About email.

Email (which is shorthand for electronic mail) is broken. The current model can't be fixed. It needs to be tossed, and we need to start over.

Way back when email was first conceived in the 1960s, it only involved very small groups of people. Basing it on the paper mail model wasn't really a problem. When I got my first email address back in the 80s, there were probably only a few hundred thousand others with addresses. No one worried about spam in their email. There was a system called Usenet that was email's baby cousin. It was the earliest type of message board. There were groups dedicated to discussions of particular topics, and the name of the group described the topic. I used to read a Usenet group called comp.os.unix. It had discussions on the Unix operating system, and it was just as thrilling as it sounds. There were lively discussions, and since techies tend to get worked up over their particular favorite whatever, there were more than a few flame wars. In the late 80s, a little bit of spam started showing up in Usenet, but it was still unheard of in email. Even Usenet spam was pretty harmless. It was mostly people hyping their latest brilliant idea or trying to get people to post on other Usenet groups.

The problem began with AOL (America Online). In the 90s, they connected their walled garden to the internet and the flood gates opened. Not unsurprisingly, it was child pornography that gave birth to the first amateur spam.  People used to put their email addresses on their Usenet posts so that discussions could be carried on offline, or people could contact one another for collaborations, or a number of other legitimate reasons. Suddenly, all over Usenet, even in groups like comp.os.unix, posts like this started showing up:

Where is the kiddie porn? Can you tell me?

Invariably, the poster would have an aol.com address. Remember that AOL was host to some of the biggest child porn rings in the world. Ever. The porn trollers would harvest email addresses from everyone who ever posted in the group. A short time later, posts like this started showing up:

WTF?! I just got 10 email messages from aol.com addresses asking me if I knew where to find the kiddie porn.

In response to all of the requests, purveyors of all kinds of porn started flooding newsgroups with links and addresses. Pretty soon, anyone who had used their real email address found their inbox bombarded with porn spam. Everyone had to stop using their real email addresses. By the way, Usenet is a wasteland now. Completely lost to porn and unsanctioned downloads. The social, technical, and religious discussion groups are nothing but spam buckets now.

And that's what's wrong with email. Anyone who has your email address can send you anything they want to. Not only that, but anyone who has your email address has the ability to track where your emails come from and where they are going to. And, if you aren't using a secure transport between your computer and the email server, anyone can see what your emails say. That brings us to the most villainous aspect of email, the email server. The server represents a trusted third party that you believe will have your best interests at heart and will protect your privacy. As we have discovered lately, that trust is largely unfounded. The government doesn't even need a very good reason to demand your emails from the owner of the server, and they are all too willing to give them up. Too many email servers are ridiculously easy to hack, giving access to your emails to whichever creepy-crawly happens to stumble upon them.

So, there are four aspects of email that have to be fixed:

1. Your email address needs to be private and only accessible to those who you allow to have it.
2. There can be no "trusted" third party involved in storing or delivering your emails.
3. Your emails need to be absolutely untraceable.
4. Your emails need to be encrypted, end to end, using strong cryptography.

There are providers who try to address these issues, but it's all just icing on the poop cake. They offer all sorts of spam filtering, but the problem is that they accepted the spam on your behalf, and even worse, sent it to you so it could fall into your very own spam bucket, which you have to scour every once in a while to make sure nothing you wanted accidentally fell in there. If, instead of accepting the mail in the first place, they bounced it, especially from known spammer origins, spam would fall off very quickly. But, they can't do that because they don't know what you want and don't want. That's because they have to honor the broken "trust" relationship with you. Google is going to offer end-to-end encryption for gmail. It's a step in the right direction, and it goes a long way toward allowing them to tell the government to take a hike when it comes calling, but the problem is that your email, at some point, resides on their server, and the server knows where it came from and where it is going to. That, in itself, is enough to tell a fourth party a lot about your emails. None of the provider solutions can address item 2 because it takes them out of the loop. And if they can't address item 2, then there is nothing they can do about item 3.

The good news is that there are several people working on solutions. I'll have more about that in future posts.