| ▲ | sverhagen 6 hours ago |
| I find it hard to judge how much, if at all, this will help, but I'm all for email being more secure, to the point that organizations (banks, governments, insurance companies) stop creating walled-email alternatives: please log in to our secure message center, where you can only see our messages poorly formatted, and for a short time, until we permanently delete them. I like that my Inbox is a somewhat-searchable, historical record of my life, and these alternatives break that. |
|
| ▲ | the_bear 4 hours ago | parent | next [-] |
| Those "message centers" aren't just about security, they're also about compliance. For example, insurance companies need to be HIPAA-compliant which requires that they can only send health-related info to other HIPAA-compliant systems, which means signing a BAA (a contract) with those other systems. There's no way to do that with email (your insurance company can't sign a contract with every potential email host in the world, and they don't even know where the email will ultimately end up after they send it) so practically speaking, they're not legally allowed to send any health info via email. It's extremely difficult to accurately identify which emails have health info and which ones don't (even something like a person's name or IP address could count depending on the context) so they just default to sending everything through their message center. No amount of email security could change that. |
| |
| ▲ | zenoprax 36 minutes ago | parent | next [-] | | It is frustrating to know that we can digitally sign and encrypt messages but don't because "it's too hard for normal people". With HIPAA, is it not possible to simply encrypt the message? The "forgot password" flow for their message center is probably email anyway. I can upload my public key to SourceHut and all email from them becomes signed and encrypted. It's a one-time process to generate long-lived keys and another to set up with SourceHut and that's all I need to do. | |
| ▲ | prepend 3 hours ago | parent | prev | next [-] | | Somehow they mail letters with info. Encrypted email wouldn’t require a BAA. | | |
| ▲ | the_bear 3 hours ago | parent | next [-] | | I'm not a lawyer, but I'm currently working on getting my company HIPAA-compliant, so I know more than the average person about this. My understanding is that there's a thing called the "conduit exception" which basically says that if data is transiently passing through a channel and it's not being looked at, it's ok. But wherever the data lands must be HIPAA-compliant. This seems crazy to me, but that's how it works I think. For example, if you encrypt PHI and store it in AWS without signing a BAA with them, that's a HIPAA violation, even though the data is encrypted and Amazon can't see it. But if you send encrypted data through AWS without actually storing it, that's fine. Mail is specifically mentioned as a thing that qualifies for the conduit exception. I'm not totally clear why it isn't a HIPAA violation the moment it arrives at a destination (it's not in-transit at that point, and it's potentially not in the possession of the intended recipient either), but it seems pretty well accepted that it's not. All that to say: I think encrypted email would still require a BAA because it's being stored, not just transmitted. | | |
| ▲ | Telaneo 2 hours ago | parent | next [-] | | > My understanding is that there's a thing called the "conduit exception" which basically says that if data is transiently passing through a channel and it's not being looked at, it's ok. But wherever the data lands must be HIPAA-compliant. Sounds like they needed fax to be compliant, and came up with some moon logic to make that happen. | |
| ▲ | cogman10 3 hours ago | parent | prev [-] | | Honestly, I think it's just because it's a crime to open someone else's mail. For whatever reason that sort of policy isn't extended to encrypted data in the cloud. It was a law written in the 90s, it should be updated and modernized. | | |
| ▲ | Telaneo 2 hours ago | parent [-] | | Same goes for phones (and by extention, fax). Since wire tapping is already illegal, it doesn't need to be secure (at least going by the law). I agree the laws need an update. I'd imagine a general 'common communication channels' or whatever would work, rather than specifing every single one that's allowed to be used. That way, it's still illegal to snoop on your communications, regardless of whether they happen by post, phone, email, SMS, Whatsapp, or whatever else we end up using in 20 years. |
|
| |
| ▲ | cogman10 3 hours ago | parent | prev | next [-] | | It's a crime to open someone else's mail and generally speaking the post office does a pretty good job of reliable delivery. Even if an address is a bit wrong/corrupted, it can likely be delivered just from the name and the zipcode. Email is a lot harder. The older SMTP standard sends emails unencrypted so there's a possibility of a MITM reading the email. But also addresses if you get them wrong can end up in the wrong hands. For example, if someone sends an email to cogman10, I'll get it, but if they go to cogman1O I won't get it. A lot of the nuance of how secure and when it's secure gets erased by auditors to just "email is insecure". | |
| ▲ | inigyou 2 hours ago | parent | prev | next [-] | | The post office is heavily regulated not to open your letters with severe criminal penalties if they do. An attacker also can't quietly X-ray your letter in transit to get a sneaky copy. | |
| ▲ | prussian 2 hours ago | parent | prev | next [-] | | They also send faxes to providers as well. It's kind of ridiculous when you think of it. | |
| ▲ | b112 3 hours ago | parent | prev [-] | | Dollar bills are essentially untracked, good everywhere, secure, work no matter what. Same goes for normal mail, and it's a federal offense to tamper with it. Nothing electronic will ever be secure, unless it is never, ever networked. Networking changes "touch physical thing" into "everyone on the planet plus their bots" can touch it. Even if you pass harsh laws, you need to geogate network connections to only within that legal jurisdiction. Otherwise, it's pointless. The real, true problem is anonymousness. I used to advocate for, now I'm done. The problems anonymity solve, are a gnat compared to the ones it creates. I'm all for ipv8, but with a unique ID in the packet identifying the person directly. I can't drive a car, own a gun, drive a boat, buy explosives, ply many trades, and 100 other things without a license. Maybe unrestricted internet access is in that category, and bad behaviour means it is revoked. The Internet was a toy for a long time. Now it's the backbone of all commerce, industry, personal communication, with life threatening implications at times. Play time is over. | | |
| ▲ | inigyou 2 hours ago | parent [-] | | Botnet operator says "Hey I'll pay you $1000 to use your connection for a month." | | |
|
| |
| ▲ | jermaustin1 3 hours ago | parent | prev | next [-] | | I think a lot of the HIPAA compliance can be signed away when you authorize them to send your medical information over email/voicemail/sms, but I'm not a lawyer, and my doctor doesn't email me anything but a link to log in to their EPIC portal. | |
| ▲ | aag an hour ago | parent | prev [-] | | So much work is done for HIPAA compliance, and then the only authentication required is a birth date. |
|
|
| ▲ | thefounder 6 hours ago | parent | prev | next [-] |
| To have secure email I think html /css should be dropped from email support and the inbox should work on an invite only basis. Basically you should pre-authorize the senders just like you add someone as friend on a social network. |
| |
| ▲ | JimDabell 4 hours ago | parent | next [-] | | > To have secure email I think html /css should be dropped from email support I don’t think that helps at all. We already know how to consume that securely, we do it billions of times a day in web browsers. > the inbox should work on an invite only basis. Basically you should pre-authorize the senders just like you add someone as friend on a social network. Yes. A fundamental problem with email is that the only thing required to send email to somebody is knowledge of their email address, which as a recipient you cannot control. This is what enables spam and phishing. This needs to be changed so that in order to send email to somebody, you also need their consent. A “friend request” mechanism is one way of achieving this. I think this is a problem that can be feasibly solved in a fairly reasonable way, and I sketched out a protocol for doing so a while back, which I described in more detail in this comment: https://news.ycombinator.com/item?id=44969726 | | |
| ▲ | jader201 4 hours ago | parent [-] | | > A “friend request” mechanism is one way of achieving this. But then you’re left dealing with spam “friend requests”, which is still something I have to take action on, filter out, or ignore — same as spam email. | | |
| ▲ | JimDabell 3 hours ago | parent [-] | | Having a trustworthy inbox that contains only legitimate email and a separate friend request queue where you can decide “do I know this person / organisation?” is far better than having a single inbox that’s a vast ocean of emails of unknown provenance you have to make a trust decision for for every single email. | | |
| ▲ | inigyou 2 hours ago | parent [-] | | You can do this with email today. Heck, you could do it in 2001, I remember. Hotmail's "exclusive" spam filter policy where anything not from your contacts goes to spam, where you can decide if you want to add them as a contact or not. |
|
|
| |
| ▲ | noosphr 4 hours ago | parent | prev | next [-] | | Email supports text. It's your client that's the problem. I'm happy in my text only Emacs heaven. I'm also happy with my custom 5 year old bert based spam detector which hasn't failed me once (unlike whatever gmail at work does). This post was sent from Emacs. | | |
| ▲ | deltarholamda 3 hours ago | parent | next [-] | | >Email supports text. Yes it does. However, I have sent messages to more than a few people who tell me that my message is completely empty. I have my client set to send text-only, no HTML, and apparently the system on the other side drops the HTML version altogether. Something on the other end only processes the HTML part. No HTML, no message. (I believe these are Outlook/MS based systems, but I don't know for sure. It's certainly not ALL Outlook/MS systems that do this.) For these people I have to set my client to send HTML. It's all well and good to blame them, but I can't make them do something. They may not even be in a position to do anything. And I don't have an option to tell them "too bad, so sad". The email situation is really quite bad if you don't conform to the Big Three. I've run my own email infrastructure for a very long time, and it's quite irritating that when we get something good (like DMARC, SPF, etc) it gets forced by the Big Three because along with that we also get things like Google toying with the requirement that you have to have AAAA MX records too. | |
| ▲ | arximboldi 4 hours ago | parent | prev | next [-] | | can you post some details about the spam detector, and just your general setup? I am also an emacs-emailer, using Notmuch, but never looked too deep into the spam story | |
| ▲ | azinman2 3 hours ago | parent | prev [-] | | Have you put this up anywhere for others to use? Fastmail’s spam filter is not very good. |
| |
| ▲ | jen729w 6 hours ago | parent | prev | next [-] | | > Basically you should pre-authorize the senders This is kinda what 'masked email' services like Fastmail's – of which I am a delighted customer – do. Until you've known the comfort of creating an address; giving it to a service; deciding that you want to end your relationship with them; just deleting that address, without changing your mailbox or infrastructure or archives or anything else … it's kinda life changing. I recommend everyone try it. Also, the chances of a phisher trying to get my BigBank details by sending mail to lonely.chicken6382@spuriously-named-and-unused-other-than-for-email-domain.com are … well, it seems unlikely. I've never felt more secure. For real. | | |
| ▲ | Hnrobert42 5 hours ago | parent | next [-] | | I like per recipient emails, but I worried how I would know I authorized that sender to send to lonely chicken. The original site could have been compromised. That's why I bought my email domain and use <domain_name>@hnrobert42.com. It helps to use a password manager. I get a lot of convincing emails to linkedin@hnrobert42.com. As well as zynga, wework, etc. | | |
| ▲ | prepend 3 hours ago | parent | next [-] | | I do something similar with prepend.com and find it helpful for sorting. Also fun to see which domains sell my email and which dont (blacksocks.com hasn’t show up from anyone else in 20 years). | |
| ▲ | marysol5 2 hours ago | parent | prev | next [-] | | I use +, so username+domainname@email-vendor.com Which is in the RFC, but yet the sheer amount of times I sign up for something. Like a bank, or a financial firm, get the confirmation e-mail, and then click "Verify your address" And get HTTP500 as their SQL has kicked up a stink | | |
| ▲ | tolciho 2 hours ago | parent [-] | | (The RFC also allows for (recursive (comments, so there's probably a middle ground between insanely overengineered specifications and a )))regex( someone found on a PHP forum somewhere (and yes this post is a valid email address (assuming there is a local regex account (or alias))) |
| |
| ▲ | latexr 4 hours ago | parent | prev [-] | | > That's why I bought my email domain and use <domain_name>@hnrobert42.com. It helps to use a password manager. Whenever there’s this discussion on HN, someone usually points out that can sometimes be a bother, especially when giving out the email in person, because people don’t really understand how email addresses works and ask “how did you get that email” or think you’re impersonating the service, or something similar. I guess a solution might be to add the details sneakily. E.g. instead of linkedin@hnrobert42.com, saying robert_lkdn@hnrobert42.com | | |
| ▲ | inigyou 2 hours ago | parent | next [-] | | I've done alice@myname.com, bob@myname.com, etc. I don't keep track of them carefully so I may pick the same name for two different sites. It also makes it easier to pass off a fake realname! Hi I'm John Smith, jsmith@oneofmydomains-nottooobvious.com... You can even pick a domain sound like a legitimate mail service or company, e.g. jsmith@jgs-consulting.com.or jsmith@liberty-mail.io All domains and addresses in this comment are fictitious - overlap with real domains is coincidental. | |
| ▲ | prepend 3 hours ago | parent | prev | next [-] | | And some sites seem to have it not work. I suspect there’s lazy programmers with hardcoded test cases. But that’s like 1:100 or so. And usually I’m entering my address to a robot so it’s not an issue. | |
| ▲ | marysol5 2 hours ago | parent | prev [-] | | The weird looks when I tell a shop my e-mail is "name plus sign shopname AT mydomain dot com" |
|
| |
| ▲ | ksidjdjdjsjd 5 hours ago | parent | prev | next [-] | | Apple’s Hide My Email does the same thing and it’s just phenomenal. | | |
| ▲ | patja 3 hours ago | parent [-] | | Apple is a problematic email service provider. They don't even send DMARC reports. | | |
| |
| ▲ | shevy-java 4 hours ago | parent | prev [-] | | Damn it - ublock origin did not block this promo. The amount of bots promoting Fastmail here is insane. What the actual ... |
| |
| ▲ | datakan 5 hours ago | parent | prev | next [-] | | Hey.com email does this minus the blocking of html/css. You basically thumps up or thump down a sender and they either go away forever or you happily trust what comes from them. It's been hit or miss on some stuff for me and I hate the way the website looks, but otherwise its a great way of whitelisting senders. | |
| ▲ | Angostura 6 hours ago | parent | prev [-] | | So... not e-mail then | | |
| ▲ | fc417fc802 5 hours ago | parent | next [-] | | The necessary bits to facilitate that could be added on top of the existing protocol in a manner that doesn't break existing clients. Essentially it amounts to an out of band registration of the expected sender with your own server, likely by means of a short proxy code or phrase. Couple with key exchange to facilitate an E2EE extension at the same time, while also dodging the logistical issue that would otherwise arise when a sender has multiple addresses or the sending address changes. | |
| ▲ | thefounder 5 hours ago | parent | prev | next [-] | | You can call it Secure-Email or RFC-99999 | |
| ▲ | coldtea 5 hours ago | parent | prev [-] | | Yeah, because email as a family of protocols never developed different capabilities /s |
|
|
|
| ▲ | WhyNotHugo an hour ago | parent | prev | next [-] |
| I called my bank for some info recently. They can't email it to me, but they _can_ send it through postal mail. Should be arriving any time next week. I'm sure there's a sum of compliance reasons why this is not allowed, but it doesn't make any sense at all. |
|
| ▲ | nosioptar 3 hours ago | parent | prev | next [-] |
| Those secure messaging platforms make it damned near impossible to make a backup. I've seen medical clinics delete messages that would have bad for them in court. As such, I tell anyone who sends me one to fuck off and send a real email. |
|
| ▲ | marysol5 2 hours ago | parent | prev | next [-] |
| My bank does a PUSH notification that is "Please log into the app to read an important message", which is usually just my monthly statement or whatever. And then also sends an e-mail, which sometimes I confuse and think is ANOTHER message, and log in again.... It has a "Download this message as a PDF" button, which just takes you to a web-browser wrapper.... |
|
| ▲ | iLoveOncall 6 hours ago | parent | prev | next [-] |
| > I'm all for email being more secure, to the point that organizations (banks, governments, insurance companies) stop creating walled-email alternatives This will literally never happen. Email doesn't support the features that those messaging platforms need to have, such as recalling messages. The security layers are also only on the sender part, not on the receiver part, which banks care a lot more about. |
| |
| ▲ | superice 6 hours ago | parent | next [-] | | I know this is only tangentially related, but recalling messages is horrible. I hate that so many services will allow people to send me a message, give me a notification with a preview, but then the message gets edited or deleted. If you drop a letter in a physical mailbox, or slide a paper underneath the door, you cannot get it back either. This whole philosophy of 'we allow destruction of messages in a shared chat' needs to stop. The moment things are being sent, both sides are co-owner of that message. Not being able to recall messages is a good thing. I'll settle for a brief edit (not retraction!) window after sending though, say 5 minutes tops. Edit (I realize the irony): banks of course won't give a hoot about the receiver, the power dynamic is inherently not equal. | | |
| ▲ | nosioptar 3 hours ago | parent [-] | | With banks, I've found that offering to bring the matter up with the FDIC and/or fed regulators moves the balance of power to a less unfair level. "We have to use secure messages" turned into a willingness to use email in less than 6 hours last time I had an issue. |
| |
| ▲ | Hizonner 5 hours ago | parent | prev [-] | | > Email doesn't support the features that those messaging platforms need to have, such as recalling messages. "Need". |
|
|
| ▲ | LoganDark 6 hours ago | parent | prev [-] |
| I love hearing that I received a "secure message", with no further detail. Straight to trash -- I don't read "secure messages". My inbox is probably more secure. |
| |
| ▲ | jasode 6 hours ago | parent | next [-] | | The gp isn't talking about spam using "secure message" as bait to open unwanted email. Instead, legitimate companies like banks, healthcare, etc tell users to click on a url link to their "Secure Message Center" to read or submit some critical information. It's often the only way to get the info the users need. E.g. if I open a payment dispute with the bank, the workflow they use is the Secure Message area. I can't just use my normal email client and upload some pdf attachments. Instead, I have to log into my bank website, navigate to their Secure Message area, and then upload the docs there to submit the claim. They also don't send followup status or final resolution in an email. Instead, you log back into the Secure Message area to read the case resolution. Similar for insurance claims. Similar situation for asking a medical imaging center for some mammograms. They will not send those as PDF or JPG attachments directly to your email address. Instead, you log into a secure message area on a healthcare website and download it from there. | | |
| ▲ | marysol5 2 hours ago | parent | next [-] | | At least in part, because of your workflow, is that it's a ticketing system. Much easier to manage than having people reply to e-mails (even when you specifically state "REPLY ABOVE THIS LINE!" they are absolute cretins.) | |
| ▲ | LoganDark 5 hours ago | parent | prev [-] | | > The gp isn't talking about spam using "secure message" as bait to open unwanted email. No, this includes all messages from my doctor/healthcare. It's not mass spam. Theoretically I could want to know what's in the message, but not enough to visit a website I've been logged out of again, perform multi-factor authentication, navigate to the message center and find the message and then back it up manually. | | |
| ▲ | ralferoo 3 hours ago | parent | next [-] | | For instance, I received one today from HMRC (my country's tax body). I had to log in to find out what the contents were, in this case it was just a reminder of how much tax I need to pay by the end of next month. As it happens, I already knew this because the previous bill 6 months ago also included this information, but the message itself was unique and important. Certainly, there would have been financial consequences if I didn't act on that information. I would have preferred to receive the contents by actual message rather than having to log in to read it, but that's not an option they offer. It's certainly not safe to assume it can all just be ignored. | |
| ▲ | ses1984 5 hours ago | parent | prev | next [-] | | It must be nice to not need to use that crap, but one day you might. | | |
| ▲ | naravara 4 hours ago | parent | next [-] | | I don’t understand how one doesn’t. I need to do it to look up status on health insurance claims and to access the tax documents for my financial accounts. I guess you can avoid the email spam by just directly logging into the website when you need that stuff, but how else are they supposed to notify you when something new has happened? | |
| ▲ | LoganDark 4 hours ago | parent | prev [-] | | [dead] |
| |
| ▲ | dheera 3 hours ago | parent | prev [-] | | > No, this includes all messages from my doctor/healthcare Then IMO they accept the responsibility of me seeing the message potentially much later than if they had stated the concern up front in e-mail. |
|
| |
| ▲ | Symbiote 6 hours ago | parent | prev [-] | | I get secure messages from public authorities and companies in Denmark, which go to my secure 'mailbox' for this purpose. Of course, contracted out to some private company, and they'll probably change the contract again in 5 years. The messages are usually PDFs, which isn't great for accessibility, e.g. using a translation tool. |
|
