Perhaps because your goal isn't blanket, end-to-end privacy?
To work on end to end privacy one really needs to control the experience end to end; trusted clients and a solid protocol, plus trusted discovery.
Email is not that thing. Email is postcards.
At a technical level, email works well from the perspective of "the mail must get through", although practically speaking, spammers ruined things to the point that most people are feudalised because defending spam raised the bar of technical expertise too high for most people.
And the small number left who can run their own infra are often locked out by the feudal overlords (big 4 + every isp ever) because an untrusted ingress is basically a spam loophole.
Ironically the closer you get to spam free the more you have to police, because the value of a spam injection point goes up commensurably when most people are no longer exposed to it.
Overall, the war on spam was won, but at the cost of freedom for the people who would like to run their own infra but aren't technical and patient enough to do it in today's environment.
> Ironically the closer you get to spam free the more you have to police
The root problem of bare-bones email is that user identity and user-agent address (mbox) are conflated. (A social layer would effectively address this fundmental flaw.)
Moxie is talking specifically about making a secure (particularly, end-to-end secure) federated communication protocol. Making insecure federated communication protocols is pretty much a solved problem, yes.
(And I'm sure some people are very happy GPG users. But the majority of email users are not and will probably never be)
Been working on a mail.ru pet projects in my teens (Moikrug), people were telling that PGP/GPG adoption was at around 8-9% in Russia in 2006.
Among corporate users, there are some rather big companies with 100% adoption. How they achieve it? With a simple policy "anybody sending unencrypted email is fired," and training to make sure that even least technically literate people on the company get it (a person is not let to handle anything until he is examined by a specialist).
To work on end to end privacy one really needs to control the experience end to end; trusted clients and a solid protocol, plus trusted discovery.
Email is not that thing. Email is postcards.
At a technical level, email works well from the perspective of "the mail must get through", although practically speaking, spammers ruined things to the point that most people are feudalised because defending spam raised the bar of technical expertise too high for most people.
And the small number left who can run their own infra are often locked out by the feudal overlords (big 4 + every isp ever) because an untrusted ingress is basically a spam loophole.
Ironically the closer you get to spam free the more you have to police, because the value of a spam injection point goes up commensurably when most people are no longer exposed to it.
Overall, the war on spam was won, but at the cost of freedom for the people who would like to run their own infra but aren't technical and patient enough to do it in today's environment.