Joint custody of data

Benjamin Mako Hill has long hosted his own email server. In Google Has Most Of My Email Because It Has All Of Yours, he rethinks that strategy after this conversation:

A few years ago, I was surprised to find out that my friend Peter Eckersley — a very privacy conscious person who is Technology Projects Director at the EFF — used Gmail. I asked him why he would willingly give Google copies of all his email. Peter pointed out that if all of your friends use Gmail, Google has your email anyway. Any time I email somebody who uses Gmail — and anytime they email me — Google has that email.”

Benjamin goes on to analyze his email archive and arrives at this sobering conclusion:

Despite the fact that I spend hundreds of dollars a year and hours of work to host my own email server, Google has about half of my personal email!

How could we manage our hosted lifebits in a way that enables our bits to commingle without loss of control? It’s easy in principle, though hard in practice. Here’s the easy-in-principle approach. An email is not a bag of bits that I send to you. It’s a bag of bits that I park in my own personal cloud, which is a cloud service that I trust, and/or a set of devices I own. I don’t send you the bits, I send you a link. Access to the bits, via that link, is governed by permissions I set.

You, conversely, authorize me to follow links that invite me to access your messages and replies. We both end up with archives of our conversational threads. Yes, of course, there’s nothing to prevent either of us from violating trust and sharing those threads with the world. But there’s no intermediary, we communicate directly, and we have joint custody of our mutual data in what Groove called a shared space.

There are, of course, all sorts of reasons why this is hard-in-practice and may never happen. But are they good reasons?

9 thoughts on “Joint custody of data

  1. It seems like shared links is a vastly different way of communicating, and is very similar to reading a page on a website. Email is still definitely rooted in the Unix-Unix-Copy-Protocol that preceded SMTP, where things get transferred in ftp-like fashion from one host to the next. Exchanging hands all along the way through MX hosts to SMTP hosts and finally to your mail store on maybe yet another host. Linkages seem at lot less intrusive that way. I’m reminded when Google announced their Google Waves project. Waves was attempting to work around the email design principle of moving a text file from one physical location to another one:

  2. There’s deep psychology behind our need to feel, when we send and receive, that things are actually being sent and received. So yes, the experience ought to feel that way even if it doesn’t exactly work that way under the covers.

  3. I don’t think the reason for “true send/receive” is purely historical or psychological: there’s a case to be made for the practical advantages of keeping a copy of the messages I receive. If your server goes down, or the software changes, or you pass away, I could loose your half of past conversations.

    1. As I envision it, we each have copies of one another’s messages. The difference is that my archive knows that the “source of truth” for your messages is your archive, and yours knows the converse.

  4. The deeper issue here is sharing data with people who then treat that data insecurely. If you send me a super secure message with every bit of crypto in the universe and it transits my hacked box then game over in terms of the privacy of that data.

    That having been said, just because 1/2 your data has been compromised (in the gmail example) that doesn’t then make it sensible to compromise the other half! So this argues for keeping your own mail server and convincing your friends to use more secure ways to communicate.

Leave a Reply