pull down to refresh

Email has been broken for a long time. It was designed for an internet where only people with access to really expensive computers could ever user the internet (i.e. prior to the 90s). Email spam became a problem when the general public got access to the internet. That was the point when the internet really became an adversarial environment. Email should have been replaced by 2000, but people just haven't suffered enough to justify such a replacement protocol.
I started work on just such a protocol last year, but then I got busy thinking about Nostr. An email replacement is a complicated thing to make (I've worked out a lot of the details, though), but it's also takes a lot of time to make (which I don't have).
The guy in the article mentions a few standards that make email far less scammy / phish-y, how does your idea differ from those? Cause I do agree with the OP article, that the standards and tech are fine, it's really a business / cartel style thing stopping perfectly serviceable open standards.
If your recipients are largely captured by the email giants, which is kind of the "held constant" assumption as time goes on, it's really a chicken and egg question -- does one focus on a new standard or on changing behaviour of the majority of recipients... Because I also really hate the modern "we sent an email conf" flow where random companies who I know aren't fucking it up get bounced by gmail and I have to wait around for a confirmation email or ask them to re-send... Most people don't think about that human/business aspect and just want the email conf "to just work (in less than 1 min)"
reply
The guy in the article mentions a few standards that make email far less scammy / phish-y, ...
DKIM, SPF, and DMARC only reduce spam which is sent from misbehaving email servers/senders. But those standard don't stop spammers who send spam from email services like Gmail and iCloud, and from corporate email accounts whose credentials the spammers stole. All those email servers have perfect DKIM/SPF/DMARC records. And yet, I see a lot of spam coming from Gmail, iCloud, and corporate email servers.
it's really a business / cartel style thing stopping perfectly serviceable open standards.
Standards rise and fall; corporations and nation-states can't stop people from switching from one protocol to another. The reason email hasn't been replaced is because a sufficiently better replacement has not been made yet. And if that replacement was good enough, corporations and nation-states would switch too.
how does your idea differ from those?
See my other comment for an incomplete description. In short, my idea was to make a completely different protocol to replace email.
reply
Can you share some details about your idea?
reply
My idea (codename Clomus) is a protocol that shares some similarities with Nostr. Clomus involved relays, thick clients, and no accounts -- like Nostr. But unlike Nostr, I designed Clomus to be just an email replacement -- Nostr is far more flexible than that.
Every Clomus message was to be end-to-end encrypted (unlike Nostr). Clients would send messages to random relays, telling each other ahead of time where they were going to send their next message. Clomus was to use HTTP, whereas Nostr uses WebSockets.
In order to make spam infeasible, Clomus clients would do a few things:
  • Clients would never re-use a pubkey. Messages would be addressed to a pubkey at a relay, so spammers would have to guess random pubkeys/relay combinations (or run relays that tried to spam users, which would fail due to the next thing).
  • Clients would ignore all messages that weren't signed by the expected sender pubkey (i.e. the pubkey of the person you are talking to). Random messages sent to one of your temporary pubkeys would be discarded by your client software.
The only way spam could get into a Clomus inbox would be if someone you were communicating with either (a) had their device compromised and leaked data to a spammer or (b) the person you are talking to was secretly a spammer the whole time. In those two scenarios, spam is unavoidable. But almost all email spam comes from email addresses you've never interacted with before, so Clomus would be a substantial improvement over email.
Clomus relays would reject unencrypted messages -- whereas Nostr allow unencrypted messages. To avoid storage and centralization issues, Clomus relays would set a max size for each message and a maximum number of messages. Nostr relays could do this, but AFAIK none do that presently.
I should mention that Nostr is far more flexible than Clomus. When I found Nostr I realized that I should just build Clomus on Nostr. But I never got around to implementing Clomus in any form, because I ran out of money and absolutely had to get a job. Now, I have next to no time to work on Clomus or any of my other projects. Plus, I'm a slow programmer.
I've left out some critical details, because this post has gotten too long. If someone wanted to take up this idea, I'd be happy to talk that person through every aspect of Clomus.
reply