Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
thedarktangent@defcon.social ("Jeff Moss") wrote:
For #DEFCON to do private email we would want to host our own servers to avoid the 3rd party legal doctrine, and keep them secure.
No problem, we have a secure location and lawyers.
Back during COVID when we were investigating this it was still possible to gather some open source info on how large other private email services were. How big was the market? Could you make enough money to hire the people and buy the servers?
MailFence, Proton, and others showed it was possible if you were very efficient. Great!
Then I spoke with someone who worked at a white label email service provider. I realized DEF CON would never do a private email service for two reasons:
CSAM: They explained they had about 10 people dedicated to responding to legal requests around CSAM, not including their lawyers and LE relationship people.
SPAM: They had another room with about 30 people dealing just with spammers and the impacts of spammers. Managing their ASNs, netblocks that get lower reputation on blackhole lists, moving customers to "clean" netblocks when a shared block gets polluted by spammers, etc.
Conclusion? If you are very successful you can look forward to having a room of 40 people dealing with LE, SPAM, CSAM, Networking, and that's before you add on customer service. That doesn't seem fun or very DEF CON Hacker anymore.
Next up, VPN.