2

What social impact could we expect from all email accounts in existence (or in a very large emailing service provider) being suddenly and irretrievably deleted? In this scenario, people can create new accounts and have no reason to believe that this event would ever happen again.

Would it be business as usual except for that people are mildly inconvenienced by not being able to look through emails older than a specific date or are there some more sinister consequences that we can expect to arise from such an event?

Or, in other words, how important are the sum total of active email accounts in terms of infrastructure in our society? (not emailing technology, in this scenario you would be able to create a new account immediately and the service itself wouldn't be disrupted)

I know that, in my personal life, if my primary email account was deleted I would run into a moderate amount of trouble with a few different services I use and lose some information, but I would expect to be able to make a few phone calls to fix most, if not all of these issues. I would also lose the ability to get in touch with a number of people, but that's my fault for not using social media and I imagine most people would still be able to easily find each other again even if their email accounts were gone and they were locked out of their accounts.

Oakheart
  • 111
  • 1
  • 3
  • 4
    Joy and celebration...until, months later, some passwords expire and the verification emails cannot be received. – user535733 Oct 01 '21 at 16:00
  • Pick up a phone and call someone! – SurpriseDog Oct 01 '21 at 16:12
  • 3
    Asking "What will happen to society if X?" is too broad a question to be a good fit on this site. – sphennings Oct 01 '21 at 16:15
  • 1
    Welcome Oakheart. Please take our [tour] and refer to the [help] for guidance. At the moment the question is likely to be closed as opinion-based or story-based or needs narrowing. You can then [edit] to make it fit our ways and it'll enter the reopen queue. – Escaped dental patient. Oct 01 '21 at 16:30
  • 2
    VTC as a poorly thought "high concept" question. To begin with, the question should really explain what it to be understood by having an e-mail account deleted. What exactly gets deleted? The archived messages? The passwords? The system-wide accounts? For example, billions of people log in to their work networks with accounts of the form .@.com; if those domain-level accounts get deleted then losing access to work e-mail is utterly insignficant compared to all large corporations in the world coming to an abrupt (albeit temporary) halt. – AlexP Oct 01 '21 at 18:08
  • @SurpriseDog "Your phone is locked. Please log in with your account id to unlock it." – Alexander Oct 01 '21 at 19:01
  • @ARogueAnt. Hi! If I understand well, I can try to make the question more clear/precise and it will be reconsidered for closing? There's a few things I realize I could have done better, like having the "magic" tag and being more clear on some of the things AlexP brings up – Oakheart Oct 01 '21 at 20:34
  • "Would it be business as usual except for that people are mildly inconvenienced by not being able to look through emails older than a specific date" – Why wouldn't they be able to look through emails older than a specific date? It's the accounts that were deleted, not the emails. – Jörg W Mittag Oct 01 '21 at 20:41
  • @Jörg W Mittag if something happens to my bank account, it doesn't mean that I get all the money that were in it. Same with emails. No account, no emails. – Alexander Oct 01 '21 at 20:51
  • @Alexander: My email account and my emails aren't even stored on the same computer. Deleting the account will do absolutely nothing whatsoever to the emails. – Jörg W Mittag Oct 01 '21 at 20:55
  • @Jörg W Mittag You mean you have a personal (or third party) backup of your emails? Then you may be good, because this is something that OP might have indented to be affected, but did not explicitly said so. – Alexander Oct 01 '21 at 21:46
  • @Oakheart "people can create new accounts and have no reason to believe that this event would ever happen again" - in my opinion, your scenario is technologically conceivable, but this particular part requires magic. – Alexander Oct 01 '21 at 21:48

3 Answers3

5

If the accounts have gone, then it should be straightforward to re-register them again. This has enormous potential for identity fraud.

I can look at a database of user accounts that has come from a data breach, filter it for every account that belonged to the email provider that suddenly lost everything, and then register them all. Many of these addresses won't belong to real people, but a great deal will. Many bits of information that appear in one leak can be cross-referenced with other data leaks and public information sources so I can identify accounts most likely to be associated with real people.

I can now use all those email addresses (which are now my email addresses) to make bulk password reset requests in various places... shops, payment processors, banks, forums, whatever. Not all of these will work, but many will.

Now you've not only lost your email address to me, but I also have your paypal account and amazon account and I can use any one of hundreds of different ways to extract money, good or value from them.

Boom. Biggest distributed fraud in history.

Or, in other words, how important are the sum total of active email accounts in terms of infrastructure in our society?

They are exceedingly valuable because they are used as a proxy for identity. This will of course stop very promptly after my massive fraud has come to light, but putting together a decent replacement that has the same level of convenience is hard. There will be big changes across the interwebs as a result, that's for sure.

Starfish Prime
  • 74,426
  • 11
  • 150
  • 313
  • Don't forget the opportunities for new e-mail account provider entrants into the suddenly wide open market, it was probably them what done it for that very reason, for an opportunity to get a slice of market share, or it might have been the advertisers, it's going to pump advertising revenue as all the providers fight to steal one another's suddenly available customers so there's another motive & potential culprit right there. – Pelinore Oct 01 '21 at 15:57
  • @Pelinore I suspect the value of accounts might fall somewhat after the event, depending on how big the provider was. Gmail practically is email these days, and if they had this kind of oopsy email might never recover as an identity source or means of moderately trustworthy communication. Hard to say though. – Starfish Prime Oct 01 '21 at 15:59
  • Aha! another potential culprit, it was Musk organising a catastrophic fall in share value preparatory to a hostile take over of Gmail & others in an attempt to build a worldwide e-mail provision monopoly! he's after world domination of course so he can force the worlds governments to pay for his Mars colony plans, controlling everyone's communication with each other is an obvious first step. – Pelinore Oct 01 '21 at 16:05
  • This would not realistically happen. The Domain would still be held by the company that lost everyone's email accounts, and the potential for fraud would be immediately obvious. So, if for example all [email protected] accounts were irrevocably lost, they would start over on a new domain like [email protected] to prevent this... I mean, they were dumb enough to lose all their emails so maybe they are dumb enough to reuse the domain, but they would figure it out pretty darn quickly and shut it down. – Nosajimiki Oct 01 '21 at 16:34
  • I think that this problem is so obvious that attempts to restore passwords via old emails will be blocked almost immediately. Perhaps some smaller businesses will be a bit late, but Amazon, banks, Google, FB, and other giant corporations will be very quick to freeze automatic password recovery systems. The potential damages (financial and reputational) are too high to risk it. – Otkin Oct 02 '21 at 17:27
5

Frame Challenge: Modern Redundancy is WAY Better than you think

So let's say you manage to get a virus into Gmail or Outlook 365 ... did it wipe out all the email accounts?

No, you did not. Major email providers use multi-regional replication and distribution meaning that your email account exists on more than one server farm protected by more than one network. So, if a hacker, hurricane, or act of war wipes out a server farm in Texas, then all of your information still exists somewhere in at least 1-2 other locations in the world. So, let's say you live in Texas and go to log in and the system can't find your account there anymore, it will try to fail over to the next closest one. So, your download speeds might be marginally worse going through Washington or New York, but you probably won't even notice a problem.

Okay, so a normal virus is not good enough... what if you managed to upload viruses to ALL of the server farms at the same time. This is way easier said than done. Each server farm is a unique network with its own security measures and IT infrastructure in place. So, just because you figure out how to pernitrate one, does not mean you can get all of them... that is, unless you can find a vulnerability in their data replication software itself that ties them all together. So great! Now you can put a virus on ALL of their servers. You got them, right? ... right? ...

Not exactly, each one of those server farms is using offsite backups to various third party vendors. So even if you take down the whole distributed network, it is far from irretrievable. The email provider will need to spend a day or two identifying the vulnerability, patching it, wiping all their servers, and then reinstalling all their backup files. You will have an email outage for a few days, and maybe loose a couple of recent emails... but by in large, 99% of what you need will be recoverable.

Okay, but what if the virus includes a worm that can make its way into the backup servers? These do exist, but as I mentioned before, each server farm is a unique IT entity; so, if one server farm uses AWS backups and another farm uses Azure backups, then a worm designed to pernitrate one will not get the other; so, they can rebuild most people's accounts even if a few server farms also loose their backups.

Alright, gloves off! Let's pretend someone comes up with one of those TV trope super smart viruses that magically works on everything allowing it to hit all server farms and all backup farms. What most people don't understand about this trope is that the more malicious things you design a virus to do, the easier it is for antivirus software to detect and stop it. So, a virus that can exploit 10 vulnerably has 10 chances of being detected vs a simpler single function virus. This makes this trope annoyingly silly to anyone with a background in cyber security. But let's handwave away this issue and say you have one anyway.

Then... you've still only done minimal permeant damage. In addition to offsite automated backups, many companies also use local air-gap manual backups. These backups are not run as frequently as the automated off-sites, so you may lose a few days or even weeks of data, but most actual accounts (accept for those that were just created) could still be recovered because there would be no way for a virus to get onto them. Even if you get a dormant virus onto them, things like backup tapes have no way of rewriting themselves; so, you study the virus until you figure out how to safely remove it, then just copy the backup tapes running the data stream through an antivirus algorithm designed to filter out the virus as it comes out.

The only reason an entire massive sector of the email market would disappear is if a major corporation decided to discontinue email services. In this case, you would not suddenly loose your email, you would have months if not years of warnings letting you know to change providers, and chances are, some other email company would be more than happy to come along and buy those accounts and continue running them as their own moving forward in which case, nothing would really happen at all except for the usual bad customer service that happens during corporate mergers.

What if we scale back what you mean by "... or in a very large emailing service provider?"

Large is a relative term so let's say maybe not Gmail or Office 365. But something smaller, like a single company's exchange server. Many large corporations still host their own email in a single location and may or may not even maintain offsite backups. These... I've seen get lost forever; so, I can answer that.

The impact is normally felt on a per user basis. Some people do everything out of their email: They use it for keeping notes of who they are talking to, what they need to do, basically its their entire workflow and without it, they are a sunk ship. Other people only use it supplementally and would hardly notice it is gone. All of their schedules and notes may be in a CRM or a Spreadsheet or what not.

Even in a single company two people doing the same job will often have very different levels of reliance on it. So, on the small scale, some people will be really screwed. On a larger scale, the company would generally still continue to function since those who are less email reliant can generally be very useful in keeping things afloat until the other people are back in working condition. There will be some economic loose, but averaged across a large group of people, it's not the worst of things that can happen.

If you were to handwave away all the reasons you would not see all the email accounts in the world suddenly deleted, you'd see this same pattern on a much grander scale. Most people would find it to just be an inconvenience, some people would be screwed, but the mechanizations of our world as a whole would go on because most people would be fine enough with the loss.

Nosajimiki
  • 92,078
  • 7
  • 128
  • 363
  • Upvoted. The question is asked by somebody who has no idea how enterprise IT works. (And of course most people of professionally active age has multiple e-mail accounts, usually with Gmail plus one other major provider for personal use, and with their company for professional use. Although it is true that today this is less diverse than it used to be, as for example many corporations use Microsoft's Azure infrastructure for their internal e-mail system, making those systems little more than skins over Outlook.com.) – AlexP Oct 01 '21 at 18:00
  • 2
    I take it your main complaint is that the question does not have a "magic" tag? :) – Alexander Oct 01 '21 at 18:40
  • Downvoted, whether the "magic" tag was there or not (remember they are a new user) it is worth as a comment and perhaps a downvote for not looking enough into the backup systems. See when and how to challenge the backstory – Tortliena - inactive Oct 01 '21 at 19:05
  • Even without magic, major email disappearance is more possible that some people think. A virus perhaps can not do this, but deliberate sabotage can. Imagine if a couple of engineers who are members of a "doomsday cult" work up into being in change of email backups at Google. From there, it should be easy to plant a number a "time bombs" and destroy most, if not all of Google email backups. – Alexander Oct 01 '21 at 19:09
  • 1
    @Alexander actually no, because the server farms are separate IT infrastructures. A disgruntled engineer in Texas has no access to what happens in Washington; so, his sabotage would just trigger a failover. – Nosajimiki Oct 01 '21 at 19:17
  • @Tortliena It has the technology tag which means the question is not only maybe not magic, but explicitly not magic. The whole point of a frame challenge is to point out a flaw in the premise of the question when the question itself is otherwise on topic. The OP should not be downvoted because the question itself is reasonable to ask, and frame challenges have always been considered on-topic when answering such questions. – Nosajimiki Oct 01 '21 at 19:24
  • @Tortliena In this case "downvote for not looking enough into the backup systems" is not a reasonable expectation. I only know this much because I work for an enterprise level IT provider. If you also know this much, it is probably because you also come from an IT background and you are suffering from expert familiarity https://xkcd.com/2501/. Not everyone on Stack Exchange is a programmer/network engineer, and normal people don't even know that automated backups are standard operating practices to have a reason to look it up. – Nosajimiki Oct 01 '21 at 19:39
  • @Nosajimiki an ordinary disgruntled [development] engineer would have no access, but production operations engineer would. Second, an engineer familiar with security infrastructure may be able to collect the necessary credentials, or hack his way through the system. Third, segregated regions may help against a direct hack/sabotage, but not against "salted" software which runs all the backups. The only good method of protect here is an off-site backup, but even this can't help much if the attack is thorough and long-planned. – Alexander Oct 01 '21 at 20:18
  • @Alexander Many large Tech companies these days have development pipelines that enforce peer review of code before it goes into production. They also tend to be very cautious about who they keep around. Back when I worked for Microsoft, just the rumor that you thought ill of the company was enough for you to be escorted off of property without warning. Termination effective immediately. They would rather fire 10 good people than keep 1 bad one. So, actually getting that high up and not sincerely liking the company is harder than you would think – Nosajimiki Oct 01 '21 at 21:01
  • @Nosajimiki there are so many ways to compromise a software system. For example, before the SolarWinds attack, I thought that an attack of this type and magnitude is impossible. But here we are. A more focused attack against an email service supplier, especially with an insider working for you, has every chance of success. – Alexander Oct 01 '21 at 21:24
  • @Nosajimiki It doesn't take that much computy knowledge or research to know that things are getting backed up, however it is done. Anyway, that's not the point : I'd rather have a downvote and a comment than an official answer telling I'm doing my world wrong without answering at all the question. Answering that way is much worse than voting. – Tortliena - inactive Oct 01 '21 at 21:39
  • @Tortliena down votes are not supposed to be for letting people know they are doing their world wrong. Those are for letting people know they are doing their QUESTION wrong. World Building is about helping people with their worlds. If their assumptions are flawed, then correcting those assumptions is the most helpful answer you can give. I generally try to offer alternative answers with a frame challenge, or just leave it in comments, but this is one of those cases where there is no good alternative solution and explaining it is too long for comments: – Nosajimiki Oct 01 '21 at 21:51
  • SEE https://worldbuilding.meta.stackexchange.com/questions/7097/a-proposal-for-helping-users-understand-frame-challenges – Nosajimiki Oct 01 '21 at 21:51
  • @Nosajimiki See the downvote's description : "This question does not show any research effort"... The way you display this, it shows some lack of understanding or research. Also look at your own post : "My proposal, for your consideration, is no. It did not. No matter how useful, I believe the answer in its present form is not an answer and would have been better submitted as a comment to the question."... How can I better put it? – Tortliena - inactive Oct 01 '21 at 21:54
  • Also note that I said "That said, JBH does make a good point that sometimes the proof of why something can't be done takes way more verbosity than a comment can handle, but I think that's a bit of a rare exception. " – Nosajimiki Oct 01 '21 at 21:56
  • Also, I'm not challenging his backstory at all, this is a challenge to his setting – Nosajimiki Oct 01 '21 at 21:57
  • Whether it's backstory or setting doesn't change the fact : You didn't answer the question even one bit, didn't offer alternatives and instead put unuseful stress on the creativity of a potentially new worldbuilder. I won't change my stance on the matter, as I have already been subject to such unpleasant and... Uh... "unwelcome-ful" things when I first came here. – Tortliena - inactive Oct 01 '21 at 22:03
  • "This question does not show any research effort" means that a person with a normal background should not be able to easily find the answer on their. A person with a normal background has no clue how enterprise level data management works. The normal assumption comes from what we've all seen in movies and shows where hackers can just get on a computer and destroy things forever. If you start from the assumption that this is normal, then there is no reason to research the topic further; so, a normal person would never know they need to look it up. – Nosajimiki Oct 01 '21 at 22:04
  • Let us continue this discussion in chat. – Tortliena - inactive Oct 01 '21 at 22:05
  • I'm at least trying to help by giving him something to go with. Just downvoting and closing his question gives him nothing. – Nosajimiki Oct 01 '21 at 22:06
0

I like @Nosajimiki answer. basically, to make all emails to go away would be next to impossible.

Maybe a better way is to make email unusable. A good example, in 2007 a hacker uploaded a malicious code into the US DoD Global Access List (GAL) email system so when you emailed someone it automatically CCed the entire GAL.

This wouldn't have been so bad if everyone just got off their computers and allowed IT to troubleshoot the problem, maybe only 1%of the people on the GAL were too stupid to just let it be. But no. Out of the some 2.5 million people on that list about 10% of them were replying to those emails "please take me off this distribution list" or "please stop emailing me." This resulted in literally thousands of emails per minute, crushing the DoD's IT networks.

Replicate this to every email provider and soon every email account would be so cluttered from emails from idiots that it would be useless. Keeping this malicious code active, eventually backup systems will save the troublesome emails.

The final result will be a temporary disruption of online communications and ecommerce as IT companies tackle the problem. I would imagine a incident of this magnitude may result in the tech companies reimagining how the future electronic communications would be to prevent this disruption again.

Sonvar
  • 3,207
  • 6
  • 14
  • Modern spam filters already have ddos protection in place preventing this sort of thing from causing a crash. Basically any user who replies during this would get blacklisted and the system would start auto rejecting their emails. When you fix the virus, you just clean up your blacklist with a single FROM-TO Query. – Nosajimiki Oct 01 '21 at 19:32
  • would have been nice to have that back then... I thought it was hilarious that the entire command was crippled because the computers crapped out – Sonvar Oct 01 '21 at 20:38