US Approves Google Plan To Let Political Emails Bypass Gmail Spam Filter

“The US Federal Election Commission approved a Google plan on Thursday to let campaign emails bypass Gmail spam filters. The FEC’s advisory opinion adopted in a 4-1 vote said Gmail’s pilot program is permissible under the Federal Election Campaign Act and FEC regulations “and would not result in the making of a prohibited in-kind contribution.”

The FEC said Google’s approved plan is for “a pilot program to test new Gmail design features at no cost on a nonpartisan basis to authorized candidate committees, political party committees, and leadership PACs.” On July 1, Google asked the FEC for the green light to implement the pilot after Republicans accused the company of giving Democrats an advantage in its algorithms.

-Jon Brodkin, “US approves Google plan to let political emails bypass Gmail spam filter.” ArsTechnica. August 12, 2022

Who does this serve? Does it serve the person using Gmail or does it serve someone else?

My suggestion: Don’t use Gmail. Protonmail is probably the easiest alternative to set-up and use.

Proton Is Trying to Become Google—Without Your Data

“These days, all Google and Apple and Big Tech talk about is privacy, so the best way to give our definition is to give the contrast. The way Google defines privacy is, “Nobody can exploit your data, except for us.” Our definition is cleaner, more simple, and more authentic: Nobody can exploit your data—period. We literally want to build things that give us access to as little data as possible. The use of end-to-end encryption and zero-access encryption allows that. Because fundamentally, we believe the best way to protect user data is to not have it in the first place.

-Gilad Edelman, “Proton Is Trying to Become Google—Without Your Data.” Wired. May 25, 2022

I’ve used the Protonmail app for Android and the Protonmail website. There is a free tier with 1 GB of storage. For €120/year, you can get a VPN, file storage and an encrypted calendar. While you can get it slightly less expensively if you buy it in pieces from elsewhere, this is a very reasonable solution. Recommended.

Why is Plaintext Better than HTML for Email?

“In short, HTML emails are a security nightmare, are mostly used for advertising to you and tracking you, are less accessible for many users, and don’t offer anything especially great for it.”

https://useplaintext.email/

He buried the lede. I went ahead and put it at the top. For more detail, read the below. Another in my ongoing series advocating for plain text: A Text Only World, OpenBSD & the Command Line, The Plain Person’s Guide to Plain Text Social Sciences, The Plain Text Accounting Program, etc.

Why is plaintext better than HTML?

HTML emails are mainly used for marketing – that is, emails you probably don’t want to see in the first place. The few advantages they offer for end-users, such as links, inline images, and bold or italic text, aren’t worth the trade-off.

HTML as a vector for phishing

HTML emails allow you to make links which hide the URL behind some user-friendly text. However, this is an extremely common vector for phishing attacks, where a malicious sender makes a misleading link which takes you to a different website than you expect. Often these websites are modeled after the login page of a service you use, and will trick you into entering your account password. In plaintext emails, the URL is always visible, and you can more easily make an informed choice to click it.

Privacy invasion and tracking

Virtually all HTML emails sent by marketers include identifiers in links and inline images which are designed to extract information about you and send it back to the sender. Examine the URLs closely – the strange numbers and letters are unique to you and used to identify you. This information is used to hack your brain, attempting to find advertisements which are more likely to influence your buying habits. HTML emails are good for marketers and bad for you.

Mail client vulnerabilities

HTML is an extremely large and complicated set of specifications designed without emails in mind. It’s designed for browsing the world wide web, on which a huge variety of documents, applications, and more are available. Implementing even a reasonable subset of these standards represents hundreds of thousands of hours of work, or even millions. A large subset (perhaps the majority) of these features are not desirable for emails, and if included can be leveraged to leak information about you, your contacts, your calendar, other emails in your inbox, and so on. However, because of the herculean effort necessary to implement an HTML renderer, no one has built one specialized for emails which is guaranteed to be safe. Instead, general purpose web browsers, with many of their features disabled, are employed in most email clients. This is the number one source of vulnerabilities in email clients which result in information disclosure and even the execution of arbitrary malicious code.

This is a list of 421 remote code execution vulnerabilities in Thunderbird. If you’re bored, try finding one that doesn’t exploit web tech.

HTML emails are less accessible

Browsing the web is a big challenge for users who require a screenreader or other assistive tools to use their computer. The same problems apply to email, only more so – making an accessible HTML email is even more difficult than making an accessible website due to the limitations imposed on HTML emails by most mail clients (which they have no choice but to impose – for the security reasons stated above). Plain text emails are a breeze in comparison for screenreaders to recite, especially for users with specialized email clients designed for this purpose. How do you speak bold text aloud? How about your inline image?

Some clients can’t display HTML emails at all

Some email clients don’t support HTML emails at all. Many email clients are designed to run in text-only environments, like a terminal emulator, where they’re useful to people who spend a lot of time working in these environments. In a text-only interface it’s not possible to render an HTML email, and instead the reader will just see a mess of raw HTML text. A lot of people simply send HTML emails directly to spam for this reason.

Rich text isn’t that great, anyway

Rich text features desirable for end users include things like inline images, bold or italicized text, and so on. However, the tradeoff isn’t worth it. Images can simply be attached to your email, and you can employ things like *asterisks*, /slashes/, _underscores_, or UPPERCASE for emphasis. You can still communicate your point effectively without bringing along all of the bad things HTML emails come with.

-ibid

Email & Tool Choice

Like everyone, I get more email than I really want. Most of it is newsletters. I usually use Thunderbird for email. It incorporates most of my email into one interface. It uses IMAP to pull the information from the email providers’ servers, so I don’t have to use some janky, javascript laden website for email. It also has a calendar integrated in with it using WebDAV, which is nice.

But, when I start getting to around 50 emails in my Inbox, I start getting a little twitchy. It’s too much. I know most people have thousands of emails in their Inbox, I am not them. And, the way I keep from becoming them is my secret weapon, Mutt. For reasons I don’t quite understand, I’ll see an email in Thunderbird and think, “Oh, I might want to read that later.” When I see the same email in Mutt, I’ll want to delete or file it it – and almost everything else too.

The Convivial Society Newsletter in Mutt

As you can see from the above, the newsletter is still readable. But, it adds more work because HTML is not what Mutt is best at displaying. And while I think The Convivial Society is great and would like to read every issue, Mutt asks a simple question: if not now, when? Which means you become much more likely to delete it. It’s also much easier to delete email in Mutt, just hit the D button, and it deletes the email and takes you to the next one. It can take you less than a minute to delete 100 emails.

Reflecting on this fact makes me once again think about how the tools we use influence our behavior. If you are using web email or even a computer application like Thunderbird, their user interface invites you to procrastinate and the emails pile up. Mutt, with its focus on free text, cuts through that dynamic. I’ve also noticed something similar on WordPress, where there is a significant difference in the kinds of posts I write using the WordPress web interface versus the kind of post I’ll write when I’m using emacs and org2blog.

So, moral of the story, be careful about the tools you use, and there may be advantages of using a less feature-rich application than may be apparent at first blush.

Explained From First Principles

“The goal of this website is to provide the best introduction available to the covered subjects. After doing a lot of research about a particular topic, I write the articles for my past self in the hope they are useful to the present you. Each article is intended to be the first one that you should read about a given topic and also the last — unless you want to become a real expert on the subject matter. I try to explain all concepts as much as possible from first principles, which means that all your “why” questions should be answered by the end of an article. I strive to make the explanations comprehensible with no prior knowledge beyond a high-school education.”

https://explained-from-first-principles.com/

Only articles on email and the Internet, but a good start.

The Inbox: A Scattered, Ad-Ridden Archive of Our Lives

“To examine our inboxes is to examine our lives: our desires and dreams, our families and careers, our status, our networks and our social groupings, our projects, our commerce, our politics, our secrets/lies/fetishes. Inboxes are anthropological goldmines, textual archives, psychological case studies, waiting to be plumbed and probed for the expansive cultural, ethical, epistemological, and ontological insights lurking therein.
On second thought: they are probably not waiting to be probed, but actually being probed, scanned and algorithmatized, by Google, Amazon, the National Security Agency, the Russians, Julian Assange, employers, ex-lovers who remember your password, current lovers who install surveillance software on your laptop to monitor emails to your ex-lover/next lover, hackers who create fake networks on any public wifi you log onto, and/or anyone else who cares to discover whatever “secrets” you are secreting into the tubes.

It makes more sense to assume your email is a public document than to cling to improbable expectations of privacy. The Post Office made a point of delivering our letters sealed, intact. But the email overseers can read through our inboxes at will without us being any the wiser, and they let others look too…”

—Randy Malamud, “The Inbox: A Scattered, Ad-Ridden Archive of Our Lives.” Literary Hub. October 9, 2019.

Every time I see something like this I can’t help wondering: does this person not realize that you can pay for email and by doing so, you can eliminate advertising and have a reasonably secure email archive? Off the top of my head, Protonmail, Posteo, Tutanota, and Lavabit are all reasonable choices for an email provider.

OpenBSD’s Guide to Netiquette

The OpenBSD’s mailing list page netiquette section is excellent. It is a distillation of how to communicate online, i.e.:

  • Plain text, 72 characters per line [or simplest formatting available]
  • Do your homework before writing
  • Include a useful subject line [or headline]
  • Trim your signature
  • Stay on topic
  • Include important information
  • Respect differences in opinion and philosophy

Using only plain text is extreme outside of email. But, the idea that formatting should not get in the way of content is good. Know what you are talking about. Help others to understand. Give them all the relevant information. Trim out anything that does not move the discussion forward or is confusing. Treat everyone with respect.

It’s good advice for any kind of communication and for life. It’s relevant to writing an email, a newsletter, a blog post, an article or anything else you may do.

Inbox Zero and the Search for the Perfect Email Client | Ars Technica

“Are you the sort of person who needs to read and file every email they get? Or do you delight in seeing an email client icon proudly warning of hundreds or even thousands of unread items? For some, keeping one’s email inbox with no unread items is more than just a good idea: it’s a way of life, indicating control over the 21st century and its notion of productivity. For others, it’s a manifestation of an obsessively compulsive mind. The two camps, and the mindsets behind them, have been a frequent topic of conversation here in the Ars Orbiting HQ. And rather than just argue with each other on Slack, we decided to collate our thoughts about the whole ‘inbox zero’ idea and how, for those who adhere to it, that happens.”

—”Inbox zero and the search for the perfect email client.” arstechnica.com. May 13, 2018.

There is no perfect email client. You have two choices.

1. Let things sit in your inbox and deal with new email as it comes in.

2. Configure filters, file and delete email, so you don’t have email collecting in your inbox.

There is a right answer. The ability to manage email is a basic 21st century skill. Maybe artificial intelligence and your email client will one day do it for you, but currently, it is a skill you just need to learn.

You Give Up a Lot of Privacy Just Opening Emails. Here’s How to Stop It | WIRED

“[Email tracking] tech is pretty simple. Tracking clients embed a line of code in the body of an email—usually in a 1×1 pixel image, so tiny it’s invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online…

…To prevent third-parties from leaking your email, meanwhile, Princeton’s Englehart says “the only surefire solution right now is to block images by default.” That is, turn on image-blocking in your email client, so you can’t receive any images at all.”

—Brian Merchant. “How Email Open Tracking Quietly Took Over The Web.” Wired. December 11, 2017.

As discussed in my post A Text Only World there is no surefire way to stop this kind of tracking. Even if you use text only email, which isn’t a bad idea, you will still be tracked if you follow links and so forth. But, sticking with text over HTML is often a more secure and less convenient option.