Mailpile: private, secure, open source, locally-run email service
PRISM was a wake-up call for many even though it is still not really clear how extensive the spying, logging and wiretapping really is. One reasonable approach to the issue is to move away from products of large companies such as Google, Microsoft or Apple as they have been linked to PRISM.
But that is not really enough, considering that other companies too may cooperate with the NSA or other agencies, or may do so when they are approached.
Mailpile
Mailpile is a new email service in the making that is currently trying to get enough funds to launch a stable release in summer 2014. That's a long time from now and while that may be disheartening, the features that it will offer are everything but.
Update: Mailpile launched and is available.
First, it is an open source project which means that anyone - with enough knowledge - can audit the code. It is created by three open software enthusiasts from Iceland with prior experience in the field.
Being open source is only one of the features that sets Mailpile apart from other email services. One of the "other" interesting features is that it is fully self-hosted, which means that you will have full control over your email storage. The team notes that you can host it on your laptop or desktop computer, a Raspberry Pi, cloud server you have access to, or a Flash Drive that you carry around with you.
Data can be encrypted or restricted as the user sees fit according to the official website. While it is not clear if that means that data encryption will be built-in, it is very likely that this is meant by that. But since everything is stored locally, you can use encryption software of your own to fully protect the mail client.
Mailpile video
Encryption comes in another form as well. The developers will add support for OpenPGP signatures and encryption to the core of Mailpile, so that it can be used intuitively and without all the hassles usually involved in setting this up properly.
What else? A scalable search engine is promised, as is internationalization support, an ad-free environment and a platform that other developers can build upon.
The catch? The team notes that it will pursue the goal no matter if it will hit the requested $100,000 mark or not. Some features may not be implemented though and it may take longer to launch a stable version if the goal is not reached.
Verdict
A year is a long time and many questions have not been answered yet. For instance, how easy will it be to set this up? Other questions include if you will get an email address when you register, if you can use third party accounts in the application, or how effective the spam filtering will be.
The project is certainly an ambitious one. Good news is that it is not starting from scratch, but that it has been in development for some time now. While it is too early to say how successful it will be, it is likely that it will find its niche fairly easily with all the talks about PRISM and other surveillance techniques.
Much of it depends on the ease of installation and use though. If the team gets that right, it could have a bright future.
Update: An alpha version of Mailpile has been released by the team which supports core features such as integrated spam filtering, a custom search engine, or deep integration of PGP support.
On the downside of things, it is currently only available in source code form. A demo is available however that you can use to browse the interface of the mail client.
Lavabit has shut down due to deciding not to comply with the world’s elite demolition team bullying. We need email, etc. services outside of U.S. that are not subject to the traitors’ network.
Welcome to Iceland.
I think in the next few years somes EU country and maybe asian one will quickly grow in term of hosting services and privacy hosting service.
The point is, most of this shit happen since long time, spy is not new, methods are not, the new thing there, is the ‘regular’ peoples now KNOW this fact, that what the PRISM case have do.
I saw the impact of the PRISM case in my country, i mean, now most of the people will most likely move to a National company for their hosting needs, cloud services, email hosting etc, or EU zone one and not likely US One.
In the meantime… Thunderbird
I have my doubts over the encryption. From recent articles, it seems that PRISM and the Xkeyscore program were collecting even so called “encrypted “data and going through these. There is even a slide from one of the Xkeyscore slides illustrating how to get all PGP use in Iran.
Martin,did you hear of Mailvelope? If so could you put some light on it :)
http://www.mailvelope.com/
No, I have not heard of it before. Will take a look.
What secure mail services are available NOW?
Let’s put this in perspective. I have a software development company – we do a significant amount of work for banks.
There is a rule: if a software project is budgeted for more than 6 months, it is immediately put in the unfeasible bucket.
This is a simple email server. If they want to raise money, they have to get the resources instead of making it a do-at-home job.
As ING Direct would say “Save your money” :)
Grab a Raspberry Pi and roll your own email server.
One of the loopholes the FISA “court” is leveraging to acquire data is that by using a 3rd party your communications are no longer private. It’s complete crap but unless things change this is the “law”.
You can also run your own DNS from the same $35 computer.
Where can I find more info on setting up the Pi as a mailpile server?
Hmmm….fund a software project with a one year ETA. Not liking it so far.
Also, on their site they say certain functions are working and are stable. In the next breath, they say ” Mailpile is still experimental and isn’t actually very useful yet.” One of the “stable” features is:
Compose: Simple and clean way to attach things and send encrypted emails
OK boys, pick one. I would say sending encrypted emails is actual quite useful. In fact, it’s the one feature that is a must.
I think they have one part of their product name right … ,and it’s not Mail
I think experimental refers to the current state of the project, while the stable features simply refer to the technology being implemented in a way that makes them stable.
I do agree that a 1-year ETA is kinda of long but I would not have a problem waiting for it to come along.
It still remains to be seen how easy it will be to set up and use the whole thing though, but the idea behind it is great.