| ▲ | Nifty3929 4 days ago |
| To me the most important objection is that an email is a record of something, and needs to be self-contained and immutable for that reason. When I get an email, I want to know that I can always come back to that exact email for reference, and that there's no way that it can have changed, or that the important information is externally referenced (and therefore also subject to change). I think this is one important reason that more and more emails are just links to some website with the information on it (often with a login required as well). It allows the company sending you the email to retain control of that information. If you email me a text or PDF invoice, I can always come back to it for my own reference. If you send me a link to one, there's no guarantee I can still access it later. |
|
| ▲ | ChuckMcM 4 days ago | parent | next [-] |
| I believe this is exactly correct. Email is a 'paper trail' and being able to change that paper trail ex-post facto benefits the sender waaaaaaaaaaay more than it does the receiver. I met an engineer from Google who quit when they insisted on "dogfooding" this. They used the example, you send an email that says lets meet for dinner tonight at 6. You arrive and after 30 minutes begin to wonder, go back to your email and now it says meet "tommorow night" at 6. Are you crazy? Did you misremember? Or did the sender change the email after they sent it and you read it? How could you complain? As I understand it, it was met internally with "that isn't what we mean." But the ability to send HR important announcements and then change them after the fact is a capability that is just too tempting for HR to resist at some point. |
| |
| ▲ | parl_match 4 days ago | parent | next [-] | | > They used the example, you send an email that says lets meet for dinner tonight at 6. You arrive and after 30 minutes begin to wonder, go back to your email and now it says meet "tommorow night" at 6. Are you crazy? Did you misremember? Or did the sender change the email after they sent it and you read it? How could you complain? This is a calendar invite. And this is a completely valid use case, but it's useless if I don't have an edit log. It's crazy how many people miss that last part. | | |
| ▲ | ChuckMcM 4 days ago | parent [-] | | In current email you get ANOTHER email that says the invite has been updated. While it changes "automagically" on your Calendar. That second email is critical. | | |
| ▲ | 5- 4 days ago | parent [-] | | when i was forced (thankfully, briefly) to use outlook (web version), one of the big surprises was that rsvp'ing on the invite deleted the message. several times i came looking for that invite and felt gaslighted not to have it in my inbox. | | |
|
| |
| ▲ | dimensional_dan 4 days ago | parent | prev [-] | | It's probably going to be even worse than that - HR (and everyone else) will probably then have to implement process and procedure and storage mechanisms to prove that emails have not been changed. This might mean storing emails in a document control system. Email is bad enough but now we're all going to have to keep a mirror in SharePoint or something like that. | | |
| ▲ | coderatlarge 4 days ago | parent [-] | | i do this with email from my financial institutions that i care about. i login to their “secure messaging “ portal and grab pdf export of the web page. |
|
|
|
| ▲ | albert_e 4 days ago | parent | prev | next [-] |
| Absoutely agree, Gmail started scraping all emails a decade ago. Amazon responded by removing all product and pricedetails from Order confirmation and Order shipping emails. We consumers lost out -- we dont have our own copy and archive of what we ordered. If Amazon links perish to link rot and we lose access to Amazon login, our past order and spend information is gone. |
| |
| ▲ | mattzito 4 days ago | parent | next [-] | | FWIW, as far as I'm aware, it wasn't gmail scraping that was the cause of Amazon pulling that information. It was third-party plugins that read people's inboxes to provide them with coupons, discounts, etc., and those companies would sometimes sell the pricing data. I assume Amazon wasn't thrilled about that, but there wasn't anything they (or gmail) could do about it as long as the user was granting them access to their inbox. But also - I just ordered something off of amazon and I noticed that the confirmation had the item that I ordered in it, albeit in a shortened/summarized way? So maybe they brought it back, figuring that with just part of the name, there's not much someone can do with the pricing information? Or maybe they just don't care anymore? (disclosure: I work at google, but not on this, but worked adjacent to the gmail team for a few years and am going off of my memory. I'll also tap the sign that Google doesn't mine your gmail for ads, for both consumer AND paying customers). | | |
| ▲ | iamacyborg 3 days ago | parent [-] | | Shopify in particular launched an app with the option of scraping your inbox. |
| |
| ▲ | joshstrange 4 days ago | parent | prev | next [-] | | When reconciling my budget (with YNAB) I often use gmail as my way to connect items to transactions [0]. I've found that I can just search for the amount that my card was charged in my email and find the Amazon email that relates to that order. Then, normally from the body, there is just barely enough information for me to know what I bought. That got annoying enough that I just wrote a chrome extension to scrape Amazon orders/transactions and auto-match and update my YNAB memo line with a summary of the items. That's a bit of a tangent just to say: yes, they nerfed their emails but not completely. [0] Yes, YNAB recommends that you enter transactions right as you make them, but that's not how I use it. | | |
| ▲ | Fire-Dragon-DoL 3 days ago | parent [-] | | Amazon has a "Transactions" tab in the payments section of your account that makes this easier (YNAB user here) |
| |
| ▲ | kevin_thibedeau 4 days ago | parent | prev [-] | | Gmail has always scraped emails. That was in the TOS from day one. Your data was the price for the free service. | | |
|
|
| ▲ | mcv 4 days ago | parent | prev | next [-] |
| > more and more emails are just links to some website with the information on it (often with a login required as well) And a 2FA SMS sent to your phone. > If you email me a text or PDF invoice, I can always come back to it for my own reference. If you send me a link to one, there's no guarantee I can still access it later. Download it. It sucks having to do that and maintaining your own archive instead of trusting your mailbox, but I guess there's some advantages to that as well. |
| |
| ▲ | Nifty3929 4 days ago | parent [-] | | Sure, I can download it if they send it as an attachment. Not so easy when it's an external reference. I guess I could login to the website and download... the web page? Well anyway I'm not going to. |
|
|
| ▲ | LoganDark 4 days ago | parent | prev | next [-] |
| > I think this is one important reason that more and more emails are just links to some website with the information on it (often with a login required as well). I hate this with all of my being. It's awful. Send me an email that tries to tell me how important the information is without actually giving me the information... and I won't read it, fuck you. You don't get to decide which information I find important. |
| |
| ▲ | xp84 4 days ago | parent [-] | | I agree wholeheartedly -- it's like getting a postcard saying "You have an important message from your doctor, go visit the doctor's office to find out what." I respect that some of this is ass-covering because of overreaching regulation (or in many cases probably overly-conservative readings of the vague regulations) especially with respect to HIPAA and Euro-style "Privacy" legislation, but personally I'd prefer to opt-out of all types of nanny-ism trying to 'protect my privacy' by sending me content-free email with links, that then require that I 'click to view' and then, 90% of the time now, return to my fucking email to retrieve a stupid code. | | |
| ▲ | l72 4 days ago | parent | next [-] | | I would happily go into my bank or medical provider and upload my pgp public key for them to encrypt emails with… Email is an incredibly important communication database and I expect my important communications to be there and be searchable. | |
| ▲ | LoganDark 4 days ago | parent | prev [-] | | My doctor does it ("you have one new notification, log into our system to see it"), financial systems do it ("something something happened on your credit report, log into our system to see it"), legal systems do it ("you have something something communication, log in to download it"), etc. It's utterly infuriating. | | |
| ▲ | SoftTalker 4 days ago | parent [-] | | Some of these places are between a rock and a hard place. HIPAA or other rules may prevent a doctor from using email to send you personal medical information such as test results. For any of them, email isn't "secure" and they don't want to be accused of "leaking" personal or confidential information. GPG exists, but it's been a non-starter for the average user the entire time, so no reason to expect that it will suddenly become workable now. | | |
| ▲ | briHass 4 days ago | parent | next [-] | | Ironic, because it's assumed your email is insecure and visible to more than just you, but it's used as a password reset and/or 2FA mechanism for almost everything. It would be nice if sites had a checkbox that allowed you to affirm that your email is secure and private, so then detailed emails were sent. | | |
| ▲ | SoftTalker 4 days ago | parent [-] | | There's no way to guarantee that. SMTP is not a secure protocol. Your message could be read by any intermediary along its delivery route. | | |
| ▲ | grayhatter 4 days ago | parent [-] | | It is possible to deliver emails IFF the receiving server presents a valid TLS connection and cert. I don't think I've seen anyone actually enforce that though. | | |
| ▲ | SoftTalker 4 days ago | parent | next [-] | | Yes but the server itself has full visibility on the message while it is handling it. It can scan it for viruses, parse it for ad insertion, feed it to train an LLM, just keep a copy of everything, whatever. | | |
| ▲ | grayhatter 4 days ago | parent [-] | | yeah... that's why it's important to be able to trust your email provider... I assumed you meant anyone passing along the message, like a router, or rogue ISP. I was more going for the idea that you can make SMTP secure from sender domain to destination domain. If you don't trust your host, nothing else really matters, in all cases. |
| |
| ▲ | kevin_thibedeau 4 days ago | parent | prev [-] | | SMTP can use intermediate relays. TLS doesn't guard against the middlemen. | | |
| ▲ | xp84 3 days ago | parent | next [-] | | I recognize that that is part of the protocol's design, but how common is that in practice on the modern Internet? If I'm using say, Outlook, or even some personal home server, and I have mail for example @ gmail.com, I would expect two things: 1. Microsoft, or my server, would look up the MX for gmail and send the email directly there, where I'd presume it's safe from maliciousness (obviously Google itself has access to it, I admit) 2. The only server that would accept mail from my server and relay it for me would be someone I'm paying, and they probably would accept it over TLS right? | |
| ▲ | grayhatter 4 days ago | parent | prev [-] | | When I suggested using TLS, signed by a trusted cert authority; and you're imagining some system, where a message sender connects to some 3rd party middleware box to relay the message, and this middleware box has a cert for the destination domain? |
|
|
|
| |
| ▲ | LoganDark 4 days ago | parent | prev | next [-] | | It could also be that they want to know when some communication has been received (by the real person, not the email server) and that's not possible with email. I still maintain that I hate that practice because I just don't want anyone to have that information, I want to be invisible. | |
| ▲ | AStonesThrow 4 days ago | parent | prev [-] | | > HIPAA or other rules Sure, sure, rules, yeah. But there are plenty of reasons that are as numerous as reasons to build a walled garden. If they’re storing your records, then they control the audit trail. They detect every time you, or someone, visited that site, logged in, viewed pages, downloaded or viewed a document, changed settings, updated profile, added contact info, deleted contact info. They control the expiration and retention periods. They control the file formats. They control the uptime and the downtime. They control the horizontal and the vertical. Oh wait, that’s on T.V. There will be increasing gauntlets to run and obstacles and hurdles to the consumer getting our hands on documents and information. Until we really need that proprietary online viewer to open the file at all. Or at least their mobile app. Or you could pay fees for records access. It costs them to store it all, does it not? | | |
| ▲ | SoftTalker 4 days ago | parent [-] | | Absolutely those things are all valid concerns. But even if they are not doing those things, email is problematic for delivering confidential information. | | |
| ▲ | chii 4 days ago | parent [-] | | If physical post is acceptable for such things, i see no reason why email cannot be held to the same level. | | |
| ▲ | AStonesThrow 3 days ago | parent [-] | | Often the postal mail is required by regulations, such as when your bank sends a notice or disclosure, or some creditor sends you a bill, or a government agency sends something in the mail. Whether or not you’ve gone “paperless” matters not, when they are legally required to send a paper letter. And it drives me crazy, because it never fails that the most important and most informative letters are not even backed-up by an electronic copy, and so these days, the onus is on me to scan the letter into Google Drive or OneDrive, and I've been using my smartphone to do it, one page at a time. And that's the only way I can keep a searchable, accessible record of the most important communications, by scanning them back in from the paper. But here's what the email situation looks like, with a USPS analogy: you receive a letter from the tax office that says they have a message for you. And the letter has arrived at 5:30 p.m. on a Friday evening. So on Monday, you get your ID and you drive down to the tax office. Except you can't immediately drive, because you don't own a car, so you walk to the library to borrow a car. The library says that you can borrow a car, but they need another household bill that you didn't bring with you. So you walk back home, and you get the documentation the library needs, and you walk back to the library, and you borrow a 1995 car, and you drive to the tax office, and the tax office says that the message for you says that they need a check from your bank. So you go home, because it was already late in the day. And then you walk back to the library, and you borrow another car, and it’s a different car, so you learn how to use this car, and you drive to the bank. And you ask the bank for a check. And the bank needs additional ID, so you go home, and you gather all the ID that the bank needs, and then you drive back to the bank, and you ask them for a check again, and then the teller says that they can give you a check, but the checks are issued in a different branch. So they give you a voucher token for your money, and then you have to go drive to the other bank branch across town to get your money. So you arrive at the bank branch that has the money, and after 15 days you have the correct ID and all the documentation and you also have the voucher and the token to take the money out and get the check. So you obtain the check, and then you take it home and return your library car, because it's late in the day. And then you wait over the weekend, because it was a holiday weekend. And then you gather your ID again and you put your tax check in your pocket, and you go walk back to the library, and you borrow a third car, and then you drive to the tax office, and then you try to show them your check. And the responsible person at the tax office isn't there because they're a short staffed. And there's a sign on the door that says to go drive downtown to the main tax office, and that's where you’ll be able to drop off your check. So you arrive at the main tax office, and there's a queue 2 hours long, and there's a security guard who pretends not to recognize your ID. And you get in a rigmarole with the security guard for a while, and a second security guard comes along and they have a nice extended discussion over whether your ID is from a Cracker Jack box. And so eventually they escort you to a disused lavatory in the sub basement and it's got a sign that says “beware the leopard”, and the bureaucratic functionary at the desk accepts your check, and then you go outside to the downtown parking lot that cost $12, and your car has broken down because it was a library car and library cars are always the most unreliable ones. So this is what it's like online, using email and online cloud services to retrieve documents because “email is insecure”. |
|
|
|
|
|
|
|
|
| ▲ | rajnathani 4 days ago | parent | prev | next [-] |
| But with remotely loaded img tags (automated emails don’t send images as static base64) that email is far from an immutable paper trail like how a PDF is. |
| |
| ▲ | jasonfarnon 4 days ago | parent | next [-] | | I agree, the ship sailed a long time ago. I have been archiving my emails since the 90s. Sometime around 2010 all the remotely loading emails came along, and since then I've several times gone back to look at an invite or announcement and find nothing but an html tag. I guess an archiver that would need print all my emails to a pdf or image file to preserve it, like the emails that show up in litigation. The tools I was using, gmvault or google's takeout, aren't made for this path we're on. | | |
| ▲ | philsnow 3 days ago | parent [-] | | I'm commenting on this way way too late for anybody to read it except for jasonfarnon, but: Doesn't gmail prefetch / proxy img srcs, in order to not give away tracking/open information to the sender? Or is that something they did a while back but then turned off... Anyway, it would be so lovely when you do a takeout of your gmail data, if they could give you both the original and also a version that had the src rewritten to either a base64-encoded copy of the image or a local file that's included in the takeout dump. |
| |
| ▲ | Nifty3929 4 days ago | parent | prev [-] | | Yes, of course, and that's why it's best not to put the important information into and image. Of course, many senders do this anyway, but at least it requires them to send me an image. No different really than sending me a link to the important information as I mentioned in my post. But let's not make this even easier or default please. It's bad enough as-is. A nice improvement would be for prominent clients like gmail to default to NOT display images. This would force bulk-senders (including legitimate ones) to stop putting the important info in images most of the time. Ditto with links - maybe the clients should stop making them clickable, forcing the user to copy-paste the link. Not sure about this one... | | |
| ▲ | chii 4 days ago | parent [-] | | There's been a recent trend to add animated gifs into email, where the gif is a never ending stream. It's often a timer/countdown to the end of a sale or something. This would be so that even if the server remotely fetched the gif, it would never end, and thus either consume the available resources on the server, or they give up. |
|
|
|
| ▲ | maronato 4 days ago | parent | prev | next [-] |
| Does anyone remember PlutoMail[1], the client that let you send self destructing and editable emails? [1]: https://techcrunch.com/2014/06/18/pluto-mail/ |
|
| ▲ | m463 4 days ago | parent | prev | next [-] |
| > immutable I swear years ago I had a mail client where you could type into a received message and alter it. Maybe sun mail or early apple mail? they finally made the message pane immutable. |
| |
| ▲ | andirk 4 days ago | parent [-] | | I remember AOL email to AOL email had an "unsend" feature for a while. |
|
|
| ▲ | mschuster91 4 days ago | parent | prev [-] |
| > I think this is one important reason that more and more emails are just links to some website with the information on it (often with a login required as well). That's an unfortunate requirement these days. For one, in Europe concerns around GDPR: e-mail is not guaranteed (!) to be encrypted or protected against modification in transit so it might get snooped up on its way, which makes it a no-go for sensitive stuff such as healthcare information or other highly protected classes of PII, unless PDF encryption or other ways of encryption are used... but these have the issue that UX around many of them is horrible. A link to a portal however? Easy, and provides automatically the guarantee that the other person is who they claim to be. The second problem is deliverability: more than enough email providers still have laughably low limits (sometimes < 3MB), virus scanners don't like PDFs or ZIPs that they can't read (because they don't know the password, obviously), and on top of that come the usual anti-spam concerns. IMHO, the best way to go would be an extra header field, think like "X-External-Attachments: https://foo.com/<uuid>.pdf <hash-alg> <hash-value>"... this could be used by MUAs to prompt the user if they wish to download and store the file, provide cryptographic checks of the file, and sidestep the issue of dumbass middleboxes yeeting password-protected files, as the files can be scanned on the endpoint side. |
| |
| ▲ | userbinator 4 days ago | parent | next [-] | | The second problem is deliverability: more than enough email providers still have laughably low limits (sometimes < 3MB) What are you sending that 3MB for an email is "low"? The Bible is a little over 4MB of plain text. | | |
| ▲ | mschuster91 3 days ago | parent [-] | | > What are you sending that 3MB for an email is "low"? A single picture from a somewhat decent camera can easily be >> 3 MB in size and yet there's a lot of providers that yank everything above that limit. |
| |
| ▲ | Nifty3929 4 days ago | parent | prev [-] | | I hate these EU requirements. They do nothing to help real users, and really make everything worse. Like, is it helpful that every single website now has an added banner that we have to click, but which still nobody reads and doesn't really help anything? All to avoid cookies, which are not really the source of the problem these laws were meant to address? ARRRGHHH! As far as the file size - does that critically important message need to be embedded in a 10MB PDF? Maybe we should go back to 50k limits and force them to put that one-liner in plain text in the email. ARRRGHHH! And get off my lawn! ARRRGHHH | | |
| ▲ | __d 10 hours ago | parent [-] | | I think so. I click on “reject all”, and at worst “manage settings” and disable a bunch of stuff. I didn’t have that option before. |
|
|
