It’s been a while since I have started thinking, or worrying, about my email security. And since few days ago my PGP key was compromised, I’ve been changing my passwords and emails on sites I’ve been on and I’ve been wondering if my email is secure and stable enough.
The thing about current email system is it’s easy to take control of it. Many email providers are resided inside the United States or where US government has jurisdiction over. Even if they don’t reside where US government has power, they probably use a domain name which is controlled by American companies.
We know that if the domain name ends in .com or .net, or many other TLDs, it’s seizable by the US government. It means my website can be seized by US government easily. They don’t even have to communicate with my domain provider, they can simply talk to Verisign (the technical company controlling.com domains) and seize the domain. Same goes for my email provider, Riseup, which has a .net domain.
The stability of the domain names is another problem. Imagine all maintainers, or at least those who control the domain name, get arrested over request for data of a user, and they remain in jail for enough time for the domain to get expired. Why would happen then? You can imagine.
I used to use my own domain for my email address. The thing that worried me, and made me change it, was that there’s a chance that I get arrested over my political activism and my domain will be left with no renewal and I eventually will lose it. Or my domain can be seized by cops and they can redirect my mails.
My domain is my identity online. If anything happens to it, I can lose my identity. Whatever I publish on my site is believed to be from me. What I say or publish is exactly like me myself standing somewhere in the city and shouting them to listening people. What happens if a oppressive regime takes control of my domain or site? They can say anything to anyone and pretend it’s me saying them.
People who read me supposedly trust me. One who takes over my domain can misuse their trust in my name.
It wasn’t a long ago since US government seized some Iranian-owned domains accusing them of spreading misinformation. This power over web, which is basically impossible to be on without having a domain, is dangerous.
A decentralized domain system, something like what we have with Tor Onion domain services is much needed. An onion address is generated by the site owner using Tor network. It is also only available on the Tor network, nowhere else. So you should configure your system to run Tor or use Tor Browser.
At the time, Riseup’s Tor address is “vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion”. See how it’s different from the normal riseup.net we use? The domain extension of it is “.onion”, which is different from normal “.com” or “.net”, etc. It is automatically generated by the Tor Onion service running on the server Riseup is operating.
The benefit of onion addresses is that it’s truly decentralized and no entity, not even those behind the Tor software and services, control it. It’s directly from the operators of the specific web site you’re visiting and since you can only visit the web site while you’re running Tor browser or are configured to run Tor network on your system, all data sent and received from that web site is encrypted and anonymous. Using it correctly will make you completely anonymous and tracker-free, the way the web should be.
Also, the decentralized domain system by Tor gives people opportunity to have chance of free speech online, what we’re missing for a long time. It is made possible by special privacy practices done by Tor developers, making it possible to have privacy and security online.
However, it will cost you to run a Tor network and not all server and hosting providers will let you run a Tor network on your space. Many will shut you down if they find out about it and others who don’t are very cautious about what can happen to them (who can blame them?), often easily giving your personal data to authorities when requested (or not?),
I admire the work done by Tor. I think they’ve planted a seed and developed what is the foundation of what we need as a decentralized domain name system. However, it is not enough. A decentralized domain name system should be accessible for everybody. We need something like what we currently have with normal TLDs, but decentralized.
People should be able to simply run their own domain without worrying about any inconsistencies. Without worrying about a provider banning their account for saying what the provider wasn’t pleased to hear. People should be able to have their own domain, and a safe space on web, without worrying about a government being able to seize it.
I don’t know how it can be developed or even what aspects it may have. I’m not sure about technical details of it, and I don’t know how it can affect the web we have today. All I know is that it’s so necessary for the sake of all of us.