cross-posted from: https://beehaw.org/post/20493770
^ indeed this is cross-posted back to the same community it originated, because slrpnk.net was offline when the post was introduced and Lemmy is not advanced enough to sync caches with original communities.
Email is a non-starter for reasons such as not being in control over who the other party chooses as an email supplier (thus resulting in Microsoft being fed all email traffic).
So snail-mail is the winner. My snail-mail obviously gives a mailing address. From a practical standpoint, that’s all I need. But it would be good to show some kind of electronic means of communication in the letterhead. Not directly for practical use but more of an expression that says “I’m not a luddite but you need to fix your shit” (in so many words).
Requirements:
- must be secure. A low standard of security is fine; it just cannot be so shitty that giant surveillance capitalists can see and exploit the payloads.
- must not rely on any non-standard or proprietary protocols.
- must have at least one FOSS toolchain available.
- must be suitable for documents sent asynchronously.
- ideally a different unique address can be furnished to each recipient.
Candidates:
- XMPP
- onion e-mail (email service by surveillance capitalists cannot send to @*.onion addresses)
- (hypothetical) clearnet email address hosted by a server that blocks inbound MS & Google server connections
- fax number
One problem with the above candidates is I don’t think the 1st two options have any kind of aliasing (I only know of one onion email service that deliberately lacks a clearnet alias, and it does not have aliasing on the userid portion). So I would have to create many accounts and they would never actually get traffic. They would just be symbolic. And the third candidate does not even exist AFAIK.
Problems with the fax number: these are not cheap and I would need a fax number for different countries. Also fax services are gatewayed so some senders send an email to a fax service the dispatches a fax, in which case Microsoft would still see the payload.
For email I try to at least proxy my addresses and then encrypt it on the way to my real email account, but I basically just do that for fun without knowing if it really helps. To complete my privacy LARP, I log into my email via ArcaneChat, which plans to support XMPP at some point in the future.
Anonaddy.com is (AFAIK) the only forwarding service that will encrypt inbound msgs using your pgp pubkey. And I use it, but it is useless for cutting Microsoft out of the loop. MS has already seen the payload before it even arrives at the forwarding server.
Thanks for pointing out ArcaneChat. I had not heard of it. First glance, it looks like Deltachat. What happens if an MS email user sends a msg in-the-clear to an ArcaneChat recipient?
Well governments will use any open standard that can reliably contact individuals (as that is the easiest way to do their jobs) That is why the 3 most supported options are:
- phone
They would use IRC, XMPP, Matrix, etc if they would reliably send you a message and enable them to reliably receive messages from you. The problem is that those options are not reliable.
The other alternative is they provide a website (that they control) that you can login in to but it is then on you to routinely login and people are bad at that and thus few organizations even support that approach.
I find XMPP to be /more/ reliable than email, which is largely due to anti-spam zealots like #SpamHaus who block or blackhole email on the basis of IP address, along with countless other anti-spam techniques that cause collateral damage to legit email. I actually cannot send email to Google or MS users because of this crazed zealotry that has lost sight of the purpose of security: availability.
XMPP is certainly glitchy and has a variety of issues, but at least it has not yet been sabotaged by anti-spam zealots, and large corps using anti-spam measures as an excuse to break the platform for those not patronising a large corp.
The other alternative is they provide a website
That’s for person→gov msgs. It is not something I can put in my letterhead as a way for them to reach me. Also, the webforms likely just result in an email transmission that traverses MS servers in-the-clear anyway.
You could set up an incoming email gateway to xmpp so that companies can at least still send you some notifications or password reset emails etc.
If the gov can use email to send a msg, then the payload is seen by MS before it reaches the gateway.
Deltachat might work for the third candidate.
I’ve installed Deltachat but not experimented at all with it. What happens if someone sends an unencrypted msg to an email account that uses Deltachat? I would expect the msg to still be accepted by the mail server and MS to still see the unencrypted traffic.
