ShazzleMail aims to re-invent email by making it surveillance-resistant
Emails are probably one of the easiest data types that third-parties can monitor. There are plenty of reasons for that, from being stored on third-party servers to the lack of proper encryption. And to top it all, even if emails are encrypted the metadata is usually not.
The creators of ShazzleMail have created a system that they say does away with all current email privacy issues. One of the core differences to standard email solutions is that the email client is also the server.
While that sounds complicated at first, it is not in this case as everything is handled in the background for you. All you need to do is create an email account, or multiple ones, to get started.
This means that every user of ShazzleMail is also operating a server that is being used to send and retrieve emails.
A central registry is being used to provide senders with information about recipients. If the recipient is also a user of ShazzleMail, an encrypted connection is created between the sender's and receiver's device. If the receiving user is not online, the email is not sent until that happens.
This does away with the storing of emails on third-party servers, but does mean that emails are only exchanged if both parties are online at the same time.
If the recipient of the email is not a member of the ShazzleMail network, a url link is sent instead using standard non-secure emails. A click on the link opens an SSL connection between the recipient's computer and the sender's device, so that the information are transmitted via an encrypted channel.
ShazzleMail is available for major app platforms such as Apple's iOS and Google's Android platform, but also as desktop clients for Windows and Macintosh systems.
In addition, it is possible to setup email clients such as Thunderbird once an account has been created. Note that the ShazzleMail client needs to run on the system as well for that to happen, as you won't be able to use the service otherwise.
The team focuses on mobile first and foremost, and there are several reasons for that, but the most important one is that mobile devices -- especially smartphones --Â tend to be online all the time, or the majority of time while PCs or Macs are not usually.
The desktop client is pretty basic but sufficient. The main advantage that it offers over the mail apps is that you can send attachments using it, while that does not seem possible if you are sending emails using the applications.
Lets recap how ShazzleMail differs from traditional email services
- Email is only stored on your devices and on recipient devices, but nowhere else.
- Emails are only transmitted in encrypted form when both sender and recipient are online. And even if the recipient is not using ShazzleMail, a direct connection is ensured.
- There are not any encryption keys that the email provider can pass over to authorities.
The system is well-thought out but it is too early to tell if it is really secure. A security audit is needed to verify that. I was not able find information about the encryption that the service uses on the services website, or information about the central registry that is being used to link senders to recipients.
The apps are limited in terms of what you can send. While you can add text to emails and basic formatting, you cannot add any file attachments.
With all that said, it is highly advised to be careful when using the service. While that does not mean that you should not use it, it means that you need to be aware of those issues.
ShazzleMail is something that I'll be keeping an eye on to see how it evolves over time.Â A security audit above everything else would certainly help the application's popularity.
Now Read: Postbox email client reviewAdvertisement