I have attempted to read two articles on your site. As I am a privacy-focused person the articles were of interest to me. Both times I haven't gotten past reading the opening sentences when an obnoxious pop-up appeared asking for my email address. It seems ironic that someone publishing articles on privacy advocacy would be so keen to collect my email address. This practice also creates a real miserable experience and I have simply closed the page immediately both times. If someone is interested in subscribing to your newsletter why not simply provide a link for them to do so at the end of an article?

Yes, asking for an e-mail for site-update-sending purposes is very sketchy. That's what RSS is for, just publish a feed like a good netizen.

And indeed, your site does have a RSS feed, so what's with the e-mail address collecting? Rude!

An email address is public information not private. You can have as many as you like for different purposes.

Email addresses are not public in general. They are not supplied to every site you visit automatically, and should not be manually supplied to every site you visit either. Whether it's a unique per-site address or not, it only makes sense to give it to people/organisations you want correspondence from. Therefore, sites that ask for it when you start reading an article seem really sketchy.

I'm definitely not a power user, but I see and understand the issues.

But for someone like me, if I take all this advice, there is still the aspect of trusting the domain registrar, maintaining a personal email server, hosting, CloudFlare, etc. etc. I have just shifted some risk of offending Google to some other risks of 3x more companies that I have to remember how to deal with now.

So what difference does it mean to me, average user, that I just stick with Google and don't misbehave, versus open myself up to having to deal with 3 other manual processes and companies to remember? It's turtles all the way down.

You see the dilemma for the average user.

Nice. I'd highlight that conceptually, there are two entirely separate concerns here:

1) the front, if you so will - the emails which you give out and to which people (or algos) send you stuff

2) the back, where you receive and read your emails.

For many people, for example:

1) abc@gmail.com

2) gmail.com web mailer, or gmail app on mobile, or native OS app on the computer

You suggest a complete revamp:

1) catchall at own domain: anything@mydomain.com

2) one (or several) protonmail/fastmail accounts

But it's worth highlighting that people can get many benefits already by

1) catchall at own domain: anything@mydomain.com (as you explained)

2) keep whatever you're using now.

Just forward 1) to 2). Then you can start handing out the new email.

Really good article, could you share it as a hn submission by itself? Would love to see a discussion around it

Lately I try to avoid submitting my own website, per the HN guidelines discouraging promotion (the one exception is when I find a submission to be time critical). I only link to my own site in threads where it's directly and precisely relevant, such as this one.

If you found it valuable, you should submit it yourself. I'm not interested in the accumulation of updoots, feel free to get 'em. :)

I'd rather other people decide what subset of my writing is relevant to HN, as I'm no good at it: I'm too close to the work. (I only write about things I care a lot about.)

I don't care that much for the upvotes either btw

But the article is very well written and would be a shame if we didn't got other opinions here in HN, kudos for you, already added it to Pocket for later

Will try to get it rolling then

Thx for that. Great help for many of us.

But why referring to Protonmail and using Fastmail for yourself?

> The fact that FastMail might be subject to the new Australian crypto key escrow law

FM is saying it doesn’t affect them, as they are not a secure provider and can already give any information out upon lawful requests.

Do you disagree with that?

Fastmail’s specific response: https://fastmail.blog/2018/12/21/advocating-for-privacy-aabi...

That in short, the A&A bill is about breaking end-to-end encryption, which Fastmail has never had anything to do with. It’s scary-sounding legislation, and I reckon it’s misguided at best, but it honestly doesn’t affect all that many businesses [note I’m saying businesses rather than people; many affected businesses will be among the largest ones, serving consumers], because end-to-end encryption of communications is uncommon, because it’s so frightfully inconvenient for all parties involved, because now the server is necessarily dumb and the client has to do a lot more work, and things like searching are typically just altogether broken because you’ll need the full index on the client to do a search.

(And specifically of the domain of email, I wouldn’t trust first-party encryption; if you care about governments accessing your data, first-party encryption such as ProtonMail offers is almost equivalent to no encryption if you can’t verify the code that is running, since that party may be compelled to backdoor the code to steal your password. This is one of the many reasons that Fastmail has never implemented PGP, ⅌ https://fastmail.blog/2016/12/10/why-we-dont-offer-pgp/.)

This is exactly how I understood it. But maybe I'm wrong?

Thx for your detailed feedback. Appreciate it.

So your advice would be to go with Protonmail all the way, as you wrote it within your blog?