Mailpile: crowdfunding a secure, private email client/cloud service


#1

[Permalink]


#2

I'm charmed by their choices of funding levels. Mostly powers of two, plus a hitchhiker's reference.

Anyone know the significance of $67 for the Activist level?


#3

Email is only ONE, albeit a fundamental one, of the many services that need to be managed in the way Mailpile proposes. I proposed at the end of last year one way to create a unified solution to the general problem, in this post: http://stop.zona-m.net/2013/01/the-alternatives-to-apple-facebook-c-already-exist-shall-we-package-them/

All feedback is very welcome of course.


#4

I'm not expert but it seems like there are a bunch of issues with this.

  1. Once you send a email at least 2 parties are involved. You and the person at the other end. You have no guarantee the person at the other end is encrypting their email. In fact you have no guarantee they aren't directly forwarding a copy to the NSA "to fight terrorism"

  2. Google has such great spam countermeasures because they can see all the spam sent to all the gmail addresses. This system will only see one person's email at a time making it very difficult to counter spam to the same level as gmail.

  3. They claim a web-mail application which suggests using a browser to read email. But browsers download JavaScript which means a man-in-the-middle attack can always insert its own JavaScript.


#5

Encryption will always fail if the receiver forwards the unencrypted message to a third party, but that's not the point here. The point is to encrypt messages so if the sender and receiver wish for their communications to remain private, a third party can't snoop on them by reading their email while it's in transit.

There are other anti-spam methods, including Bayesian filtering, blocklists (Spamhaus), and more. Some of these methods work at the server level, making it irrelevant what email client you use.

Browsers can filter out Javascript. Most email-based browsers are smart enough to do this, and more, e.g. purposely fail to display images which may contain tracking beacons.


#6

The point is to encrypt messages so if the sender and receiver wish for their communications to remain private, a third party can't snoop on them by reading their email while it's in transit.

That's not something the NSA needs to break. See #3

There are other anti-spam methods, including Bayesian filtering, blocklists (Spamhaus), and more. Some of these methods work at the server level, making it irrelevant what email client you use.

And as I pointed out, none of those work as well as gmail's which is the point. Bayesian failed long ago. spamhaus doesn't help with new sites which the spammers create on the fly.

Browsers can filter out Javascript. Most email-based browsers are smart enough to do this, and more, e.g. purposely fail to display images which may contain tracking beacons.

You're missing the point. It's not JavaScript in emails that's the problem. It's the JavaScript running the email app. All the NSA needs to do is convince comcast to supply the NSA's JavaScript when your browser requests https://mysecureemailserver/emailprogram.js. See http://www.matasano.com/articles/javascript-cryptography/ for reference.


#7

Security enhancements to javascript are urgently required. We need compiled code and code signing.


#8

So two men can keep a secret if one of them is dead. So what - we should stop communicating altogether? Or are you trying to argue that even basic levels of privacy are imperfect, and therefore totally useless and we should simply give up?


#9

I didn't know Mozilla was letting Thunderbird go by the wayside, that's a bummer. These guys seem cool though and I'm definitely into supporting the project. Plus, Iceland!


#10

the point is that with gmail (and similar services, there is "a server" which sees (a) lots of email (b) lots of reports about spam. this sort of system ends up with "a server" that sees basically just your email and only your reports about spam. no fully automated method of addressing spam likely comes close to the efficacy of millions of gmail users clicking the spam button when crap hits @gmail.com or a gmail-handled domain.


#11

Maybe, but I abandoned my Gmail account a while back because of all the spam I received. My (ISP-hosted) email account gets a much lower proportion of spam and they include the ability to use Bayesian filters, DNSBLs, and more. In other words, they're at least as effective as Gmail.


#12

They can't. That's what https is for. Educate yourself.


#13

Unless of course they ask the CA to let them

I suspect for the NSA that would not be hard given they got all the Internet companies to cave.


#14

I'm trying to argue that time is better spent working on a political solution than a technical one that won't actually work.

It's like trying to protect your car from auto theft. As "they" say, if a pro wants your car he'll get your car. All you can stop is the non-pros. Well, the NSA ARE THE PROS so stopping them requires something other than better locks.


#15

That's a very good point. Maybe I'm too cynical about our chances after seeing leaders I fought for lining up to betray me.


#16

See this article on Forward Secrecy: https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy - which attempts to solve problems of potential circumvention of https security.


#17

Are you comparing apples to apples? In other words are you using the same email address? The question is given the same amount of spam sent to a particular email address how well does the system filter the spam. If your gmail account was getting 10x the spam sent to it and your current account is getting much less spam sent to it that says nothing about how well the filtering is working since the new account is having to filter much less.


#18

It's actually more complicated than that because my non-Gmail address is really several hundred addresses, all of which forward to one account. That alone ensures this is not an apples-to-apples comparison. But regardless of which handles a better percentage of incoming spam, I'm unhappy enough with how Gmail works on its own that I'm not inclined to use it.


#19

Amen.


#20

My guess is security falls apart with the "plugin architecture". Is there an easier way to break a secure system than to let a community of amateur coders start writing plugins?. I can see the avalanche of sql injection attacks in my head already.