AI privacy keeps coming back to one practical question: what data has to leave the user's device at all?
For tools that touch email, docs, history, or bookmarks, the trust builder is local-first design, clear indexing controls, easy deletion, and no quiet cloud handoff.
Watching H.R. 9016, the new Email Privacy Act bill introduced May 22.
The practical test is in the details: stored content, metadata, payment/account links, access logs, and which providers are covered.
How we handle this at Privacy.Fish:
privacy.fish/documentatio...
Good technical mail-infra writeup from Peter Hansteen on moving from exim to OpenSMTPD on OpenBSD:
nxdomain.no/~peter/time_...
This is the email work we like: small understandable components, protocol correctness, greylisting/greytrapping, and fewer moving parts to trust.
Passwords are email’s soft underbelly: reused, phished, and reset through weaker accounts. That’s why privacy.fish uses SSH keys for account access instead. Tradeoff here: privacy.fish/blog/there-i...
Private signup is more than asking for less data. The whole flow matters: self-hosted captcha, one-time payment, temporary codes, and deleting the payment-to-username link after the refund window. Details: privacy.fish/blog/the-mos...
AI agents getting inboxes makes email’s trust model clearer: “can receive mail” and “can send externally” should be separate grants. Safer default: restricted inbox first, human-approved sending scopes, expiry, rate limits, audit logs. Email addresses are identity surfaces, not just API resources.
Private email is not only about encryption. Jurisdiction decides what a provider must retain and how requests are handled.
Norway is one reason Privacy.Fish is built the way it is:
privacy.fish/blog/norway-...
