Jordan Hall
software, crypto, math
https://oighty.eth.limo

Contact

Make Email Decentralized Again

What is the most important account you have online? The account that if it got hacked or you lost access to it, it could cause the most pain and headaches for you.

If your answer isn't your primary email account, then you either have really good opsec (separate emails for important accounts), a large amount assets in crypto (such that getting millions stolen would be worse), or you didn't consider that: Email owns the internet. A common answer might be an online bank account, but you can regain access to that via the email it's tied to. You can also call your bank and put a hold on any wire transfers or lock the account down if it is compromised.

Most services create a username from your email address, which is used for recovering access if you lose it. Improvements have been made to this overtime. You can now use your account with your email provider to login into many services (e.g. Login with Google). Another option is to use your account on a major social media platform (e.g. Facebook, X), but access to this is gated on the backend by an email address.

Fairly early on, developers building applications on the internet realized that users forget passwords and need to be able to recover their accounts. Ideally, this would be a self-service actibity that didn't involve the developer. A few methods were tried, security questions being one of them, but email quickly became the go-to "forgot your password" recovery method.

With the advent of account abstraction crypto wallets, some providers are even creating services where you can create a wallet that is attached to your email, and then recover it if needed in the usual "forgot your password" format. The goal of this is to make it so general users don't have to be responsible for storing their private keys securely. However, I think this is misguided and leads us down a path of more centralization of the internet, not less.

The problem with email

Ok, so we use our email address as our primary access control mechanism for most of the internet and it has become a sort of identifier for you as a person. So what? It works. Email is an old, tried and true technology, and one of the killer use cases of the internet. Major tech companies have created scaled, secure mail infrastructure all the while giving you an account for free.. They have made what was once a challenging activity (setting up and operating a mail server) into a commoditized product.

Therein, lies the rub. Email itself, like the internet, is a (set of) decentralized protocol(s). However, in practice, it has become centralized around a few large providers. Most companies, let alone individuals, get email services from a major provider. The cost / benefit analysis of running your own server doesn't make sense for most people. It's also become much harder to run a mail server without getting blacklisted, so what's the point?

Centralization of email, like with banking and social media, provides many conveniences and allows for economies of scale. The downside is you give up control, control over accessing the account and control of your data. Without control over access, they can shut you out. Without control over data, they can use/sell/disclose it.

Control over access

You don't truly own your account if the provider can lock you out of it. Worse, if you get locked out, you lose access to all the accounts that are attached to that email, in addition to your emails. An account can be locked at many providers for violating their Terms of Service, "suspicious" activity, and other reasons. I won't focus too closely on this, but it is likely possible for governments to compel providers in their jurisdictions to block access to your account if they deem it necessary.

This doesn't affect most people day to day. However, it's not a problem, until it is a problem.

Control over data

Most email providers do not support encrypted email. By "encrypted email", I mean sending and receiving of messages that are encrypted using a public key that you as the user control (and not the service provider). Most services encrypt your data in transit and at rest using keys they control, but they can still access your data. The reasons for this are varied, but amount to a combination of being able to offer better features by having access to the data and "most people don't care." Examples of features are server-side search, indexing, training AI models for writing completion, and for determining which ads to serve you. "If the product is free, then you are the product."

Some privacy-focused providers, like Proton Mail, do allow configuring GPG encryption, but if you send an email to a regular provider from Proton Mail, they will not have a GPG key to encrypt against and the provider will be able to access the content of that message. This example highlights that it's not just a single provider that you're entrusting with your data, but any message you send to someone with an account at another provider also gets a copy. Therefore, the extent of potential loss of privacy is expanded.

Of these two problems, this one likely affects the most people. It's also the harder one to solve. It's hard enough to get your friends to use encrypted messaging, let alone get people to set up email encryption. Ideally though, any solution to making email less centralized would encourage encryption by default to increase adoption.

Do Passkeys help?

We've established that the provider is in control of your access. Therefore, they are also responsible for securing against others accessing your account. Username and password logins are still the standard across the industry (there aren't any other auth providers to fallback on once you're doing email, the others depend on you). Safely storing your password and verifying it when logging the user in is a solved technical problem. If you roll your own mail server, there is much higher chance that you mess this up than the major companies. With major providers, the main risks are that you choose a weak password or use a password across multiple sites and one of them has a breach. Fortunately, a new solution has been rolling out over the past year: Passkeys.

Passkeys are an improvement on passwords because the provider never receives your "secret" in the first place, and, therefore, can't leak it. While not a revolution, passkeys improve the security and UX of logins. They will feel familiar to those in the crypto industry, which makes sense because the foundation is a public/private key pair and signature validation. So how do you store passkey? There are three(ish) main options:

  1. Local device (perhaps in a secure enclave) - the most secure method (to prevent intrusion), however, if you lose, break, lock, etc. the device, then you can no longer access the account with that passkey. Similar in concept to a crypto hardware wallet.
  2. Browser profile - similar to how browsers have password managers built-in, they are also being updated to store the private part of your Passkey. This is probably the least secure solution, but allows for easy syncing across your devices and is easy to setup.
  3. Cloud-based password manager - inherits the same access problems as we discussed above for the email accounts, but adds another layer where you could be locked out. That being said, likely more secure than browser profile storage and more recoverable than local device storage. Examples are iCloud Keychain, 1Password, Google Password Manager, etc.

Passkeys are great, and it's good to see providers implementing them for mass adoption. However, they do not solve the core access and privacy issues with centralized email providers. They can be part of the solution though.

Should we get rid of email?

No. Email is a core primitive of the internet and massively useful. We just need to make it more decentralized again and allow users to take back control.

Towards more decentralized email

In order to achieve a vision of more decentralized email, there are roughly four steps, each of which are progressively more difficult.

  1. Remove provider's access control
  2. Add encryption by default for all users
  3. Decentralize data storage (requires encryption for emails to not be made public)

This month I've been working on Basemail as part of the Coinbase Onchain Summer Buildathon. It's not a full-fledged solution, nor even a functioning mail client. It's a proof of concept for the first step of taking back access control over your account.