> Absolutely. I didn't mean to seem uncharitable to the average sysop. We've all been there.

Hehe I've met some pretty self-important sysops so let's not be too charitable here ;) (just a joke!)

> Unfortunately we've let this slip, and entered a cultural interregnum in which we kinda expect emails to be read by others, and even assume they will be. That's not okay. Because even if we fix-up the protocol level there's a residual expectation that it's alright to work around it "because we need to read peoples' emails", right?

Is this specifically an email thing? There's a weird culture I've encountered in older organizations that place a lot of emphasis on networks owned by an organization. The organizations themselves seem to have almost a fetish for controlling data that goes across their networks and likewise their net/sysops partake in this culture of absolute control. Maybe it's the same people who are incensed today that social media can act like a safe harbor. Maybe it comes from a time where the cost of sending/receiving a packet was legitimately quite expensive. I'm not sure. I'm glad that most modern attitudes on network management have given up the idea that owning a network means total control of every packet that enters and exits it.

> Yes, I absolutely agree with you. If email can be fixed it has to happen at a whole new "Tor for email" level. Hell, maybe we could all start running our servers as open relays again, given that we'll not know exactly what we are routing.

There are a whole bunch of projects in this space. Everything from overlay networks (Yggdrassil, Zerotier, Tailscale) to mixnets (like Nym) to remailers (like Bitmessage.) We just need to spread the word.

> If all sysadmins and developers knew they could go to jail for reading or enabling another to read private communications sent with a reasonable expectation of confidentiality, we'd be in a very different place.

> But I think the law has a part to play. If only to kick-start the initiative to secure email, because right now the surveillance capitalists and spooks are entrenched in a criminal mind-set. Caveat Dolev-Yeo notwithstanding, one can't build trustworthy systems on that culture however good the tech.

I'm a big fan of this idea FWIW. I just think, realistically, adoption will be slow as small ISPs and organizations throw temper tantrums about how they're being steamrolled by Big Tech and use than as an excuse to both read/intercept traffic and to offer subpar QoS to their customers. There's only so much to be gained by suing a tiny ISP in Florida that is sending mail in the clear because they downsized their netops staff years ago and now they still serve 5 elderly customers who don't want to switch through the occasional contractor.