Maybe the article would be more clear if the author articulated:
1) What is my use case for email?
2) Who am I emailing with?
3) What are the threats and malicious actors I’m concerned about?
I think this brings up something not addressed... It seems that free SMTP hosting services are incredibly ill-suited to the privacy requirements of the author. Signal or Wire perhaps?
I am not religious whatsoever, but I do like this passage from the book of Ecclesiastes in the Old Testament:
I have seen something else under the sun:
The race is not to the swift
or the battle to the strong,
nor does food come to the wise
or wealth to the brilliant
or favor to the learned;
but time and chance happen to them all.
I’ve found that jq is great for quick one-offs. But it also has a very rich syntax that allows for more complicated use cases. That said, instead of heading for the jq manpage I find it’s much easier to hack something together in Python. What’s the draw of jq here? The ability to parse with only a command line?
I'll probably get downvoted into oblivion here as I'll attempt to defend Google, but they have recently added a bug bounty program for extensions that violate user privacy:
I recently received a nice bounty for reporting a VPN extension, with nasty privacy violation, using this program. I understand that El Reg will get their clickbait here, but the situation isn't nearly as bad as described.
I don't think it's that simple. From Google's research, SMS 2FA is highly effective against credential stuffing attacks: 100% coverage against automated bots and 96% against bulk phishing:
Twilio essentially provides the phone number. Calls to and from are sent over the internet using the SIP protcol. Twilio can talk to Asterisk or Freeswitch or any similar project. Asterisk has incredible customizability, so that's where I do everything.
I'm not aware of any documentation that's all in one place. It all uses basic Asterisk functionality with FAGI scripts to do anything with advanced logic.
I use Bria, and it's decent. It supports push notifications for calls, which is necessary on iOS. The app costs money, but comes with excellent support if you run into issues. There are free and open source apps, and the quality of these are hit and miss.
The push notification necessitates the app sharing SIP credentials with Counterpath (the company that makes Bria), so it's good to have some fraud protection for the extension in Asterisk in the event that Counterpath gets breached. They are a publicly traded company, so hopefully they have decent security.
SIP calls through Twilio are $1/month plus $0.004 per minute for incoming calls. The spam scoring APIs are "costly", and maybe cost $0.01 combined per lookup.
Google Speech Recognition and TTS are virtually free for my use case. Asterisk can easily run on a $5/month VPS.
I have a mobile phone, and don't want to use the carrier's voicemail. I use Asterisk instead, and also use Speech Recognition to get an email transcript of voicemails.
I ported the legacy number to another SIP provider. Twilio is still cheap ($1 a month or so per DID, plus $0.004 per minute), but other providers are less than half that. For that price difference, I had no reason to choose another provider so I mostly did that for fun and experimentation.
1) What is my use case for email?
2) Who am I emailing with?
3) What are the threats and malicious actors I’m concerned about?
I think this brings up something not addressed... It seems that free SMTP hosting services are incredibly ill-suited to the privacy requirements of the author. Signal or Wire perhaps?