Yes, please! I don't like giving out weird aliases like franzap.squirrels789@domain
Allowing to rotate the random word would be cool, and maybe even having the ability to remove it for sats
Discussion
So for you, it is important that the alias is reasonable. Anything else that you find important?
By far the biggest problem here is privacy. Since email is plaintext (and some email is quite private) you, the operator, need to establish yourself with a reputation of high integrity... that you won't be reading/scanning/associating content with npubs. What are your thoughts on that?
Definitely. Alias is for increasing privacy, so we need strong guarantees.
The current plan for increasing privacy:
1️⃣ Open-source, so you can verify the code
2️⃣ Emails are stored as Private DMs, so encrypted
3️⃣ Your data is stored on nostr, so you can anytime move
I see 2 biggest problems now:
1️⃣ Smtp receives the emails in plain text
2️⃣ If your private key is compromised, your email history is compromised
The 2️⃣nd is a general nostr problem, so probably we get to use a solution, or I will think about one, if the base is ready.
The 1️⃣st seems kind of the toughest on the trust side, because you have to trust the smtp server relaying your mails onto nostr. As the rest is already happening behind private messaging/data storage on nostr.
I want to solve first the 1️⃣st problem.
Until that, if I release, source code can be verified, and smtp code will be small, so easy to verify.
Also I don't plan to read/associate or scan emails. This means spam filtering has to be solved on the user side, as usual on nostr. And because smtp code will be small, it will be easy for you to verify that no reading or so happening there.
But I want to minimize the trust further, but not yet know how. Maybe somehow I shall host the smtp servers for the users, therefore, they always control how their emails are relayed.
Sounds good. It doesn't matter if the SMTP server is open source - we still need to trust the operator. The only thing that fixes that is your reputation (open source helps there but probably not enough)
Yes, unfortunately if the server that converts the plain text mails to some encrypted something (an smtp) is not in your control, you have trust involved. And it there is trust, you need reputation to have some "punishment". I would be gladly not having trust though. Maybe the other idea helps a bit, but I have to design that to see how it is possible.