Why I hate Email
So that I stop boring my friends, colleagues and clients with a rant about how terrible the technology email is, I thought I would write a post so that I can outline my argument and hopefully inspire someone to fix it.
TL;DR – for those who simply want the take away headlines: email is fundamentally insecure, distracting, and cumbersome, and here’s why…
“At best: We can invent new secure message services that could replace email.” - http://www.digitaltrends.com/computing/can-email-ever-be-secure/
TIP: This has been written so you can get summaries of all arguments by simply reading the bold text.
Email is an old technology (relative to the fast developments of digital technologies), its the grandparent of digital communication. Born out of the 60s and 70s Cold War military complex, the development of the APANET, and academia, email in various guises was one of the first developments of protocols to sit onto of the internet (others include: The World Wide Web, FTP, voice over IP). Though we now have flashy email clients and email can send media files, very little else has changed over the years with the email protocol itself.
Email is insecure. Not even casually insecure like HTTP, but really insecure as it suffers in the same way as HTTP by being routed through other computers on the network to get to it’s destination, but without a good encryption layer such as HTTPS, email fails to prevent your messages from being eavesdropped on or accessed via the server they are stored.
“Email has to go through potentially untrusted intermediate computers (email servers, ISPs) before reaching its destination, and there is no way to tell if it was accessed by an unauthorized entity. This is different from a letter sealed in an envelope, where by close inspection of the envelope, it might be possible to tell if someone opened it. In that sense, an email is much like a postcard whose contents are visible to everyone who handles it.” - https://en.wikipedia.org/wiki/Email_privacy
Email also uses the DNS system for routing which can be spoofed, shutdown or redirected by everyday hackers or services not working properly. The above stipulates the network issue of email – it is insecure while in transport between sender and receiver.
Most email servers also store emails as plain text, so if someone else were to access your server then they would easily be able to read your stored emails as they are not encrypted by default.
With both of these issues your current options include: simply using some other technology (for example both iMessage and WhatsApp claim end-to-end encryption which, if true, would mean it would be unlikely your message contents could be read in transit); sending using encryption plugins like openPGP (though mass adoption prevents this from being a real solution); encrypting your server that stores your emails; or just continuing to send insecure, readable messages.
As is probably obvious by now, it is not advantageous to send sensitive information over email. You may be worried about hackers getting hold of this information (which is possible), but you should also worry about your personhood in the age of digital technologies – what do I mean? In light of the Snowdon leaks it is apparent that government organisations have the power to listen in on communications. Given that email is insecure by default, this is a real issue for keeping a citizen’s communications private. Secondly, does anyone use Google Gmail, Yahoo Mail, Microsoft Hotmail or Outlook? Generally, these services mine your emails to better serve you ads, but what else could they do with this information? Do you really want to allow large corporate entities to view your breakup emails, holiday plans, digital passwords (or more taboo activities)?
Imposter / phishing / malware
As the email protocol is open and insecure it can be used for various activities from the simply annoying to the mischievous. Spam, impostor messages, phishing and malware, in my view, all come under the heading: things that email shouldn’t have but does because it is a terrible technology. Sorry to be so in your face about this point, but it shouldn’t be this way – why? Because these things could be fixed. Spam: opt-out refusal of service from that domain; Impostor emails: create single token services using RSA encryption; Phishing: screen or disallow links to be html <a> tags; Malware: screen media or disallow downloading direct from unknown messages. OK, these aren’t well thought though solutions, but given the clever people out there why are we letting these things persist?
Ever tried to host your own email server? Yes? Then you know that its hard, annoying and you really wish everyone would simply use Gmail or similar so you don’t need to bother… I won’t get into how annoying this stuff is, but I’ll simply refer you back to how old the technology is.
Email is created to Bloat (much like Bitcoin in this way). Every email that is sent often appears in two places or more – the sender and receiver’s email client, and maybe even their devices. The problem with this is you can quickly have repetition of information leading to bloat (every email reply you make usually attaches the previously already read and saved message to the bottom – in a large email chain you may have duplicated the first message x number of times per message sent) which is fine on a small scale I may hear you say… but now think about the amount of emails you send and the number of people who use email in the world – this is an economic and environment issue to be fixed.
The firehose of email
Email is not an opt-in technology. It’s not even really an opt-out one either. An email address can be sent to without anyone accepting the communication. And equally if you receive a number of messages from a domain and want to get them to stop, your only option is to add to spam folder (but they’re still sending those messages, what a waste of time and electrical energy). For analogy, when someone calls your phone you have the option of not picking up, or if your receive a Skype call you opt-in to letting them communicate with you. To my knowledge, there is no equivalent in email which is one of the reasons we get hundreds of spam emails everyday.
There’s more to be said about the technology here but I’ll move on so as not to completely bore you.
Psychology / society
As I mentioned phishing is an obvious problem with email as it preys on people’s personal insecurity and ignorance. For example, when clicking on a link on an email you should always check the destination first – why‽ Because the google email link you just clicked on may have directed you to go.ogle.in/some-scam-name-here and not been sent from google at all, as is an imposter link (email phishing attack) to get you to give them personal information or even money.
This is a massive issue with email and could be solved easily by implementing a messaging system that verified its sender, allowed the receiver to opt-in, and screening html or simply showing hidden links by default.
Email is not your identity, it is not your personhood and it is indeed not who you are or where you’re going. This is a little abstract but from here on I will talking about human, organisational and society email issues.
We use email to identify us as users, to login to services and even to pay our taxes. I would argue that not only is this is reductionist to humans but also simply insecure. Log on to PayPal – Email. Login to Facebook or your Government services – Email. Email has become the defector way of verifying someone, but what is it your actually verifying? That you can host an email server on computer connected to the internet? That you can sign up to a free service that mines your messages for profit? Non of these smack of personhood to me (or tells you anything about the person themselves), so why do we keep using them? I’m not advocating citizen ID’s or biometrics here, simply that it seems odd to task an insecure messaging protocol to basically administer access to our lives.
Work / Life
There’s lots of great articles out there about getting good work / life balance, switching off from work, approaching your manager to stop sending you messages out of work hours (France have started to ban these practises – http://www.bbc.co.uk/news/magazine-36249647). We’ve termed this type of modernity as the Always on Society, in which you may hear phrases like digital burnout, always connected; and see services like Freedom (turn off your internet connection for a period), and articles written to help you tackle email overload such as slave to the email box.
A major contributor of this type of modern problem is the humble email. Whether its missing someones tone of voice putting you in a bad mood, getting depressed at pilling up email requests, or getting constantly distracted from work by email notifications; email is constantly in your face getting you to panda to it’s needs when in reality a quick face-to-face or phone call would do better (this again comes under bad email practises).
Again there’s a lot more to be said here, but I’m going to stop here for fear of overloading the reader. Email has served its time, but isn’t time we moved on?
- Actually useful advice for communicating over email – http://www.newlycorporate.com/2009/03/12/7-rules-for-email-in-the-office/
- Don’t let email control you – https://sidsavara.com/personal-productivity/prioritization/do-not-check-email-in-the-morning
- Email stressing you out?
- Freedom app – https://freedom.to/
- French ban on Emails after work – http://www.bbc.co.uk/news/magazine-36249647
- Talk by Edward Lucas on the insecurity of the internet – Cyberphobia: identity, trust, security and the internet - http://www.lse.ac.uk/newsAndMedia/videoAndAudio/channels/publicLecturesAndEvents/player.aspx?id=3207
Banner Icons from TheNounProject.com by Numero Uno and Landan Lloyd