Forskjellige meldingssystemer ble populær de siste tiårene. Den
meste kjente eksempler er Whatsapp, Facebook Messenger, Snapchat eller
Discord. Mange bruker dem uten å tenke bare fordi de ser praktiske ut og er
gratis. Kostnadene er imidlertid alvorlig: den er personvernkatastrofe.
Brukere har ingen egenkontroll, så eieren kan endre alle funksjoner uten
at brukerne vilje. Disse tjenstene (platformene) er laget og fullstendig
kontrollert av store monopoler fokuserte på å suge alle slags av
brukerdata. Personvernkostnaden til store kommersielle direktmeldingssystemer
av er mye høyere enn brukervennligheten. De er bevisst laget for å være
gjensidig uforenlige. En bruker av Whatsapp kan ikke sende en melding til
noen på Telegram eller Facebook. Bare se for deg at du hadde Telenor men kunne
ikke sende sms til noen på Telia, kun til sin eget system Telenor. Eller
se hvis du kunne ikke sende en epost fra Gmail til Yahoo. Det er helt dumt.
Nå, blant de populære systemene er det bare epost det eneste systemet på
internett som har ikke vært monopolisert. Og det er fortsett fordi epost
ikke er en plattform (eller 'ecosystem'), men åpen og federert protokoll
etter eget design. Alle kan konfigurere og kjøre egen mailserver og meldinger
skal sendes mellom evt. Alle kan velge mellom mange epost apper. Alle kan
legge til ytterligere funksjonalitet, slik at ende-til-ende kryptering, men
interoperabilitet opprettholdes.
Protokoll betyr et sett med regler og konvensjoner for interoperabilitet,
ikke et enkelt komplett produkt.
Men, det finnes en direktemeldingssystem som er like enkel å bruke
som Whatsapp, men mangler de fleste av problemene. Faktisk, er det
XMPP. Det er en åpen og federert protokoller
som epost. Alle kan ha egen server, så kan ha kontakt med noen på alle
serverer som helst, akkurat som epost eller mobil. I tillegg, kan alle også
velge mellom ulike app etter vilje: foretrekker du funksjonalitet,
eller skjønnhet eller bare det å være veldig lett... Det finnes også
flere XMPP serverer programvare å velge mellom, de fleste er gratis og
åpen kildekode. Med XMPP kan du få alt: direktemeldinger, filer, tale,
video, gruppechat, flere enheter. Det er også flere typer av
ende-til-ende kryptering
(OMEMO, GPG,
OTR) og mye mer. Det finnes enda en XMPP-basert
sosialnettverk: Movim.
XMPP er ikke alene. Det finnes også en alternativ åpen og
federert protokoll: Matrix. Men
sammenlignet med XMPP, har den flere mangler: (a) problemer med
personvern
(selv om mange ikke bryr seg om det), (b) alvorlige ytelsesproblemer:
mens XMPP fungerer fint selv på den minste og billigste
VPS, Matrix
server krever mange gigabyter med RAM og stor diskplass, på denne grunn
er det dyrere i drift, også krever Matrix mye mer oppmerksomhet (f.eks. se
her). Det kan være berettiget
i bedrifts- eller stororganisasjonsbruk, men ikke i hjemmebruk.
Så XMPP er ideell for å lage et helt privat kommunikasjonssystem
for et familie. Du trenger bare dette: (a) en server: billigste
VPS eller enda
en Rasberry Pi boks vil fungere fint (f.eks ejabberd skal støtte
hundrevis brukere med dette nivå); (b) server programvare
som kjøres alt: sjekke ut flere og velge selv, de mest populære er
ejabberd og Prosody;
(c) domenenavn slik at brukere kan konnektere til: domenenavn er også
en del av brukernavn, som i epost, f. eks alexander@johansson.me
(enkelt DNS
oppsett
trenges for å støtte tale og video); (d) hver bruker kan velge hvilken
klientapp som skal brukes (f. eks
Monal eller Siskin IM på
iPhone). Og det er det.
Nå må serveren konfigureres. Så kontrollerer du systemet fullt
ut! Du kan registrere så mange brukere at du trenger, men for en
familieserver anbefaler jeg ikke å tillate åpen registrering av alle som
helst. For eksempel du kan registrere flere kontoer for en enkelt bruker
hvis nyttig (å bruke med forskjellige formål). Ingen mobilnummer kreves:
f.eks. trenger du ikke fem SIM-korter for fem brukere, faktisk ingen er
nødvendig. Det også anbefales å konfigurere ‘Shared roster group’
(delt brukerliste) for å unngå å legge til familiekontakter manuelt for
alle familiemedlemmer. Ende-til-ende kryptering er ikke avgjørende
for din egen private server fordi transportkryptering (TLS) brukes alltid;
men det er lettere å konfigurere hvis du bruker flere enheter (mobil,
nettbrett, desktop, laptop, web-basert). Men det er bedre og sikrere å
bruke ende-til-ende kryptering til å kommunisere med noen på andre
offentlige servere.
Og nå, når flere grupper har sine egne private servere, kan de
kommunisere fritt og sikkert. For eksempel, det er nå lett
for pappa@johansson.me
å sende melding (eller video-ringe) til
mattias@johansson.me
(samme familier og på samme privat server) eller
til en venn john@dowfamily.info
eller enda alle som bruker hundrevis av
åpne gratis offentlige serverer f. eks maria@jabber.no
(på Jabber Norge), christian@jabber.de
,
oyvindharaldsson@tigase.org
eller nikolaibode@riseup.net
.
Se her for litt mer informasjon
om XMPP.
Lenker
The old good email remains the most critical digital communication tool.
What makes the venerable email so useful and sustainable
over the long time is its openness and standardization. Email is radically
different from the modern "apps" which integrate all pieces of technology--the
server, the client, and the protocol--by a single monopolist provider. With
email, we are free to choose the server (provider) and client with any
combination. It provides enormous flexibility, added privacy and
security. Indeed, the provider does not control my client and cannot add
backdoors; there is no monoculture of client software with all the related
security risks (any security vulnerability is global). Email is one of
the few pieces of technology that is very resistant against internet
censorship. Repressive state can easily block a web site and even force
an app store to remove an app
(as the Navalny's "Smart Voting").
Also, an app store can delete it for any other bizarre reason. But it
is much more difficult to block a mailing list: it is easy to redeploy and
recreate it on a different server (without the users even noticing anything).
Furthermore, The user can easily create several different email-based
identities (e.g. a separate one for politically sensitive activity) which
adds anonymity. And anonymity means physical security in some countries.
It is not surprising that many internet services use the email address
to register users, authenticate, restore password and other similar
purposes. Open, standardized and decentralized email is one of the most
critical technology everything else depends on. After all, the flexibility
offered by the email technology--the freedom to choose all pieces (provider,
client etc.) is just very very handy, at least for an advanced user (you
can add new features on top of what the provider realized, even against the
provider's will--isn't it convenient?).
The whole email technology is build around open protocols rather than a
centralized platform. This facilitates competition, makes for better and
fairer service and reduce possible impacts of malicious monopolists
(Masnick, 2019).
Google's Gmail has long been one of the main pillars of email, millions used
to rely upon every day. We should praise Google for popularising email
as the basic mainstream technology among the masses. I started using Gmail
many years ago when it was in its "beta" and available only by invitation.
At that time Gmail openness and unrestricted nature was just blazing. The
web interface was lightweight and not really cluttered with ugly banners,
unlike other email providers. There were ads but they were small and
unobtrusive. Gmail had long supported all the basic protocols (POP, IMAP,
SMTP) that allowed to use any standard compliant client software, and that
was available for free (some other providers were more greedy and allowed
this only on paid plans). Google's POP, IMAP and SMTP implementations
have been (and still remain!) quite idiosyncratic, incomplete and not
really standard-compliant which caused various glitches (e.g. message
deletion and default sorting are weird, I always hated Gmail's labels). But
this was bearable.
The serious privacy problems and threats of Gmail,
such as user email scanning for context-specific advertising
(until 2017)
or
AI tool
which could provide access to some pieces of data to third-party
developers.
That is nearly a disaster that cannot be fixed because spying on the user's
data is at the heart of Google's business model. But who cares as long as
it is free! I have long been using and promoting PGP encryption which
could fix many of the privacy (and security) problems.
Yes, PGP is crucial for individuals and businesses
and yes, a motivated user can encrypt.
Gmail still remained free and relatively open while an alternative of
deploying private email server is time-consuming and tedious (e.g. ensuring
that emails from a tiny private server don't end up in spam folders of
intended recipients). I used to pay with some of my privacy to get the
usability and stability of Gmail.
But over time I became increasingly concerned about the clear trend taken
by Google to make the open email more and more difficult to use outside of
the Google monopolistic ecosystem. There are signs of the famous
embrace, extend, and extinguish
strategy. Gmail API is featureful and powerful... but only if
you really need the complexity and like to play with the Google rules. If
you don't like to see ads, for example, and for this use a standard IMAP
mail client of your choice, your must suffer. If you need full PGP support on
a mobile client, never offered by Google, you are out of luck and have to
use an IMAP-based mobile app like Android K-9 Mail
that requires sacrificing some usability.
Google tends to draw its users by all means into its browser, its
own apps and APIs to get more user's private data and show ads. For
that matter, Google's security usability has become just terrible. The
intrusive access-blocks when a mobile user with an IMAP client moves across
IP addresses can drive anyone crazy... Access can be blocked even if the
user switches just to the next IP address within the same provider's IP
pool.
I have to use VPN with fixed IP address to avoid these stupid blocks!
To help keep your account secure, Google will no longer support the use
of third-party apps or devices which ask you to sign in to your Google
Account using only your username and password. Instead, you’ll need
to sign in using Sign in with Google.
The Google's insistence on rather complicated and heavyweight
OAuth2
mechanism
for basic email client access (remember, most email programs do not require
you to enter your password every time, diminishing the risk of phishing)
is understandable only as a means to limit all uncontrollable third-party
clients. Yes, OAuth2 is logical for complex workflows of data access delegation
across multiple web-based services with different login/password combinations
(the "Auth" stands for authorization, not
authentication).
Whenever I need access to my own emails I need to authenticate
my identity granting full access. But isn't OAuth2 client secret kept
on the device just as the username/password combination? Yet, limiting the
(power) users access to their own data provides just an illusion of
security at a large cost to usability and compatibility.
The Google's move to OAuth2 authorization seem to point that
the Gmail-hosted emails do not belong to me any more. My emails are now
owned by Google, who just "authorizes" (delegates) me access to some of
the data without trusting me. This is not what I need from my private
communication. Does Google pretend to "zero-trust" any third-party
apps? Maybe it doesn't trust its users (the owners of their data),
assuming they are all idiots?
If you think your users are idiots, only idiots will use it [your service]. ---
Linus Torvalds
And there is another side effect: as Google increasingly deployed more and
more heavyweight frameworks and technologies, Gmail became very sluggish
and bloated. It is cluttered and confusing, especially to those who don't
use it often enough to remember all the idiosyncrasies. And it's still poorly
adaptable to the user's needs. How can I get a fixed-width font for my plain
text message? Where is my favourite basic (and very fast) HTML web interface?
Enough is enough. I now go away from Gmail, and primarily not because of
big privacy concerns (which is quite expectable) but because of deteriorating
usability and growing incompatibility. It looks like the people at Google have
forgotten their old motto "Don't be evil." While I have been paying Google
with my privacy currency in the past to get functionality and usability,
the benefits of Gmail continuously went lower and now reached an unprofitable
level.
Migadu is my choice
There are many hosted email providers, some are focused on privacy and
security. For example, Protonmail is a fantastic
project that makes it nearly trivial to use PGP even for an uninitiated. But
its drawbacks are that it is non-standard and has too high publicity making
it quite undesirable in certain authoritarian countries. Simply said, if
you use Protonmail in some countries you may be suspected; Protonmail can
be blocked by the authorities, and worse still,
blocked in quite idiosyncratic way.
Some services may also reject registration
using this service.
What I have finally chosen is Migadu. It is not
yet another standard email hosting provider. It is a domain-based service. Once
you have got your own domain name (domains are now cheap), you can make your
own email service for your domain. That simple. This makes it super useful
for companies, families, groups and NGOs without large budgets. For a
reasonable price you get nearly your own mail server with many configurable
features (any custom mailboxes, aliases, forwarding, regexp, webmail,
etc.) but without the need to maintain all this complex system.
If you have a web site, you necessarily get a domain name for it. Now it's
easy to get your own email identity. True that some hosting providers also
do host email. But if you decide to switch to a different hosting it will
create a trouble: you need to move also email and this fact strongly limits
your next choice. Having a completely indpendent email system for your
existing domain avoids such hoster lock-in and makes life much easier.
By the way, the Migadu standard webmail interface
is sleek and very simple. Looks modern but lightweight and quite fast. No
bloat whatsoever, only the most crucial functionality. I am not big fan
of web-based email, but use it from time to time. And there is even some
very basic support for PGP! (But remember that web-based PGP is
not a very secure solution.)
I found the mail server configuration (including more esoteric stuff like
DNS setup and DKIM signatures) very easy. In my view you do not need an
IT degree to configure your email server with full functionality. I like the
admin panel, it is minimalist and easy to use, no stupid and distracting
visual effects. And Migadu is advertised as
fully open standard compliant service without proprietary glitches and
limitations. So any standard (open source or closed source) software is very
likely to be fully usable. This freedom is very important. And they are also
clear and honest about the
limitations and drawbacks.
Finally, goodbye Gmail.
PS: Disclaimer: I have no links with Migadu.
This post is also published on
Substack
and Medium