Skiff Mail is a new end-to-end encrypted email service, but should you use it?

Skiff Mail has been launched to the public, it is a new end-to-end encrypted email service provider. The company says that it focuses on protecting the privacy of its users.

The service is Web3 native, you can visit this page to sign up for a free personal account.

Update: Skiff has updated its privacy policy. It does not collect the MAC address of the user. The company says that users don't need to contact Skiff to delete their personal information, and that it does not use third-party tools to track users.

The following information has also changed in the meantime or has been corrected:

• The pricing page does not reveal storage quotas anymore for the Free account. The homepage states that free users get 10 gigabytes of space.
• The privacy policy states that the service does not store information that is sent automatically, such as IP addresses, persistently.
• Skiff uses the open source analytics tool Matomo, which aggregates and anonymizes data. The data is not tied to user accounts and Matomo is not used in the actual app, according to Skiff.
• Skiff states that it is not tracking clicked links, interacted content or how active users are.
• Do not track is not used because there is no user tracking, according to Skiff.
• User information can not only be deleted by reaching out to Skiff Mail via email.
• Skiff says that it does not collect general location information, approximate location information based on IP addresses.
• Skiff says that it is not disclosing user information to third-parties.
• Skiff uses not third-party services, according to the company.

End Update

Though Skiff Mail's blog post says that users get 10GB of free cloud storage space for signing up for a personal account, the Pricing page which you can access from the settings shows that you only have 1GB of space. Email isn't the only thing that Skiff can do, you can save notes in Markdown format, code blocks, edit and create documents too. You can opt in to store your data on a decentralized server, add email aliases, import documents from Google Drive or directly upload them from your computer. Users have an upload cap of 30MB. One of the features that are highlighted in the announcement post, is Skiff's instant search, which can look up results in thousands of files instantly.

The data associated with your account is synchronized across your devices. Skiff's apps are open source, you can access the web app from your browser, or install the mobile app on your iOS or Android device, or the Desktop app on your macOS machine.

While signing up for an account, Skiff Mail will prompt you to save a one-time use recovery key, that you can use to unlock your account if you forget your password. If you lose it, you can't access the account, because of the encryption that the service uses. You may enable 2FA (two-factor authentication) from the settings, to protect your account. New users can sign up for an account using their MetaMask Wallet, and the company says it will soon support Brave Wallet.

Skiff Mail has paid plans that you can upgrade to, for more benefits.

Should you use Skiff Mail?

It's always good to see a new encrypted email service provider trying to provide some competition to the rest. But, should you use Skiff Mail? Let's take a look at the service's Privacy Policy, shall we? You may read it here.

Scroll down to the section titled Automatic Data Collection, and you'll see that Skiff Mail's website collects the following information from the user.

• IP Address
• Mac Address
• Cookie Identifiers
• Mobile Carrier (Cell Phone Provider)
• User Settings
• Browser or Device Information

Collecting the user's settings is perhaps acceptable as are the browser and device info, they are probably related to the cookies stored in the browser, and maybe for compatibility. In addition to the above personal data, Skiff Mail also collects the general location information and approximate location based on your IP address.

Not convinced yet? Let's keep reading the privacy policy. Skiff Mail's privacy policy mentions that it will collect other information such as web pages that you visit before, during and after using its services. It will also track the links that you click, the content you interact with, and how often you are active and use the company's services. The company will not respect Do Not Track requests sent by the web browser.

The Privacy Policy says that all data that Skiff Mail collects is used for providing its services, market and advertise its products to the user, and for its operational purposes. However, the next section in the privacy policy reads that the company will disclose user information to third parties for a variety of business purposes, and this includes sharing the data with their service providers, business partners, advertising partners. And if it were ever to be merged with, or acquired by another company or something like that, your information may be sold or transferred as part of the transaction.

Though there is a delete account button in the settings, the only way to delete your user information, is to reach out to Skiff Mail via email. And then there are some third-party tools that are used by the company for analytical purposes, and these have their own privacy policies.

The only thing that Skiff can't access seems to be the contents of your mails, because they are encrypted. But, what good is end-to-end encryption, if a service collects so much data from the user and tracks them? It learns your browsing habits, which is essentially profiling the user. This isn't different from what Facebook and Google do, is it?

If you read the privacy policy of other end-to-end encrypted mail services like ProtonMail and Tutanota, you won't find such data collection clauses there. And the data they collect are anonymously done, i.e., they don't profile users.

What do you think about Skiff Mail's privacy policy?

Advertisement