As a member of Generation X, I grew up with the development of the Internet, from the days of Geocities with its obnoxious banner ads to the dotcom bubble to the rise of surveillance capitalism. I’m not old enough to have some kid tell me “OK, boomer,” but I’m starting to look like a UNIX greybeard. Through all of the constant change of the tech industry, one of the few constants has been e-mail: it’s been around longer than I have, but I’ve seen it go from a useful form of communication to a blight upon the land which society has been unable to purge.
E-mail’s main problem is security. For hackers, it is a popular attack vector because of the large proportion of non-technical users on the platform. Phishing depends on this lack of security. Spam affects almost anyone with an account. Sending an e-mail is like a postcard: anyone with access and a desire can read it, so sending sensitive information in an e-mail is a Bad Idea. Even so, e-mail is so convenient that it still common for passwords and financial information to be sent with it anyway.
Privacy advocates are rightfully leery of e-mail. E-mail encryption with PGP is a little better, but while the message body itself and attachments are safe, everything else is unchanged. The sender’s address, the recipient’s address, the subject line, where the message was sent from, time and date information, and any other information about the message is still readable by anyone. The U.S.’s NSA actually likes people using PGP because it lights up a person’s communications like a Christmas tree. Factor in other little nasties, like remote images called “web bugs,” and it is no surprise why e-mail isn’t private.
If problems are so rampant, why is e-mail still used? Simply put, it’s everywhere, and nothing has been able to fully replace it. In some ways, e-mail is the ultimate social network: pretty much anyone and everyone has an e-mail address. There are more people who use e-mail than there are on Facebook by a large margin. Microsoft, Google, and Yahoo have made it ridiculously easy for anyone to have at least one account for free. Your e-mail address is also your online identity for most online services. Microsoft Exchange, by way of Outlook, is the lifeblood for thousands of businesses. Unfortunately for the vast majority, there is great inertia to be overcome by anything intending to replace it.
All things considered, it’s not terribly surprising that the world is in the mess that it’s in. Ray Tomlinson invented what evolved into e-mail back in the 1960s to send messages over ARPANET. The first e-mail client was hacked together from two existing programs, and the first e-mail was just a test message that contained throwaway gibberish that has long since been forgotten. The protocols used to send and receive e-mail as we know it now didn’t appear until the early-to-mid 1980s. The Internet was a much smaller, more academic, and more trusting environment than it is today, and so the protocols were designed with a very different set of assumptions.
Many have tried – or are trying – to replace e-mail, but none have succeeded. The possible alternatives are many: texting, IRC, Slack, Microsoft Teams, Facebook Messenger, Skype, Whatsapp, Snapchat, Signal, and Jabber (XMPP) are just the beginning. The inertia to overcome is unspeakably large. There are other reasons, though, the largest of which is none of them do everything that e-mail does in the same kinds of ways.
What does e-mail do, anyway? It mostly sends messages. These aren’t like the short chatroom messages found on IRC. E-mail messages can be longform, too. Because of HTML e-mail, these messages can be just as visually appealing as a slick website with a big marketing department behind it. Try that with Slack. Files can be transferred, too, although with spam and antivirus filtering being what it is nowadays, it can be tricky. E-mail is also a relatively simple channel-based form of communication, meaning that one-to-one conversations are the primary focus but it’s also possible to include others.
E-mail possesses a few qualities which make it quite good at what it does, too. It connects a large portion of people on the planet. No other platform has its reach. It is federated, so anyone can run their own server. No commercial entity owns it, unlike most supposed “e-mail killer” products. It is simple enough to easily integrate into a variety of products and workflows. Conversations are easily archived and it can even be used as a sort of data filing system. By being a channeled form of communication, not everything has to be a group chat. Few tools are as flexible.
On the opposite end, people have more than a few complaints about e-mail. First and foremost, there is far too much of it. Sadly, most of the e-mail that many people receive is from colleagues at work or the sales, marketing, or billing departments of corporations. So very little of it is the kind of one-to-one conversation that brings people together. According to a report from Statista, more than half of e-mail sent is spam. That’s a lot of traffic that people don’t want to see. Even worse are “Reply All” storms. Although less common, it’s not unheard of to receive an e-mail intended for someone else altogether, which could have potential legal ramifications. People receive too much junk, not enough useful e-mail, and some of it is dangerous.
It’s obvious that while e-mail has a lot going for it, it also desperately needs fixing, and the flaws in its foundations point strongly to replacement. For starters, without PGP, identity is a free-for-all. PGP replaces one issue for another, establishing identity at the expense of being notoriously tricky to set up and use. Pair this learning curve with requiring your contacts to learn and use it in order to send e-mail to you, and you have a recipe for poor adoption. Few want to be bothered. DMARC solves many problems, but it is challenging to set up correctly, doesn’t fix everything, and the individual setting it up doesn’t reap the benefits and protection. For many organizations there is little motivation to dedicate resources to its setup and use. In fact, most organizations haven’t bothered. E-mail servers expect to have access to metadata for routing and security, so it is impossible to completely encrypt an e-mail. Using HTML, the language of the World Wide Web, as a formatting medium creates potential for security and privacy problems. There has to be a better way.
Although defining a person’s identity has been a problem for philosophers for much longer, nailing down a definitive way to uniquely identify a person has been equally complicated in the realm of technology. Cryptography has the potential to solve this puzzle, and by applying cryptography effectively, it would be possible to remedy the problems of identity, security, and privacy in one fell swoop. This is where Anselus comes in. By starting with a different set of assumptions, new communications protocols can be designed to protect people and prevent the many kinds of bad behavior that are associated with e-mail. Will it succeed? Only time will tell.