Mailpile: crowdfunding a secure, private email client/cloud service

Mailpile is an Iceland-based free/open source email service that's privacy oriented, integrating easy-to-use encryption and scalable searching. The idea is to produce something that'll run well as a cloud-based service or on your own desktop. They want to ship their first milestone in January 2014, and are looking to raise $100K on Indi-egogo to pay for the developer hours to see the project through. With the Mozilla foundation abandoning support for my beloved (but creaky) Thunderbird, I'm very interested in seeing what they come up with, and I've put my money where my mouth is, with a $128 donation. I'm especially impressed by their determination to integrate easy-to-use mail crypto -- the holy grail of email for decades now.

* A modern, open source web-mail application which runs well either on a personal computer or in the cloud
* An intuitive, beautiful user interface that is a joy to use
* User-friendly support for both OpenPGP and S/MIME encryption and signatures
* A very fast, scalable search engine
* Internationalization support, so Mailpile can speak your language
* Sensible defaults that improve your workflow and help you handle incoming mail
* A platform developers can customize and build upon, including a plugin architecture, support for themes and alternate user interfaces and of course good documentation

Mailpile - taking e-mail back (via /.)

Notable Replies

  1. I'm charmed by their choices of funding levels. Mostly powers of two, plus a hitchhiker's reference.

    Anyone know the significance of $67 for the Activist level?

  2. I'm not expert but it seems like there are a bunch of issues with this.

    1. Once you send a email at least 2 parties are involved. You and the person at the other end. You have no guarantee the person at the other end is encrypting their email. In fact you have no guarantee they aren't directly forwarding a copy to the NSA "to fight terrorism"

    2. Google has such great spam countermeasures because they can see all the spam sent to all the gmail addresses. This system will only see one person's email at a time making it very difficult to counter spam to the same level as gmail.

    3. They claim a web-mail application which suggests using a browser to read email. But browsers download JavaScript which means a man-in-the-middle attack can always insert its own JavaScript.

  3. Security enhancements to javascript are urgently required. We need compiled code and code signing.

  4. I'm trying to argue that time is better spent working on a political solution than a technical one that won't actually work.

    It's like trying to protect your car from auto theft. As "they" say, if a pro wants your car he'll get your car. All you can stop is the non-pros. Well, the NSA ARE THE PROS so stopping them requires something other than better locks.

  5. That's a very good point. Maybe I'm too cynical about our chances after seeing leaders I fought for lining up to betray me.

Continue the discussion bbs.boingboing.net

15 more replies

Participants