

Review my startup: Secure webmail service - qnrq
http://pipemail.org/
After two and a half years of work: Pipemail sees public light. Pipemail encrypts emails using aes256; but any symmetric-key encryption cipher works, really. It's built around the idea that an email provider should never be able to retrieve the emails that their users send. To achieve this I invented a fragmented key assembling method.<p>There's some other nifty features available, like that we automatically strip EXIF tags from attached image files and allow users to send emails that are only readable once by the recipient. You can check out the documentation here: http://bit.ly/fIjLPk<p>I really hope that you like it. Hopefully we can shed light in this modern Big Brother day and age.<p>Oh, and it's free of course. But you can donate if you like it :-)
======
ammmir
security and fancy crypto on the server don't mean much if your frontend
interface submits passwords in plain text over the wire. a secure service
shouldn't even serve up content on non-https URLs.

~~~
qnrq
I completely agree. We didn't install a cert since there were some doubts
around wether we would sign it ourselves or not.

Either what we decide, a self signed cert is better than none, hence this is
now fixed. All http traffic is now redirected to https using a 2048 bit self
signed certificate :-)

