I think SMS is more past its prime than email. Email still works well for basically anything that doesn’t need to be secure. It works well for long letters, for moderately large attachments, and for notes that you want someone to have, but don’t want to nag them about right now. It works for one-on-one communication, and for broadcasting to large groups. SMS is strictly less good than something like Signal or WhatsApp. In addition to being insecure, it has low resolution (photos lose a lot of detail), and it has a rather low cap on the number of people in a group message, and if you exceed that cap, it doesn’t tell you, it just drops someone without notification. And it’s prone to the same problems with lots of uninteresting spammy messages that email has.
I think the debunked part is that it was designed to “slow down” typists when it really is just kind of random having to do with which typewriter hammers were next to each other and tended to collide when those two keys were hit in quick succession.
I say typing on Dvorak….
The most commonly-reported theory is that it was meant to separate keys that were hit in pairs together. For example, the original QWERTY keyboard was actually a QWE.TY keyboard, but was changed later. But there is no definitive answer, as we have nothing documented, and theories are based mostly on speculation.
Agree completely.
The relevance of the comic to this convo about email was simply the large nearly-empty circle labeled “Supported by everyone” that contains SMS and only SMS. The other circles represent very much nice-to-have features But all the candidate systems in those circles lack the one essential feature for ubiquitous communication: supported by everyone.
Fix that shortcoming and son-of-SMS or son-of-email will promptly conquer the world. If not, not.
Had xkcd ever drawn a similar comic about email, I’d have cited that one instead.
At least SMS has RCS. Apple finally begrudgingly added support, but there are still many older devices and carriers that don’t support it. Only maybe 20% of my text convos go through RCS.
But at least you can tell when a text is going through RCS and is or isn’t end to end encrypted. Not so with email.
Hehe, and some SMS providers used my product for filtering their SMS messages, so in the end a lot of SMS ends up being email at some point.
At work, I live behind a heavy duty firewall. Remote work is accomplished through our own VPN system. Non-company devices can’t connect to our intranet. All access to services like DropBox and Google Docs is denied on company devices.
For working with others we have a rather arcane web portal that only allows uploading from internal or external sources with encrypted (AES 256) zip files, but it allows very large files (in the 50-100 GB range). Access to the web portal is passworded and the zip files passwords are sent by separate email.
If I have a small bit of company information that I want to send, I can use email as long as I encrypt the information in a zip file. Our email servers sniff out terms like proprietary and confidential and request confirmation that no unencrypted company information is in the outgoing message before sending it.
For personal transactions involving PII, if a secure web portal is not available, I will contact the recipient and let them know that I will be sending an encrypted zip file and a password (in a separate email), It amazes me how many people can’t cope with this.
Huh. Interesting. At first glance, that seems both quite awkward to use (for the recipient, as you saw) and also no more secure than emailing an unencrypted zip file, since (if I’m understanding you right), anybody who receives or processes that email would have both the cleartext link to the ZIP file (which anybody with the URL can download?), AND the password to extract it. Anybody who could access one email could also access the other.
It seems a little “security theater”, IMHO, but maybe I’m missing something?
You are assuming the plaintext password email is traveling the exact same path as the email with the zip file and that there is text in the emails that links the password email to that zip file/email in an explicit way that a sniffer can use when examining thousands of emails. On the other hand, unencrypted information i a single email does not have to be correlated with anything and the sniffing can broaden its search beyond the term password.
As in, you don’t send both emails yourself from your email client, but they are sent from different mail servers to begin with? I suppose that would decrease the chances, yes. Eventually they’d still have to converge towards the same receiving server in order to get delivered successfully, though, and then presumably anybody with access to that inbox (like any admin who works at the receiving server) could see the timestamps close together and put two and two together.
So, yeah, maybe somewhat safer than a single unencrypted email, but still kinda strange.
Also kinda unfortunate/nutty that every company has to reinvent this sort of thing for themselves, to different degrees of security, either through a portal or some other convoluted scheme. It’s 2025 and we still don’t have a widespread standard for secure message exchange…
That part’s easy: Same sender, same recipient, close proximity in time, one contains a zip file, and the other contains a nonsense string. It’s pretty easy to deduce the connection from all of that. Assuming any sniffer sniffs both of them, of course. In fact, there has to be text in the emails linking them to each other, or the end recipient couldn’t figure out what to do, either.
I’ve done that before, but I send the password over a different medium. Text, slack, voice, etc.
Where I work uses a commercial software/device that provides for secure and encrypted file transfer “over email”. Scare quotes, because the file lives on a secure website, and never travels over SMTP.
From my perspective, I login to the site, upload a file, and then use the interface to compose an email to any address. If the recipient is someplace else, then they receive instructions on how to retrieve the file. Anyone with access to the recipient’s email account will be able to retrieve the file.
If someone wants to send me a file, they can create an account that can send emails and files to any of our addresses.
I’ve never had anyone complain they can’t get their file. There are also some sanity checks, like I know when they download the file, and it is then deleted after a time.
So anyway, it doesn’t have to be reinvented, just purchased. There may be free platforms that do similar. Some years ago a similar platform had some very widely reported vulnerabilities that let anyone download the transmitted files. This the lead to more hacks. Doesn’t mean these types of systems should be avoided, just that security is a process, not an endpoint.
The sum of all of this isn’t so much that email needs to be replaced, but that people need to stop using it to send files.
I complain all the time. Just last week I told my financial guy “please stop sending me messages through your web page. Just send me an email please.”