
Tildamail – Private Email with Decentralized Storage (Your Desktop, S3, IPFS) - cyrusk
https://www.tildamail.com
======
noncoml
Huh? Why is this even in the front page? No single word about how this
works...

------
johntash
What's the point of posting this to HN with zero real information?

------
cyrusk
Tilda is a standard for decentralized apps backed by self-sovereign data.
Tildamail is a decentralized system for messaging intended to function like
email. When two users’ email clients support Tildamail’s protocol, they can
communicate with each other in a decentralized, end-to-end encrypted manner,
asynchronously, without relying on a centralized server. You control your own
keys. High level, it's email with decentralized public key infrastructure and
end-to-end encryption. With the end goal being complete data privacy and self-
sovereignty - where users protect their privacy, own their data and where it’s
stored, and communicate securely via end-to-end encryption. Tilda protects
your privacy by encrypting your messages and metadata. Right now, email
services like Protonmail can read your metadata, and they can see your subject
line because it is completely un-encrypted. Those services are also vulnerable
to legal attack and other vulnerabilities since they are centralized. Other
apps like Signal have the same vulnerability to legal attack and hacks since
they're centralized, see here: [https://www.wired.com/story/encrypted-
messaging-isnt-magic/](https://www.wired.com/story/encrypted-messaging-isnt-
magic/) Also, they're closed ecosystems that don't interoperate that well so
there's a chicken-and-egg problem (i.e. your friends need to download Signal).
You need interoperability in the beginning to really jump start ecosystem
growth and take people away from the walled gardens of Google, Facebook etc,
which use and abuse your data.

~~~
johntash
Is there a link to the code somewhere on the website that I missed?

> function like email. When two users’ email clients support Tildamail’s
> protocol

Does tildamail support pop/imap? If not, do you intend on creating plugins for
mail clients to support some other protocol?

> Tilda protects your privacy by encrypting your messages and metadata. Right
> now, email services like Protonmail can read your metadata, and they can see
> your subject line because it is completely un-encrypted.

> Also, they're closed ecosystems that don't interoperate that well so there's
> a chicken-and-egg problem (i.e. your friends need to download Signal).

So tildamail can send mail to non tildamail servers/email addresses? Is
tildamail just using regular email and encrypting it like you would use gpg to
encrypt e-mails?

(Sorry for dumb questions but the website has zero actual details and looks
like a ploy to grab as many e-mail addresses as possible)

~~~
cyrusk
The roadmap is actively in development and it will be open-source before it
goes live to a small subset of early access users. So the intention is NOT to
create plugins for mail clients. There has been a lot of advancement in
encryption since PGP (GPG being an implementation of PGP) and the idea right
now is to implement a double-ratchet algorithm for v1.0, which has the
advantage of forward secrecy. Also, yes, Tildamail will interoperate with
normal everyday SMTP emails. Thanks!

------
jszymborski
These are all nice promises, but there isn't a whiff of how any of this is
achieved...

~~~
journalctl
I’m scratching my head too. This isn’t even handwaving, they’re just vague
marketing claims.

Email is notoriously insecure, and hard to get right. If this is decentralized
and “self-sovereign”, why do I need this service? What even is this service?
Is it just email? If so, how is it doing encryption? Do I control my keys? Why
don’t I just use PGP (usability issues notwithstanding)?

What about metadata? Is this secure if I have to communicate with non-
Tildamail users? How do I send an encrypted Tildamail to someone with a non-
Tildamail email address?

Sorry, color me skeptical. I see vague marketing copy and a field for my email
address, which I assume will be sold to the highest bidder in 18 months when
the venture capital dries up.

------
marknadal
Does this work? Is this just a splash page.

If you want to use something like this today, check out (mine)
[https://github.com/eraeco/party.lol](https://github.com/eraeco/party.lol) it
works with your existing email, just encrypts it end to end. It uses modern
cryptographic curves, not PGP.

~~~
charles_f
I like the website. Too bad <blink> and <marquee> were retired, they'd had fit
nice in there.

