

Ask HN: Cloud Email with Strong Privacy - josephby

HELP! A client of mine is looking for an easy-to-use cloud-based email solution with strong privacy protection.<p>They've got four requirements:<p>1) no cleartext is stored in the cloud<p>The only way to read the mail is to enter a secret at the beginning of each session.<p>2) email is encrypted instantly upon receipt by the service<p>e.g. an SMTP daemon is running that encrypts each email using a public key and stores only the encrypted copy<p>3) email can only be read by the person who holds the secret<p>4) the mailbox should be easily accessible using a client application<p>And one non-requirement:<p>The solution doesn't have to protect plaintext emails from intercept in transit.<p>I'm not talking about encrypting emails between parties; I'm just talking about storing them securely while preserving ease of access
======
DrWhax
Something like this you're looking for? <https://code.google.com/p/gpg-
mailgate/>

------
ghubbard
I think requirement 2 is a problem here.

If your cloud provider has the plaintext how can you trust it?

~~~
josephby
The solution doesn't have to protect against intercept-in-transit.

For example, suppose that this was implemented on a VPS on some random hosting
provider, and I own all of the code on the VPS. The hosting provider could
record all email traffic coming into that box, but that problem isn't in scope
(and could be addressed with, say, openPGP).

~~~
ghubbard
Just store your mail in an EncFS or truecrypt container on your VPS then?

Who/what are you trying to defend against?

~~~
josephby
That might work; can either of these be configured with separate encrypt and
decrypt keys?

Basically, if someone takes control of the hardware or software we're hoping
that it would still be very difficult to get at the contents of the emails.

