Germany Builds Encrypted, Identity-Confirmed Email 188
jfruhlinger writes "Looking to solve the problems of spam, phishing, and unconfirmed email identities, Germany is betting very, very big. The country will pass a law this month creating 'De-mail,' a service in which all messages will be encrypted and digitally signed so they cannot be intercepted or modified in transit. Businesses and individuals wanting to send or receive De-mail messages will have to prove their real-world identity and associate that with a new De-mail address from a government-approved service provider. The service will be enabled by a new law that the government expects will be in force by the end of this month. It will allow service providers to charge for sending messages if they wish. The service is voluntary, but will it give the government too much control?"
No end-to-end encryption though (Score:4, Interesting)
As far as I've read, they decrypt messages in the middle "to check the messages for viruses".
Re:No end-to-end encryption though (Score:5, Insightful)
Yup. Sounds like a bad joke right? A new messaging standard, incompatible with everything else, that doesn't even do end-to-end encryption! It's pathetic. It purports to solve problems that are already pretty much solved -- spam, reliable delivery -- while not solving all the difficult ones and introducing new dangers for the customers, like missing a "registered email". Oh, and you'll be charged per mail! The worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.
Re: (Score:2)
Spam has not been solved, just covered up. It is a pointless waste of incoming bandwidth and server power (if you do your own filtering). This would do nothing to stop spam either, it doesn't matter if you know the identity of the sender if the sender's machine is a zombie. There will always be more idiots with compromised machines.
Re: (Score:2)
Depends on how it is designed. If the system required that each server in the chain be a trusted server that signs the message with a valid SSL certificate, then the spammers would have to either buy a cert for each individual zombie (too expensive to be profitable) or tie them all to a single domain name and cert that could then be trivially blocked (either by revoking the cert or by blocking mail from that dom
Re: (Score:2)
This is not a problem of encryption or SSL. Zombies can simply bypass all security measures by emulating the end user.
Think of a zombie that opens up your copy of Outlook Express, fake-clicks "Create new email message", types something about penis enlargement, types in a hundred addresses, then fake-clicks "Send". As far as the entire chain of email is concerned, the email came from somersault@example.com. You (and by you I mean your computer acting on your behalf) sent the spam, so De-mail could block y
Re: (Score:2)
Not really. An end user's ISP typically has throttling in place such that if the user tries to send millions of emails out in a day, they A. will not go through, and B. will result in the user's account getting disabled rather quickly. If spammers are not able to run their own SMTP servers on zombie machines, spam ceases to be profitable, as it requires being able to send out huge volumes of email in a short period of time, and con
Re: (Score:2)
Changing the subject doesn't invalidate my previous point. Your previous comment was talking about spam being thwarted by SSL, but that's what zombies easily bypass. Each zombie could easily send out 100 emails a day and not trigger "suspicion" flags at the ISP level. With a hundred thousand zombies, that's ten million spams that the security software would never catch. And I'd bet that a competent botherder could probably quote each major ISP's spam threshold from memory, so if Comcast's throttle is 1,
Re: (Score:2)
The fact that spam bots can masquerade as the user is largely irrelevant. The reason we have spam is ultimately that there's no good way to verify that a message was sent by a given sender.
The only reason spam is possible with authenticated mail clients is that the ISPs require all outgoing mail to go through their servers, and thus the ISPs are forced to not do comparisons between the ISP's mail drop use
Re: (Score:2)
Until any email to _any_ government agency (applications for services, jobs, taxes, etc, etc, etc) _requires_ you use this service..
Until any company wishing to do business with the government is _forced_ to use this service to keep their contract..
There are ways to make sure it's not a "dud", if they are willing to make the laws, and it sounds like they are.
Re: (Score:3)
YThe worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.
I don't think they will be so lucky. I'd bet the government will require it for some communication and account access. Over time it will become more inconvenient to have multiple email accounts and people will just default to using de-mail.
Re: (Score:2)
YThe worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.
I don't think they will be so lucky. I'd bet the government will require it for some communication and account access. Over time it will become more inconvenient to have multiple email accounts and people will just default to using de-mail.
I can see the commercial sector driving adoption on its own. As a business, I might ask all business to be transacted through De-mail to ensure legitimacy of contracts and payment. Or as an insurer, I might offer reduced rates of coverage to business transactions that take place over De-mail, as I would trust them to have less chance of being fraudulent.
Re:No end-to-end encryption though (Score:4, Interesting)
Hmmm, I haven't gotten much info about this, but IIRC it's not really about replacing or upgrading E-Mail, but rather about replacing snail-mail entirely. Documents with signatures and so on can now be sent as e-mail instead of in quaint old envelopes...
Re: (Score:2)
Documents with signatures can already be sent as e-mail!
Re: (Score:2)
Really? Here in Germany they're not always accepted on the other end. This would allow people to verify that the signed document actually came from the person who supposedly sent it...
Re: (Score:2)
Really? Here in Germany they're not always accepted on the other end. This would allow people to verify that the signed document actually came from the person who supposedly sent it...
I didn't say that anybody accepts (or sends out) signed emails. I said it's already possible to sign emails, so there's no reason to come up with an alternate infrastructure. Instead of spending X to get government services and a few companies to use de-mail, they could have spent Y << X to get government services and a few companies to install GPG. Of course that'd result in widely deployed public cryptography -- including strong end-to-end encryption -- something that must not be.
Re: (Score:2)
Is end-to-end encryption absolutely necessary for sender verification?
Re: (Score:2)
No. But in pretty much any decently engineered crypto setup, if you can do signing you can also do (end-to-end) encryption. Which is why they didn't create a decently engineered crypto setup.
Re: (Score:2)
Then why the fuss? Sure, end-to-end encryption would be nice, but the main purpose (sender verification) is fulfilled, as far as I can tell...
Re: (Score:2)
They're spending a lot of money implementing a new technology to accomplish something that old technology would have done cheaper and better, and they're enforcing uptake of the new, inferior technology by legislative means, at the same time obstructing the uptake of the better alternatives.
That's the problem isn't it? (Score:3)
Re: (Score:2)
I'd love to have widely adopted secure end-to-end non-reputable email...
We already have non-reputable email; most of it is known as "spam". I believe you meant non-repudiable.
Re: (Score:2)
"It purports to solve problems that are already pretty much solved -- spam, reliable delivery -- while not solving all the difficult ones and introducing new dangers for the customers"
A strange conclusion. I don't see how spam has been "pretty much solved" at all. Current anti-spam techniques are far from ideal and phishing is an extremely serious, still-emerging, problem. Also, making wild predictions on a technologies uptake upon initial announcement is a complete guessing game. If you could know for sure
Re: (Score:2)
In other words it's not actually email but a government controlled message system.We should ask the people of Egypt, Libya, China ect if this is a good idea.
Re: (Score:2)
I always thought it would be neat to take a thumb drive of public keys, and a photo ID and have the post office sign them. Maybe a yearly fee to have the USPS host the public keys on the internet.
Re: (Score:3, Insightful)
As a native German, I can confirm this. Encryption is only used for Client Server communication.
There are further flaws in the concept. For example, our government lately decided that de-mail addresses do not have to be visually distinguishable from other mail addresses (i.e. de-mail addresses do not share a common tld, nor do the tlds have to contain something like "de-mail"). Instead, they came up with the idea that email client vendors could implement a mechanism for telling users whether an email addre
How does this prevent zombie spam? (Score:2)
Spam sent from zombies will be encrypted and signed with the certificate of the zombied computer. so how does this help?
Re: (Score:2)
After the damage is done and 200+ persons in the address book already have received the spam.
Plus countless other people. A certificate revocation does take some time.
Re: (Score:2)
out of thin air? (Score:2)
So why didn't we read about this on slashdot before? Or did I miss something?
Re: (Score:2)
Wikipedia: "The project was announced in 2008"
Google: couldn't find a coverage of de-mail on /. before
Living in Germany I've heard about it several times before.
Re: (Score:3)
Because the editors choose the shittiest submissions. (I sent a few too.)
You sent in a few of the shittiest submissions?
No wonder you're posting A.C.
Re: (Score:3)
DHL, i.e. "Deutsche Post" isnt participating in De-Mail at all. Since the basic purpose of De-Mail was to obsolete a large part of legally binding snail mail, and Deutsche Post realized they would be hit the hardest by this, they developed their own competitive service called "Deutsche Post ePostBrief", which works exactly the same as De-Mail, but of course isnt compatible with De-Mail, so you cant interchange legally binding emails between providers. Deutsche Post is kinda alone in their camp, since basica
Re: (Score:2)
http://service.deutschepost.de/faq/wie-steht-die-deutsche-post-zum-geplanten-de-mail-gesetz [deutschepost.de]
Natürlich unterstützen wir die De-Mail-Initiative des Bundes und werden – sobald das Gesetz in Kraft ist – eine Akkreditierung als De-Mail-Anbieter beantragen.
Schon jetzt erfüllt der E-POSTBRIEF die hierfür erforderlichen Standards, soweit sie nach dem derzeitigen Gesetzesentwurf absehbar sind.
(Loose translation: We support the de-mail intiative and will apply for an accredition as soon
No, thank you. (Score:3)
Re: (Score:2)
It is not even encrypted. Just a the mailservers use encryption for the transport and the system is seperate from the normal internet mailservers.
My guess is, it is SMTP-authentication over SSL/TLS for sending mail so they know exactly who send it (atleast which e-mail client).
Re: (Score:3)
Re: (Score:2)
Yes, I'm sure that is interresting. But why not use DNSSEC, SSL/TLS-certificates, SSL/TLS Certificate Authorities and DKIM which already solve all these problems.
1. SSL/TLS-certificates are created by the Certificate Authorities
2. SSL/TLS encryption for communication between mailservers
3. SSL/TLS encryption with authentication for delivery from the user to the mailserver
4. DKIM signing of the e-mail on the mailserver to verify that the mail came from the user
5. DNSSEC to publish the DKIM key
6. DNSSEC to ver
Re: (Score:2)
nobody prohibits you from using your gmail account, this is just that when dealing with state offices (e.g. tax office, land registry, local authorities, voting), their registered email would be useful.
Re: (Score:2)
You may be able to encrypt beyond the government's ability to decrypt But how can you handle a court forcing you to reveal the contents? Worse yet I would not be so certain that simply using encryption may in itself be enough to attract one of our current star chamber types of discovery.
Freedom of speech is not lost at the moment it is squelched. The freedom to speak dies the moment you u
Re: (Score:2)
You may be able to encrypt beyond the government's ability to decrypt But how can you handle a court forcing you to reveal the contents?
IANAL, but at least in the USA, the fifth amendment protects you against self-incrimination. I do not think you can be compelled to divulge an encryption key if doing so would provide any evidence you committed a crime. Any decent lawyer and/or the ACLU's could probably prevail with this argument in court.
The trick, of course, is that the prosecution will typically give another party who has access to the encrypted data immunity from prosecution, so the 5th amendment does not apply. Then that party can be c
Every mistake in the book (Score:5, Informative)
They put a price on every email.
The system will not provide end-to-end encryption: Mail will only be encrypted to and from the mail service providers.
While the accounts are free, individual mails will cost money.
Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.
Did I mention that mails cost money?
I have recommended to everyone who has asked me to stay away from this system if at all possible. Don't even get an account.
Re: (Score:2)
Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.
How is this different from mail delivered to your snailmail box? "I wasn't at home" has not been a particularly good excuse for a very long time.
The lack of end-to-end encryption is another matter entirely, and a rather obvious strategy to ensure that the government can eavesdrop. So much is clear.
Re: (Score:2)
Or it would be sent via FedEx or UPS, again requiring a signature.
Not so sensitive items, bills and such, don't require a signature, but you're still on the hook. Mail carrier left the door to the mailbox open, and your mortgage payment invoice got blown down the road? You are still on the hook for the payment.
Re: (Score:3)
Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.
How is this different from mail delivered to your snailmail box? "I wasn't at home" has not been a particularly good excuse for a very long time.
Actually that is a very, very good excuse when you require proof of delivery/acceptance -- since those are usually signed-for. Recipient not there to sign ? No proof of personal delivery. The difference with DE-Mail is that messages count delivered when they hit your service provider, no matter whether you read your account or not. This can have far-reaching consequences under German law.
The lack of end-to-end encryption is another matter entirely, and a rather obvious strategy to ensure that the government can eavesdrop. So much is clear.
Yes, and the lies and bullshit they spew when defending this are even more so. Too bad too few people will get the messag
Re: (Score:2)
Recipient not there to sign ? No proof of personal delivery.
IIRC, this is not true. In particular the kind of mails that involve legal proceedings can be considered as delivered even if you weren't there. It sometimes is even written explicitly on top that for legal purposes you were there personally. German laws are strange.
Re: (Score:2)
Recipient not there to sign ? No proof of personal delivery.
IIRC, this is not true. In particular the kind of mails that involve legal proceedings can be considered as delivered even if you weren't there. It sometimes is even written explicitly on top that for legal purposes you were there personally. German laws are strange.
There was a reason I put in "personal" there ;-) You can get products like proof of delivery (Einschreiben Einwurf) which do not prove you personally received it, but which do prove that the letter was delivered to the address given. Then there is a product with proof of PERSONAL delivery (Einschreiben eigenhändig), which proves the recipient has personally received the piece of mail (but which also requires the recipient to sign for it of their own volition).
You are however correct that under German l
Re: (Score:2)
Yeah, I hardly ever check the mailbox, once a week tops - unless I'm expecting something.
Re: (Score:2)
> How is this different from legal messages arriving in your physical mailbox when you are away (in hospital/on vacation)?
You claim to the sender (and have to prove if he disagrees) that you were not able to retrieve the letter for that reason and any deadline has to be restarted. The legal term is restitutio in integrum (although it seems the US uses restitutio in integrum only for demages?).
Dibs on the nickname! (Score:1)
From the sound of it, it'll almost inevitably end up costing money. With that in mind and by the powers vested in me by absolutely nobody in particular, I hereby dub it "feemail".
(One *could* say that it is supposed to be a kinder, more respectable alternative to the rough-and-tumble wild west of existing (e)mail, but then there are those who think it's just a prettier version that will inevitably cost a bunch of money.)
Looks like my Aunt was right... (Score:3, Funny)
...when she sent me an forward claiming the government was going to start charging for email!
Why use de-mail when gpg exists? (Score:3)
Why would I volunteer to use a government sponsored program that I may get charged for when I can just use Enigmail in Thunderbird, or gpg the message otherwise?
Second problem: "It will allow service providers to charge for sending messages".
Major fail. It sounded almost good until I read that.
Re: (Score:2)
Re: (Score:2)
well that and ease of use.
Setting up openPGP is a pain for someone who has never had to deal with it before, and not mention then you have to have the other end using the same encryption.
while it makes sense, people aren't very smart about these techie things and really don't want to think about it.
I don't encrypt my email simply because 99.9999999999999% of end users don't know what it is or how to decrypt it, or even which tools to decrypt it with.
Re: (Score:2)
This is the fault of email client developers. I haven't used KMail in quite some time (I've since switched to a GTK/XFCE desktop so Claws-Mail is the client of choice these days), but when I had a KDE 3.x desktop, I remember that I was struck by how seamless KMail made GnuPG, even S/MIME. If all email clients made GnuPG as seamless as KMail, you'd see more use of encryption.
Really, encryption need not be difficult, not much more difficult than typing https or getting redirected to https when you just t
Re: (Score:2)
I completely agree. Lack of widespread email encryption is likely the fault of webmail developers and Microsoft (with regards to Outlook) not supporting the encryption in their interfaces. And of course they wouldn't- it's completely contrary to the interests of a large corporation to give its customers privacy.
On the other hand, I use Evolution for my email, and it supports GPG out of the box. When writing a message it's a simple matter of checking a box in a menu at the top to encrypt it; two boxes for si
Re: (Score:2)
I don't encrypt email for the same reason. It's secure enough for it's purpose. Certainly allot more secure than regular postal mail sitting in a letter box next to the road. Email encryption really needs to become integrated as a standard within the clients. I think encryption as a whole will become much more widespread over time; especially with today's governments.
Re: (Score:2)
So you have to install an add-on, and then the recpients have to install an add on, and both sides then need to exchange keys.
so you have 4 steps before you can even consider sending encrypt mail. Someone needs to simplify the process( while not actually removing steps)
Re: (Score:2)
What's wrong with Hushmail?
It provides SSL encryption on servers protected by Canadian laws, including Canadian privacy laws. While they respect U.S. court orders, there's no reason to believe that such orders could be executed in secret outside an investigation of a crime recognized by both Canada and the U.S.
PGP is stronger, but a people aren't using it, so practical applications are limited.
Re: (Score:2)
From a security-conscious standpoint, the fact that Hushmail has the capability to read their users' emails is a concern. Never mind that they only said they'd do it if the government told them to (which should be no real comfort at all). As we've been saying to the FBI recently, any backdoor at all could potentially make the entire system worthless because there's no way to guarantee control of who uses it.
PGP, on the other hand, has no central authority that can give up your communications. No need to tru
Re: (Score:2)
What's wrong with Hushmail?
This:
protected by ... laws
I might as well not even bother with encryption if I am going to turn to "laws" to protect me. Hushmail is snake oil cryptography, which is what I said when it was first described to me years before the DEA bust.
U.S. court orders
Court orders should not result in plaintext being produced by a third party, regardless of why the orders were issued.
PGP is stronger, but a people aren't using it,
Then people should be educated, not given snake oil.
Re: (Score:2)
"I might as well not even bother with encryption if I am going to turn to "laws" to protect me. Hushmail is snake oil cryptography, "
I disagree here. While it's true that you can't expect any service provider to protect you more than the laws permit, if you choose those laws, the situation and the country very carefully, you can ensure that the service provider has more to lose than you do.
The idea that a company is going to break the law arbitrarily with your data is paranoia. Your landlord could bug
Re: (Score:2)
legal binding (Score:2)
The point is that mails sent through De-mail have legal binding, so you can use as proof at court.
Re: (Score:2)
Why would I volunteer to use a government sponsored program that I may get charged for when I can just use Enigmail in Thunderbird, or gpg the message otherwise?
Second problem: "It will allow service providers to charge for sending messages".
Major fail. It sounded almost good until I read that.
As a sender, you get to deliver stuff to DE-Mail addresses and they count as legally delivered. This is going to be very good to have for collection agencies or governmental agencies. Senders also get to save a bit compared to paper delivery while legally on the same footing. Senders also get proof of identity for the recipient. Senders get to spout bullshit about using the latest and most secure email standard ever.
Recipients get shafted, in more ways than one.
Czech govt. already did (Score:5, Interesting)
And it's been a failure, for a number of reasons:
- it cost a fortune to deploy
- one message costs an equivalent of about 1 USD, which means no one uses it except for communicating with the government
- it relies on a proprietary (although free as beer) rather obscure application for Windows, fortunately a non-profit foundation later developed a cross-platform library for accessing the mailbox
- once you register into the system, any official letter you get is automatically considered delivered, so you cannot deny receiving it, that's why any sane lawyer will discourage from getting such an account ever unless you are obligated to
Obviously, because so much money already burnt, the mailbox system is here to stay.
Obligatory (Score:5, Insightful)
Your post^Whuge government engineering proposal advocates a
( ) technical (x) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re: (Score:2)
Ultimately, the main problem I see with this is that many people will have trouble with keyloggers and rootkits, but having a centralized governement sponsored identity checker for crypto message
Re: (Score:3)
Cryptographically signing emails has been possible for decades. The government could have lead by example by simply doing that on a wide scale, encouraging businesses to do the same. For instance, after buying stuff online, you unfailingly get an invoice per mail, something I think businesses are pretty much required to do (if they don't snailmail it, of course); why not just require them to sign it for it to be a valid invoice. Of course, signing and encrypting go hand in hand, and LEO and the interior int
Re: (Score:2)
They could also just sign people's keys for them and require sufficient proof of ID at the time to make it official.
if it's anything like Deutsche Post's E-Postbrief (Score:3)
... they better forget it.
It costs from 55 eurocents to send one "email" (to multiple euros if you want confirmation, even if there is no snail-mail/paper involved). The interface is arcane with no 3rd party integration, of course there's no end-to-end encryption (and the "mails" are way less legally protected than normal post) and there are some really nasty conditions attached:
- you have to check your mail EVERY WORKING DAY (that includes Saturdays, not that it matters)
- you can't delegate this "check mail" duty to anybody (note that there isn't anything wrong in letting your wife/neighbour/etc in charge of your physical mailbox if you trust them).
Re: (Score:2)
Email should cost one penny per message (Score:2)
Charge one penny per sent message. That is all we need to do to stop spam. So simple.
If anyone wants security, there is S/MIME, widely available and widely supported.
Re: (Score:2)
It's beautiful how you came up with that simple idea all of your own, and so elegant ! Implementation is not something to worry about, that's for the people who don't have ideas, they can do that easy work. Go plebs, implement !
I deduct points for not mentioning CompuServe and it not having any spam. I mean come on, that was so easy to reference !
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It's the impossible part. It simply is not feasible. As such, the "idea" is a dud and timewaster.
Re: (Score:2)
The implication then, is that reflection on what should be is a waste of time.
Good thing that Gandhi did not feel that it would be a waste of time to even contemplate ways to evict the British.
The US political system is very messed up. Any concept for how to truly fix it is inconceivably difficult to implement. Therefore, according to your thinking, let's not even think about it, since it is a waste of time. Let's only think about what is easy to do.
Re: (Score:2)
The implication then, is that reflection on what should be is a waste of time.
Good thing that Gandhi did not feel that it would be a waste of time to even contemplate ways to evict the British.
The US political system is very messed up. Any concept for how to truly fix it is inconceivably difficult to implement. Therefore, according to your thinking, let's not even think about it, since it is a waste of time. Let's only think about what is easy to do.
That's an interesting reading of what I said, albeit entirely untrue. The implication is not that we should not try to better ourselves, the implication is that we should not go the way of knee-jerk thinking that sees a very simple solution to a very hard problem and makes that simple solution be the silver bullet. Making email cost money is a very elegant and simple solution with one caveat -- it does not work. This has nothing to do with Gandhi or not trying to find a good solution to the spam problem (co
Re: (Score:2)
Re:Email should cost one penny per message (Score:5, Insightful)
1 penny where?
If the sender's e-mail server is charging the penny, how does the recipient's server verify that the penny has actually been collected? If it means only accepting e-mail from servers at known ISP's you're going to break most business e-mail servers. Also, it's essentially just a white list, so why not just implement a white list and forget about the money.
If the recipient's e-mail server is charging the penny, how do you verify who sent the e-mail so you know who to charge? Also, even if you do get rid of spam, you just created a new replacement fraud. The spammers infect a million computers and get them each to send one e-mail to random addresses at the spammer's e-mail server. Viola, the spammer gets to collect $10,000.00 How many people are going to notice their e-mail bill is off by a couple of pennies that month?
This is setting aside that the financial system isn't really prepared to handle billions of one penny transactions every day. You can aggregate, I suppose, but who verifies all the e-mail servers are doing their bookkeeping properly?
Re: (Score:2)
That problem has been solved 20 years ago. Some nifty crypto does the trick. There are, in fact, plenty of decentralized electronic currency implementations around. Their problem is that nobody uses them.
Re: (Score:2)
Re: (Score:2)
I agree with you there are better things than charging a penny. We can already see what happens when you do with SMS and VoIP.
For example, people are hacking VoIP lines and then making fraudulent calls to numbers with large termination rates. The guy at the other end gets his cut and disappears.
People are also attacking smartphones and doing similar things - signing up for premium SMS services, etc.
However, we already do have financial systems which are prepared to handle billions of one penny transactio
Re: (Score:2)
Charge one penny per sent message. That is all we need to do to stop spam. So simple.
If anyone wants security, there is S/MIME, widely available and widely supported.
Ooh look -- My new email business is to batch zip all incomming / outgoing emails, send / recieve the batches, and unpack them at the other end.
Peering agreements between mail-batch-zip providers will allow all email to traverse freely once again.
If you have any questions, click the "reply" link and fill out the form. You may be charged 1 cent to hit "submit" (unless you are already a customer of Slashdot's mail-batch-zip service).
There's something like that in Italy as well (Score:2)
There's also a variant (CEC-PAC) to communicate with government offices only.
Great big pile of sh*t (Score:2)
Yet another example of either clueless politicians, attempting to do "a good thing" all the while creating on over regulated, technically inferior system, or the clever attempt to get yet another way of snooping on the people while making them "feel good and safe" ...
The good thing at the moment is that it's not mandatory to have or use the POS email service. At the prices currently discussed(55 âcent per email - same as for a regular letter!), I doubt it will find many people who are interested in usi
difficult from a legal standpoint (Score:2)
Legally a mail in that system has arrived at your place, even if you cannot get it because you are on vacation or your computer/internet broke down. That's a big legal problem obviously.
Re: (Score:2)
You are forgetting that this is a German project. There is no reason in German law.
S/MIME & PGP (Score:2)
There are already standards for authenticating the sender of mail and encrypting the contents of those mails, it would be far better to encourage use of these existing standards rather that come up with something completely new and incompatible with everything else.
back to the 80's (Score:2)
Yes (Score:2)
This is a completely retarded idea. It was thought up by people who think email works like the postal service. What it does great is accumulate control and bureaucracy where it is not needed; what it does badly is any kind of security.
If the federal government of Germany wanted to actually effectively help people secure their online communication, they would certify actual end-to-end encryption and electronic signature programs for official use, and provide some kind of root CA (or the PGP equivalent). Inst
Re: (Score:2)
The idea that this idea is retarded, is retarded.
Simply put, when you add a pay per use campaign on emails, not only does it give you more of a paper trail, it allows the people sending out spam to know they are infected, and after a few times of being charged by their ISP for this extra email, of which I agree should be a cap so as not to offend too much those owners, maybe say a cap of 25$ a month for all the emails their infected pcs put out.....then they could be made to know that this will occur every
finally (Score:2)
after 10 years of posting about this, the germans come out with it, its about bloody time!, now we will see a sharp decline in spam emails....just you wait and see. Siting past posts does nothing for my karma, but if you want to see some of them, just check some rants and raves from my past about email spamming.
Re: (Score:2)
as far as I can see everything this service provides has been done better for free elsewhere.
nothing novel.
but it'll probably be pushed hard by the german government.
and if it works even poorly then other governments will follow their lead because since what happened in egypt, tunisia and libya governments the world over are suddenly terrified of the net.
Re: (Score:2)
Once the encryption on the end can be faked so someone else will end up with the costs and even have the cops knock down their door?
Re: (Score:3)
This is the way to go, it is what I use when I want to send encrypted email. There are some big problems with PGP/GPG where government could help, these are:
Once they have done that then
Re: (Score:3)
This is the way to go, it is what I use when I want to send encrypted email. There are some big problems with PGP/GPG where government could help, these are:
Once they have done that then the normal commercial forces would kick in: some people would pay for s/ware that works, others would use FLOSS; it doesn't really matter -- it is the standard that is important.
Right on. All I'd have to do is to trust the German key (they could publish the fingerprint in Frankfurter Allgemeine Zeitung or something) and I could communicate with anyone in .de.
And that is why I resent the "OMG I would never trust a system where the government is involved!" comments here. Handing out public identities for people is precisely what governments *are for*. Without the government, we are clearly stuck where we are today: with unsigned and unencrypted mail.
Re: (Score:2)
Combine it with DKIM and DNSSEC and your are done.
Re: next one (Score:2)
No, the next one after gmail would be HeMail, pronounced
Ahee-Mayal.
Homestarrunner FTW!
http://www.homestarrunner.com/main8.html [homestarrunner.com]
"Email" tab
Re: (Score:2)
Starts to be the same crap everywhere - not only Germany. Look at the "bastion of freedom" (The United States) again and see how it really is.
Feels like the world of Max Headroom [maxheadroom.com] is going to be a paradise utopia soon rather than a dystopia.
Soon we will have blipverts... And stuff like AdBlock Plus [mozilla.org] will be illegal.