undefined | Better HN

0 pointsLoganDark1y ago0 comments

My doctor does it ("you have one new notification, log into our system to see it"), financial systems do it ("something something happened on your credit report, log into our system to see it"), legal systems do it ("you have something something communication, log in to download it"), etc. It's utterly infuriating.

0 comments

SoftTalker1y ago

Some of these places are between a rock and a hard place. HIPAA or other rules may prevent a doctor from using email to send you personal medical information such as test results. For any of them, email isn't "secure" and they don't want to be accused of "leaking" personal or confidential information.

GPG exists, but it's been a non-starter for the average user the entire time, so no reason to expect that it will suddenly become workable now.

briHass1y ago

Ironic, because it's assumed your email is insecure and visible to more than just you, but it's used as a password reset and/or 2FA mechanism for almost everything.

It would be nice if sites had a checkbox that allowed you to affirm that your email is secure and private, so then detailed emails were sent.

SoftTalker1y ago

There's no way to guarantee that. SMTP is not a secure protocol. Your message could be read by any intermediary along its delivery route.

grayhatter1y ago

It is possible to deliver emails IFF the receiving server presents a valid TLS connection and cert. I don't think I've seen anyone actually enforce that though.

2 more replies

LoganDarkOP1y ago

It could also be that they want to know when some communication has been received (by the real person, not the email server) and that's not possible with email. I still maintain that I hate that practice because I just don't want anyone to have that information, I want to be invisible.

AStonesThrow1y ago

> HIPAA or other rules

Sure, sure, rules, yeah.

But there are plenty of reasons that are as numerous as reasons to build a walled garden.

If they’re storing your records, then they control the audit trail. They detect every time you, or someone, visited that site, logged in, viewed pages, downloaded or viewed a document, changed settings, updated profile, added contact info, deleted contact info.

They control the expiration and retention periods. They control the file formats. They control the uptime and the downtime. They control the horizontal and the vertical. Oh wait, that’s on T.V.

There will be increasing gauntlets to run and obstacles and hurdles to the consumer getting our hands on documents and information. Until we really need that proprietary online viewer to open the file at all. Or at least their mobile app. Or you could pay fees for records access. It costs them to store it all, does it not?

SoftTalker1y ago

Absolutely those things are all valid concerns. But even if they are not doing those things, email is problematic for delivering confidential information.

chii1y ago

If physical post is acceptable for such things, i see no reason why email cannot be held to the same level.

1 more reply

j / k navigate · click thread line to collapse

0 comments

SoftTalker1y ago

GPG exists, but it's been a non-starter for the average user the entire time, so no reason to expect that it will suddenly become workable now.

briHass1y ago

Ironic, because it's assumed your email is insecure and visible to more than just you, but it's used as a password reset and/or 2FA mechanism for almost everything.

It would be nice if sites had a checkbox that allowed you to affirm that your email is secure and private, so then detailed emails were sent.

SoftTalker1y ago

There's no way to guarantee that. SMTP is not a secure protocol. Your message could be read by any intermediary along its delivery route.

grayhatter1y ago

It is possible to deliver emails IFF the receiving server presents a valid TLS connection and cert. I don't think I've seen anyone actually enforce that though.

2 more replies

LoganDarkOP1y ago

AStonesThrow1y ago

> HIPAA or other rules

Sure, sure, rules, yeah.

But there are plenty of reasons that are as numerous as reasons to build a walled garden.

They control the expiration and retention periods. They control the file formats. They control the uptime and the downtime. They control the horizontal and the vertical. Oh wait, that’s on T.V.

SoftTalker1y ago

Absolutely those things are all valid concerns. But even if they are not doing those things, email is problematic for delivering confidential information.

chii1y ago

If physical post is acceptable for such things, i see no reason why email cannot be held to the same level.

1 more reply

j / k navigate · click thread line to collapse