Conversation

Jesse Powell

@jespow

·

Jun 23, 2020

http://Hey.com!

@jasonfried

@dhh

I implore you to add * U2F support (T/HOTP is too easy to MITM) * e2e encryption for Hey<>Hey emails * mailbox password (👀

@ProtonMail

) or - redaction (👀 Zendesk cc/PCI compliance) or - encrypt text block (👀 Roam encrypted notes)

hey.com

HEY

Email at its best, new from 37signals.

4

5

45

Jesse Powell

@jespow

You may not be able to solve all the UX problems with PGP but a better, federated solution can start with Hey. Step2: Hey<>ProtonMail. The mainstream use email for account recovery, tax returns, all sorts of sensitive stuff and they don't understand the risks. We can't give up!

7:45 PM · Jun 23, 2020·Twitter Web App

1

Retweet

24

Likes

Jesse Powell

@jespow

·

Jun 23, 2020

Replying to

@jespow

Oops -- U2F already available (with support for multiple keys) but you need to add a T/HOTP method for it to be revealed. Apparently, no way to remove the T/HOTP method, even after adding multiple U2F keys. Thanks

@fmisle

for pointing it out!

1

2

This Tweet was deleted by the Tweet author. Learn more

Jesse Powell

@jespow

·

Jun 23, 2020

What I've learned over the last 10 years is that change happens very slowly. Safest email account is probably Gmail + PGP-enabled PoP client to store all the mail locally, or ProtonMail. IMO we need to give up on legacy compatibility and start a new federation for email 2.0.