I was struggling to wrap my head around how federated social media works until I realized that email has basically been doing the same thing for 30 years. Different email servers are like instances of a federated network. You can send emails to people from within a single server or you can send emails to people on any other mail server. Your email address is a username followed by an ‘@’ and the server address, just like on Lemmy. Email is a decentralized service I’ve been using the whole time!

  • nodsocket@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Absolutely. Now we’re stuck using a protocol that has zero encryption because decades ago no one thought about that. All our private correspondence is readable by every ISP and government it passes. If only we could make an email 2.0…

        • vodnik@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          Encryption was illegal back in those days, especially for export. Google “crypto wars”.

          • 777@lemmy.ml
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            Furthermore it was quite computationally expensive. Modern CPUs have special instructions to work with AES and other algorithms, but back then it had to be done with individual instructions and with slow clock speeds.

        • Justin@lemmy.jlh.name
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It takes effort to set up a PGP client and the person you’re sending it to probably doesn’t have PGP set up. It’s used for some confidential journalism and whistle blowing stuff, but since everybody just uses webmail anyways, it’s not practical to use.

      • damn@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Email with PGP is very far from secure. No forward secrecy (one mistake and the entire thread history is revealed) and metadata is unencrypted.

      • eddythompson@beehaw.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        PGP email has nothing to do with the email protocol. All your message metadata and headers are still not encrypted/can’t be encrypted. You can only encrypt some payload with a PGP key, and it’s up to the receiver to figure out whether or not they want to trust any of the message metadata. The entire envelope is still plaintext everywhere. PGP email is just email, but you’re sending some random encrypted text in it.

    • TheYang@lemmy.ml
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      I mean, it’s not like theres really anything stopping the big providers to implement PGP on top of Email.
      They just don’t, because users don’t care. So you have to do it yourself, in a plugin or whatever.
      Still works, just more cumbersome, but I wouldn’t blame the protocol… at all.

      • nodsocket@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Adopting a consistent way to do it that everyone agrees on is the hardest part. PGP works but you have to make it easy and integrate it with all the top email providers so that most people are using it without even noticing.

        • sam@queernerds.social
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          @nodsocket @technology I think the real challenge with the user experience of PGP is making it possible for people to actually do the whole “web of trust” think in a practical way, and making management of private keys over a long period of time by individuals. It’s way too easy to lose your keys

        • TheYang@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          you wouldn’t even relly need to find one consistent way, just identify the way servers do it, and have a list of supported methods.

          let’s say there are implenetations a,b,c, and d
          if let’s say google supported b,c and d, and apple b, and hotmal c and d, only hotmail-apple traffic would be unencrypted as they can’t agree on a common method.

          pretty sure that’s how TLS (i.e. https) works.

    • LootGoblin42
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I use GPG mail with Apple Mail client and it works great. Just need to get the public keys of people you want to send encrypted email to.

      • eddythompson@beehaw.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Not sure how anyone can say “GPG” and “Works great” in the same sentence tbh. GPG is a usability nightmare except for the most advanced users who use it. Good luck trying to get your house contractor or doctor or representative or non-techie friends and family or really anyone to give you their “public key”