You know what I reckon would be cool? If all the throngs of organisations and companies who claim to be open would actually establish themselves in the distributed, open source Fediverse. That'd be cool.

If they wanted to join this Mastodon instance, I'd be happy to approve their accounts - all they'd have to write in response to "why do you want an account on our server?" is "We're keen to walk the talk and stop being hypocrites". If they write that, they're in.

Show thread

@selea just another reason I'm pleased I didn't adopt their service (and set up my own mail service, which, frankly, is superb).

@selea full credit, though, to the folks at Mailcow.email, as I use their dockerised install.

@selea yes, I've found it librating, and an opportunity to be generous to my friends. I host email for myself and many others. 3 MailCow instances, all about 2-3 years old. They are remarkable and inspiring technology, created by impressive and generous folks.

Follow

@foxmask @lightweight @selea

Probably go with managed hosting.

ยท ยท 1 ยท 0 ยท 0

@zleap @foxmask @selea that's always an option. The mailcow.email crew offer a managed service. But it costs $, because it requires their time and expertise. And doesn't depend on being able to exploit your data (and that of your correspondents).

@lightweight @foxmask @selea

GPG is a good way round people reading your e-mails providing the recipients also understand and use it.

@zleap @foxmask @selea yup, been using it with that vanishingly small sliver of my correspondents for the past 10-15 years :)

@lightweight @foxmask @selea

It would be good to know why less and less people are using it, so that can be addressed.

@zleap @foxmask @selea most people think email is totes secure. My bank does. I've had a long discussion with their head of online security. He didn't fill me with confidence.

@lightweight @foxmask @selea

Hmm opposite to my experience I have had e-mails where a long signature includes about e-mail not being secure.

Unless we get GnuPG or similar as part of basic IT training then people will think opposite extremes.

If banks signed their e-mail it would be much better and probably easier to spot scams

@zleap @foxmask @selea banks are generally run by people who don't get tech. My bank (in NZ) has a reasonably informed CTO (with whom I spoke) but he essentially said that proper security protocols are beyond them. He assured me they'd have a 'secure upload' facility 2 years ago. It's not there yet. The bank still routinely instructs people to sign documents (e.g. account signing authorities) on paper, scan, and email them as unencrypted attachments. They're about 20 years behind.

@lightweight @foxmask @selea

Yiou need to understand the issue so you can recruit the right people to help make things secure.

Weare short of cybersecurity experts here in the UK too.

@zleap @foxmask @selea the big problem I see is that the people whose job it is to find the 'right people' don't know how to identify a right person. It leads to poor decisions all around.

@lightweight @foxmask @selea

Indeed, as people have said here too much focus on bits of paper, not actual ability to do the job in many cases.
Box ticking does not seem to lead to the right outcomes.

@lightweight @zleap @foxmask @selea I think "time and expertise" are good reasons to pay $ for (unlike giving "the ability to exploit your data"). I personally feel confident in having self-hosted things to test and play with, but for critical things like email, with at least baseline security, certificates etc... not so much ๐Ÿ˜•

@miren @zleap @foxmask @selea fair enough. We all have to make that call for ourselves. Having worked for companies offering those services for money, I know that I'm as capable as the folks running lots of those systems, and I've got self-interest as well, so I'm happy to back myself in that role. :)

@lightweight @miren @foxmask @selea

Perhaps we need to provide good quality information so people can make their own decisions.

er

@miren @lightweight @foxmask @selea

I feel hhe same way I can set up a raspberry pi, sort of set up Apache or ngnix to serve basic web pages but doing all that securely is beyond me

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves. A STEM-oriented instance.

An inclusive free speech instance.
All cultures and opinions welcome.
Explicit hate speech and harassment strictly forbidden.
We federate with all servers: we don't block any servers.