@reflex Yeah, you are correct that the threat model is different between corporate hosts and volunteer hosts, but the "admins can read my private messages" thing still applies on unencrypted email. The question here is: do you trust the corporations at either end of most email transactions in 2023, and do you trust the volunteers at the end of most activitypub transactions in 2023? How does that trust (or lack thereof) differ?