The Intercept's top security expert reviews Helm, a standalone home email server that keeps your comms out of Big Tech's data-centers

Came here for:

“But what about her emails?”

2 Likes

Good to know

a mostly empty server is a mostly secure server

1 Like

because generic square router appliances don’t make for good press releases?

I liked the old metal cases Netgear used to use. I think offering that sort of case in a variety of colors would be the best balance between trendy and practical.

I prefer something rack-mountable. But then again that’s the perfect example of why I’m not the target market for something like this. I have a rack :slight_smile: If I want a mail server I’ll just spin up a VM and make it happen. I did find a 1U rack mount for four raspberry pi units recently. I’m kinda excited about that. :slight_smile:

1 Like

A million times this. The thing about e-mail is that even if you use secure methods to access your e-mail (IMAP+TLS, Exchange, etc), at basically every step along the way your email can be intercepted – including at the destination mailbox. You basically need to encrypt every communication end to end, and while GPG-style mechanisms are cool and all, almost nobody uses them because they still require effort.

It looks like they do support IMAP. Cory’s summary just didn’t mention this (he fixated on POP for some weird reason).

4 Likes

a lot of the metal cases have brackets that let you mount them into a 19" rack, sometimes side-by-side if the device is small enough. I use a short fully enclosed cabinet on wheels for my stuff. it keeps the dust off my gear. there is a deep “pan” in the cabinet where I pile up all the raspberry pi’s. (I have business cable and static IPs)

Gmail has a lot going for it. One of the things is redundant cloud hosting in high-end datacenters. Yeah, Gmail could go down. But IMO it is less likely to go down than a device in your living room that has one circuit board and one power supply. The second thing going for them is that they have fairly industrial-level spam filtering. You can tweak it with more filtering rules but most people don’t have to.

4 Likes

Depends on your level of trust, but they told Lee Hutchinson of Ars Technica:

If we cease operations, we will open source what’s required for customers to spin up their own service in an AWS account so the server continues to work. Similarly, the dockerized services will be open sourced next year so they can continue to stay current with security patches.

1 Like

thanks for posting this.
Maybe I’m missing the point but what good is it if one side is secure and the other is blahblah@yahoo.com?

If the worry is about someone hacking your email to peep on your letters to grandma - many email services do multifactor authentication.

So - is this not a case of ‘weakest link’?

1 Like

They might say that, but they’d be lying, the swine. It’d be hard for a low-traffic mail server to even justify needing a fan in 2019, and regardless of how much heat it puts out, if it can’t handle being enclosed on two sides then it’s a faulty design. If it draws 200W and/or has a huge battery inside, that would excuse it being big, but nothing can excuse the shape.

@anon32019413 is right, the reason manufacturers do this is to force you to have the thing sitting out somewhere so guests can excitedly ask you about it. They like to picture it on a coffee table or art bookshelf, though the inevitable reality is a rat’s nest of cables and other non-stackable, attention-thirsty appliances, each housing a thimbleful of ICs and a gallon of air, piled up under a desk somewhere that never gets vacuumed properly.

This trend iron law of industrial design seems calculated to drive me personally up the wall, since intrusive marketing and wilfully shitty design are both colossal bonnet-bees for me. Routers, games consoles, “assistants”, USB hubs, printers, external GPUs(…) are all designed for use on a plinth, by themselves, with no wires attached, despite the fact that they all require (a) other devices and (b) cables in order to do anything at all. I would genuinely love to know what happens to the people who presumably try to mention this in design reviews.

It’d be nice if there were standards for rack-mounting small gewgaws in a home setting, but just acknowledging that normal humans would like to stack these things on top of one another would be a massive leap forward.

3 Likes

Sure a box in your living room won’t have the uptime of a redundant cloud solution. But there’s no reason a self hosted solution can’t at least come close to achieving the resilience of Gmail. The spam filtering I will willingly concede, Google is certainly advanced far beyond any other efforts in that realm.

But what Google most definitely does not have going for it is the high odds that someone or something is or could be reading my email.

Don’t forget that one of the authentication methods for new accounts is Buetooth so you may want it to be a bit more accessible than a rack in the basement/closest/pile of devices with a rats nest of cables. On the other hand how often are you going to be authenticating new devices? Even given that you might want it in a more accessible location the current design is still impractical.

I can see the attraction for people who wan’t a turnkey solution and don’t have the skills to manage the configuration and maintenance of their own server. I used to run my own webserver and email from home but now use online hosting. The hosting company shouldn’t be reading the email but a government agency would probably have an easier time gaining permission to do so than if it was hosted by Google or one of the other big hosts.

As others have said most of your personal email ends up on Gmail anyway as most people use free gmail accounts. For work communication probably less so although I’m sure many smaller companies use gmail hosting or similar at the backend.

1 Like

In addition, you’d need to deal with headaches related to your broadband internet provider; such providers typically try to block email servers by interfering with connections to a particular networking channel, port 25, associated with mail delivery.

Get back to me when you find a way to let Comcast or the local telco open port 25.

Oh, wait, that’s not a problem you’ll have to deal with. /insert 1% vs 99% joke here.

I have a better “self-hosted” solution that most people don’t have access to (Ken Snider, Boing Boing’s amazing sysadmin, hosts my mail for me on a server he personally manages).

I ran self-hosted email for years because I was able to get port 25 open through a connection at my telco…postfix, TLS, greylisting, and gmail for outbound relaying. It worked great until I had to move and could not longer use the telco: Comcast was not as agreeable.

Start-ups have such warm fuzzy ideas when they are new. It all goes quite a bit different when they either A:) Get bought by someone big and shut down (Google???) or B:) find things are circling the drain, they aren’t getting paid, creditors are calling, and the VCs are knocking down the door.

My level of trust must be pretty low. I like to call it experience.

1 Like

Did that too, but that was more an excuse to play with soft RAID ( with 80MB drives too: I wanted to see how fast they would crap out. Three of them lasted without error). Of course once they started implementing a chain of trust for SMTP, it silentely stopped working properly. And fixing that wasn’t worth the effort.

There’d be nothing on her server :+1:

I was just going to post this. The title of the article is a bit misleading. Unless you can convince everyone you send/receive email with to also use a private server, “big tech” will still have your email. (That’s disregarding the multiple entities along the way that could read it.)

It was great. now, I have about six damn inboxes and everything is annoying to find.

1 Like

and I wonder who would be POTUS