I don't have the skills necessary to build it, but this feels like this scandal could be a good catalyst to start an adoption of a secure email replacement.
Perhaps someone could explain how starting from scratch and building an encrypted p2p email system would be insecure?
That is, an imaginary mail client (hosted or local) with encrypted storage, transfer and constant processing of emails routed to other active mail clients. Perhaps split and routed over several nodes, as with Skype. Without the PGP-style need to exchange keys in advance, and based on an open standard of some kind. File transfer could be interesting this way, as with BitTorrent Sync.
Spam filtering an anonymous, encrypted service such as this seems nigh on impossible. Could there be a way to enforce accountability? Or whitelisting only messages you want to receive on reviewing sender/title details? Not any practical way I can conceive. Perhaps the only way is to manually approve each new contact. Clicking 'no' to 1000 spam addresses a month might get a little tedious, however. A shared blacklist could do the trick, but it's hardly a robust solution.
I've often thought this to be the most obvious direction to look in for a solution, yet I'm very sure that I'm simplifying the likely vast problems its developers would face.
So, after using HNSearch for recent PGP comments, it turns out that at least one such solution exists [1]. It can be found here: https://bitmessage.org, along with its interesting whitepaper from 2012 outlining its operation.
That is, an imaginary mail client (hosted or local) with encrypted storage, transfer and constant processing of emails routed to other active mail clients. Perhaps split and routed over several nodes, as with Skype. Without the PGP-style need to exchange keys in advance, and based on an open standard of some kind. File transfer could be interesting this way, as with BitTorrent Sync.
Spam filtering an anonymous, encrypted service such as this seems nigh on impossible. Could there be a way to enforce accountability? Or whitelisting only messages you want to receive on reviewing sender/title details? Not any practical way I can conceive. Perhaps the only way is to manually approve each new contact. Clicking 'no' to 1000 spam addresses a month might get a little tedious, however. A shared blacklist could do the trick, but it's hardly a robust solution.
I've often thought this to be the most obvious direction to look in for a solution, yet I'm very sure that I'm simplifying the likely vast problems its developers would face.