Privacy

40029 readers

343 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Email alternative for organizations (aggregatet.org)

submitted 4 months ago by det_nya_livet@aggregatet.org to c/privacy@lemmy.ml

13 comments fedilink hide all child comments

A common situation in my life is the following: a small-ish organization consisting of somewhere from 3 to 50 people need some type of way to be reached as a group. The current solution is to have an email adress, normally with a password that is shared in some way among the trusted subset of members that need to be able to access the email directly.

The solution isn't great for multiple reasons:

Sharing a password among multiple people isn't great, 2FA is tricky
Most email communication are readable by the email provider, unless PGP is correctly used. For most people, PGP is non-trivial to use correctly, and meta-data will not be encrypted even with correctly used PGP.

But it has the following upsides:

A single stable address to reach the group
Communication is gathered in one place, searchable, possible to for multiple members to track communication with someone that has reached out.
Easy to use from any device anywhere

Ideally we'd like all of these things: sensible access controls, some level of transparency within the org regarding who has responded to what messages, an address that is easy to share with people outside the group, minimal (meta)data accessible by the providers, and easy to use across devices.

How do you handle this? What would your recommendation be? I have considered setting up a Signal account, but having multiple signal accounts on a single device is non-trivial, as is setting it up on a new device, meaning that probably each group would need a single dedicated device, which isn't super practical.

you are viewing a single comment's thread
view the rest of the comments

[–] poVoq@slrpnk.net 10 points 4 months ago* (last edited 4 months ago) (11 children)

I am confused why you would use a single email address instead of a mailinglist.

It is also possible to set up a private forum with mailinglist capabilities.

Generally speaking it is better to find a trust worthy host, or host on your own hardware than trying to repurpose some public service and hope e2ee alone is sufficient.

[–] det_nya_livet@aggregatet.org 3 points 4 months ago (10 children)

The purpose of the email addresses tends to be something like contact@example.com - it's the central place outsiders contact the org. A common way to work with it would be that emails are checked during the orgs weekly/monthly meeting, incoming emails are discussed, and someone is tasked with writing a reply with the group's response to the email. I haven't seen mailing lists being used for this type of thing, but I guess that could be a solution for the password sharing, but at the cost of having individual email addresses in-house - some type of individual accounts would probably be necessary either way to get away from the whole shared passwords situations...

The appeal of Signal is that it's managed and has some level of security by default. My impression of securely configuring email, in particular on someone else's hardware, is that it is very technically challenging, but it's also not something I've ever attempted. Would you say my impression is correct?

I'm slowly also realizing that this is probably also a key requirement for a lot of these orgs: they do not have dedicated IT people or a lot of cash. A lot of the time there's someone with some IT interest, but rarely with time or interest in long term admin-ing.

[–] poVoq@slrpnk.net 3 points 4 months ago (1 children)

Hmm yeah, I thought this is about organisation internal discussion. Of course if it is just a mailbox for outsiders to use, you could just configure some forwarders so that multiple people get the emails and can respond from their own account if necessary.

Selfhosting email specifically is quite hard. Not so much technically, but because of how a few large providers have cornered the market and drop most self-hosted emails reaching them with the excuse of fighting spam.

Hosting a forum that requires login credentials (incl. 2fa etc.) is quite easy though. But I guess that wouldn't work as a way for outsiders to contact you.

[–] det_nya_livet@aggregatet.org 1 points 4 months ago

Right, forwarders solves the password issue, but the encryption issues remains. Any thoughts on how to handle that? PGP in my experience is non-trivial to set up correctly, and even when correctly setup does not protect metadata.

load more comments (8 replies)