My alma mater is setting up "lifetime email accounts" for alumni. Which seems nice, and makes sense for them trying to get their message out with a connection directly to alumni.

I'm surprised that email accounts haven't become more of a thing with most people having a mail client that will combine multiple accounts (their phone).

Imagine if your doctor gave you an account where you could send/receive messages. If they never left the server and used secure protocols to connect it'd work.

@ted Sorry, but I don't think your idea is very sound. The entire point of SMTP is that it is an open, standardized protocol allowing for decentralized messaging between autonomous systems. Security of communications can be facilitated without the need for centralization simply by ensuring messages are encrypted end-to-end.

Your proposal creates huge admin/user overhead and a problematic dependecy model on the technical accumen of every provider with whom you need to communicate.

Do not want.

@sean while I understand your point end-to-end encryption of email is basically non-existent in common usage today. The technology has been around for 30 years but never gotten significant adoption.

I think we're at the point of needing to remove that from the list of possible solutions.

@ted The only reason it's not in common usage is because the predominance of email users use "free" email services that are ad-supported. Content encryption is counter to the interests of the provider.

Regardless, I'm in opposition to the idea of creating "portals" of communication for every provider with whom you do business. It would give users even less control of their data. My ability e.g. to retain the emails with my doctor may be at the mercy of their system (i.e., no forward, export).

@ted Which would you rather your lawyer have in a malpractice lawsuit? A digitally signed/crypted email from your doctor containing misinterpretted test results stored on your own server - or a vague recollection of a message stored in his secure "portal" that conveniently got deleted for "security purposes" after some arbitrary retention period defined in a 2000 word privacy policy?

Follow

@sean by using standardized protocols you'd be able to backup data as you see fit. For instance, IMAP has a plethora of tools for just that. The lock-in happens when the protocols to access the data are proprietary.

While I might prefer a signed email, what I have today is a website with a "messaging" feature and a proprietary closed source app for two proprietary phone OSes.

@ted Perhaps, but realistically would you prefer to manage and secure (and rely upon a provider to secure on your behalf) multiple (eventually many) IMAP accounts? What happens when you change doctors, or visit a specialist? Or change insurance companies, or banks? At some point, how many of these IMAP accounts would exist? Do they age out? What kind of requirements do we place on the providers to ensure the security and retention of the communications? What provider would want to take that on?

@ted Don't misunderstand me - I don't have a simple answer to the problem. If I knew a way to facilitate distributed, private, secure, end-to-end encrypted messaging that gave users total control of their data and was simple enough to use that the average consumer could do it...

I'd be a tech billionaire (hint: I'm not).

But as H. L. Mencken said, "For every complex problem there is an answer that is clear, simple, and wrong."

@ted And I know I said "...simply by ensuring messages are encrypted end-to-end." By which I meant the concept is simple. Sadly the implementation is not.

BUT neither do I think it's impossible.

@sean those are all problems I have today.

Each doctor I got to has a different medical records system with different accounts. There are some ways to get data out, but they're not in any way standard or are there ways to import. This includes specialists, and insurance companies.

I have no way to even figure out what their data retention policies are. They're mostly agreed on by local professional organizations to reduce individual liability to the point where I can't sue.

@sean @ted

I think we all agree that a system of a few open, secure and decentralized communication protocols would be the ideal thing, but we won't have that until a large portion of the population (plus politicians!) changes their mind.
Until then, I think Ted's suggestion holds merit.

The drawback is of course that too many people only use webmail and share passwords between accounts -- but improving on that seems more realistic in the short term.

@sean @ted

What I have today is medical providers sending sensitive data in unencrypted e-mails because they don't know that encrypted mail exists and believe it's only for ciminals and worse.

Last time I pointed the problem out, I spent 10 minutes on the phone explaining why this is not okay. I eventually gave up and just pointed at regulations which say that it's indeed not. I got a shrug and a "well if you insist..."

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!