On Tue, Apr 11, 2023 at 9:31 PM Bron Gondwana <brong=40fastmailteam.com@xxxxxxxxxxxxxx> wrote:
It's also decentralised in a way that:Skype in >10 years, 2 on Signal in five. Similar vanishingly low number of fake contacts on Facebook, Twitter, etc. None of those have contained malicious payloads.zero of these systems are decentralised, or even federated. So it's much easier to rate limit and look for behaviour patterns.Yeah, it's not the same thing at all.
My proposal is completely decentralized in every respect except one: Alice has absolute control over the set of people who can communicate with Alice.
So Alice can rate limit as much as she wants. Alice only wants to take ten telephone calls a week, fine. Alice doesn't want to take calls from the President of the United States, fine. Alice doesn't want to take telephone calls during the night in whatever timezone she is in, fine.
And no, this is not saying 'authentication solves everything', it is saying, 'access control puts Alice in full control'. I don't see why people have just given up on solving problems that matter to Internet users.
SMTP is decentralized in the wrong way. The decentralization is only in respect to the institutions that can offer email service. Individuals have never had control over who can reach them.