New, Privacy-Oriented, FOSS Web-mail: Mailpile

← Back to Stories (view on slashdot.org)

New, Privacy-Oriented, FOSS Web-mail: Mailpile

Posted by Soulskill on Saturday August 3, 2013 @03:30PM from the piles-of-mail-are-hard-to-spy-on dept.

New submitter Juggler writes "Mailpile, a new Free Software project out of Iceland, launched at the #OHM2013 hacker festival in Holland today. The talk's brief demo garnered rounds of applause and was followed by the launch of an Indiegogo campaign which, if funded, will allow them work full time on building a modern e-mail/web-mail client. The team's main goals are to address the usability issues that prevent non-technical folks from taking advantage of secure e-mail today, bring new life to FOSS e-mail development and provide a realistic alternative to keeping e-mail in the cloud."

74 of 116 comments (clear)

Min score:

Reason:

Sort:

antiquated system by Anonymous Coward · 2013-08-03 15:36 · Score: 2, Interesting

The real problem is that email is antiquated, are far more complicated than it needs to be. Instead of bolting a new face on it, make a better protocol.
1. Re:antiquated system by Anonymous Coward · 2013-08-03 17:38 · Score: 1
  
  > make a better protocol
  what protocol or protocol changes do you propose?
2. Re:antiquated system by whois · 2013-08-03 18:30 · Score: 5, Interesting
  
  I've been considering a kickstarter for a new version of SMTP, while at least for the moment leaving IMAP alone. Specifically, the way headers are appended to mail in transit is unsupportable in a secure environment. The things I'm considering is that there doesn't have to be a flag day, you just need the vendors of several heavily used MTA's to support it as an option, then once 99% (or whatever number your company deems appropriate) of your email uses the new format you turn off the old.
  This was poopoo'd in the past because there were 10s if not hundreds of thousands of email servers. Now people have pretty much stopped hosting most email and turned it over to google, yahoo, microsoft or one of the other major players. Therefore you're no longer faced with trying to get everyone to change things. You only need 5 major companies to change, and hopefully they're interested in the new protocol as well (nobody likes SMTP as it is, the question is can you get everyone to agree to some consensus of next generation email then move forward with it)
  DJB's pull based email thing could be a part of this, maybe not the exact idea but something along those lines:
  DJB's IM2000 (http://cr.yp.to/im2000.html). While I don't think all mail should be stored on the originating server, I think a mix could be used to provide more flexibility. Mailing lists could leave all the mail on the server, since a bunch of readers never read every message there isn't a point of exploding it out to thousands of mailboxes (except for reliability, and that could be gained by mail->nntp for public mailing lists)
  Requiring domain keys could also be useful, since headers wouldn't be modified, just appended and signed.
  If people are interested in crypto/privacy aspects, emails that aren't delivered but instead picked up by the recipients don't leak metadata like To, From.
  It's probably best to approach this through the IETF, despite failures to make broad sweeping changes in the past, a new working group might be the best choice to get the interested parties involved.
  Tangent here:
  I also think that email clients need to be brought back and worked on. Thunderbird died because of two reasons: 1. Mozilla couldn't find a way to monitize it, and 2. Their biggest email competitor (gmail) and biggest contributor (google search) had already found a way to monetize email and thunderbird wasn't seeing significant updates at that point.
  Other stuff I'd like to see in thunderbird:
  Contact pictures on email (not something I think I would use, but nice for people used to facebook/twitter/etc). Integrated IM/Skype/Phone so you can effortlessly change the medium you're communicating through. Also the ability to send calendar events through IM or SMS would be nice.
  Real synchronization. That includes plugins and every setting via a service like weave that is secure. This would also sync your passwords and gpg keys. Actually a generic weave-like framework that could be integrated with pidgin, thunderbird and other open source apps to sync across machines would be great. That would also fix major issues with pidgin's OTR.
  So the reason I never kickstarted it is the same reason Mozilla doesn't work on thunderbird anymore. I have no idea how to monetize it in a way that would be long term sustainable. Users hate adds, they hate paying for software. Maybe an addon store, but that just means you're subbing the good development work to other people and then making the users pay to fix the things wrong with your app.
3. Re:antiquated system by tibman · 2013-08-03 18:34 · Score: 1
  
  If you make something else, that's great. But it won't be email. The adoption rate will be very low.
  
  --
  http://soylentnews.org/~tibman
4. Re:antiquated system by Anonymous Coward · 2013-08-03 18:49 · Score: 1
  
  Email was around long before SMTP and will be around long after SMTP and all of it's anachronisms are dead and buried.
  "whois" makes a good point above -- most of the world's mailboxes are controlled by Google, Microsoft, and Yahoo. (Plus IBM/Lotus and a few other providers) If only three key people start talking, the entire email infrastructure could be replaced within a few years.
5. Re:antiquated system by TheSeatOfMyPants · 2013-08-03 19:02 · Score: 2
  
  That email has been around for a long time doesn't automatically mean it's "antiquated" or in need of a rewrite. It fulfills the most important goals:
  -- send & receive messages over a secure connection
  -- use any client we want, whether local, networked, web, in a remote shell...
  -- read & send when it's convenient (non-live)
  -- email back-and-forth right away (eg. if chat services aren't allowed)
  -- style the letter as a document via WYSIWYG editor or hand-coded HTML
  -- or send plain text, no formatting/HTML
  -- embed all forms of media
  -- request to be notified when our recipient reads the message
  -- refuse to let our client notify someone that asked when we open it ;)
  -- download the messages as an archive, leave them on a server, or both
  -- interact with anybody regardless of what companies host the accounts
  -- host our own servers & personal domain
  Let's be honest here... If our generation(s) of developers tried to create an equivalent "electronic mail" type of service, we wouldn't get a standardized protocol for all servers to follow -- we'd end up with a ton of little competing services that would dictate how we access/send the messages, which competing mail services they're compatible with, and basically everything else, just like the norm in the blogging & social networking arenas. (Or incompatible pre-Internet networks like CompuServe & AOL, except those didn't sell our private data or plaster ads on the screen, and doubtless today's tech would.)
  
  --
  Now mostly at Usenet:comp.misc & SoylentNews.org (it's made of people!)
6. Re:antiquated system by Joce640k · 2013-08-03 19:12 · Score: 1
  
  The real problem is that email is antiquated, are far more complicated than it needs to be. Instead of bolting a new face on it, make a better protocol.
  People who find it intolerable for those reasons that are already using whatsapp, etc
  
  --
  No sig today...
7. Re:antiquated system by stenvar · 2013-08-03 21:09 · Score: 2
  
  Given that most large E-mail providers add massive amounts of privacy-invading info to E-mail headers (like the IP address where you wrote the message), I doubt the problem here is a limit on technology.
  For monetizing, though, there's a simple solution: sell whatever you come up with embedded in a piece of hardware. A self-maintaining "E-mail plug" you just connect to your home network lets you charge for the software as part of the hardware. Other companies have been doing that, for example the Tonido Plug and the PogoPlug.
8. Re: antiquated system by rjstanford · 2013-08-03 21:38 · Score: 1
  
  That happened in the past, too, and then we got sendmail - the middleman between all of them. Writing sendmail.cf by hand was a rite of passage! Over time SMTP appeared as the winner, which enabled far simpler tools to emerge on the server side and more powerful clients to send mail directly.
  
  --
  You're special forces then? That's great! I just love your olympics!
9. Re:antiquated system by thetoadwarrior · 2013-08-03 21:57 · Score: 1
  
  All the old protocols like email and newsgroups are completely open and flexible allowing anyone to build the client they want. No one invests in that anymore. Everyone wants to lock you in. That's why we have a billion ways to message people rather than everyone using a single protocol like jabber.
  
  So good luck on getting a new something new that helps the consumer in anyway.
10. Re:antiquated system by Anonymous Coward · 2013-08-03 22:36 · Score: 5, Funny
  
  what protocol or protocol changes do you propose?
  In this day and age, isn't that obvious? We need to listen to what the majority of the computing public wants. It should be:
  * Proprietary, closely controlled by a single large company
  * All email must go through their servers.
  * Have unavoidable advertising added to all emails.
  * The protocol must be centralized rather than distributed
  * The possibility to run your own servers should be removed.
  * It should be limited to very short messages of no more than a few lines.
  * It should only be available on locked-down devices
  Most people have succeeded in getting some of those features by using gmail, but we're not all the way there yet, so there is still room for improvement.
11. Re:antiquated system by AmiMoJo · 2013-08-03 23:02 · Score: 4, Interesting
  
  Mail clients died because webmail is more convenient for most people. I had been using mail clients since I first got online but then I went on holiday and decided to just use Gmail for three weeks. I realized it wasn't that bad and never bothered to go back to Thunderbird.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
12. Re:antiquated system by Anonymous Coward · 2013-08-03 23:55 · Score: 1
  
  The real problem is that email is antiquated, are far more complicated than it needs to be. I
  Yes, it would be much better if it was like all the recently developed IM protocols:
  "See you on kik?"
  "No, can't, sorry I use yahoo."
  "I can't either... I'm on skype."
  etc
  Email is one thing: standard. Everyone on every type of device can use it. And what in the hell do you mean by "far more complicated than it needs to be?" I agree the protocol could be improved, but complicated? You enter the recipient's email address, or more likely just click it from your address book, type your message, and push "send". How much easier can it get? The big improvements need to come in areas like mail clients using encryption by default, and so on. But the basic thing is trivial to use, unless maybe I'm missing some new depths of "dumbed-downness" that's happened recently to make typing a message and pushing send "too hard" for most people now?
13. Re:antiquated system by ancientt · 2013-08-04 00:47 · Score: 2
  
  I have talked about the same goal several times, but any new system must be backwards compatible because there are around 14 million (SWAG) businesses that rely on free SMTP.
  While you're chewing on that, Thunderbird is absolutely critical in that process. Most businesses don't want to think about email, calendaring, and shared address books but they get that with Exchange and Outlook. I've been interested in moving our company off of Exchange for some time but we're addicted to Outlook and need a simple to use replacement with the same features if we're going to stop using it. It's almost a chicken and egg problem, but just recently I have been getting close to a viable replacement on the client side with Thunderbird. As a bonus, it does digital signatures and encryption compatible with Outlook. The downside is the complexity of setup. Sure, I can set it up, but not the average user. I keep trying to find ways to make it easy though because if we can get off Outlook without much pain, we can get off Exchange later as well.
  I don't know the solution yet, but I imagine Mailpile (or roundcube or similar) is part of it. Another piece is going to have to be a ranking system. For the next ten to twenty years, people are going to require the ability to receive messages sent with unauthenticated SMTP, but if you build security ranking into email, you can begin to phase that out by having messages with a trust ranking system. Give +10% for digitally signed messages, +10% for encryption, +20% for a verified sender system, +20% for reputation, +20% for willingness to buy into a pay-per-message system and assign the remaining 20% on factors like how the local email client and associates have handled mail from that sender in the past. You can even make the percentages variable if you have sensible defaults because most people will never change the defaults.
  Sidenote, on the pay-per-message system, you pay 2 cents (or equivilant) per message sent outside your company and receive the same per message received on the same system. One of the historical problems that seemed insurmountable was the problem with the cost of microtransactions being too high. It costs around 30 cents to do an electronic transaction, so anything smaller costs more than it yields, but that's not the case anymore with something like bitcoin and you could do a twice daily cash-out with Coinbase to avoid the pain of volatility. For me that's been the single most important and too often overlooked appeal of crypto-currency. It allows for mico-transactions to be a commercially viable option. You could do it with fractional payments through a traditional bank as well, but none want to handle it when there is still income to be had by having eveyone use a system that pays them more.
  I don't really care if it is Thunderbird, Coinbase, Bitcoin and Mailpile, they're just examples of types that I'm using due to my own familiarity. Feel free to substitue alternatives for any of them if it makes more sense for implementation or discussion.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
14. Re:antiquated system by znrt · 2013-08-04 01:22 · Score: 1
  
  And what in the hell do you mean by "far more complicated than it needs to be?" I agree the protocol could be improved, but complicated? You enter the recipient's email address, or more likely just click it from your address book, type your message, and push "send". How much easier can it get?
  i guess he means complexity of setup: to use an email client you have to point it to a mail server. for a vast majority of users this simple concept is one too much if they can simply log into gmail and not have to worry about shit.
15. Re:antiquated system by drinkypoo · 2013-08-04 01:49 · Score: 4, Insightful
  
  No need to replace SMTP. Just add "more" stuff on to it. Not necessarily on top of other extensions, feel free to supersede them. But you need to support SMTP for the foreseeable future, and it's kind of nifty to have such a dirt-simple interface to mail for those cases in which it is useful, such as inside your organization for alerts and whatnot. I don't automate anything based on email these days, but it's still not useless.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
16. Re:antiquated system by nurb432 · 2013-08-04 01:58 · Score: 1
  
  Not in the least. Just because you don't have an attention span long enough to read past a 4 word tweet doesn't mean the rest of us doesn't.
  Sure, email isn't appropriate for everything ( never was, that's why god made telephones and meetings ) but its still appropriate for many things, especially in the business world.
  
  --
  ---- Booth was a patriot ----
17. Re:antiquated system by Immerman · 2013-08-04 02:36 · Score: 1
  
  >-- send & receive messages over a secure connection
  What definition of secure are you using? Current protocols make no guarantee that mail will be delivered at all, and transmit everything as clear text which makes interception and/or manipulation trivial for anyone so inclined. You may be using an encrypted link between your terminal and server, but from that point on everything is plain text, so it's really only your password which is secure (a big step up from when that was plain text as well, but still far from secure).
  If PGP or some alternative gained widespread support it *could* be secure, but that has nothing to do with email as it exists today.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
18. Re:antiquated system by AdamWill · 2013-08-04 04:57 · Score: 1
  
  Email is precisely as complicated as it needs to be.
19. Re:antiquated system by AdamWill · 2013-08-04 05:01 · Score: 1
  
  TLS.
20. Re:antiquated system by icebraining · 2013-08-04 05:21 · Score: 1
  
  The problem with Bitcoin (and blockchain based currencies) is that they don't really deal well with microtransactions. Since each transaction has to be sent and confirmed by a bunch of nodes, they impose a lot of strain on the miners. Eventually we should see rising transaction fees, which will probably kill such systems.
  
  --
  Dilbert RSS feed
21. Re:antiquated system by icebraining · 2013-08-04 05:24 · Score: 1
  
  TLS is fine until you reach the MTA. Then you have no guarantee that the message won't be passed as plain text. And even if TLS is used on each hop (unlikely), you still don't have a real end-to-end secure connection, just a chain of many connections, with middle men who can see all the emails.
  
  --
  Dilbert RSS feed
22. Re:antiquated system by nine-times · 2013-08-04 05:40 · Score: 1
  I think there's a big problem here that isn't really about protocols or technical matters. Taking a step back from specific proposals for replacing protocols, part of the problem is that we can't agree on a vision for email in the future. Some people want really complicated formatting and media embedding, while others want to return to a text-only world with attachments. Most of us want to do away with spam, but lots of big companies still want to be able to market to us through email. Some people want end-to-end encryption as a security feature, while others view it as a security threat, and still others believe it's an unnecessary inconvenience. Some people want email to provide some kind of authentication that it's coming from the person it purports to be coming from, while others are more interested in making sure email can remain anonymous.
  I think if you really want to overhaul email, you first need to get some big players to come to a consensus on what the desired endpoint of development looks like. People keep running off to try to develop replacement protocols and UIs without really even thinking through the goal first.
  Aside from identity verification, spam filtering, and end-to-end encryption, there are some pretty obvious issues that I think people regularly miss:
  
  Labels, tags, and metadata: Many different groups have developed methods for tagging emails, but these tags don't really transfer. Gmail has labels. Microsoft Exchange has categories. Thunderbird has tags. Apple Mail has different colored flags. These methods aren't meaningfully compatible, so Gmail labels get turned into folders by mail clients. Microsoft categories don't show up in clients. Mail color flags and Thunderbird labels are held in the client itself, I believe, so they'll be lost outside of the local cache you have on your client. And on top of it all, there's no real way to send an email with tags that your recipient will receive if you were inclined to do that.
  Long term storage/tracking/archiving/searching: The amounts of email that we send and receive has become overwhelming, and people are regularly trying to send big attachments. There are a lot of different commercial products and services to help with this issue, but there's not really a great standard solution for managing the situation. Some of them even run contrary to each other-- e.g. products like "YouSendIt" or "Dropbox" may help solve the issue of sending large attachments, but by not including the attachment in the email itself, mail archives may end up with a dead link in place of the original content. It would be nice to have a comprehensive solution to all this. I see too many people these days with 50GB mailboxes and no great way of managing all that storage. I'd like to see some best practices and open standards being supported cross-platform.
  Competing communication methods and accounts: We have tons of different competing methods of communication, and it's not clear why we need them all. I myself have several email accounts, SMS accounts, IM accounts, weblogs, forum memberships, phone numbers, voicemail accounts, social networking accounts, etc. Some of the redundancy is intentional on my part, but a lot of it is because I've been forced to create these accounts to talk to different people. I need a gmail account to participate in hangouts. I need a AOL account to talk to people on AIM. I have some accounts just to remain anonymous, to give to possible spammers and such, and other similar reasons. I believe we should try to look at these different communication methods comprehensively, and figure out what we're trying to do with each one, how they should be implemented, and how they should be stored. For example, I'm not sure we need SMS, email, and IM as three different protocols of communication. Maybe we just need different interfaces depending on the situation in which we're using them, but they can all pass through the same communication gateways using a consistent protocol.
  Limi
23. Re:antiquated system by teknopurge · 2013-08-04 06:10 · Score: 1
  
  we've actually had a lot of new mail-only hosting customers for over the past 2 years. The consolidation of email to the freemail providers is overrated.
  
  --
  Website Hosting
24. Re:antiquated system by SuperTechnoNerd · 2013-08-04 07:44 · Score: 1
  
  You forgot: All mail gets CC'd to the NSA
25. Re:antiquated system by http · 2013-08-04 07:46 · Score: 1
  
  Those five corporations have demonstrable incentives to not make email secure.
  
  --
  If opportunity came disguised as temptation, one knock would be enough.
  3^2 * 67^1 * 977^1
26. Re:antiquated system by msobkow · 2013-08-04 08:07 · Score: 1
  
  You seriously underestimate the number of small and medium sized businesses who run their own email servers.
  
  --
  I do not fail; I succeed at finding out what does not work.
27. Re:antiquated system by The+Cat · 2013-08-04 08:22 · Score: 1
  
  There you go. Let's tie e-mail to Facebook.
  Users hate paying for SHITTY software. Write software that isn't SHITTY and you'll have no problem monetizing it.
  Free clue: tying e-mail to Facebook = shitty. Have a nice day.
  Leave e-mail alone.
28. Re:antiquated system by HybridJeff · 2013-08-04 10:03 · Score: 1
  
  BBM with advertising added to it?
29. Re:antiquated system by vlueboy · 2013-08-04 10:29 · Score: 1
  
  It gets worse. I'm starting to see people who started out using webclients like yahoo, but are increasingly failing to grasp the www itself. When their cheap smartphone breaks Facebook (which has PM-esque emails)*, they have no idea how to pick up their ball on the webbrowser, and that they can just enter their credentials there. The level of lock-in is ridiculous, because people cannot tell the difference between the App and the web version of anything, other than "ooh, I like it on my phone better..." Similar gripe about people who take out their 3MP phone camera to futilely grab monitor stills because they just can't handle using email attachments.
30. Re:antiquated system by Lincolnshire+Poacher · 2013-08-04 17:06 · Score: 1
  
  Therefore you're no longer faced with trying to get everyone to change things. You only need 5 major companies to change, and hopefully they're interested in the new protocol as well
  Umm.. there is something in the region of half a billion corporate mailboxes in MS Exchange alone, per estimated done by the Raticati Group a few years ago ( and I'm sure it was on Slashdot that I read it ). That's more than any one webmail vendor.
31. Re:antiquated system by Common+Joe · 2013-08-04 21:58 · Score: 1
  
  Your comment is rated 5 and you deserve that because you're hitting upon probably the most single important thing that will block these guys from wide spread usage if they finish writing everything. I'm going to go a step further. You cannot have secure email if you do not have a client and operating system that you can trust. Today's environments are migrating to a place where we can not trust that our emails are not intercepted and read even if we're told it is secure. If we go online and read our email from Google's servers, that is not protected. If our emails are stored and decrypted locally but then searched by Windows 8.1 quick-search and that information fed back to Microsoft, then that is not secure. As long as we use unsecure operating systems and unsecure web-apps, this cannot work. All of us -- not just these guys -- have a very hard battle to fight.
  I still use Thunderbird because I like control over my email by downloading it to my local machine, but I am in the minority. I want to say kudos to these guys for trying this because I want this badly. I can't get pgp to work reliably while emailing in Thunderbird with another tech-savvy friend of mine. That is pretty damn sad.
32. Re:antiquated system by drinkypoo · 2013-08-05 01:49 · Score: 1
  
  I'm not sure we need SMS, email, and IM as three different protocols of communication. Maybe we just need different interfaces depending on the situation in which we're using them, but they can all pass through the same communication gateways using a consistent protocol.
  This is something I've thought about fairly often as well. It seems like someone could come up with a standard for this and then implement it in an enterprise solution, which if adopted would then drive demand for open and interoperable implementations.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
33. Re:antiquated system by lissnup · 2013-08-05 08:40 · Score: 1
  
  I second stenvar's hardware/software combo suggestion - plus mobile dongle, and all including a mesh network node
Self Host with Roundcube by nullchar · 2013-08-03 15:42 · Score: 3, Informative

Or you could run Roundcube on a host you trust. Setup Postfix to use TLS to send/receive mail from your trusted friends who also run their own email systems.
1. Re:Self Host with Roundcube by thatkid_2002 · 2013-08-03 19:30 · Score: 1, Flamebait
  
  Roundcube is PHP based - and comes with all the joy PHP provides... Please turn your sarcasm detector on to enjoy the full effect of this posting.
2. Re:Self Host with Roundcube by AmiMoJo · 2013-08-03 22:52 · Score: 1
  
  Are there any remote hosts you can really trust? Sounds like the NSA/GCHQ have their claws into pretty much everything and are good at leaning on companies to silently comply with their demands.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
3. Re:Self Host with Roundcube by nullchar · 2013-08-04 04:08 · Score: 1
  
  GPG/PGP support has been worked on a few times. This is one of the latest attempts:
  http://lists.roundcube.net/pipermail/dev/2013-January/022123.html
More powe to them, but... by Kazoo+the+Clown · 2013-08-03 15:59 · Score: 4, Interesting

There are a couple of tough problems to solve. One, defeating traffic analysis. Encryption is just a first step. Encrypting everything, no matter how trivial, will be important, and certainly helps, but it's not enough to keep listeners from knowing who is talking to who.

Second, bringing the public at large into the fold. Noone will use an email system that can't be used to send email to all their friends and family, most of which aren't going to be switching anytime soon. One thing that might help is a system that automatically knows when the recipient is encryption-capable, encrypts when it is, but when it's not, inserts a warning message that their email is not secure and may be stored by third parties and governments-- essentially an advertisement for switching to a more secure email system. This would help us all educate our friends and keep them reminded every time they get an email from us as to the issues. It could help convince them that it's worth switching.
1. Re:More powe to them, but... by cultiv8 · 2013-08-03 18:20 · Score: 2
  
  Um, I'll bite, it's on Github and licensed under AGPL.
  
  --
  sysadmins and parents of newborns get the same amount of sleep.
2. Re:More powe to them, but... by Laxori666 · 2013-08-03 18:23 · Score: 1
  
  The first has a now-standardized solution in the shape of TOR.
  That's assuming the feds aren't running a sufficiently large amount of TOR nodes such that the chances they will have enough nodes on a route to compromise anonymity are fairly high.
3. Re:More powe to them, but... by loufoque · 2013-08-03 21:16 · Score: 1
  
  It has never been claimed that encryption is an anonymization solution.
4. Re:More powe to them, but... by AmiMoJo · 2013-08-03 22:56 · Score: 2
  
  Just attach your public key to every outgoing email, and then clients that support it can automatically collect and start using it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
5. Re:More powe to them, but... by rmstar · 2013-08-04 00:15 · Score: 1
  
  Enigmail is great, but try and convince friends or family to use it is like pulling teeth.
  Well, enigmail isn't that great. It hung when my wife tried to generate her key. Also, when I send her my public key, it didn't recognize it (I sent it as a .asc). It also adds some bogus "begin encrypted mail" headings around the encrypted text.
  And It actually was a hassle to get working.
6. Re:More powe to them, but... by icebraining · 2013-08-04 05:29 · Score: 1
  
  And how does that client know the key hasn't been replaced by someone else's? Yes, the message can be signed. But if you don't have the key, you can't verify the signature either, so that can be faked too.
  
  --
  Dilbert RSS feed
7. Re:More powe to them, but... by ChadL · 2013-08-04 05:54 · Score: 1
  
  Rather then attaching the public key, a system such as GPG's pka that publishes keys for e-mail addresses in DNS via DNSSEC signed records is likely a safer alternative against modified keys. It also allows the first e-mail between two people to be encrypted (as the key can be found via a DNS request).
  PKA works now, but the clients have to be told to use pka manually, so its of limited value in its current state until adoption gets a little wider. Sadly leaves GMail and friends out in the cold (unless they offer a key publishing service to their DNS), but works well for privately controlled domains (since commercial webmail can't really be secure anyway, its as good as I think we are likely to get).
8. Re:More powe to them, but... by AmiMoJo · 2013-08-04 05:54 · Score: 1
  
  In that case the sender's email account is compromised. That isn't the problem encryption is designed to solve.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
9. Re:More powe to them, but... by chihowa · 2013-08-04 09:13 · Score: 1
  
  Or the email was tampered with in transit. The old key was stripped and a new key was added.
  Of course every subsequent encrypted message will have to go through the man in the middle to avoid detection, but that's not too hard if they can tamper with the email in transit in the first place.
  This part right here is really the hardest part of proper encryption. Secure key exchange is hard. Secure in-channel key exchange between clueless users is nearly impossible.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
10. Re:More powe to them, but... by AmiMoJo · 2013-08-04 21:51 · Score: 1
  
  That's why if you really care about identity you either exchange keys in person or verify with a third party that you trust. Your scenario also requires the MITM to intercept the very first message containing a copy of the public key, or it will be obvious that at some point the key changed and the client software should flag that up.
  The point here is not really to verify identity, it is to encrypt email end-to-end. GCHQ and the NSA don't care much because they already have root access to the webmail server where the messages are decrypted anyway, in most cases.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Bitmessage by Anonymous Coward · 2013-08-03 16:17 · Score: 1

Anyone following such developments should look into bitmessage. An encrypted p2p messaging system that takes the complications out of using tools such as GPG.
Some nice ideas, but... by MrEricSir · 2013-08-03 16:46 · Score: 1

How many users would really able to use this? Running your own server seems kind of extreme for the average user, and setting up maildir seems like a non-starter.

--
There's no -1 for "I don't get it."
1. Re:Some nice ideas, but... by Noughmad · 2013-08-03 20:05 · Score: 1
  
  Running your own server seems kind of extreme for the average user
  Running your own server is what everybody used to do before Google gave people the offer of free unlimited storage that they couldn't refuse.
  I don't know about everybody, but most of the people I know (including me) started with the ISP-provided email, then moved to Hotmail or Yahoo and finally to GMail.
  
  --
  PlusFive Slashdot reader for Android. Can post comments.
Re:Mailpile... by lxs · 2013-08-03 17:55 · Score: 1

What if I mail you some kittens? Wouldn't you want big pile of cute little kittens?
Re:Mailpile... by Required+Snark · 2013-08-03 19:23 · Score: 1

That already happens on the Internet. That's why it filled with cats. Email is no different. Cats cats cats!!!

--
Why is Snark Required?
Not sure who the market is here? by beaverdownunder · 2013-08-03 19:48 · Score: 4, Interesting

Given that the average e-mail user has already accepted that their communications aren't secure, I have a problem visualising how said average user can be convinced that a 'replacement' for traditional e-mail is any more secure than the existing offering, or if said security even matters.
First, there's absolutely no way you can build trust. What are you going to do? Tell them it's secure because of X, Y or Z? The point here is that your average e-mail user doesn't understand encryption, PGP keys or any of that. It just translates as blah, blah, blah; give us your e-mail so we can snoop through it just the same as the other guys do. Oh? You can read the source code and confirm that it's all legit? The average user can't read source code! These claims are all worthless.
Second, if there's already an acceptance that having your e-mail open for analysis somehow prevents your child from being blown-up at a bus stop, you're not going to be very fond of encouraging the adoption of a product that could aid terrorism, let alone use it yourself.
So, if you can't build trust, and your potential user base can be put off your product by the spectre of terrorism, then what's your business model? If the user can't be convinced they'll have any more privacy without the expense of a potential surge in terrorism, there isn't one. You can only preach to a choir that would already be using PGP, etc. if they cared enough to do so.
But you can't even get widespread adoption in the geeks! Most of us use cloud e-mail services, Facebook, etc. and just don't care enough, let alone would ever truly trust your product, regardless of how transparent you attempt to make it.
tl;dr: there are better uses for the developers' time here than building a baseball field nobody will ever play on.
1. Re:Not sure who the market is here? by bonniot · 2013-08-03 20:56 · Score: 4, Interesting
  You can read the source code and confirm that it's all legit? The average user can't read source code! These claims are all worthless.
  An answer to that is that even though only 0.1% of users can read source code, ...
  
  - 5% know somebody who can read code;
  - 30% know somebody who knows somebody who can read code;
  - ...
  - 100% know a newspaper who would publish the story if a single expert read the source code and discovered there is snooping hidden in it (by then a host of other experts can simply confirm this fact)
  Given this, it's quite likely that if an open source tool contains malicious code, and it is widely used, this will be revealed eventually. Of course there is no 100% guarantee. But this claim is far from worthless. You can have much higher confidence that an open-source tool does not have hidden snooping compared to closed-source, and this even if you can't or won't read the source code yourself.
  --
  Watch great movie opening scenes!
2. Re:Not sure who the market is here? by mongrol · 2013-08-03 21:29 · Score: 4, Insightful
  
  I disagree that the normal user has accepted their email is not secure. I'm fairly certain that most normal user's have no idea that email is insecure.
3. Re:Not sure who the market is here? by greggman · 2013-08-04 01:10 · Score: 1
  
  Agreed, and so what if your email is encrypted? The moment you send it someone else you have no guarantee they are keeping it encrypted on their end.
  I can imagine there's some minor piece of mind to have my email encrypted which would make it slightly harder for people to grab my database of email and read it. At the same time I don't want client side email. I want server side email so I can search and access it from any of my devices. And, I want it to have all the features of gmail including speed of access, amazing spam detection, and every other little feature they support.
  I suspect spam detection is a hard problem too. Google benefits from crowdsourcing there. With un-encrypted email they can see a million people getting the same message and once a few percent mark it as spam they can guess it's spam for everyone. Not sure who to solve that problem if all the email is encrypted.
4. Re:Not sure who the market is here? by Dr.+Evil · 2013-08-04 02:33 · Score: 1
  
  - 5% know somebody who can read code; - 30% know somebody who knows somebody who can read code; - ... - 100% know a newspaper who would publish the story if a single expert read the source code and discovered there is snooping hidden in it (by then a host of other experts can simply confirm this fact)
  
  Knowing how to "code" isn't enough, you need to study the codebase. A tiny fraction of those who know how to code have studied the mailpile codebase enough to catch a backdoor. I would say, practially speaking... 0 outside the core developers.
  Backdoors or snooping are best hidden with plausible deniability. Even if you discover one, it won't be obvious that it was intentional, it will be no more newsworthy than a typical vulnerability report.
5. Re:Not sure who the market is here? by bonniot · 2013-08-04 04:34 · Score: 1
  
  Knowing how to "code" isn't enough, you need to study the codebase. A tiny fraction of those who know how to code have studied the mailpile codebase enough to catch a backdoor. I would say, practially speaking... 0 outside the core developers.
  Right now, you're probably right. As far as I can see it's not much used yet. But as usage grows, so would the number of contributors looking at the code, to add a new feature of fix a bug, each time increasing the chance malicious code or vulnerability would be found.
  
  Backdoors or snooping are best hidden with plausible deniability. Even if you discover one, it won't be obvious that it was intentional, it will be no more newsworthy than a typical vulnerability report.
  Right. Open source does not magically guarantee the absence of vulnerabilities (accidental or intentional). But it makes them easier to detect by the community, and harder to hide malicious code. Take the snooping revealed to be happening in Skype. Would it be that easy to do with open-source clients and servers?
  
  --
  Watch great movie opening scenes!
6. Re:Not sure who the market is here? by The+Cat · 2013-08-04 08:26 · Score: 1
  
  If you use "cloud" e-mail and Facebook you ain't no geek, son.
7. Re:Not sure who the market is here? by Velex · 2013-08-04 14:48 · Score: 1
  
  So your solution is that the average user who wants secure email knows the guy who knows the guy who knows the guy. Eh, it works for folks who want marijuana. Why not email?
  
  --
  Join the Slashcott! Stay away entirely Feb 10 thru Feb 17! Close all tabs to prevent autorefresh!
8. Re:Not sure who the market is here? by intermodal · 2013-08-05 01:37 · Score: 1
  
  The biggest obstacle to a true email replacement is every online registration under the sun already requires email as we already know it, but offers no alternative, for account communication. Until Facebook logins, which are probably far worse in the long run.
  No, what we need is a system of encryption-required communication and a way to proliferate keys in a way that they can be confirmed in some way instead of sent as attachments that could be as false as what they're attached to. And we definitely need email to die as it should have decades ago. It is, by far, the least secure commonly-accepted protocol on the Internet.
  
  --
  In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Re:Hushmail's fate? by AHuxley · 2013-08-03 20:34 · Score: 1

Agent: We're from the US government and we're here to help ourselves to your users data.
Admin: Their servers dead, that's what's wrong with it?
Agent: So it is. 'Ere's some money and a couple of holiday vouchers.
Admin: ... Do you want to ftp back to my sever?
Agent: I thought you'd never ask.

--
Domestic spying is now "Benign Information Gathering"
Where in hell are you getting these numbers? by westlake · 2013-08-04 01:31 · Score: 1

An answer to that is that even though only 0.1% of users can read source code...
- 5% know somebody who can read code;
- 30% know somebody who knows somebody who can read code;
- 100% know a newspaper who would publish the story if a single expert read the source code and discovered there is snooping hidden in it.
The geek's made-up stats do not inspire confidence.
They are worth the cheap instant mod up to +4 or +5, "Insightful" here.
1. Re:Where in hell are you getting these numbers? by cervesaebraciator · 2013-08-04 07:47 · Score: 1
  
  The geek's made-up stats do not inspire confidence.
  Very well. How about this: 100% know somebody who knows somebody who knows somebody who knows somebody who knows somebody who knows somebody who can read code.
  Incidentally, I wonder how many degrees of separation in the meta-data it takes for the NSA to consider someone suspicious.
Who hosts? by nurb432 · 2013-08-04 02:20 · Score: 1

That is still a security problem. You want end-to-end encryption on the client, and not store it somewhere else, even encrypted.

--
---- Booth was a patriot ----
1. Re:Who hosts? by AdamWill · 2013-08-04 05:05 · Score: 2
  
  "Self Hosted
  Mailpile is a modern web-mail you run on your own computer.
  You can host your install of mailpile on your laptop, desktop, Raspberry PI or a server in the cloud. Or put it on a USB stick and carry it in your pocket. It's your choice."
  From the front page of their site.
I note that antispam is "under development" by astralagos · 2013-08-04 03:52 · Score: 2

I'll be deeply curious to see if they actually manage to produce a viable antispam solution. I find the thing that almost everyone walks past when talking about antispam is that it requires reading other people's mail. gmail takes advantage of economies of scale to notice that the same phrase is appearing repeatedly in multiple messages from different names, for example. Spammers are clever and will figure out ways past everything eventually, so I like to ask people if they're willing to trade infinite spam for total email privacy.
1. Re:I note that antispam is "under development" by Gibgezr · 2013-08-04 04:14 · Score: 1
  
  ^^^^^^^ THIS!
  18 years ago, my work email was pretty much spam free, and my private email was 50% spam. Fast forward to today, and my private email is **totally** spam free, and my work email is deluged (90% spam). Why? Because gmail reads millions of emails and filters better due to comparing people's mail, whereas my work email only has a small pool of mail messages to work with.
  While I like the concept of email security, I am unwilling to part with "spam free" service.
Privacy-enhanced mail by Animats · 2013-08-04 05:25 · Score: 1

From the site, there's not enough info to tell what security properties this proposal has. Mostly, they're just begging for money.
It might not be that hard to do privacy-enhanced mail today. Both browsers and some mail clients (i.e. Thunderbird) accept plug-ins, so doing encryption and decryption on the client side is possible even for web mail. You could still use Gmail, but all Google would see are big strings of random-looking text. Your browser plug-in would decrypt that when displaying Gmail output. Of course, Google's indexing and ad matching wouldn't work.
The big problem is publishing and finding the recipient's public key. The 1993 PEM scheme wanted to do this with SSL-type certs, but that never caught on. Self-signed certs are vulnerable to man-in-the-middle attacks. But suppose that you published your public key on some social network (Twitter, Flickr, Facebook...) and your mail client checked your own key at random times. Then you'd detect if someone was messing with your public key. It's not airtight, but it's better than nothing, and any widespread tampering with public keys would be noticed.
None of this requires any cooperation from, or trust in, mail servers. It's entirely client-side, where it should be.
1. Re:Privacy-enhanced mail by MaxKington · 2013-08-05 08:51 · Score: 1
  
  I came up with a not dissimilar model for IM for phones where for the most part you can trust us 'the system' to help facilitate key exchange but also that the wider world helps detect people trying to game the system (http://talariachatapp.wordpress.com/2013/07/29/being-unpopular/). So not only does the app check for your public key but you ask your friends to help check on your behalf in case someone has managed to manipulate the place you publish the public key to and are trying a man in the middle attack. A key point about the random check is that it can be done anonymously, so that someone doesn't only publish your 'ok' key to you but the futzed one to others, perhaps selectively others. I'm also trying to get some funding but to build the client apps (I've built the protocol and the server bits as that's my forte but I *am* crap at building UI's) but I've explained in some detail how it works. When I built it I came up with a proposal for mail as well but I'm quite interested to see where these guys are going with it (I've dropped them a line too).
  Key thing about IM vs email though is key longevity and that's the toughest nut to crack to make it usable. That and as you rightly point out, webmail. Decrypting the mail and putting it back in your inbox is one idea as people keep their email in their email boxes for years. Having a bunch of encrypted mails you can no longer read is a pain because you've lost private key no. 27. The question then is, what're you trying to solve? Message safety in transit (passive snooping)? Message authenticity? Message safety in the inbox (active attack)? If it's the last one you need to make the mailbox safer too and harder to break into. Preventing your paypal account getting hacked by someone who's asked for a password reset email doesn't work if an encrypted email is sent to your mailbox, decrypted by some auto service and put back into it if your password is 'wibble'. I don't have a solution that solves all these problems at once and I don't know which ones are universally more important to people.
Two things to be aware of by Fnord666 · 2013-08-04 08:29 · Score: 1

First, be aware that this project uses the Flexible Funding model. This is not like kickstarter; even if they don't reach their funding goal, any contributions you make still go to them. It's not an "all or nothing" deal like people are used to with kickstarter.

Flexible Funding
This campaign will receive all funds raised even if it does not reach its goal. Funding duration: August 03, 2013 - September 10, 2013 (11:59pm PT).
Second, there seems to be a bit of a contradiction on the timeline for this funding. The developers mention the following:

Our goal is to fund two to three man-years of full time work on Mailpile, with our first milestone in January 2014, when we will deliver an alpha version ...
Yet later they say (emphasis mine)

This is the Mailpile business model. As long as members of our community are willing to fund development (we will ask you to renew your membership in a years' time), we will dedicate ourselves to Mailpile and build the secure web-mail client you want.
Regardless of these inconsistencies, If they stick to the schedule then there should be a stable 1.0 release out during the first year of funding/development.

Following our alpha release, we will spend another 6-9 months fixing bugs, fleshing out features, responding to user feedback and getting the user interface translated to languages other than English. Our goal is to have a stable 1.0 release ready in the summer of 2014.

--
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Using existing services as a transport layer? by Kazoo+the+Clown · 2013-08-04 16:36 · Score: 1

Another sticking point is that most of my friends will just roll their eyes if they have to change their gmail or yahoo mail addresses. Even if everything else was painless, they don't like having to notify the whole known universe of the change. So what if whatever mechanism is used, it could be made compatible with gmail, etc. if they could be pressured to comply with it, or maybe even whether or not they are? If all everyone had to do was use a special client tied to the gmail api, similar to how the mail aggregator apps in, say iOS operate, and layer the encryption at least, on top? Maybe this is already the plan? Uses existing servers as transport but keeps the encription off the servers, etc...