address for almost all public services and common accounts that have little to no online component. Your entire life, more or less, may pass through that inbox.

If one day you lose access to the account (in that you insert your password and the provider says no), you will lose access to your entire e-mail history.

You may attempt to reset some passwords for essential services, but you can’t, because they’re sending e-mails to verify your identity - which you’ll never be able to receive.

You move on, create a new account, and attempt to start over. However, e-mails - potentially important e-mails containing personal information - continue to be delivered to a mailbox that you can’t access ever again. Maybe you miss some important alerts.

Perhaps it was a gmail account that had your entire photo and video history in google photos. That’s now gone too. With your passwords, if you’re using chrome passwords.

You rebuild, and a couple of years pass, and perhaps someone else gets access to your account (either through a hack, or a rogue employee with access rights, or someone who guessed a badly thought out password).

You never find out that the account was accessed, so have no-one to complain to, and maybe you end up with savings or 401K/pensions getting emptied. Which in a lot of cases wouldn’t be discovered until they’re due to be collected.

Some of the above might sound far-fetched, but you’d be surprised how much having access to an email inbox is accepted proof-of-identity in 2022.

Hence the need for regulation.


My mailing address and phone could also be key factors in my life related to identification but there is little regulation there.

"If one day you lose access to the account (in that you insert your password and the provider says no), you will lose access to your entire e-mail history"

This comes down to personal responsibility assuming you lost the password or even if it's the companies fault you should prepare for thus.


Really Original e-mail, the mail server was your computer (mainframe) where your account was. It's Greg@ because that's Greg's username when he logs in. Greg doesn't need outlook because his mail is just a folder of text files. There's a mail agent but it's running on Greg's computer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: