Possibly the most private e-mail provider yet

Humanity has risen! · May 22, 2015

https://www.scryptmail.com

It is the only provider as I know currently which has developed a zero-knowledge solution for the metadata of unencrypted e-mail messages in the account. There are some services which encrypt the message body, but the subject and To and From fields are still unencrypted, so if someone were to look into your account he would know who you are corresponding with and have a good idea of what you're talking about.

The developer is very open with the community and is in various Internet threads dedicated to e-mail and privacy every day. If you talk to him he will respond and be very open to your comments, which is refreshing. He is also surprisingly fast and efficient at adding new features, much more than something like Protonmail, which has a staff of 11 people while this has a single person.

GothicGothicness · May 22, 2015

I would really like to read your emails, you appear to be obsessed with encrypting them

Humanity has risen! · May 22, 2015

GothicGothicness said:
I would really like to read your emails, you appear to be obsessed with encrypting them

It's only right to try to reclaim a bit more privacy in a world where it is vanishing more and more every day.

I don't have anything nefarious, but I don't see why for instance your e-mails shouldn't be kept as confidential as your regular mail. If someone wanted to look at your postal mail and track their content they would need a very, very good reason and a warrant.

The way the legal system works, is that when you submit data to a third-party, you have no expectation of privacy. So the only way around it is a so-called zero-knowledge solution, in which the only data the provider keeps is garbled and undecipherable.

Ripper · May 22, 2015

Firstly, you are choosing to trust an unknown third party with your security, who may or may not do as they claim. If you are are concerned enough to require encrypted privacy, this alone is a clearly unacceptable risk.

Secondly, the claimed approach is largely futile. They only claim that they encrypt email metadata in on their servers. The metadata is still exposed when the email is sent and received across the net, and we know that it is being collected en masse when in transit.

I'm not arguing with you for the sake of it - privacy is a genuine concern. But these solutions give a false sense of security. I recommend taking a look at the Mailpile project and the work of the Dark Mail Alliance for credible attempts at a solution.

Humanity has risen! · May 22, 2015

There is always a risk with using a third-party provider. And yes the metadata, or the content of the messages, can be intercepted when it is sent or received. But if the solution works well, the only message and contact content that the provider keeps about you is garbage. It is already quite something, as it means you can't be tracked, and someone other than the NSA who would want to look at your e-mail history would have nothing.

My issue with Mailpile is that you have to host it yourself, which I think makes you directly vulnerable and provides you with less anonymity than when you're a user among many on another domain.

And Dark Mail as of now isn't implemented, and I doubt everyone will adapt their systems for it.

My point is that something should be done to keep the current unencrypted e-mails that we have to send and receive as private as we can. It's not possible to ask the people we know to stop corresponding with us with their gmail or hotmail account.

Ripper · May 22, 2015

Humanity has risen! said:
My point is that something should be done to keep the current unencrypted e-mails that we have to send and receive as private as we can. It's not possible to ask the people we know to stop corresponding with us with their gmail or hotmail account.

My point is that it is better to accept that email is an inherently insecure system, and until/unless a new system replaces it, it is better to use different channels for communication that requires privacy, rather than accepting a false sense of security from services like these.

With regards to Mailpile, you don't have to "host" it - it's not a mail server, but a mail client. You keep your current email account, and the Mailpile client encrypts everything within it. The idea of hosting only comes up because you can elect to leave the client running, and connect to it via a web interface. This is optional, and not nearly as vulnerable as a mailserver. Mailpile is still a WIP, though.

Sergei · May 22, 2015

Hi,
@Humanity has risen! thank you for warm words.

@Ripper I think what is Humanity is trying to say, is that we are trying to encrypt everything, including sender and the recipient of the email.
When you said everything encrypted with Mailpile you only talking about email body and attachment.

Mailpile as self hosted client is limited in usage, and require install permission on computer. Which means you already using it in safe environment like your home, but not at work or school.

I may agree that server have access to metadata when it receives email from outside, but if you communicate inside SCRYPTmail that data never sent to server. We are also open source, so you can audit our code including stored on server. https://github.com/SCRYPTmail/scryptmail

As well we are working now to let you host us locally.

Email here for 30 years, but only recently we start thinking to make it private, so why don't give it some time to catch up. New protocols or services like Darkmail will take years to mature and nobody can guarantee it will be a bug free process.

CelticFrost · May 22, 2015

Didn't the guys behind black phone http://en.wikipedia.org/wiki/Blackphone have an e-mail service that was completely encrypted but shut it down under pressure from the US government instead of giving up the encryption keys.

That is the biggest problem with in encrypted e-mail is unless the servers are in a country that isn't friendly with the US there is always chance they break under pressure.

Sergei · May 22, 2015

if all personal emails encrypted with random AES-256 key, and no one except user has the keys, handling over DB instead of shutting seems pretty reasonable. As long you inform users of whats is going on.

Country who not friendly to US, still cooperate (Iceland) or want to have their own access (China)

Ripper · May 22, 2015

Sergei said:
@Ripper I think what is Humanity is trying to say, is that we are trying to encrypt everything, including sender and the recipient of the email.
When you said everything encrypted with Mailpile you only talking about email body and attachment.

Yes, I understand that. My point is that there really is no way to encrypt the metadata using current email technology - if the metadata is not visible, the mail doesn't get to its destination. I'm sure you know this. Encrypting the metadata just on the Scryptmail server does not seem to me to achieve very much, given that the vast majority of email is going to leave the Scryptmail servers. It offers some protection if your servers are seized, but that's all.

So, given that no solution really protects metadata in transit, the other question is encrypting the content. It seems clear that it is a better security decision to handle the encryption using an open-source solution under one's own control, rather than trust any third party.

Sergei said:
We are also open source, so you can audit our code including stored on server. https://github.com/SCRYPTmail/scryptmail

As well we are working now to let you host us locally.

That sounds good. When the code can be verified and hosted locally, I'll be more interested.

Sergei said:
Email here for 30 years, but only recently we start thinking to make it private, so why don't give it some time to catch up. New protocols or services like Darkmail will take years to mature and nobody can guarantee it will be a bug free process.

I agree - that's why I recommend considering email fundamentally insecure. Better not to have a false sense of security and use other methods for private communication, until a properly secure email implementation has matured.

Sergei · May 22, 2015

Well, if people do not really concerned exposing metadata then yes, if they do, we recommend use us for both parties, especially we are offering email aliases and custom domain.

Before protocol can mature, there should be someone contributing to it or using it. Even us, we cant deliver all features and be 100% secured at the beginning, and honestly no one can.

Ripper · May 22, 2015

Sergei said:
Well, if people do not really concerned exposing metadata then yes, if they do, we recommend use us for both parties, especially we are offering email aliases and custom domain.

Sure - if both parties use your system, there is no need to expose the metadata to allow routing over the net. But, a great deal of a person's sensitive email is certain to involve other hosts, so, IMO, it is a very incomplete solution.

And, balanced against the possible benefit of private communication contained within your servers, is the fact that one must rely upon an untrusted third party. From a security point of view, by involving an untrusted party to do the encryption, one risks having no security at all. A system like Mailpile at least guarantees that the encryption of the content is fully controlled by the user. If the exposure of metadata is unacceptable, then Scryptmail will also not protect this when communicating with all other hosts, and using an encrypted messaging system other than email would be the only way to go.

Humanity has risen! · May 22, 2015

Thanks for paying us a visit Sergei.

One thing which can help mitigate this are e-mail aliases, and I'm very glad Sergei included that function. They allow for compartmentalization. You can give an e-mail for things related to your personal life, and another for activities where you would rather stay anonymous. This way people who would intercept e-mail could not correlate them.

Ripper · May 22, 2015

Humanity has risen! said:
Thanks for paying us a visit Sergei.

One thing which can help mitigate this are e-mail aliases, and I'm very glad Sergei included that function. They allow for compartmentalization. You can give an e-mail for things related to your personal life, and another for activities where you would rather stay anonymous. This way people who would intercept e-mail could not correlate them.

But aliases can be done with any email system. It doesn't have much bearing on whether this is a good solution or not.

They key to solving the problem of metadata is being worked by the DIME team. There are essentially four key pieces of metadata on an email:

- Sender's host
- Sender's mailbox
- Recipient's host
- Recipient's mailbox

The idea is to use something similar to onion routing, where this data is encrypted, and, at each stage of the routing, the sender and recipient data is never revealed at the same time to the same node.

Humanity has risen! · May 22, 2015

Well, until this is achieved, and until this has been adopted as an industry standard, I'll take all the protections I can take. And I think making people's existing e-mails as private as possible counts for something. Moxie Marlinspike had a good expression for this, called "choices that aren't really choices". Sure, you can choose never to e-mail anyone with a Gmail or Hotmail account, but at some point it becomes very difficult to do these things and still partake in society.

And I frankly doubt DIME will ever take off except in relatively underground communities, as corporations always have to want to have the master key, unless their whole business model is to provide privacy to their users, and they do not like to do anything where there isn't a net financial incentive.

One thing that is certain is that e-mail will remain ubiquitous for a long, long time because it works with everything and is at the root of everything.

Ripper · May 22, 2015

Humanity has risen! said:
Well, until this is achieved, and until this has been adopted as an industry standard, I'll take all the protections I can take. And I think making people's existing e-mails as private as possible counts for something. Moxie Marlinspike had a good expression for this, called "choices that aren't really choices". Sure, you can choose never to e-mail anyone with a Gmail or Hotmail account, but at some point it becomes very difficult to do these things and still partake in society.

But that's my point. The advantage of Scryptmail is encrypting the metadata within its own servers - but, as you point out, we are still going to be largely communicating with all these other hosts, and the metadata is exposed.

The disadvantage of Scryptmail is that you are trusting your encryption to a third party that could be back-doored, flawed, or untrustworthy (nothing personal, just talking in security terms). You could handle the encryption locally instead, and eliminate that risk.

If we are trying to mitigate the risks as far as possible within an imperfect system, the latter option seems more logical to me. And, if you undertake communication where metadata could be sensitive, use something other than email.

Ripper · May 22, 2015

I'll give an example that lends a little bit of relevance to this forum.

We know that for some middle-eastern markets, a heavily censored version of Witcher 3 has been released. Perhaps I live in Iran, bitterly resent the censorship, and want to play it in all its saucy glory. Bearing in mind that people have recently been sentenced to flogging for dancing to a pop song, this is potentially a risky business.

If I am to communicate with CDPR, or perhaps a friend overseas, I would be far more concerned to know that I have encrypted the communication myself, rather than being entirely reliant upon the claims of a third party to be protected from government interception.

If I thought that even the metadata that reveals who I communicate with is a risk, then I would avoid email entirely. I would perhaps set up a TOR connection, and just exchange encrypted text files on Google docs.

Sergei · May 22, 2015

Having hosted locally will not solve backdoor problem entirely, until you manually examine the code, and hope you have enough expertise, you can't be sure that:
1) you download a backdoor free client
2) download not from MITM website

TOR have problem with nodes, and if I can run network with 50% of all nodes, that gov can do pretty easy, your connection can potentially be exposed.

When that is holding true, as soon as you leave scryptmail network, you announce who is recipient, but. if you use pin protected option, your email is still encrypted and you can reply to that email inside of scryptmail, that is minimizing exposure.

I'm not trying counterargument everything you said, but there is clear distinguish in professionals, who capable to install their own servers or manage multiple apps together to get level of protection, but we trying to offer equal type of protection to public, yes its not so sophisticated at the start, but as I said as time goes we will improve.

Ripper · May 23, 2015

Sergei said:
well you missing point as well. Having hosted locally not solving backdoor problem entirely, until you manually examine the code, and hope you have enough expertise, you can't be sure that:
1) you download a backdoor free client
2) download not from MITM website

Well, there is obviously no so such thing as solving the security problem entirely. But I think it's fair to say that there is little doubt that the most trustable solution is an open source one, in which many eyes have had the opportunity to review the code, and which you can verify as authentic by comparing hashes with the source.

With regard to TOR, there are of course scenarios in which it could be compromised. The typical answer to that is to layer your protection. So, run TOR through a VPN service paid for by bitcoin, and send only ciphertext encrypted locally by a mature open source tool, such as PGP. The probability of all three layers being compromised by the same actors are very small indeed, certainly when compared to entrusting the entire chain to an unverified third party.

Sergei · May 23, 2015

With that I agree entirely.
Process you explain will protect you better than any existing email service. But there is level of compromise between such protection, and no protection at all, where SCRYPTmail can be an alternative. A think as far as people understand difference, its beneficial to anyone.

Possibly the most private e-mail provider yet

SasqWatch

SasqWatch

SasqWatch

Зичу Вам успіхів

SasqWatch

Зичу Вам успіхів

Traveler

SasqWatch

Traveler

Зичу Вам успіхів

Traveler

Зичу Вам успіхів

SasqWatch

Зичу Вам успіхів

SasqWatch

Зичу Вам успіхів

Зичу Вам успіхів

Traveler

Зичу Вам успіхів

Traveler