By far the biggest problem here is privacy. Since email is plaintext (and some email is quite private) you, the operator, need to establish yourself with a reputation of high integrity... that you won't be reading/scanning/associating content with npubs. What are your thoughts on that?
Discussion
Definitely. Alias is for increasing privacy, so we need strong guarantees.
The current plan for increasing privacy:
1️⃣ Open-source, so you can verify the code
2️⃣ Emails are stored as Private DMs, so encrypted
3️⃣ Your data is stored on nostr, so you can anytime move
I see 2 biggest problems now:
1️⃣ Smtp receives the emails in plain text
2️⃣ If your private key is compromised, your email history is compromised
The 2️⃣nd is a general nostr problem, so probably we get to use a solution, or I will think about one, if the base is ready.
The 1️⃣st seems kind of the toughest on the trust side, because you have to trust the smtp server relaying your mails onto nostr. As the rest is already happening behind private messaging/data storage on nostr.
I want to solve first the 1️⃣st problem.
Until that, if I release, source code can be verified, and smtp code will be small, so easy to verify.
Also I don't plan to read/associate or scan emails. This means spam filtering has to be solved on the user side, as usual on nostr. And because smtp code will be small, it will be easy for you to verify that no reading or so happening there.
But I want to minimize the trust further, but not yet know how. Maybe somehow I shall host the smtp servers for the users, therefore, they always control how their emails are relayed.
Sounds good. It doesn't matter if the SMTP server is open source - we still need to trust the operator. The only thing that fixes that is your reputation (open source helps there but probably not enough)
Yes, unfortunately if the server that converts the plain text mails to some encrypted something (an smtp) is not in your control, you have trust involved. And it there is trust, you need reputation to have some "punishment". I would be gladly not having trust though. Maybe the other idea helps a bit, but I have to design that to see how it is possible.
Random idea:
User can select the smtp service version that it wants to relay its emails with.
This would mean that when user registers, he can verify the code of the different smtp service versions, and select one that fits his needs.
This would basically mean, that he is fully in control which smtp service relays his emails, and it can't be change without his approval.
So it is like installing a software on your computer, and being able to update, or iust opt out.
So no change would be enforcable on the user.
#grownostr #plebchain #nostr #email #privacy