Tilda is a standard for decentralized apps backed by self-sovereign data. Tildamail is a decentralized system for messaging intended to function like email. When two users’ email clients support Tildamail’s protocol, they can communicate with each other in a decentralized, end-to-end encrypted manner, asynchronously, without relying on a centralized server. You control your own keys. High level, it's email with decentralized public key infrastructure and end-to-end encryption. With the end goal being complete data privacy and self-sovereignty - where users protect their privacy, own their data and where it’s stored, and communicate securely via end-to-end encryption. Tilda protects your privacy by encrypting your messages and metadata. Right now, email services like Protonmail can read your metadata, and they can see your subject line because it is completely un-encrypted. Those services are also vulnerable to legal attack and other vulnerabilities since they are centralized. Other apps like Signal have the same vulnerability to legal attack and hacks since they're centralized, see here: https://www.wired.com/story/encrypted-messaging-isnt-magic/ Also, they're closed ecosystems that don't interoperate that well so there's a chicken-and-egg problem (i.e. your friends need to download Signal). You need interoperability in the beginning to really jump start ecosystem growth and take people away from the walled gardens of Google, Facebook etc, which use and abuse your data.
Is there a link to the code somewhere on the website that I missed?
> function like email. When two users’ email clients support Tildamail’s protocol
Does tildamail support pop/imap? If not, do you intend on creating plugins for mail clients to support some other protocol?
> Tilda protects your privacy by encrypting your messages and metadata. Right now, email services like Protonmail can read your metadata, and they can see your subject line because it is completely un-encrypted.
> Also, they're closed ecosystems that don't interoperate that well so there's a chicken-and-egg problem (i.e. your friends need to download Signal).
So tildamail can send mail to non tildamail servers/email addresses? Is tildamail just using regular email and encrypting it like you would use gpg to encrypt e-mails?
(Sorry for dumb questions but the website has zero actual details and looks like a ploy to grab as many e-mail addresses as possible)
The roadmap is actively in development and it will be open-source before it goes live to a small subset of early access users. So the intention is NOT to create plugins for mail clients. There has been a lot of advancement in encryption since PGP (GPG being an implementation of PGP) and the idea right now is to implement a double-ratchet algorithm for v1.0, which has the advantage of forward secrecy. Also, yes, Tildamail will interoperate with normal everyday SMTP emails. Thanks!
I’m scratching my head too. This isn’t even handwaving, they’re just vague marketing claims.
Email is notoriously insecure, and hard to get right. If this is decentralized and “self-sovereign”, why do I need this service? What even is this service? Is it just email? If so, how is it doing encryption? Do I control my keys? Why don’t I just use PGP (usability issues notwithstanding)?
What about metadata? Is this secure if I have to communicate with non-Tildamail users? How do I send an encrypted Tildamail to someone with a non-Tildamail email address?
Sorry, color me skeptical. I see vague marketing copy and a field for my email address, which I assume will be sold to the highest bidder in 18 months when the venture capital dries up.
If you want to use something like this today, check out (mine) https://github.com/eraeco/party.lol it works with your existing email, just encrypts it end to end. It uses modern cryptographic curves, not PGP.
