My alma mater is setting up "lifetime email accounts" for alumni. Which seems nice, and makes sense for them trying to get their message out with a connection directly to alumni.

I'm surprised that email accounts haven't become more of a thing with most people having a mail client that will combine multiple accounts (their phone).

Imagine if your doctor gave you an account where you could send/receive messages. If they never left the server and used secure protocols to connect it'd work.

@ted Sorry, but I don't think your idea is very sound. The entire point of SMTP is that it is an open, standardized protocol allowing for decentralized messaging between autonomous systems. Security of communications can be facilitated without the need for centralization simply by ensuring messages are encrypted end-to-end.

Your proposal creates huge admin/user overhead and a problematic dependecy model on the technical accumen of every provider with whom you need to communicate.

Do not want.

@sean while I understand your point end-to-end encryption of email is basically non-existent in common usage today. The technology has been around for 30 years but never gotten significant adoption.

I think we're at the point of needing to remove that from the list of possible solutions.

@ted The only reason it's not in common usage is because the predominance of email users use "free" email services that are ad-supported. Content encryption is counter to the interests of the provider.

Regardless, I'm in opposition to the idea of creating "portals" of communication for every provider with whom you do business. It would give users even less control of their data. My ability e.g. to retain the emails with my doctor may be at the mercy of their system (i.e., no forward, export).

@ted Which would you rather your lawyer have in a malpractice lawsuit? A digitally signed/crypted email from your doctor containing misinterpretted test results stored on your own server - or a vague recollection of a message stored in his secure "portal" that conveniently got deleted for "security purposes" after some arbitrary retention period defined in a 2000 word privacy policy?

@sean by using standardized protocols you'd be able to backup data as you see fit. For instance, IMAP has a plethora of tools for just that. The lock-in happens when the protocols to access the data are proprietary.

While I might prefer a signed email, what I have today is a website with a "messaging" feature and a proprietary closed source app for two proprietary phone OSes.

@ted Perhaps, but realistically would you prefer to manage and secure (and rely upon a provider to secure on your behalf) multiple (eventually many) IMAP accounts? What happens when you change doctors, or visit a specialist? Or change insurance companies, or banks? At some point, how many of these IMAP accounts would exist? Do they age out? What kind of requirements do we place on the providers to ensure the security and retention of the communications? What provider would want to take that on?


@sean @ted

What I have today is medical providers sending sensitive data in unencrypted e-mails because they don't know that encrypted mail exists and believe it's only for ciminals and worse.

Last time I pointed the problem out, I spent 10 minutes on the phone explaining why this is not okay. I eventually gave up and just pointed at regulations which say that it's indeed not. I got a shrug and a "well if you insist..."

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!