cross-posted from: https://beehaw.org/post/20493770
^ indeed this is cross-posted back to the same community it originated, because slrpnk.net was offline when the post was introduced and Lemmy is not advanced enough to sync caches with original communities.
Email is a non-starter for reasons such as not being in control over who the other party chooses as an email supplier (thus resulting in Microsoft being fed all email traffic).
So snail-mail is the winner. My snail-mail obviously gives a mailing address. From a practical standpoint, that’s all I need. But it would be good to show some kind of electronic means of communication in the letterhead. Not directly for practical use but more of an expression that says “I’m not a luddite but you need to fix your shit” (in so many words).
Requirements:
- must be secure. A low standard of security is fine; it just cannot be so shitty that giant surveillance capitalists can see and exploit the payloads.
- must not rely on any non-standard or proprietary protocols.
- must have at least one FOSS toolchain available.
- must be suitable for documents sent asynchronously.
- ideally a different unique address can be furnished to each recipient.
Candidates:
- XMPP
- onion e-mail (email service by surveillance capitalists cannot send to @*.onion addresses)
- (hypothetical) clearnet email address hosted by a server that blocks inbound MS & Google server connections
- fax number
One problem with the above candidates is I don’t think the 1st two options have any kind of aliasing (I only know of one onion email service that deliberately lacks a clearnet alias, and it does not have aliasing on the userid portion). So I would have to create many accounts and they would never actually get traffic. They would just be symbolic. And the third candidate does not even exist AFAIK.
Problems with the fax number: these are not cheap and I would need a fax number for different countries. Also fax services are gatewayed so some senders send an email to a fax service the dispatches a fax, in which case Microsoft would still see the payload.
I find XMPP to be /more/ reliable than email, which is largely due to anti-spam zealots like #SpamHaus who block or blackhole email on the basis of IP address, along with countless other anti-spam techniques that cause collateral damage to legit email. I actually cannot send email to Google or MS users because of this crazed zealotry that has lost sight of the purpose of security: availability.
XMPP is certainly glitchy and has a variety of issues, but at least it has not yet been sabotaged by anti-spam zealots, and large corps using anti-spam measures as an excuse to break the platform for those not patronising a large corp.
That’s for person→gov msgs. It is not something I can put in my letterhead as a way for them to reach me. Also, the webforms likely just result in an email transmission that traverses MS servers in-the-clear anyway.
ok, lets just assume xmpp is reliable enough to use. And a government agency is will to adopt it to prove that all out.
What libraries for Java/C# are available under an FSF approved license that would enable one to securely send XMPP messages to the public?
As governments don’t like being mailed or emailed anything. They want you to login to a thin wrapper around a database and perform basic data entry so that they don’t have to pay someone to do that data entry.
They are only going to message you to deal with password resets or data entry tasks they want you to do (legally required renewals, reviews, etc).
The gov can /want/ all they want. It is the gov who serves the people, not the other way around. And we (the people) are have some control. That is, if you object to the gov’s email policy or hosting company, you can simply withold your email address. You can send them snail mail. Then they have to pay someone to scan it and react. This is in fact what I do.
I include an XMPP address along with OMEMO fingerprints in the letterhead. It’s mostly symbolic. No one actually uses it. Exceptionally, some attempt to use my XMPP address as an email address. So now I write “note: xmpp is not email” next to the xmpp address.
no, the government doesn’t serve the people it serves power.
Unless power thinks you as a group are worth the effort, they will ignore your mailed documents, state you failed to file paper work and you now have to deal with (problems incurred due to not having completed the paper work).
Paper processes are going away. Oh, they will keep mailing you stuff for a while but nations and states are implementing SSO systems and the scanning/indexing systems are disappearing. Replaced by “You scan and upload” combined with you extract the relevant bits so we can cut staffing again.
But the point was, there are no good XMPP libraries that would enable a willing government to easily onboard that support. If there were, it would be a very different discussion.