-
@ hodlbod
2025-05-06 21:20:54
I think the takeaway here is just how insecure legacy infrastructure is, both in terms of platforms and in terms of email. Anchor makes me feel really insecure because of all the ways that I can surveil and hijack my users's authentication! But that's really a result of how much privacy people are used to giving away on the internet.
You could host your own instance of anchor, which would take care of the bunker url piece, but it would require you to run a server and use an email service (which can in turn then look at the content of your emails). You could go further and run your own email server, but that's a little over the top even for technical people.
One other possible solution I can think of would be to use PGP to encrypt the emails that are sent, but again, that solution has been shown to be too much hassle for anyone but the most paranoid to use on a regular basis.
The other day I was reading the original RSA paper, which starts with
> The era of “electronic mail” [10] may soon be upon us; we must ensure that two important properties of the current “paper mail” system are preserved: (a) messages are private, and (b) messages can be signed.
Ironically, email is neither private nor signed — but nostr is!