Friday, Dec 11, 2015 9:48 AM Ned Freed wrote:
And give up the email address they've had for many years, which they have
to all their friends and customers, printed on their business cards,
to mailing lists, and perhaps most importantly, attached to all of their
online accounts, some of which can only be changed by abandoning the account,
with all that implies?
Yes, once, so as to get out of the trap. Honestly, this is not rocket
science. My sister, who is really not fond of computers, runs a nonprofit
with its own domain, and her email address is in that domain. She has a fully
functional mail setup which, if Google stopped doing a good job, would be
immediately transferable to another mail service provider.
My wife, who is a good web designer but not particularly conversant in mail
headers, gets her mail service from a web hosting provider. They have been
doing a perfectly adequate job. She has her own domain. If they start
sucking, she can switch to Google, or have me operate her mail service, or take
some other option. She is not locked in.
I've lost track of the number of times I've patiently explained to someone
their problem was the result of crap service from their provider. I can count
on the fingers of no hands the number of times this has resulted in them
Right, you've been providing them with free support. Why would they switch?
This is precisely my point. You are their service provider, and you are
protecting them from the hassles they would otherwise endure at the hands of
their nominal service provider. If you could no longer provide the help you
have been providing because we closed down this privacy loophole, they would
suddenly have some clarity about their situation, and maybe take action to do
something about it. And you could provide them with really good advice on how
to do that in a way that avoids them being locked in again to their next mail
service provider, if that provider should turn out to suck.
In an ideal world, maybe. But here in the real world we have to take factors
like provider lock-in into account in assessing these tradeoffs.
I don't think that we should design protocols to account for provider lock-in.
It's not that hard to get out of a lock-in situation: start a new mail account
that's not locked in, and gradually switch to it. Use a high-entropy password
on the old account so that the botnets can't crack it. Done. This is really
just _not_ a hard problem, Ned. Even if you have to keep the old account
around in a read-only state for a decade, it's not a significant amount of
money or effort.
Sent from Whiteout Mail - https://whiteout.io
My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com
Description: PGP signature
ietf-smtp mailing list