Main Area and Open Discussion > General Software Discussion

Lemon - Encrypted, Distributed, Decentralized Email

<< < (4/4)

Deozaan:
From what I can see, Lemon is "a blockchain" which can also speak IMAP/SMTP over servers when required. Sorry, but there is no way to send a valid e-mail without a valid e-mail server. The website is incredibly shady about that. I can understand why.

Security by obscurity, huh? Come on, trust them!  :Thmbsup:-Tuxman (May 08, 2017, 05:42 PM)
--- End quote ---

Finally we're getting somewhere.

I appreciate your perspective because you are technically knowledgeable, make really good points based on your knowledge and experience, and have insights that I lack. I just wish you'd make your good points in the first place instead of abrasively trolling multiple times before the real information finally gets teased out of you.

My understanding of Lemon is that it is a new paradigm on email. It provides similar functionality in a similar format, but with some differences in the underlying technology. It stores the encrypted content of the messages in IPFS format, which allows it to be duplicated and decentralized on the IPFS network. It uses a blockchain (Ethereum) to store metadata (e.g., the IPFS hash) about the messages. And it provides an account system which messages are tied to and sent to/from. I imagine that Lemon to Lemon messages don't use SMTP/IMAP/POP3 at all. But because they offer (what I'll refer to as) "backward compatibility" with traditional email software/servers, they also provide as part of their service something that interfaces with SMTP so that you can send to and receive from other SMTP accounts. But that is optional if you and the people you want to communicate with are using Lemon and don't need to communicate with others outside of the Lemon ecosystem.

That is to say, they provide two different services:

1. A traditional web-based & mobile client service similar to Gmail and other mail services, or optionally your own email client using SMTP/IMAP. This does indeed have a server for account management and SMTP stuff.
2. A fully decentralized app (DApp) with no central server, and seemingly no server at all. This is still in testing and being developed. In theory, even if Lemon goes out of business, this version of the service could live on in perpetuity. But I'm not sure how or if it could communicate with traditional email addresses at that stage.

Indeed, as you said, the main Lemon website seems scarce with the details, but there's a lot more information about the DApp version of Lemon here as well as in the open source Github repository.

Yes, Lemon is still new to me, and I'm still looking into the details of how it works, so my explanation(s) above may not be entirely accurate. Given that the source is open, and you're free to deploy it yourself, I think your quip about "security through obscurity" is baseless. There's no need to trust them if you don't want to. You can verify for yourself what the software is doing by perusing the code. In fact, I encourage you to do that. It isn't my intention to mislead anyone about what this is or how it works. But you don't have take my word for what it is or how it works. Look into it yourself, if you feel so inclined, and (politely) point out where I'm wrong.

Tuxman:
My understanding of Lemon is that it is a new paradigm on email. It provides similar functionality in a similar format, but with some differences in the underlying technology.-Deozaan (May 08, 2017, 06:48 PM)
--- End quote ---

Then it's not "email" at all.

That is to say, they provide two different services:

1. A traditional web-based & mobile client service similar to Gmail and other mail services, or optionally your own email client using SMTP/IMAP. This does indeed have a server for account management and SMTP stuff.
2. A fully decentralized app (DApp) with no central server, and seemingly no server at all. This is still in testing and being developed. In theory, even if Lemon goes out of business, this version of the service could live on in perpetuity. But I'm not sure how or if it could communicate with traditional email addresses at that stage.
-Deozaan (May 08, 2017, 06:48 PM)
--- End quote ---

So it is, basically,

1. an overpriced traditional e-mail server with SMTP/IMAP/POP3? (again, their really shady website makes things harder to understand*),
2. a non-free "alternative" to the niche BitMessage/Tox/whatever P2P chat platforms.

While 1. may or may not be interesting for some people who don't want to run a free mail server on a cheap VPS (but then again, there's ProtonMail for (allegedly) secure, anonymous mails), 2. might have all the buzzwords on its side, attracting less technical people with its shinyness, but the whole concept collapses if you see the big picture.

As they seem to be entirely different entities, the whole "decentralized e-mail" thingy does only work great if both participants use Lemon. You might see where the problem lies because virtually nobody does. Thus, the vast majority of potential Lemon customers will be limited to "encrypted e-mail" (in their web browser, which is inadequate enough IMO) which can easily be achieved for free.
An OpenPGP implementation is available for your normal e-mail client as well. You can even host the whole thing yourself if you feel like it.

----

* note: I had a quick look at the provided websites and I could not find any information about the standard e-mail transport backend. This is what I meant by "security through obscurity". Assumption confirmed.

Good night for now. :)

Deozaan:
Thanks for your thoughtful response.

You are right that Lemon is not email in the sense that it's not (strictly) SMTP/IMAP/POP3. But the fact that it can speak SMTP and otherwise has the same appearance on the front-end as email means that people who don't really care how something works so long as it does work (i.e., most people) will likely still consider it email. Besides that, I disagree with the idea that "email" means POP3/SMTP/IMAP. Those are just the standard protocols used to deliver "electronic mail," but, in my opinion, there's no reason why new protocols can't be developed and used to deliver email. It doesn't matter how your (snail) mail gets delivered--whether by foot, automobile, boat, airplane, or drone--mail delivered to your mailbox is still mail (or most likely junk mail :P).

While OpenPGP is available now for the current email paradigm, it's complicated and confusing to set up. It is also basically useless unless everyone else you contact also uses it, which since it is optional, virtually nobody does. So I think in that regard it's not much better than Lemon in practical terms.

You make other valid points, such as the service being overpriced, and too vague with (or too hard to find) the details about their standard email transport backend. I certainly don't disagree with you there.

I think it would more clearly indicate my position if I said that I like the idea behind Lemon and what they claim to be going for: A decentralized, distributed email service that can't ever go down, can't be spied on by third parties, and the front-end of which can be run from virtually anywhere. I'm not necessarily in love with Lemon's implementation of the idea, but the fact that they're trying means (in my opinion) that someday, someone will succeed with something along those lines. And it is ideas like this one that give me some excitement about the future of the internet.

Tuxman:
The big advantage of email (my dictionary suggests that there is no hyphen in it, sorry, my fault) is that almost everyone can participate. That is because of the standard protocols. Add a new protocol and try to convince everyone to handle it. Enjoy.   8)

I disagree with PGP to be difficult to set up. Modern email clients make it a matter of a couple of clicks and you're done. (Well, almost.) I consider the time of Outlook Express to be over as of today.  :) I agree that more people should use PGP though. Only two people I've ever had in my inbox encrypt every single email. Snowden is sooo 2013, is he?

The idea might be good, but it lacks an explanation why it should be better than existing solutions.

Navigation

[0] Message Index

[*] Previous page