Are you new to the whole p2p thing? This is a terrible standard to hold new technology to. The web is broken.
reply> Sure, you can do client-side encryption and pretend serve can't see the plaintext, but it's just a theatre,
replyKeeping a private keep on the client to sign your activity is a fundamental cryptography practice.
If you use a private key to sign your emails or git commits, it’s not security theater.
If you were to have to upload your private key to GitHub or your email provider, that would be severity theater.
> Is author new at the whole web thing?
Unnecessarily mean comment.
> This is just how the web works, and there is no easy around it without losing features people care about [...]
replyWell, apart from using a separate email address for every single "provider"?
(Spoiler: there's no way I'm going to sign into your service with a shared email ... you get <youservice>@<me>.com)
Some services only allow signups from the big free providers like gmail/outlook/etc. because those providers are doing more consistent KYC and anti-spam measures than anyone else by far, and unfortunately it does cut down on the amount of spam by a lot. For most people nowadays you cannot even create a new gmail account without directly linking it to a mobile phone.
reply