Interesting product with great potential. Their website doesn't seem to address my two main concerns:
1. How do they ensure high, non-spam delivery rates to the main email services like Gmail, Fastmail, Yahoo, and Microsoft?
2. How would the product work in case Helm the company/service goes away (or even just service outage)? Can the device work on its own without the need for their web service (perhaps with lower delivery rate/higher spam score)?
They claim:
>> We’ve designed your Helm to ensure as little information about you as possible is communicated back to us. That’s why the only account you create is directly with your server, not with us, and why only encrypted data passes through our servers.
But how does that work with sending emails? (Please excuse my ignorance on this matter.)
Hi keehun - thanks for posting this on HN! I'm the co-founder and CEO of Helm.
1 - First, we cross reference IP addresses we assign to gateway against known blacklists. This helps ensure emails will be delivered. We also fully support email authentication (DMARC, DKIM, SPF) and configure reverse DNS as well. Lastly, the IP address for a gateway stays fixed so the domain and IP will build reputation over time. Helm servers require the service to work to get around the residential internet connection challenges in the US (port blocking, dynamic IPs, untrusted IPs)
2 - We will be doing 2 things - first, we will publish as open source what is required for people to be able to run their own gateways with their own AWS account in the event Helm has to shut down. Second, the unit economics on the service are positive so as long as we have customers, my co-founder and I are dedicated to running the service. We take a page from Garry Tan and Posthaven in this regard.
3 - The way this works for sending emails, your devices that you compose emails on will connect directly with your Helm server over TLS. Your Helm server will then initiate a TLS session with the server hosting your recipient's email. So we as a company have no visibility to any of that data - at rest, or in transit. I hope this helps - I'm happy to explain this in more detail as needed.
>> 3 - The way this works for sending emails, your devices that you compose emails on will connect directly with your Helm server over TLS. Your Helm server will then initiate a TLS session with the server hosting your recipient's email.
If my helm server connects directly with the recipient's email server won't it create problems with SPF validation? Home networks usually don't have a fixed IP address so I am not sure how SPF will work.
> Your Helm server will then initiate a TLS session with the server hosting your recipient's email
I'm not sure how Helm doesn't see the metadata:
* For outbound (as described) and inbound mail, do all mail servers support TLS connections? I was under them impression that many still communicate unencrypted.
* How does Helm avoid seeing the metadata, who is communicating with whom and when?
It seems that Helm has no obligation or business need to log any metadata if they are providing each customer with a dedicated relay. Any abuse will come from that relay IP and can trivially be attributed to the correct customer.
> Helm has no obligation or business need to log any metadata
The point of Helm is to provide privacy (and end-user control) through technical means, if I understand correctly. If it's just a matter of trusting motives, I don't need a home server.
The feds know that Apple (for example) are fully lawyered up, and that they need all their legally required paperwork with it's "i"s dotted and "t"s crossed before Apple will even look at their request for your data. While we know they _will_ hand over legally required data when they can and the paperwork is OKed by their legal department, they also very publicly go head to head with law enforcement when those requests are legally questionable or technically impossible.
I suspect an overly broad probable cause warrant to seize all the electronic devices in your house is gonna be much easier to slip past an leo friendly judge and whatever legal representation you can muster up when they dawn-raid you - than "slipping one past" Apple's legal team.
Having said that, if you've got the feds interested in your digital comms, you probably want to be getting your security advice from a much more private and trustworthy source than randoms on Hackernews...
nope. it's only fractionally more difficult as "the man" has to physically come to your house.
additionally, email is more usefully between 2+ parties. For normal people, the other parties are very likely to be using a cloud email provider. I would not be surprised to learn that it is common to issue a warrant not for a specific recipient, but for anyone that has corresponded with a specific person, ie for the sender instead of the receiver -> google, give me all emails sent by user@foo to any user on your server.
this is actually a big problem of SMTP and a big weakness of helm. i didn't study the product but it seems that it would be difficult for a user to know (and prove) that another user is a helm'er. if data seizure is the issue you care about, protonmail and other such services are a better solution.
Not really. If you are under investigation, seizing your server is as simple as a search warrant. The challenge is accessing the data - if you've encrypted it well, it's impossible to access. However, on your own server, you may get complacent and allow some data leakage.
Major providers like Gmail and ICloud will have a longer and more convoluted process to provide your data to state actors, but analysing that data is going to be far easier since it will come in a standard format.
If your goal is to make your data difficult to seize, a better option is probably to self-host on either a cheap VPS or a corporate-grade cloud service. That keeps the data out of reach of a warrant on your home, and keeps it unreadable after they've actually jumped through the hoops to seize it from your provider.
Not to mention having to wake up in the middle of the night when the VPS provider decides to reboot your VM so you can decrypt the volume on boot. Been there, done that for years.
Hi newman314, we have a gateway server that we as a company manage the gives you remove access back to your Helm. We do this without requiring you to poke holes in your firewall because the Helm establishes an outbound VPN connection to the gateway.
Can you? you'll probably need your own DNS resolver because if the clients are configured for my.custom.domain.com, it's not going to resolve to 10.10.10.10 and your connection is down. So you can have the box do that, but generally, split horizon DNS is a thing you don't want to set up in a set it and forget it install.
Yeah, as somebody who has run their own mail server for years, #1 is a huge concern. It has been a real struggle for me despite having a server I own in a rack with net-neighbors I know.
Another big one for me is the failure modes. What do I do when my home connection is down? How about when my connection is down and I'm traveling? What happens when the hardware fails? How about when the hardware fails 5 years from now?
Having email just down for a couple days while you wait for new hardware to would be a very bad experience.
So if they route everything through the same set of EC2 instances, that might actually take care of the SPAM issue. I run my own e-mail server and have run into that same issue of not being able to send to gmail/microsoft addresses (unless I contact the person via Facebook/Twitter/Reddit/etc. and tell them to check their spam folder):
The way most of these providers deal with spam is they slowly white-list IP addresses. When a company like Mailchip or Mailgun spin up a new server, it's always in a large subnet range they've purchased and they slowly start sending low priority e-mail through it to existing/known receivers and throttle it up to full speed.
If you're running a personal server that sends like 5 or 6 e-mails a days, well that's an issue.
The big players make it difficult to run a small personal server, but running a dedicated business or corporate server that sends 100s of e-mails per day is typically fine once it's well established.
You know what would be a better product? A relay SMTP server that works with Google/Microsoft/Amazon/Fastmail et. al. to pump e-mail from personal servers and ensures it won't get caught in spam filters.
"You know what would be a better product? A relay SMTP server that works with Google/Microsoft/Amazon/Fastmail et. al. to pump e-mail from personal servers and ensures it won't get caught in spam filters."
That's basically Sendgrid or Mailgun or even Fastmail itself. They can all relay SMTP for arbitrary domains.
It's actually a totally different product vs Sendgrid/Mailgun/etc.
Such a product would need to have a ToS that states it can only be used for low volume personal and business correspondence, and have per-account rate limiting to enforce that. Doing it this way is necessary to avoid having mail treated as bulk.
I've tried relaying through mailgun to get mail to outlook.com, it does not work.
Rate-limiting would be interesting. If the cost of the service was specifically high enough to be unscalable. Like, $10 per month and you can send 200 emails per day. That’s expensive compared to anything else but fine for personal use.
Pretty soon email will require stamps, like paper mail. I wonder if they will sell forever stamps?
Jk, I just thought it was funny that we pay for services which were always seen as a free alternative to paper mail and stamps were a thing of the past.
If you have a KvK in The Netherlands your PII details are public, and you will start receiving physical spam from companies despite such spam not being free to send. I never receive spam from individuals though; only companies.
On top of that, the costs of electricity are not the same everywhere (they are very expensive in The Netherlands, for example, than in the USA, and China is very cheap). Nor is it widely stable available everywhere (examples include India and Africa). Proof of Work is basically a waste of energy as well.
> The big players make it difficult to run a small personal server
how so? the way i see it, only by making it too easy to use them. if you mean, they reject mail from (eg) dynamically assigned home subscriber IP addresses, you can blame spammers for that, not the big email players.
There's little to no additional security from having email on-site, and much hassle. Assuming you use google or outlook, the advertising bogeyman is just that - a bogeyman.
this is a super niche product, with a lot of useless industro-consumer design thrown in. it's doomed as a business and then where are you? back to gmail.
According to their FAQ, you are basically on your own since your device is the MX server:
> While offline, emails sent to you will not be delivered. This does not, however, mean that they are lost. If your email server becomes unreachable for any reason, the sender’s email server will periodically retry sending the email at a later time. Email servers are generally configured to retry rapidly at first and then back off and increase the time between retries.
> Once your email server comes back online and a retry is performed, you will successfully receive the sent email. If your email server is offline for an extended period of time, the sending server will eventually give up and send a bounce message to the person who sent you the email.
the sounds exactly like the nightmare the GP proposed. what happens when you're on vacation? or even not on vacation but the supply chain is borked or UPS loses your package? even if helm is self-configuring from stored cloud config, this is still a pain and being without email for even a day is painful. 3-5 days (more likely) is intolerable. and if it's longer mail will start to bounce.
> Another big one for me is the failure modes. What do I do when my home connection is down? How about when my connection is down and I'm traveling? What happens when the hardware fails? How about when the hardware fails 5 years from now?
This is the big obstacle preventing me (and I assume others) from moving away from cloud. Cloud services just work, everywhere, all the time (effectively). I'd love to get the privacy benefits of bringing my data "in-house" but I'm not sure I want to take on the equivalent of a part-time sysadmin job.
Hey bootsz, when your connection is down, you'll still have a local cache of your messages, contacts and calendar events. Email has retry built in and sending servers typically retry for at least 48-72 hours. The hardware has no moving parts so it should last for a long time, but when there is an inevitable failure, there are encrypted backups that can be downloaded to a replacement device and decrypted using keys only you have access to.
Yeah. Even though I've had my own collocated hardware since Bubble 1.0, I'm looking to move all of that to the cloud. When your own hardware works, it works reliably for years. But when something breaks it's an urgent fire drill, [1] and I'm entirely over those.
[1] Unless you have warm spares for everything, but that means you're paying twice as much and still will have a non-urgent fire drill to replace the failed hardware so you're back to n+1.
> Yeah, as somebody who has run their own mail server for years, #1 is a huge concern.
Perhaps relay the email out via your ISP account? I do that and it works well.
> Having email just down for a couple days while you wait for new hardware to would be a very bad experience.
Perhaps set up a fallback MX that directs traffic to e.g. a Mailfence account when your primary MX is down? Works for me. Also, mail servers can be cheap hardware (an old x220 will do).
> 1. How do they ensure high, non-spam delivery rates to the main email services like Gmail, Fastmail, Yahoo, and Microsoft?
I run mail servers. I believe the idea that mail delivery is a problem for small mail providers is largely a myth. If you act somewhat reasonable (that is: if someone complains to you don't ignore it, don't send spam, check your logs for indications someone might put you on a blocklist) it's no big problem.
I think the myth comes largely from people who are actually spammers, but don't see themselves as that.
I can't speak for outside the UK, but here the ISPs hand out non-static[1] IP addresses to residential customers. These IP ranges are in the spam-block lists that a lot of the other mail providers use. As such sending any email directly from your ISP given IP address is hit-and-miss affair. You don't even get any bounce notifications, the emails just disappear and never arrive at their destination, so you have no idea that something is wrong.
Some ISPs allow you to pay for a proper static IP to get around this problem, but again some of the ranges are still in the block lists. The only way I could guarantee that my IP wasn't blacklisted was to switch to a business account with my ISP and thus have IPs from a different range.
If you are stuck on a non-static IP, the easiest way around the problem is to send via the SMTP smarthost that your ISP hosts.
---
[1] They are technically dynamic IPs, but are sticky in that you keep the same IP unless your router goes offline for more than a couple of hours.
In my personal experience, it was certainly a problem for a while when lists like SORBS and their notoriously hostile de-listing procedures were all over the place. Listed an entire IP block assigned to a data center I had hardware in as "residential" and it took weeks to get it addressed.
And more recently, I'm still unable to send email to Verizon.net email addresses from a VPS because they too insist it's in a residential IP block. (it's not.)
For the first few weeks I had a VPS and moved a small business to it, sending anything to Gmail was a hassle as it was all automatically going to the spam folder. The typical responses from others was "find a new provider" even though checking blacklists showed the one I chose was just fine.
I too have run mail servers, and have seen enough to realize that it's definitely not a myth. It's just that there are enough spammers making a mess of things for the rest of us, which is unfortunate.
I lost $150 because a certain mail didn't arrive in time (an intercity bus trip ticket) when I couldn't actually afford to lose that money. I had to borrow money from a friend. Those 1-2 hours were quite valuable!
Running your own mailserver is easy enough if you have an IP that isn't blacklisted. Most residential IP's will be on the Spamhaus PBL which will cause issues. You can run a mailserver on a $5/month VPS without issue as long as you have a dedicated IP and you check for blacklist entries before you start.
That helps check that you don't receive spam (and even so, rspamd is much weaker when applied to only one account). It doesn't fix sending other people what looks like spam.
I recall one of the major bulk mail services (perhaps Campaign Monitor?) has a service where you can feed your intended outbound mail into a large range of spam checking services before you send it, to alert you to problems in your mail that are likely to trigger spam filters.
(On the other side of that problem though, if my email account starts sending mail "what looks like spam", it's almost certainly because my account's been compromised and is actually sending spam. There's a _start_ difference between typical personal person-to-person email and spam. I suspect _some_ business email might blur the line there - but part of me thinks if your business email is blurring the line about being "spammy", then it deserves to get filtered...)
While I see others here who have had trouble with deliverability, I'd just like to say that I have never had a failed delivery to GMail/Google Apps, Yahoo, or Microsoft. There are tools online which will receive email from you and help you configure your system properly for full deliverability.
I suspect whatever this Helm thing is, they manage to do things right on that front as well; everything else I don't know.
I read the whole tech page and some of the comments here. I might be willing to pay for this service, but not in its current form. I wouldn't want to spend 500USD on a proprietary hardware in addition to paying a subscription fee. What needs to happen to convince me to pay:
Open up the hardware component as a platform for anyone to extend (allowing direct ssh, or using my own hardware). It's fine to not open source the email server code. But I would like to utilize the hardware to do other things, like file storage, etc. Instead of waiting for your company to build other features, I would rather have community contributed (preferably open source) plugins that integrates with your ecosystem and runs on the hardware.
This is extremely valuable feedback and worth strongly considering.
When the iPhone came out, it didn't support apps - just built-in features like Mail and Mobile Safari. I agree with you that an app store for Helm could be valuable.
This could be especially valuable as a way to build email apps for enterprise. Especially if there were a good API that returned email data in JMAP format.
I know Nylas tries to do this, but their model doesn't really work for me.
JMAP returns data in JSON, but with a standardized schema. It's better than the current status quo, where each email provider returns API data in JSON but using their own schema, meaning you need to build different endpoints and methods to work with each email provider. The spec is about to be finalized, so there is no reason why email providers who haven't yet released an API shouldn't be using it.
Hey paraditedc - thanks for your feedback. We will be launching a developer program next year. We are very interested in a community of people like you hacking on Helm to build new services/features.
Related feedback, you might to launch it well before the year 1st subscription year ends, otherwise customers who bought the setup assuming they won't opt for subscription and would still be able to use the device will left with no option for possibly a long time.
To be fair - building a business like Helm while needing to deal with other people's hardware and their software updates which you wouldn't find out broke your product until your customers start screaming about their email not working - wouldn't be fun. I could easily see how someone could want to do that and seriously consider it, then discard it as an option (or at least as part of their MVP launch options).
So make a supported hardware list,docker container, etc. The hardware is interesting, but the types of people who would buy this either already have racks in their houses and just want someone else to manage their stuff, or want to manage their own hardware because they want to make sure they have their own hardware components locked down. It's a neat project to be sure, and it's not terribly expensive for the hardware, but the real money maker is the ongoing support and security for the service, which is functionally really similar to a cloud service without a lot of the benefits.
Don't most ISPs ban residential accounts from running something like this?
Comcast terms:
> use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“Premises LAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, email, web hosting, file sharing, and proxy services and servers
Verizon terms:
> You also may not exceed the bandwidth usage limitations that Verizon may establish from time to time for the Service, or use the Service to host any type of server.
AT&T terms:
> using such account for the purpose of operating a server of any type;
hey jawns, great question. I'm Giri Sreenivas, co-founder and CEO of Helm. To answer your question, ISPs block port 25 and email service providers typically reject emails coming from residential IP blocks.
To build a plug and play solution, we knew that our server could not require listening for inbound connections on a residential internet connection. So we set about looking into how we could route traffic to and from a home server but we needed to do this in a way that prevented us from being able to spy on traffic. We investigated solutions like sshuttle and eventually settled on the combination of a simple iptables configuration combined with a VPN connection. Helm establishes an outbound VPN connection to a dedicated EC2 instance with an iptables configuration that routes packets to and from the connected Helm server. The EC2 instance also has a static IP address associated with it.
It's important to stop here and explain that the only way this architecture is viable while adhering to our design tenet of knowing as little about our customers as possible is because of the Let's Encrypt project. Every Helm server has a unique domain associated with it and trusted certificates for that domain are fetched from Let's Encrypt. We strive to ensure that all inbound and outbound traffic routed through the EC2 instance is using TLS with these certificates from Let's Encrypt. This way, our EC2 instance is effectively just an extra hop on the Internet.
If you are proxying the content with a VPN with a static IP on an EC2 instance you cannot police people sending out spam as you cannot see and meter the SMTP traffic. So does everyone get a dedicated instance and IP? If that is the case people are going to have issues getting their email accepted by almost all providers due to the IP being new and on a cloud provider block. If it is a subset of IPs that you create a reputation for and comply with DKIM, SPF etc how are you going to keep it from getting ruined by bad actors?
I am glad you are doing this because running a mail server is non trivial. I have done it for a long time now and love the fact that I own my email identity. It is one of the few things left you can own online.
I think this is the biggest problem. If there are a lot of bad actors, you drag down the whole system, but if you try to prevent bad actors you run into a lot of issues.
A hard problem, and I don't envy anyone trying to solve it.
Hi graybolt, I'm Dirk, co-founder and CTO at Helm. Each Helm Personal Server is assigned their own IP address. We make sure to only use IP addresses that haven't been put on blacklists. If people abuse the service by sending spam it will only affect the reputation of their assigned IP and won't cause harm to the reputation of other Helms.
Yeah that isn't sufficient. Most people are going to get their email rejected or spam filtered from many sources. Having an IP that is not blacklisted is not sufficient to have it have enough reputation to be accepted by large providers.
Oh boy, I know people with a fiber drop, 25tb raids with baby server farms and single character password. I think you highly underestimate the lazyness and/or stupidity of people. That doesn't even cover fishing.
Secondly, I think you underestimate the time intensive work that goes into clearing up an IP. I've run mail servers with users in the thousands. It's basically a full time job to keep a single ip clean. And that's with a half or less percentage of clueless users. I'm unsure how this will scale to hundreds of IPs let alone the thousands(x100) that would probably be needed to make creating your own hardware profitable.
Third, you're going to need to reach incompetent customers to make this profitable.
No offense, but given that you are making a product that has a much higher potential to enable bad actors than usual, isn't it kind of you/your company's job to try to solve it?
EDIT: Just realized I responded to the wrong person :(
I mean, my thought is that if a high volume of spam causes other email servers to block Helm, then it makes it unusable to the good actors in the system. I didn't see the CEO address this.
Yeah, that's how I understand the issue too. I don't think there's an easy way to do things, either you end up blocking some people with a legitimate use case or you end up becoming a spam farm.
There's an easy way to make Helm entirely uninteresting to spammers and that is for the server to limit the number of outbound emails that can be sent at a number that normal people would never exceed but that doesn't allow enough volume to be interesting to a spammer. There are much easier/cheaper alternatives for spammers today too.
It's interesting that Amazon is portrayed as the "massive corporate server" provider that stores your email "outside your home" on your homepage, yet you use AWS EC2 instances to pipe email traffic to/from Helm.
I understand that it's just an encrypted VPN connection, and are not actually storing email on the EC2 instances. But is there any way for your customers to ensure that? Can your customers shell into the Helm and/or EC2 instance(s)?
We will be making public the configuration for these instances as part of what we publish in open source. We haven't considered allowing customers remote access to the gateway but we will based on your suggestion. Thanks!
If you _do_ "consider it", I hope you discard it as an awful idea pretty much immediately.
I'd suggest allowing customers who're concerned to run their own instances with your code on it (perhaps a Docker image?) - but giving random customers shell access to gateways you're responsible for (at least to Amazon) - would be insane...
Signal/WhisperSystems are doing some interesting work on how to prove the code running on their servers is identical to their published and auditable code - might be worth checking that out (for a post MVP roadmap idea).
Yeah, there'a a lot of confusion about "the cloud". Consumer SaaS (Gmail, Facebook, Alexa, etc.) is "evil" and privacy-invading but B2B IaaS (EC2, GCP, etc.) is not bad. Often these services come from the same companies so we can't simply claim that Amazon or Google are wholly good or evil when it comes to privacy.
I believe you will be more successful if you establish two things, first your own ASIN with a couple of class C IPV4 blocks and an IPV6 block.
Then you create an infrastructure for relaying the mail from your boxes to the Internet. Then you work with the various spam agencies to create both a way to respond to spam complaints and to detect and throttle or cut off spam senders. You'll find that spammers will offer to pay you a premium to "look the other way" but don't take it, many good companies died going down that road. Without the spammers it will be harder to make your numbers but concentrate on keeping your efficiency high and ultimately you will be better off.
You don't talk a lot about data protection on site for things like disk failure. What do you do in that regard to keep people from losing all of their mail if the disk goes tits up?
In my experience you can't know what is 'normal' until you have seen it, so fixing the rate at the start would be unduly onerous.
People have lives which can sometimes look spammy, like you are made the coordinator of the school potluck and suddenly you're sending email to 150 parents asking them to volunteer to bring food. But after that event you go back to your regular rate.
Because this isn't a "PC" in the sense that it is more difficult to be overtaken by a virus and start sending spam without your knowledge, and as a mail service provider you know that email originating from the device has to come from a specific domain, you have a lot more tools to detect that someone is being a bad actor or not.
No, the way the big boys get around this is outbound email filtering. Limits yes, session and connection heuristics, reading your outbound email to see if you're selling dick pills.
> hey jawns, great question. I'm Giri Sreenivas, co-founder and CEO of Helm. To answer your question, ISPs block port 25 and email service providers typically reject emails coming from residential IP blocks.
> To build a plug and play solution, we knew that our server could not require listening for inbound connections on a residential internet connection. So we set about looking into how we could route traffic to and from a home server but we needed to do this in a way that prevented us from being able to spy on traffic. We investigated solutions like sshuttle and eventually settled on the combination of a simple iptables configuration combined with a VPN connection. Helm establishes an outbound VPN connection to a dedicated EC2 instance with an iptables configuration that routes packets to and from the connected Helm server. The EC2 instance also has a static IP address associated with it.
> It's important to stop here and explain that the only way this architecture is viable while adhering to our design tenet of knowing as little about our customers as possible is because of the Let's Encrypt project. Every Helm server has a unique domain associated with it and trusted certificates for that domain are fetched from Let's Encrypt. We strive to ensure that all inbound and outbound traffic routed through the EC2 instance is using TLS with these certificates from Let's Encrypt. This way, our EC2 instance is effectively just an extra hop on the Internet.
> I hope that answers your question, let me know!
This doesn't seme to address the question of whether this violates the ToS, regardless of whether this is technically feasible.
I'm pretty sure that video feed is actually sent to your phone through a Dropcam cloud server. Your Dropcam is a client which connects to the cloud server, as is your phone.
Arguably that's the exact same architecture Helm are describing. The EC2 instance your Helm box VPNs into is (arguably) "the server" - in that it's the "public service" endpoint. A good lawyer could eloquently argue that the Helm device on your residential internet connection is no more "running as a server" than the Dropbox or Google Drive apps on your laptop or phone...
(Note: I've been doing a similar home-rolled version of this, where I have a mail server under my couch that opens a reverse ssh tunnel and forwards port 25 and 465 from whichever transient EC2/Azure/DigitalOcean/Hertzner/CloudAtCost VPS Ive got listed as my MX records. A little bit of Route53 API automation, some Ansible to set up the ssh tunnelling, and some "canary" gmail and live.com email addresses to check outbound deliverability when I go to switch VPSs... It's been running pretty much untouched since 2014 or so...)
We don't believe it does. ISPs will only see encrypted traffic (a VPN tunnel to the gateway) so it's unclear how they will figure it's associated with a server.
For the most advanced of users, would you opensource the server so that we can host our own gateway servers instead of relying on Helm? That would solve the "what happens if Helm goes down" question and "how do we trust Helm" question.
Still wouldn't solve "how do I know my emails won't end up in spam" but at least we're getting closer (to at least what I would want to pay for.)
Also the fact that we can't run servers from our home connections is ripe for a challenge if we ever get net neutrality protections back.
The 2015 Order said this, "A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not block lawful content, applications, services, or nonharmful devices, subject to reasonable network management."
I would argue that banning personal email servers or personal servers at all is not reasonable network management (e.g. a nest thermometer or a smart microwave or an Alexa/Siri thing is a server), and if we're looking to explore home appliances that decentralize the web, we need to ensure that broadband providers' policies don't block them. Google Fiber screwed this up too.
doesn't matter if we are contractually allowed to run them or not. The dynamic IPs of consumer ISPs are all blacklisted by the spam blockers. So, you could receive mail, but no-one would ever receive yours.
But you pay for this EC2 instance, and all traffic flows through it.
Honest question: What stops a malicious employee on your end sshing to this server and dumping plaintext messages from memory? What stops a court from ordering you to do that?
Even if you disable remote access, what stops someone from adding a new LaunchConfiguation that enables it silently on the next instance rotation in spite of whatever configuration is in place today?
At the end of the day it seems like you -can- spy on the traffic just as easily as you could if you were running the smtp services on an ec2 instance directly.
Given that, what is the value proposition here?
(Or if I am totally wrong, by all means call me out accordingly)
Because traffic to and from the server will be over TLS, there won't be plaintext messages in memory on the gateway. We specifically designed to avoid the problems you have outlined.
In all honesty, couldn't this be a question to Amazon for anything that ever runs on any EC2 instance? What makes you not distrust any cloud vendor when they manage every bit of your information including keys.
Although, if they have to route stuff through EC2 instances anyway, I could just start jedieaston's homegrown EC2 email service, let customers pay me $100 a year to get them a domain name and spin up a email server in a EC2 instance and give them a login, then they don't have to have a box at their house which is liable to ISP and power outages. And you get the same amount of privacy that you get with this box (so about as much as you trust Amazon).
Well the E-Mail server still runs locally. While they could intercept traffic on their VPN endpoint, the traffic should be encrypted (TLS). However, I am not to sure if all e-mail servers speak TLS to each other.
Well if it does VPN first, then initiates the SMTP connection with TLS on the local smtp server all the way to the RX mail server, then this works out fine.
A lot of mail servers don't support this though, so it would be on the client to also be able to ensure it will not relay mail except to TLS endpoints verified by a well known CA.
In my experience this is rarely the case, but if it is and Helm is willing to tell end users "sorry I can't safely send mail to this endpoint" then I could see some value to this approach.
Yes - we initiate a VPN connection first to the gateway, then inbound/outbound connections are over TLS. Over 92% of email traffic is over TLS and we will be exposing an option in the future where customers can require it or reject emails.
Since most email's not encrypted, how is having each Helm user's email hop through your server any better for them in terms of privacy than just hosting their email on a remote mail provider in the first place?
You could still record every incoming and outgoing email as it goes through your server, couldn't you?
Amazon invests in ensuring their Elastic IPs are not on blacklists. Less than 2% of IPs we get through AWS are ever on a blacklist and when they are, we cycle through until we get one that isn't.
I've seen amazon ec2 ips being used for ddos attacks and I blacklist the entire range for many of my websites/projects. The vast majority of visitors we get from there are abusive.
Two things: we will run the service in perpetuity as long as there are subscribers and we will be open sourcing what is required to run the service on your own.
You can send email from an EC2 instance but good luck getting anyone to accept it. A lot of email providers block EC2 wholesale, or if they do accept it you are going to have to have a long standing reputation.
What do you mean by blocking "wholesale"? I started hosting an email server in EC2 and the worst I've had is my emails going to a spam folder if that person hasn't received an email from my address yet (and never after they've marked me as not being spam). That happened surprisingly rarely and didn't feel like much worse than I would get by just sending people email from gmail with an address they don't know. I don't think things are as bas as you make them out to be.
edit: I guess I should be clear that I have an elastic IP (which is free) and setup reverse DNS and DKIM and SPF, but I think those are fairly standard now a days (I don't know honestly I've only run an email server for a few months).
Deliverability is a moving target, so you can’t really rely on your delivery metrics from last week.
Why? The SPAM Scoring Industry is a kind of monoculture that will impede or cancel delivery of messages. Most big email providers outsource SPAM scoring to a third party like Symantec or Brightworks. And when your email is found offensive by Brightworks with one of their clients, you’re banned on all of their clients. Part of how SPAM scorers gather intel us by hooking into the CFL system so they get a notification when a user hits the junk button to delete an email. Another way is by checking for mass duplication in your emails. Another way is tracking open rates via the email provider’s UI sending metrics to the scorer’s APIs.
And then there’s the CIDR block lists they coordinate and distribute as a courtesy for their customers. So you might be able to deliver to @gmail.com and then @yahoo.com won’t even take a connection from your server’s IP.
Why does all this happen? According to my friend who works for a midrange ISP on their email service, they have about 120PB to store real email. And the amount of SPAM they reject outright (never reaches any box, not even the junk box) is 93% of all their email traffic. They simply can’t afford to store all the SPAM.
It depends on whom you send to. Like ironically I sent an abuse complaint to Verizon for a spammer and got rejected because they blocked all of Digital Ocean's IP space. Yahoo was particularly difficult too sending me a response saying they won't take my mail immediately on a single email to my brother. I had to go through a lot to get that fixed. Again this was due to being on cloud provider IP space.
GMail is more reasonable with perhaps being spam filtered but never blocked outright. I have also been blocked by government labs and academic institutions. I also have complied with RDNS, DKIM, SPF and got a top score on mx toolbox. Now that I have been up for a while I have had less issues besides with the ones that block cloud provider spaces.
haven't tried in a while. It can, they dont' follow all the rules and do a little more blocking in the interest of their users or based off a ML spam detection or something.
Some things that should be delivered are not. I'd have to dig back into this to see what the exact issue is.
You can send email using EC2 instances, including mass commercial campaigns (aka "legal spam"...).
However, there are a few things to do, more specifically, you must contact AWS to get "clean" IP ranges (fresh IPs, never allocated to instances), sign some agreements and pay additional fees.
It's not exactly as simple as an API call to create an ec2 instance, but it's doable.
With random IPs, there is a good chance indeed that it is already burnt by a previous allocation.
This is not a god situation. So, EC2 are handy and flexible servers, but not really because some arbitrary internet services are banned, and in all of a sudden your whole setup depends on the cloud provider. Talk about tight coupling. We go backwards. This is really sad.
I'm pretty sure it's allowed, it's just that you'll get caught in every spam filter. I don't know if they've considered that problem, or they're just hoping that using the same IPs long-term will fix the problem in reputation-based blacklists.
That EC2 instance is going to need whitelisting and constant vigilance that you're not sending commercial email or they'll block that port too. What prevents me from deploying a few hundred Helms to send spam?
commercial means spam? I can't use this for my non-spam business? MyStartup.com? A few 100 helms would cost a lot (500*200 = 100k), no one will spend that much for spam farm, you'd do it on the cheap.
We are using StrongSwan right now. We've taken a close look at WireGuard but have not yet completed our evaluation.
We automatically configure SPF, DKIM and DMARC for our customers. We are also investigating MTA-STS.
Device diagnostics are opt-in by default so they are not collected. Customer data like shipping and billing information is not opt-out unfortunately as we need to be able to process payments, ship the unit and track warranty coverage.
Appreciate the feedback on wanting more architectural details. This will be coming in a series of technical posts explaining how we designed and built the product. Stay tuned and thanks for your questions!
Holy crap, US ISPs are completely absurd. This definitely isn't a thing (or at least not enforced in any way) in Canada; most of my friends run on-prem web services out of their basements or closets.
It's not enforced. I've had HTTP and SSH available on Comcast and Verizon lines for... decades, I guess. No one cares.
SMTP is more problematic because of spam: outbound traffic on port 25 is blocked, so a true home mail server won't work without a reachable gateway mail server somewhere else. That's basically what the linked product is: they manage the protocol side of the service on your behalf, and forward all the content to your local device which connects to them via some internal protocol.
AT&T in the midwest US just blocked port 25 a few months ago. My nightly e-mails for system updates stopped coming in, and now I either have to shuttle them through an authenticated submission port or pump them over a VPN to my e-mail server. :-/
You can pay $50 and they will open it once again for you. I only know that after much trial and error troubleshooting why my public NTP service doesn’t work (port 123 also blocked).
It’s a $50 one time fee. You need to call their “premium” service. Not sure if they do it per port or what, but I asked them to open all my ports and verified 25 is accessible (123 udp inbound still blocked for unexplained reasons).
They’re still clueless. I tried to explain that it’s being blocked by AT&T and not my router but eventually I just gave up. Their process involves a logmein session where they take control and mess with your router. Gahd it’s awful.
They also randomly added my “device” (home server) to the DMZ so all of its ports were exposed. Be very careful.
>123 udp inbound still blocked for unexplained reasons
NTP was part of a massive DRDoS not too long ago. It's possible they pruned it somewhere much further up the network under the (not insane) assumption that most customers don't need to run their own time servers that answer public queries.
In the US it's standard that residential accounts don't get to do that, but business accounts (which are usually double the price for the same speed but come with better/quicker support, particularly when physical lines are down, and an open connection) are allowed to run on-prem. And usually with a residential account you don't get a static IP as an option, but if you're lucky you can pay extra for one.
That's weird, I honestly wouldn't have expected that. They gave me a little resistance with one terminating at a home but ultimately they did it. They probably start to weigh the pros/cons (ie the money) of business level service to large residential buildings and decide it isn't worth it. Maybe too many variables once the line enters the building?
"The residential Shaw Services are designed for personal Internet use. You may not use the residential
Shaw Services for commercial purposes. You may not run a server in connection with the Shaw Services
nor may you provide network services to others via the Shaw Services. Examples of prohibited servers
and services include but are not limited to mail, http, ftp, irc, dhcp servers, and multi-user interactive forums.
Some business services may be
exempt from these limitations."
In Ontario, Canada I know that Bell, Rogers, and Teksavvy all block outbound TCP 25 for their residential service. I can't comment on inbound TCP port 25 though.
When it comes to consumer internet services, the US is a 3rd world country, which is kinda odd considering most of the western world does their business there.
I just checked the terms on my 300/300 fiber connection, as well as my (backup, company paid) 25/5 ADSL.
They're almost identical:
* no spamming.
* no racism/unethical behavior.
* no portscanning.
* no illegal downloads/uploads.
Besides that i can use it for whatever i like. They block port 25 though, and you can only get it opened by purchasing a commercial connection. It has a dynamic IP address that only changes when i reboot my modem, which happens once every 2 years or so, so practically static IP :)
The telcos only enforce the server rule if you are causing problems like doing something illegal, torrenting, or maxing out your bandwidth 24/7. I’ve had multiple servers running over the years and never had any issues with Comcast or AT&T.
Generally they don’t care if it’s for personal use. I’ve heard of them shutting people down for something they saw as business related. They didn’t really get shut down, it was more like a friendly “We see what you’re doing and a business plan would allow you to do it for $30 more a month”.
What ISP do you have that you can get upgrade to a business account with the same speeds for only $30 extra a month? AT&T would charge me $300/mo for the same speeds that I currently pay $80/mo for.
With AT&T, I was able to call and get port 25 opened up so I could send email. to me it seems like they do it to prevent malware spamming from people's homes.
This is no different than the US. No one has 25 open, and the server clause is only enforced if you try to do something in the 'unethical behavior/illigal file transfer' department. But in America, a 35$ internet connection needs a leagal contract to help mitigate the lawsuits and grey areas.
I don't think any ISP has any control (or terms) about it. It's just that law enforcement agencies can ask them for logs on that basis. Whether or not hate speech laws can/are abused is a different thing. But it's a general legislation problem, not a net neutrality one.
I don't know what the rest of the country looks like, but I have home Comcast in the US and have been self-hosting a server on port 80 with a similar more-or-less static IP as you've described for well-over a decade. Many of my friends have the same setup. It never even occurred to me that Comcast cared. All ports are open (maybe not 25, I haven't checked.)
I guess the terms of service allows them to shut someone down if they felt like it, but I wouldn't really worry about it. If you have a site that generates so much traffic they even took notice, I presume you'd want to be on a real hosted environment anyway.
It's true but at least mine (free.fr) lets you enable it through the administration interface for no additional fee. It's disabled by default though, and it's probably better that way.
Germany's third biggest city, I can only get 50/10 Mbit, maybe 100/20 - no fiber in sight. No static IP and no guarantees anyone will accept mail from this dialup subnet.
In Germany, with Unitymedia Buisness, I get symmetric 100Mbit/sec over coax (even in mid-size cities), a static IPv4 adresse and excellent customer service. Price tag: 35EUR/month.
From my experience, at least in Munich it's hit or miss which of the 2 cable company services your building - it's not even on the street level.
Also I'm not really complaining. Say what you will about Deutsche Telekom, but I've been a happy customer since 1998. Everytime I had a different ISP (mainly M-Net) I had more problems than uptime. This is more expensive, but I'm having less than one noticeable downtime every 2 years...
In US, I have access to the same plan at same price point. But I have a semetric 1000Mbps for 85 USD. I can get a static IP but I see no need with DNS. Not sure how the customer service is, I haven't called in 2.5 years that I've had the link.
Canada. 100$/month for 150down/12 up residential. Never seen more than 50 down. Regular outages (for 30min every few days). If the US is third-world in terms of service, canada is an uncontacted amazon tribe.
They don't explicitly disallow it in their TOS, they just make it impossible by disabling the underlying tech.
And this
> no racism/unethical behavior. * no portscanning. * no illegal downloads/uploads
"unethical" behavior is the most arbitrary, un-objective clause one can ever have. Your ISP may find your hosting an email server "unethical", and this clause allows them to ban you.
unethical behavior is my (bad) translation. The original Danish wording is restricted to hate speech.
They also specifically disallow distribution/downloading of child pornography and leaks like "fappening", which i translated to "illegal downloads/uploads".
The list of things that are disallowed is very specifically worded in Danish, as legalese usually is. Furthermore it is also customary in Denmark to allow all traffic. in or outbound.
All "metadata" is logged for 5 years, mandated by law, so every IP i connect to is there along with port, duration, protocol (if available).
> provide network content or any other services to anyone outside of your Premises local area network
I'm not sure if Verizon has the same intention, but if they take their own wording exceptionally strict, you would be in the wrong whenever you play a multiplayer game and end up being the host.
Generally in my own experience they don't want you hosting a service opened to the general public running all the time. I think running an open mail relay would get you banned very quick. It seems like this product is intended to be used purely for yourself.
I’ve talked both Verizon and Frontier about servers and both have basically said the same thing, if it’s private and locked off it’s fine. Meaning as long as it’s not public.
Now the terms still would give them an out if they decided they didn’t want you, but honestly as long as you’re not hurting the network they’d rather take your money.
I've run my own email server out of att, comcast home, comcast business, and centurylink. All I've ever had to do was call them up and ask them to open the ports.
Presumably there's a legal argument that you aren't providing a public service. Helm is tunneling SMTP connections from their cloud-based servers to your device over an encrypted connection, so you could claim you're really consuming their service, not providing your own. But I wonder how much VC money you need to outlast Comcast in court...
My suggestion is to run an email server inside your home that connects to a single server on the internet (like a VPS) that routes your mail for you. It's a bit more complex to setup but much more secure and reliable and almost certainly won't violate ISP rules as long as you keep it secure.
You are misleading us by editing out the rest of the sentence. What you stated is for dial-up service.
AT&T terms:
>• with respect to dial-up accounts, using any software or device designed to defeat system time-out limits or to allow Customer's account to stay logged on while Customer is not actively using the IP Services or using such account for the purpose of operating a server of any type;
I have many servers on att internet, including email.
First, anyone who has talked with me for any length of time will have no doubt heard my rant that data belongs at the edge :-) so I'm a big fan.
And yes, the no servers clause is an issue, it was raised initially by people doing peer to peer torrenting, and some folks running servers.
Enforcement is a bit tricky though because folks like Comcast and Verizon get so much value from being able to see all of your Internet traffic that they won't actually cut you off for running a local server but they will be passive aggressive about it. For example, they will start changing your IP every couple of hours (they set the DHCP lease time to be low and force the DHCP server to always give you a different IP).
The common solution is a VPN tunnel which is what Helm is doing, but that tunnel has to end up somewhere so that can be a problem if that 'somewhere' is commonly used by bad actors. (Like say in Ukrainian data centers)
I expect that this restriction will go the way of paid SMS messages eventually but for now it is going to be troublesome.
I've run public-facing servers on residential connections numerous times. (I did once yesterday just so I could watch my 3D printer from remotely.) If you aren't hogging bandwidth or committing crimes, it's unlikely they will care.
Also IANAL but "services to anyone outside" does not sound like it includes un-firewalled, password-protected, services for personal use. The word used is "anyone outside" not "any machine outside". The resident themself would presumably be an insider regardless of their physical or network location.
Also I think a reverse proxy with end-to-end encryption could solve the problem with no public-facing open ports. That doesn't count as a server in my book.
Hmm, the terms for my CenturyLink fiber connection explicitly allow running servers (with some reasonable limitations):
"Service may be used to host a server, personal or commercial, as long as such server is used pursuant to the terms and conditions of this Agreement applicable to Service and not for any malicious purposes. Malicious purposes include without limitation Spam, viruses, worms, Trojans, Denial of Service (DoS), etc."[1]
Came here to say this. Aside from some customer support issues, I've had a very great experience with CenturyLink fiber. I have multiple static IPs and run a plethora of externally available services. I actually moved everything from Linode and digital ocean to my house and bought a APC battery backup and outside me unplugging my stuff to move it around, I've had no downtime at all.
My Dutch ISP gives me a static IPv4 address (besides an IPv6 netblock) and allows me to purchase additional IPv4 addresses. They also offer various levels of port filtering, from no filtering to filtering port 53, etc.
(Combined with fiber, it's ideal for a small home server.)
Comcast in the US doesn't give residential accounts a static IP, nor do they give you the option to purchase one. You have to sign up for a business account with a 2 year contract term and a pretty draconian cancellation policy (basically the entire rest of the term is due when you cancel).
To be pedantic, when you provide content to Facebook, you are serving them data, right? When you upload pictures to Dropbox, you are serving, right? Slingbox? Security webcam? Facetime?
I don't think there is a good enough definition of "server" or "serving" for such restrictions to be enforceable except is an arbitrary way.
I have an MUA that retrieves email from a server and sends email to a server. It might run in a browser and interact with GMail. It might be a mobile app or Thunderbird or Outlook. It might be sendmail or postfix or Exchange. Which of these are "servers"? Which are banned and which are ok?
Usually an ISP defines it as something that allows ingress unsolicited connections. i.e. put a stateful firewall in front of it and if it requires ingress allow rules to function, it's a server.
Never heard about that in Kazakhstan. I'm hosting HTTP without any problems (though those are only my personal files, so no significant traffic, but considering that my torrent upload is tens of terabytes/month, probably nobody would notice that). Didn't try E-mail, doesn't make sense without reverse-PTR DNS record, and I don't know how to configure it.
For AT&T, that restriction is only on dial-up accounts:
> with respect to dial-up accounts, using any software or device designed to defeat system time-out limits or to allow Customer's account to stay logged on while Customer is not actively using the IP Services or using such account for the purpose of operating a server of any type;
AFAIK, AT&T does not prohibit running a server on broadband accounts.
What's being done by Helm is not much different than using Back to my Mac or Plex or SlingTV.
In any case, these ToS are over-broad and most customers probably violate them every day, especially the copyright provisions. The ToS are not enforced to the letter but allow the ISP to terminate an account if the violations are egregious. I don't think running a Helm server would get you booted.
OK, tangental but concerning. According to that Comcast quote, are you not actually allowed to host a personal website using bandwidth that you pay for? Or is it specifically forbidding "public" web hosting, where "anybody" is allowed to host their own sites?
I think it's the former; you can't host any site that is supposed to be accessed by the general public, only something like a control panel for your NAS or security system or such.
This serves to protect them technically (residential systems are not designed to withstand a large number of inbound requests), legally (you can't sue them for failing to serve your site) and of course to promote their more expensive business lines.
Even if they don't block, if you run an email server on an ISP ip block, a lot of other mail servers will refuse you connections.
If you're going to tin your own mail server, it's paying for a good VPS. Beside the guaranteed static IP, being on an IP block with a good reputation, good VPS provider have redundant power sources and console access over the web, which you are unlikely to have either from home.
I use AT&T and they removed the port 25 block on request. In my experience, they do not enforce any policies regarding self-hosting. I think they have boilerplate that they would use if one were to continuously saturate their upstream, but I've never seen them doing anything to affect my personal services.
It's not necesarily banned, but very often port 25 will be blocked. Additionally it's pretty likely your email will be marked as spam if it comes from a residential IP. They must have thought about this though, so maybe they have their own SMTP servers that emails go through.
"Helm connects securely to a unique gateway, which is assigned a static IP address so Helm is reachable by other mail servers and secure TLS sessions can be established."
Which I dont see the point of then. That way they are your gatekeeper of your mail/files etc. Not much of an improvement.
In my country, ISPs block SMTP outbound traffic by default but you can toggle it yourself. I thought it was pretty universal behavior. I mean, if you're using your actual domestic line to send spam, it'll be reported to your ISP pretty fast.
You are correct. However I think in practice you can get away with it if you keep bandwidth low. I've been running a OwnCloud/NextCloud server from my residential Comcast account for years with no issues.
Meanwhile, I installed backblaze on my home machine, which started backing up around 500gb of my disk, and summarily got a message from my provider that outbound traffic of 30gb is an ‘inconceivable’ amount of traffic during normal use, and if I could please stop, or else (lawyers).
I wonder what happens if nextcloud does a full sync to a new device.
What provider? That behavior deserves a name-and-shame.
As far as what happens with a full sync: it's not really doable outside of the LAN for several reasons. One is I have a data cap from Comcast of 1 TB/month. Another is the upload speed is only 10 Mbps. That's actually one of the reasons I went to self hosting.
Yes. Many also block ports, like incoming port 25 (SMTP.)
I have a "business" cable internet account and have been hosting my servers for years. It is obviously more expensive.
Each Helm gets its own gateway server with static IP address that the Helm establishes a VPN connection with. Port 25 is open on the gateway and the packets are forwarded to the Helm. This is how we work around residential ISPs blocking port 25.
I never understand why people think having your files physically in their homes is somehow more secure than a data center.
- You run the risk of hardware failure, which would take days to recover. When your warranty expires, it'd cost you, too.
- Disk failure may lose all your data.
- Fire, theft, or hurricanes may destroy it.
- You still give access to your data to a company, which controls software updates and the EC2 proxy (in this case).
- Many home ISPs have shitty upload connectivity, so your email won't work that well on the go.
- Internet and power outages mean you won't send or receive any email.
- You lose the knowledge email providers get from scale, including ever-evolving spam filters, and a guaranteed clean outgoing IP.
If you really want to control your data, just spin up something like ownCloud (not sure if that's the best solution, just an example). Companies like DigitalOcean make it as simple as point and click.
I'm the first and biggest investor in Helm and I'm on the board. I created email-based Posterous previously (YC funded) and was a YC partner for 5 years. I funded this team because they're high integrity software engineers first, and we built this out of need— a company like this needs to exist because for this to work, you need both great user experience as well as great software.
Helm actually solves this exactly - they already have continuity of service coming in the pipeline, and the product as-it-ships will support encrypted backup/restore out of box, similar to how your iPhone supports iCloud backup.
I've run my own mail servers for Posterous before and it was probably 2 to 10 hours a month of maintenance, software updates, etc. And that's not something normals can do.
The company itself is run by folks who are committed to running this as a sustainable long term business that takes are of its customers and is super responsive to the community. As a board member I promise you we'll do that.
> I funded this team because they're high integrity software engineers first, and we built this out of need
I looked for the founders bio, a company contact info. There is nothing on their site. All I saw was a letter in the "About" section by the founder.
You might have gotten to know these guys after various meetings and due diligence process. There is nothing on their website that sells me on trusting them or the company.
I had to go the "Careers" section to see the location of the company.
When you're in the business of selling trust, you really need to focus on selling trust first and not technology (maybe they're connected ultimately) but I just don't feel I can trust this company based on the materials provided on their website.
What other way is there? Have a button to “let the CEO call me and pinky promise me that the website info is truthful, complete and correct”? Would you believe it then?
That's obviously not what he's suggesting? He's just saying (and correct me if I'm wrong) that, for a company whose business is based in no small part on trust, it's a bit weird to not have any information about any of the people involved in the project.
Hey, since you're here already, I have some questions (in case you're able/allowed to answer them):
What's the base operating system and hardware architecture the box is based on? It says "Linux" on the page but doesn't go into specifics.
Why not just use regular hardware, e.g. Intel NUCs, or even allow people to run your software on their own hardware (like OwnCloud does)?
In Germany there was/is a startup, Protonet (https://protonet.com/), that had almost the exact same idea a while ago. They went bankrupt though and one of the reasons was that it cost a ton of money to design and produce their own hardware, which also looked very cool (orange hexagon!) but didn't provide much added value beyond what a normal, boring-looking compact PC could provide (at 500 € less than their box for the same specs). They also marketed their own OS, which was based on a modified Linux distribution, modified open-source software and a shiny management layer on top as well. They found out that developing and maintaining a Linux fork isn't so easy either, so they eventually canned it. So what's different about Helm in your opinion?
We are using an ARM-based SoC from NXP. We chose this to ensure that the device can only run signed, trusted code by implementing secure boot and signature verification of software updates. We will make a developer program available in the future.
I didn't use Protonet so I shouldn't speculate about what's similar or different about the products. I think we are in a time right now where people have a strong desire to own their data and are looking for a viable alternative to the cloud. They key, beyond building something very private and secure, is in nailing the experience and we're excited to share more about that.
Cool, thanks for sharing that info! While I think your approach is a bit extreme I hope you'll succeed, we need more solutions that put privacy, security and transparency first. It would be awesome if one could run your software on regular hardware though, as I really prefer a securely hosted server at a local data center to a computer sitting in my living room. Also, one year of limited warranty seems rather short for a product that is supposed hold my most important data.
From the technical specs, it's almost certainly the i.MX 8, which as far as I know is not affected or listed on any of the errata for that vulnerability.
You say Helm solves or will solve all these problems.
But if I don't actually need to be able to reach the box in order to use my email - if it will work even when the box is offline, powered-down, stolen, or destroyed - then what, exactly, is the point of the $500 box itself?
It's not privacy, it seems. If it were private, how could it work when the box is offline?
I'm not opposed to a "pay for your email instead of it being ad-and-surveillance-supported" model. I just don't see the point of paying $500 for a box that you're telling me the service will function just fine without.
For $1000 I get 2 boxes I can't use for anything else right now (and still not very reliable inside my home), whereas with Fastmail (for example) I can get an email service for 20 years @ $50/yr that is very reliable. I'm not sure of the value proposition for this thing.
Why do I need to buy a physical box? Cant they give me a dedicated EC2 Micro instance instead? Solve the ISP issue, and the speed/ connectivity/ power etc?
I like the idea as I run my own home server for about ten years now (Nextcloud (calendar, address book, file-sync), DynDNS, XMPP, NFS, IMAP, ...). At first, I thought how you are going to send emails from consumer IP-ranges, but then I read that you are using a gateway with a static IP address. Cool.
I think it is a great idea to have a device which is as simple to use as a router but focused on typical cloud services. As security is a critical aspect of the whole idea, the subscription service is a smart move too. Maybe you should offer a monthly subscription too (consumer friendly).
Are there any plans to start shipping to Europe in the near future?
Thanks for your comment! Yes - we are working on making the product available in Europe early next year. Please sign up for our mailing list on our website and we'll keep you posted!
I like the idea. But can it handle multiple domains? Also, if I put one in my brother's house, can it connect the two and use them as fail over? That will eliminate my worry about outage and backups.
If I can trust someone to do off-site cloud backups of my e-mail, why can't I trust the same person to run a Fastmail-like service so I don't have to have a $500 server in my house to get e-mail?
But that's completely orthogonal to owning a piece of hardware. You could run a managed cloud e-mail service where only the users hold the encryption keys, too. How is this a hardware problem?
> You could run a managed cloud e-mail service where only the users hold the encryption keys, too. How is this a hardware problem?
This is the key question, in my mind. There's only one reason I'd want to own the hardware—to manage/add/create my own services and handle my own backups because I don't trust a company's involvement in these[0].
If this is so tightly controlled that I can't add my own services and I can't restore a backup without Helm's involvement, why do I even want the hardware?
[0] I don't mean that I don't trust them in a privacy sense. I mean that I don't trust them to make sure the backups are actually working and able to be decrypted and restored. Or be able to be restored without their software/hardware. There doesn't seem to be any transparency wrt/ these concerns.
This is a valuable and useful criticism and we're going to talk about this at our next board meeting.
How do you know who to trust? You surely have to trust someone. It feels generally true that we can trust Apple since we pay them for hardware and their ongoing business interest is in protecting their revenue streams through their hardware and iOS app store, which means you are aligned.
Generally for Helm that's a good case. That's why we charge money for this hardware and software: it aligns interest.
Free cloud services are not truly free and that's what most people seem to be OK with... but not all people.
This is the classic trade-off. Open source software you can read the code but usability suffers. For the people on HN, most people can run their own servers, but for normal people that's not an option.
Apple has managed to create a computing environment that is highly usable for normal people. This is what Helm is trying to do too.
I don't see how we should automatically trust them because we "own" the hardware. If its not open source and able to be verified by third parties, what does it matter if we have the "keys"? $500 for proprietary hardware just seems odd considering the goal here.
What’s the intersection between people without the know-how to run their own servers and the people who understand what tech companies do with data well enough to feel that this is a big enough need?
In my experience, the average person doesn’t really understand what GMail or Facebook or whoever do with data or the extent of their knowledge about individuals. Even basic things like lookalike audiences or retargeting across the web regularly blow people’s minds.
I hope this project is successful, partly because that would show that people do understand these things enough to view Helm as solving an urgent need. I wonder if we’re there yet.
We use duplicity for backups so there's nothing proprietary in our approach. There will be more transparency coming in a series of technical posts about how the product works, what open source software we use, etc. Appreciate the feedback - we'll keep this in mind as we move forward.
I understand that this is a new product launch and you can't have all answers to all questions front-and-center on the website on day one. With that in mind, kudos to you and garry for being so active in these threads.
One key principle for Helm is that you always hold your encryption keys to all your data— Helm and outside parties should never get access to that. So the backups are encrypted, and the Helm device itself stores your data in an encrypted fashion on its storage, and has a secure enclave such that those keys never enter user memory space.
Hosted services like protonmail (great option) support some key management but that's rare. Most everyone stores all your data in the clear, and that sets you up for Facebook-style hacks where people just steal a database en masse, and/or leave you open to warrantless wiretap which has been a problem for email services broadly in the past.
I want to point out that email is just the first part of what Helm wants to do. What is super valuable is that Helm can run its own software and add things like distributed anonymized VPN, or file sharing, and these things are all federated in a way that wasn't possible before.
Not everyone is going to care about this, but enough people should. People reading this thread should care: decentralization and federation of this sort is the way we maintain an open Internet. You can take down individual nodes but you can't take down millions of them. That's the ultimate goal of Helm.
Remember, there's no such thing as a cloud, it's just someone else's computer.
> You can take down individual nodes but you can't take down millions of them.
This statement indicates a lot of passion (and I side with it in spirit), but it feels irrelevant and out of place wrt/ this product.
My data is only (available from) my own private Helm server. If mine gets taken down, the existence of millions of other "nodes" doesn't help me. Helm the company can help me with new hardware and my backups, presuming that they're allowed to—but what if they aren't. Then we're back in the same place.
I mean, assuming we’re talking about a government trying to shut down or snoop on an email service –
They’re probably not going to go door to door confiscating millions of devices; the cost to do that would be astronomical. You’d still be at risk if they were targeting you personally, but not if they were targeting all Helm users en masse. That’s a big improvement. And even if you were targeted personally, you’d at least be in a position to defend against surreptitious snooping, assuming that took the form of agents physically entering your home to hijack the device.
Of course, there’s a lot of counterfactuals baked into that scenario. Helm does not currently have millions of users, for one. For another, the EC2-based proxy service run by Helm is a single point of failure that someone could take down, though supposedly Helm will release tools to replace it with your own server. And most problematically, the closed-source software could be silently subverted by Helm in an update, with no reasonable means for the user to detect this, even in theory.
Still, it’s a lot better on that front than most cloud email services.
Then the keys are on the premises of the cloud company. Also data has to be at one time unencrypted in computer's memory. When there is a physical access to the computer you can't do much to ensure your data's safety.
I may not understand how things work, but how can a SMTP server function without private keys? How can it pass the hand shake? Does parent describes different scenario?
Hey cwyers - this is a good question. Our offsite backups use keys that only a Helm customer has access to. They are created during the setup process and stored on a USB thumb drive we include in the box as well as your phone. We will be publishing how this is done using duplicity so people can see the details of how it works.
I don't understand why you're so upset about this. If you don't think the product is a good value for your time and money, that's fine: don't purchase it.
I think Helm comes with some obvious trade-offs, but the product looks nice and I think (judging from other HN comments) there's a market for it. I don't know if it's a large market for this to be a success, but it seems interesting at least, and at first blush the product looks well-made.
I don't think this product is exactly for me as my main email, but it could be interesting as a side email service, or one for really sensitive emails. Depending on the price point, I'd consider purchasing. If the price point is too high or the maintenance costs are too large, then I won't. What's the big deal? That trade-off not working for you or me doesn't mean the product shouldn't exist.
Because it bothers me when someone sells a "secure" product where the security measures are unrelated to the threat model. The Helm server is connected to the open Internet, which means that physical possession of the Helm server is not the only or even main thing necessary to secure it from compromise. Because of how it works, the server still has a dependency on cloud providers -- you need cloud backups and the public endpoint for the ssh tunnel to get around ISP packet sniffing. Since I still need to trust other people's servers for this to work, why the focus on owning your own server?
How would you realistically completely remove the need for the relay server while still allowing the customer to run the server on a typical home internet connection?
Would it be possible to elaborate more on the problems pointed out by the OP of this thread? Like clean outgoing IP?
Moreover what happens exactly when the box melts? Because sooner or later some box will crash. Where will the service run in case of disaster? How long will I stay without email?
It's hilarious how solvable most of these problems are, and yet they aren't even closed to be solved.
Like, backups. Everyone knows how this can be done. Have automated scheduled backups. Encrypt them. Send to offsite storage. This should be handled through a generic backup protocol so you can choose your provider and be sure the app doesn't siphon your personal data.
Users should not need to manually fuck around to set this up for every computer and every app they use. This should be absolutely standard. Preferably built at OS level. I know Ubuntu had something of this sort, but IIRC it wasn't based on an open standard where you could choose your own storage provider. Windows? Hah.
Instead, developers strip users of all control over their data claiming it's for their own good, and push everything to a myriad proprietary cloud solution through random protocols with dubious security implications.
Same thing with file transfer. You'd think it'd be a solved, easy thing by now--a gigantic datacenter/cellphone network is not the optimum solution to allow two people or two businesses to transfer a file between them.
You say Helm literally does this. But what the grandparent was asking for wasn't just backups. They suggest (as I see it) an open standard for backups, ubiquitously implemented so it's easy to switch your provider and easy to set up new devices.
Does Helm use one of those? I suspect not, because I don't know of any such ubiquitously implemented open standard for automatic encrypted backups.
So: is Helm going to put in the effort to define such an open standard and push for it to become ubiquitous?
Even if Helm implements automatic encrypted backups, it's still contributing to a fragmented world siloed into incompatible apps and platforms. Making your siloed service better than others won't fix that problem.
>I don't know of any such ubiquitously implemented open standard for automatic encrypted backups
Here is a question for the parent poster and anyone else. Do you think it would be worthwhile to gather some people and try to design such open protocol? Without having an implementation first? Or would that be just a waste of everyone's time?
Redundancy redundancy redundancy. See e.g. Unison, rsync, sanoid or https://syncthing.net - runs on anything, does a good job.
> You still give access to your data to a company, which controls software updates and the EC2 proxy (in this case).
Because you read all code changes every time you `pkg upgrade` or `dpkg dist-update`.
> Many home ISPs have shitty upload connectivity, so your email won't work that well on the go.
Is that really an issue? I probably use <100kB personnal email per day anyway. Even in the US, 100kB/day upload is not unheard of.
Also, the "on-the-go" issue is DL speed: from your device to your server. How long your server takes to send the mail is mostly irrelevant - instantaneous transmission should be done by phone.
> Internet and power outages mean you won't send or receive any email.
More comments around here about sending servers that MUST retry, and fail only after a few days.
> You lose the knowledge email providers get from scale, including ever-evolving spam filters, and a guaranteed clean outgoing IP.
That could be a real issue, but the ever-evolving filters at my ISP clearly can't spot (nor stop) the spam I receive anyway.
The outgoing IP shouldn't be a problem if you've registered it in your DNS, and it matches the SMTP or whatever subdomain.
> Also, the "on-the-go" issue is DL speed: from your device to your server. How long your server takes to send the mail is mostly irrelevant - instantaneous transmission should be done by phone.
Not commenting on the rest: you download incoming mail from your server, i.e. your home uplink. If someone sends you a photo or zip file, that’s the bottle neck.
Not to mention syncing email with the brain dead protocol that is IMAP…
The cloud ultimately is someone else's computer, abstracted away to feel good. Data loss occurs in the cloud too and it sucks.
It's also dangerous to say because you don't understand or see the value in something, that there possibly can't be any.
Today's home connectivity + LTE fail over is reasonable to rely on. One could put a vps proxy in front of it if you really wanted.
Running a home appliance is not out of the question or unreasonable. I have a Mac mini server that is coming on 8 years of age and zero issues.
Today, the combination of Ubuntu, docker, and ready to go setups make it super easy. Offsite backups are not an issue anymore. Running owncloud is good for files locally, but email is worth it in some cases.
We own a lot of appliances at home that have a lifecycle to maintain already.
The reality is the above issues have a much lower chance of happening than 10-15 years ago.
Hardware is far more reliable and than it was, my 15 year old servers pulled from my data center were still working when I virtualized.
A discovery I made was owning a PDU (like an APC Masterswitch) cleans the electricity so much enough that attached equipment don't seem to fail. I ran my own email server in a datacentre for clients for a long time because it was the norm.
With Home Automation adoption increasing I suspect a home appliance of some kind will become a reality anyways. If personal data became a feature of it, that would be useful.
So what happens when you are traveling and there's a power issue or maybe some other connection issue that knocks this box out of service? Looks like you'll be stuck without email until you can physically get back to this box. This isn't a scenario you worry about with regular email.
The challenge with email is that once you give out any mail address to people, you are on the hook to ensure that it's a functional address. Not something you can just try for 6 months and then easily move on from. And if you decide to move on from this service, will the average person be able to easily migrate that custom domain to a different email provider? (Yes, technically this is possible, but can normal users do it easily? Is it part of the service that Helm provides?)
Not sure if you have spent any time around data centres, but they have to deal with power outages just the same. My power doesn't go out often, how about you?
Backup batteries (UPS') are trivially cheap as well, especially for equipment that sips electricity. Everyone should have one on their internet connection and wifi anyways. A $200 ups can give a few hours of power.
Your offsite worries could be alleivated by mirroring 2 devices, or mirror one to a cloud. Realistically, incoming email is queued for redelivery from 24 to 48 hours until it can be delivered. Beyond that, outgoing email can be sent thru a third party temporarily (migadu, etc). Next question?
Migrating email isn't hard. Most services have import feature. I suspect you may not have done this before.
Yeah, there is no convenient backup policy that doesn't obviate most of the purported benefits of this device. You have to store your backups somewhere off-site to have any kind of data safety, and unless you're dumping out to tapes or some other physical media and stashing your backups in a safety deposit box, that's going to be a server somewhere.
Developers and devops folks can certainly do this, I know I have had to do that before for my production data.
Part of the point (and the impressive software that has been built here) is that backups happen transparently, and if anything ever happens to the Helm you can get another one and get back up and running by restoring from online backups. It's the same principle: things can happen to your iPhone but you can get up and running with a new one easily.
I'm skeptical of this device, but don't follow your reasoning. One of the device's concerns is security and privacy -- what security or privacy am I giving up by giving my backups to Tarsnap?
This was my first thought as well. My email IS very important to me which is exactly why I will never host it locally. The only content I host locally-only is stuff I would be annoyed to lose but could replace, the only content I host locally with online backup is stuff I can do without for a couple of days while I recover. Email falls into neither of those categories, I need it to be up all the time. I have considered fastmail or similar but I will never trust my home connection.
I've been running my email on Helm for the past month with no dropouts of service - it's worked with no issues this whole time, and we use Comcast in SF, so it's not the best upstream there is.
Mind sharing your domain? I'd love to peek at what they do DNS-wise. lvh at latacora dot com if you don't just want to hand it to all of HN :) The e-mail in your profile is hosted by Google, which makes sense because it looks like work email.
Not necessarily.
Incoming email: port 25 is blocked on many residential connections.
Outgoing email: If you send email from a residential IP block you're likely going to be flagged as spam.
I wasn't debating your point; I was pointing out how this service accomplishes it without tripping over that problem. FWIW: I'm not sure that's actually how it works.
The device talks to an AWS EC2 proxy IP that Helm makes sure isn't on an IP blacklist. All traffic that goes through that is TLS encrypted using Lets Encrypt keys.
Elsewhere in the thread, Giri says it uses a VPN connection. Is it TLS + something else?
helm.garrytan.com:3333 for example responds with a self-signed localhost cert, not LE keys. IMAPS (still not sure why that’s there but I asked that in a different comment so let's have that thread there) and 8443 do answer with LE though :)
I think the only times I lost data in the last 10 years or so was because someone accidentally deleted stuff on a shared Dropbox (luckily I had a local backup, so only the most recent changes got lost). Oh and I lost some photos that I uploaded to a Facebook clone because they more or less shut down.
Data loss is more or less a solved problem. You don't need Google for that. ;-)
On the other hand, even without putting my tin hat on: I get customized ads best on my email contents, WTF?! Everybody can see based on the browser ads what kind of sites I'm surfing to.
> Internet and power outages mean you won't send or receive any email.
Except if you have a charged battery and LTE. ;-) In fact just a charged battery is needed when network is down to read old mails.
The original post was about the perils of hosting your mails at home. I'm not clear what your answer is about.
For example, in a power outage, Helm won't work. You say it's not a problem with a charged battery and LTE. I think you're talking about a cell phone and I don't understand how that's related. Sure, one could run Helm on a UPS with LTE backup. But then that's extra infrastructure against the promised simplicity.
Also I don't see how encryption prevents the device from being physically destroyed.
> LTE backup. But then that's extra infrastructure against
> the promised simplicity.
There are low-cost routers with USB ports that allow plugging in an LTE stick.
> Also I don't see how encryption prevents the device from
> being physically destroyed.
You can create a backup and store it on an untrusted storage (cloud for instance).
I'm surprised these devices didn't take off 5 years ago already, as this is technology wise almost a step backwards into the 90s. But I think it's worth it, and in fact you don't need helm to set up a system like this yourself. Get a Raspi, stuff an LTE stick and a juicy USB storage into it together with external USB-battery in passthrough and you even have a superior device.
You are introducing a lot of moving parts to go from 99% to 99.5% availability. And you can't get much better than this at home. In that vein, for most people, the availability of a Raspi solution would be 0%. They just can't handle it.
If you can accept the bad availability Helm looks like a fine solution to get your mail out of the cloud.
Agreed. For a service that is about security, it honestly leaves me feeling very vulnerable, and I wouldn't consider it for that reason. I'm concerned about my emails being delivered, increased spam, a thief (or government employee) walking out of my home with my email server, my modem needing a reboot while I'm on vacation and not being able to send or receive emails, and my neighbor accidentally burning down my apartment, taking my email with it.
I'm a Fastmail user and pretty happy with the service. But, what's the real world benefits of Helm over an encrypted email service, like ProtonMail?
Using a hardware root of trust, secure boot and a Secure Enclave for managing keys used for full disk encryption, it will be very difficult to extract decrypted data from a Helm server. The keys never leave the Secure Enclave, they aren't available to the application processor or memory.
Most cloud-based email services hold email in the clear - we believe this means you don't really own your data. Encrypted email services have challenges around search, access via proprietary protocols and the risks of running highly sensitive operations in client-side javascript.
I mean, sure? You can use encryption to get security and privacy features but "FDE" isn't it. FDE is more important for Helm but that's a problem of their own design: suddenly the e-mail is in a box in my kitchen and it's a lot easier to walk out with a box in my kitchen than it is to walk out with a drive from us-east-2a :-) For anything in the cloud it's a belt-and-suspenders/compliance thing.
How many people have access to drives in us-east-2a? Do you know? Can you verify?
Assuming the software works flawlessly (if it doesn't, it doesn't matter where it runs) you'll need RAM and storage access to recover the keys and the data. If you're in the cloud, you won't notice when insiders or state agencies take a peek. If the device is in your home, you can set it up so you notice.
> How many people have access to drives in us-east-2a? Do you know? Can you verify?
AWS, like every non-clownshoes provider, is transparent about the security controls on its datacenters. It has those verified by independent third parties and auditors (for relevant compliance standards). They have published whitepapers and compliance/audit reports, and continue to.
The odds that someone compromises a Helm update and the odds that someone walks out of us-east2a with a drive are not in the same ballpark.
To reiterate, because somehow I'm in the "FDE is an important threat model!" corner: it is not. Walking away with a Helm is not the easiest way to read e-mail on that thing, especially not for an organization capable of dragnet surveillance in general.
> The odds that someone compromises a Helm update and the odds that someone walks out of us-east2a with a drive are not in the same ballpark.
Sure, but why are you comparing a software compromise against physical access? There are attacks that work against cloud providers which don't work against Helm. If somebody can compromise a Helm update they essentially got root. And that is a step up from just read access to storage.
Here's how I see it: There is a provider that runs my mail infrastructure. They can either run it on AWS, or host it at my home. If the data is in my home I don't have to trust Amazon. I still have to trust my mail provider ultimately, but using AWS doesn't improve on that.
I'm curious about how you arrived at the conclusion that we are capable of dragnet surveillance. Connections to/from the Helm server use TLS end to end.
I mean, the risks exist in the sense they are not absolutely zero, but can you seriously compare an average home to a data center in terms of physical security, connectivity, fire suppression, etc.?
I feel like I'm the target market for this as I pay for Fastmail ..
1 - how many domains can I use? I currently use ~6 with my Fastmail account
2 - can I have multiple users? I recognize that fastmail doesn't let me but at this price point I would want it. It looks like you support that but I'm unsure.
3 - How do you convince my ISP to let me receive traffic on the ports required to run a mail server? (most firewall them on residential accounts)
4 - If I were this committed to my email, why wouldn't I just set it up for free myself? This is actually my biggest question in regards to the product/target market. Are there that many people out there that both care about how email works to this degree and aren't willing to host their own?
The website is heavy on theatrics and bold statements but I feel actually kind of lacking in terms of the meat. There's more than a few parts made it difficult for me to get any information at all (the automatic slide show on the Product page, the 'see the inside' slideshow on the tech page). If I had to guess I'd say this site wasn't tested against Firefox (doesn't seem that any are anymore due to its low market sharE).
hey stevehawk - thanks for your questions. I'm the co-founder and CEO of Helm. Let me take them one by one:
1 - how many domains can I use? Each Helm Personal Server currently supports 1 domain
2 - Can I have multiple users? Yes, we have no limits on the number of users.
3 - Please see my response above about how we navigate around ISPs blocking ports. We route traffic through an EC2 instance with an iptables configuration and an outbound VPN connection. We utilize Let's Encrypt certs for this traffic to be encrypted with TLS.
4 - I've run my own email server for 15 years. It's a pain and more and more people are willing to pay for convenience and peace of mind that comes from a dedicated team like ours looking out for them.
On the meat - we have a post coming tomorrow that is the first in a series where we will dive into the technology.
Regarding Firefox issues, please email me at giri@thehelm.com and we'll look into it. We have avid Firefox users on our team and did test it but may have missed some things.
Thanks for your questions and let me know if I can answer any more.
I appreciate the response. Anecdotal situation - I have to admit the 1 domain thing is a drawback for me. In order for me to commit the financials to this I'd need to be able to use it for more domains (ie, spread the costs across my personal businesses as well). As a solution for 1 domain only it has the feel of Silicon Valley millionaires solving problems for Silicon Valley millionaires.
There is no break-even point on this because by default the subscription is more than Fastmail, including their business offering, and even amortizing the device over a decade is still a stretch (what device lasts a decade anymore?). I think what I'm realizing is that even with a gross annual household income over half a mil USD is that I can put a price on email and it's lower than this.
All of that said I do think you've got a neat product. The EC2 solution for tunneling is novel and explains the higher subscription cost. I hope you are successful because I'm curious to see what version 2 would be like service/pricing wise.
Thanks for the feedback stevehawk. We'll look to support multiple domains - right now costs scale with the number of domains due to the simple fact of supporting reverse DNS.
I feel like am your target user for this product. I want to be able to isolate the majority of my data away from these large corporations (namely Google), email is probably the hardest one for me to do myself. I really want to use your product.
BUT, and this is a HUGE but, I am a web developer and I have like 15 domain names. Some from old businesses, some for just random stuff. I accept email from all of them and have online accounts tied to many of them. In order for me to use this product, I absolutely need to bring ALL my domain names with me.
In fact, the number of supported domain names is the primary feature I look at when comparing email providers. If it doesn't support the amount that I have, I immediately disregard it, doesn't matter what else they be offering.
So please reconsider the number of domain names. I imagine there are lots of users like me.
Hey mrgalaxy - thanks for your note. We will take a look at how we can support this more efficiently. Right now we don't because we support reverse DNS for all our customers.
Your setup with Let's encrypt certificates is exactly what I was thinking about. I was thinking however about a one step further. Put the server on a smartphone. This way you're pretty much covered most of the time. Also one could be notified as soon as email is incoming. I thought also about a home server that would be used as a secondary.
It would be best to give ability to create random subdomains, so a user can have a separate addresses for everyone. Then it would be easy to filter out spam on the proxy level. Which is crucial for a server on a mobile phone.
5. e-mail archive compromise (someone gets to read old messages)
6. archive loss
You have to think hard about each point:
- how it can happen,
- how would you detect it,
- what it could lead to,
and then prepare for those circumstances via preventive measures, and by having a plan for when it happens.
For example if you register your domains under an account where email that was used for registration comes from one of those domains 3. can easily lead to 1. and you're hosed. You have to have way to restore 2. without access to e-mail addresses that will not work while 2. is happening. You will most probably have no way of detecting 3./4. before bad things start happening. etc. etc.
E-mail is not really something to fuck with, because of how important it is for authentication on the web.
Helm website doesn't work for me, but if you're thinking about an easy way to have a personal email server, and don't have experience, be careful.
So this is bikeshed territory but what with the shape of the "box"? You can't stack anything on it and it seems to take much more room than necessary that way.
Reading the (mouse hijacking) technology page I see:
>Helm is a high-performance server with capabilities normally found in larger, business-class hardware. To accomplish this performance in a smaller (and quieter) form factor, Helm has been engineered to dissipate heat through its aluminum base.
Is that the reason behind the design? Does it mean it's fully passive cooling? Also is it really necessary to have that much cooling in the first place? An email server doesn't need that much juice normally, especially for a small handful of users.
If you feel like doing this yourself, get something like a Raspberry Pi 3 (or better, like the Asus Tinker Board) and use sovereign (from github) to automatically install your own mail server/owncloud on it.
Then get a dirt cheap VPS (less than $15/yr) from lowendbox/lowendtalk and run a OpenVPN tunnel.
So what's the advantage of having this at home instead of an ISP?
For one, backup and restore is fast and easy. You can use your NAS that's at home. You may want to have an additional offline backup in case your home network gets completely compromised.
A box at home is also more difficult to tamper with. If you're paranoid, put it into a tamper resistant box.
Unfortunately reputation management is a requirement nowadays for all senders of MTA. And it's an ongoing hassle.
Helm promises to handle this in a way that doesn't let them read transmitted mails. You still have to trust them ultimately, but the stakes are higher.
$99/year? They are targeting an extremely small market. I can get Fastmail for a fraction of that amount, and I don't see much of an advantage with this - and I'm one of the few willing to pay for something I get elsewhere for free.
I mean, "a fraction" is "half" in this case, which is actually pretty close to par in my mind. And that's what I pay for one address for a year; so if this is more addresses and more domains at better scaling prices, that's quite interesting.
I pay ~$5/mo for a VPS that I have root on and host E-mail for an unlimited number of domains, plus I can use it for other purposes: light duty web site, VPN, etc.
I don’t seem to be the target market for this but I wish them well—we need more effort towards re-decentralizing E-mail.
I'm having a hard time understanding who would buy this. Non-techies aren't looking for a solution to this problem. And, the moment you mention encryption keys in your marketing you've lost them.
For $499 and $99/yr (!!), I don't think you'll convince techies this a worthwhile product either. Maybe the ultra paranoid users. But, in my experience those are also the people who can build their own solution.
Seems like an amazing solution for really a non-existent problem.
The average consumer doesn't bother with his email privacy if he had other online solution would have been much more popular.
The more technical consumer will probably would prefer to run something open source on his own server.
So I wonder who is willing to buy and pay for this kind of solution.
I have to point out that while their marketing copy claims that they want to know "as little as possible" about their customers, they have Segment's JavaScript tag on thehelm.com
Also, no actual content appears on the page without allowing third-party JavaScript. Even though I'm interested in hearing about new mail services, I chose to close the tab rather than spend time figuring out which of the 17 third-party domains I should white-list in order to see some text.
I doubt I'm the only one who made this choice. For some of us, content is still the reason we use a web browser; that includes those of us who value privacy and minimising the amount of arbitrary code we run on our devices.
They're "solving" the residential ISP email blacklist issue by offering an IPSEC VPN with static addresses they control:
> Helm just works with your home network—no configuration needed. Helm connects securely to a unique gateway, which is assigned a static IP address so Helm is reachable by other mail servers and secure TLS sessions can be established.
A nice approach, but it does sort of chip away at the decentralisation claim that's at the core of their messaging.
I wonder if they check that the IP addrs they use are in good standing with the large mail receivers or if they somehow pre-warm the IP with "good" email.
You show, Google, NSA, etc... but doesn't this service route email through your own servers to get to the box in my home? what makes your servers more secure than Google's at handling the emails? If I have to trust you to route the emails, I might as well just use something like Fastmail that hosts them too.
More crucially, what can I do with the box if I ever stop paying you? or you go under, etc.
I'm sorry, but I'm pessimistic about this. 99% of people just don't care about privacy, and those who do would probably prefer to set up their self-hosted email by themselves.
It’s not even that. It’s that the flipside of decentralization or even federation is SPAM. How do you prevent getting SPAM from people you don’t know, while at the same time having others accept YOUR emails?
That’s why today ANTISPAM on the net has all but shut down the option of having email outside the big boys or edu.
This is an interesting project. I've been following FreedomBox for ages hoping it would end up as a good way to do this, but development has been slow. I do have some questions about the technical details:
1) Is email access provided through the Helm App, SMTP/IMAP, or is there a webmail interface as well? Can you use this device without a smartphone?
2) Which Linux distro is this based on?
3) What file system is used? Is it something like ZFS or BTRFS, which could protect against corruption? Since there seems to be only one drive, I assume there is no RAID-like redundancy included to protect against drive failure?
4) Where are the encrypted backups stored? What is the procedure for recovering them? I expect that the backup recovery keys are also stored offline on the flash drive?
5) How are software updates performed? Are they pushed from a managed system that you control, or does the device itself pull updates automatically on a schedule? How long will you guarantee software updates for? If you stop providing them, or are slow to patch a vulnerability, is there any way for the user to patch the device themselves? Local SSH access perhaps?
Lastly, a comment, please consider not overriding the scroll behaviour on your website. It may look slick when it works, but when it doesn't (as it doesn't on my Firefox), it totally breaks the website. In the case of your technology page, it is super-annoying, since the details I want are at the bottom, and I'm forced to watch the slideshow before I can see them.
How about alternatives that are completely open https://www.kinguardproject.org/ ?
As mentioned in other comments, having all the sources provides the possibility to review/recreate/modify the code to see what is really going on.
This is my perspective alone and isn't meant to sway anyone's opinion, this is just my experience as it's been.
Having owned and run my own mail servers myself for some 10 years, I'll tell you something for nothing. Owning your own mail server is not something that comes for free. At least, it wasn't for me.
Unless your product has brought something that's drastically different in terms of software, security and spam maintenance, it's too much of a pain in the ass for a non-technical person to manage. Heck, I'm about as technical as they come. I ran plenty of different kinds of mail servers in those ten years. The effort and inconvenience it caused in that time just wasn't worth it to me any more.
Having to stress out every time I moved, needing to make sure my internet wasn't shut off until I left the premises and making sure it was already on at the new premises before I could move anything, always being the guy on call if my mail server went down.
Then came Cloud and I no longer had to worry about physical hardware ownership and maintenance. I no longer had to worry about if my internet at home was working. The opportunity to move my mail server to a VM, and then hosted Exchange and now Office 365. This has offered me so much mental freedom, I don't think I could go back.
The added stress wasn't worth the extra flexibility and security in my mind. All my email is now handled by Microsoft. Sure it costs me a little money each month, but I've got the peace of mind that their security team is on it and while I'm pretty security savvy, I've got nothing on their security team. In addition, I'm not the guy on call when everything falls to pieces.
I realize that most technical people won't have my perspective on this, but it's definitely something you should think about.
Helm was built specifically for you. I know because I had to run dozens of mail servers myself for email-to-blog platform Posterous, my startup 10 years ago. It was terrible.
I've been up and running with Helm for the past month on my garrytan.com email domain and it's been zero maintenance.
It's rad, does all of the DNS/SSL/DKIM foo necessary to make your email fully deliverable, includes contacts and calendar sync, is multi-user, multi-domain, etc.
The hardware looks slick, but are my emails going to bounce when my not commercial comcast/spectrum/at&t/whoever has a maintenance outage? I'm not sure it's too useful to bring that out of the datacenter and into my house...
SMTP was designed around the assumption that nodes could go down or network partitions could happen.
If you are unreachable, the mail server that is trying to contact you should try again later.
How many times, at what interval and for how long retries happen vary.
Most servers will notify the sender saying that “message delivery failed permanently” if the receiver is unreachable for such a long period of time that the sender server gives up.
So between the resilience to temporary unreachability and the fact that the sender should be notified if delivery times out, I would say that the chance that anything important is lost is very slim.
The bigger problem is the fact that home ISPs often block outbound SMTP, as well as the fact that their IP blocks are often regarded as low trust by others, meaning that you will certainly run into problems sending mail every now and then. I did not yet read the OP link, but am going to, so I don’t know if they offer proxying/forwarding of outbound SMTP.
Hey there, I'm Giri Sreenivas, co-founder of Helm. Glad you like the hardware! Good question on email bounces. As Arubis mentioned, email has retry built in and most servers default to retrying for 48-72 hours.
This answer implies that you have no idea what the problem is, which doesn't bode well.
The problem is that the major email hosts send to the spam folder any emails from IP addresses they don't explicitly trust.
My solution to this is just to ignore it and tell people if they want to receive my email they should work out how, as the problem is on their end not mine.
But lots of your customers won't like that answer.
SMTP policy requires retrying if mail cannot be delivered. From RFC 5321 section 4.5.4.1:
> In a typical system, the program that composes a message has some method for requesting immediate attention for a new piece of outgoing mail, while mail that cannot be transmitted immediately MUST be queued and periodically retried by the sender.
[ ... ]
> Retries continue until the message is transmitted or the sender gives up; the give-up time generally needs to be at least 4-5 days.
This looks really interesting, but I'm disappointed that you apparently _need_ a subscription to their DDNS-like service.
In a lot of cases, users may be paying for a static IP from their ISPs (or even have one for free, by default), or they may be running their own DDNS via a cloud instance already. This does nothing but add a $100/year fee for something that is exceptionally non-reusable and narrowly-scoped.
I'm not usually one to theorize spying, but I'm gonna call it here: I'm betting that "remote administrative access" is found between the EC2 instance and the at-home box.
My first thought in seeing gsreenivas' discussion about the VPN/iptables/EC2 is that the physical box at home makes it feel more secure than an EC2 solution, but I'm not sure that is actually the case.
Had a pleasure of setting up and running a personal mail server before, and honestly, unless you are highly technical and enjoy doing that, a consumer solution is nice to have. It’s not just the original setup that takes a long time, it’s configuration and maintenance, software updates, mail delivery hacks... Basically if you’ve ever wanted your own mail server, Helm should be it.
You mention that you use a hardened Linux OS, but you don't discuss any of the other opensource software that you use. While you technically only have to distribute the sources to the people that receive your hardware, it would be nice to know these kinds of things before purchasing. This is a niche market you're marketing to that has a history of researching these kinds of things.
Are you using a custom distro or one of the off the shelf ones? What webserver (presumably there is one) is running on this? MTA? What're you using for backups? Is this just a ownCloud running under the hood with a tunnel to AWS and small proprietary layer on top?
Along different lines, how to do the backups work? Are they just stored on the device (what happens when its drive dies)? If not where are they stored and how much manual intervention is required. If your company goes under can I use any opensource software to decrypt the backups and access my emails?
Edit: With the list of sources in hand I can answer a lot of the questions I posited. So for others interested:
Distro: Still unknown, but see additional interesting tidbits.
Webserver: Neither nginx or apache are present. If I had to guess its using golang's net code to run any webserver / API that is present
MTA: postfix, dovecot, opendkim, opendmarc, spamassassin (might be more components I missed)
ownCloud: Doesn't appear so
backup software: Duplicity
backup location / process: Unknown
Interesting other tidbits:
OpenVPN is present, and so is ipsec-tools/strongswan. So they might be using either IPSec, OpenVPN or a combination of both for the tunnels. They could just be distribution defaults.
It's running docker, I'm guessing they're using some form of container image sync update system rather than a proper package manager.
It contains a fully developer toolchain, so presumably this is a full distribution rather than a minimized / custom one.
Based on the versions it appears the ARM processor is a QorIQ variant which is an ARM evolution of the PowerPC architecture.
Contains the libatomic libraries, so perhaps this is running on Fedora Atomic as an underlying OS? Would explain the presence of docker and give an idea how they're providing updates.
Appears to have a wifi chip (I couldn't find any information about connectivity on their site). Specifically it seems to be using a Qualcomm ath10k chip.
Hi TrueDuality - Giri Sreenivas, co-founder and CEO of Helm here.
We will be publishing more details to answer your questions in depth in a series of coming posts. I'll give you some quick answers right now.
We use Yocto to spin our own Linux build. Key projects we utilize:
OpenLDAP
Postfix
Dovecot
Darwin Calendar and Contacts
Certbot
OpenDMARC
OpenDKIM
OpenSSL
Python SPF Policy
Sieve
SpamAssassin
Duplicity
StrongSwan
Docker
We're using duplicity for backups. So you can use it to decrypt backups as you will have the keys as well. Backups are stored on a service we run using S3 and will always be accessible for the user even if something happens to the company.
I would like to see the option for backups to be held on you own own cloud account of choice. I am in Canada and I use a Canadian cloud company called sync.com for my secured data storage knowing it will not be stored in the US.
The price point is also a bit high for a Canadian Customer, so I like the idea but a bit too pricey for North of the boarder after currency exchange.
So. The case is interesting maybe. But 500usd for a $pi with a 30usd ssd?
And then 99usd/yr to route mail via a t2 nano on 1yr free tier?
So in a year's time the relay service will stop?
Or before that the ec2 instance will go down but then that means enough helms have been sold...
I could be wrong....
So this is a bet that people will value their email privacy at $99/year. The last time I went from not paying for something to paying for it was when I started paying for streaming services instead of downloading media. The cost difference was around the same (although $10/mo. feels cheaper than $99/yr), but the benefits feel a lot stronger -- say instead of waiting for a download to finish over the next hour, I can start watching content immediately. Even as a privacy minded person (no social media accounts, etc.), I don't see myself or a big market subscribing to this. The confidence factor is also pretty important since I'm not going to subscribe to a service that I feel has a high chance of shutting down in the next couple of years and possibly suffer email interruptions / data loss.
I want nothing to do with the shit-sandwich that is hosting mail, and have utmost respect for those of you that can.
But I would love a small server box that can be simply stacked to increase capacity for home labs and desktop k8s clusters without having to buy and configure a switch and complicated power delivery.
I definitively believe that we need to fix the way email is handled, but I don't think this is the solution.
I wanna get away from "free" email, but I think it requires a more full blown solution, something which offers a client with the polish of gmail.com along with it's excellent spam detection/protection, that can be self hosted on any random computer/server (using docker, or similar) that is very nearly plug and play.
Unfortunately, such a project would need to be OSS, with a consulting-type income structure, but the big companies that would be willing to pay for such a thing all use O365, and would never be willing to try something not nearly as proven.
> I definitively believe that we need to fix the way email is handled, but I don't think this is the solution.
Sorry, I respectfully disagree. We shouldn't fix email, we should throw it away and replace it.
It is almost impossible to have secure email that can't be eavesdropped, even with PGP. Normal people just don't get the need for security and can't bother the hassle of encrypting their email.
Also, from an usability perspective, email was a solution for an age without mobile computing.
What we need is something like Signal: instant messaging with privacy built in by default.
I don't think that idea is realistic. While I agree that it would be great if we could find a fast, secure replacement for email, that's not happening.
Signal isn't federated and doesn't allow me to selfhost.
If you wanna start a messaging platform that can become a defacto standard you need to allow anyone to implement it, you also need to prove a value-add aside from security and privacy (which 99% of consumers don't care about) which builds momentum, it also shouldn't piggyback or rely on email in anyway. Much the same way that email didn't require a snail mail letter to create an account.
email is a solution to a communication problem which happens when two people aren't in the room together. It replaced memos, quick phone calls, long form letters, etc.
Instant messaging UX really only addresses the quick phone call and possibly short memos. The UX strongly discourages anything longer than 3-4 lines.
If I have a Helm device and you have a Helm device, and we both use iPhones, that's a pretty good scenario. All the devices are trusted and run signed audited code, and my email passes from my iPhone to yours purely encrypted at every stage, with no intermediaries having access to the plaintext.
And neither of us have to change apps or behavior.
Does that mean that Helm knows when it's communicating with another Helm server and does an end-run-around email infrastructure to keep everything in-house? (like gmail and O365 appear to do)
So they use a registered ip proxy to your own email server. I've been doing that for a super long time, and it's a great solution, at least until about 5 years ago.
Most providers will blacklist anyone who isn't one of them. So I front my home email server with a big account to relay in and out of. It kinda sucks, but all my stuff just works.
So I can happily fire up my Macintosh II, load up Outlook 98 and read email.
I use Office 365 to front my domain, I think it's like $12 a month for the corporate version so I can have it front domain emails. And that means I get office for all my devices so I'm not the one having to deal with having old versions of stuff.
I don't like Google reading my email either. But I still use Gmail because I can search 20 years of my emails (including ones I imported from Yahoo mail) instantly. It is surprising no one has mentioned search in this discussion.
This is a market cash grab that preys on peoples' ignorance and fears. Fancy looking hardware for an excessive cost that isn't stand-alone. For e-mail. Really?
I know the founders and can confidently say this is anything but a cash grab. They don’t andvertise this fact, but the guys are really into privacy, and they want to see this come to life for the sake of data protection. VC funding is the means to make it a reality, as good hardware is expensive and takes time to get right.
They don't need to sell hardware to achieve what they're doing. In the current form, they are mainly selling a service (SMTP relay on EC2) disguised as hardware (imx board inside a fancy box).
Why not charge the service for $100/year and allow anyone to use a Raspberry Pi and USB flash drive, which costs $35+$20? If they're using Linux on an imx, then there's likely little difficulty in porting to Raspberry Pi.
If I understand what you are asking correctly, then you are not wrong, and there's definitely an option to do this, but you are not the customer they are looking for.
If you have the chops to get a Rpi running, then you probably know how to run a mail server or you are definitely able to read an EXIM book and get it going on EC2 in a day... with all the consequences.
On the other hand, if you are a business professional, or a crypto holder, or a privacy concerned mom, you don't have the time and chops to go through the setup. What you want is an "iPhone for email", and this is what Helm will provide.
One device, simple setup, no hassle, all updates and management are taken care for you. It's beautiful, and $99/y isn't going to sway you. I pay $100/m for Comcast and get subpar internet in return, but I am not going to go and setup an ISP to save money.
That said, if you think this is a good idea but could be done at $100/y sub on a Pi, perhaps is a great time to start a competing service ;)
If a .iso is provided, I can't see why flashing a custom "Helm iso" is any different from flashing the default "Raspberry Pi iso", and there are a lot of people who can flash the raspbian -- there have been 5 - 10 million raspberry pi's sold so far. So, I think there are a lot of people who can use the Raspberry Pi.
Despite my initial misgivings, I would actually consider something like this, even at this price point, but there are a few things that for now are non-starters.
1) I’d need to feel secure my email would actually deliver correctly. Zack Whittaker on Twitter [1] mentioned that the CEO’s email wound up in his Gmail spam folder. This would be utterly unacceptable for me, even though I don’t frequently email new people.
2) The single domain per server totally makes this DOA for me. I have multiple domains with separate, non-aliased mailboxes, controlled via legacy GApps accounts. It winds up being a security advantage because I use different accounts/domains for different services and that means that the likelihood of me being severely hacked is lower as a result. But beyond that, a single domain designation seems off for this type of product. The people willing to spend $500 on this kind of hardware are the people who have multiple domains.
3) I worry about the long term future of a startup like this. If they go out of business, not only is my hardware now worthless, I now have to migrate my inboxes to Fastmail or GSuite or something else, or face configuring my own local mail server, which is what I was trying to avoid to begin with. And in my case, that would also potentially mean giving up grandfathered GApps accounts with 50 users and custom domain support.
I wish Helm luck and we need disruptive email startups and better turnkey hosting solutions, but I’m not sure this is the right solution at the moment.
Services like this are popping up everywhere. It seems to me that daplie's successful indiegogo campaign started it. Of course, daplie was then taken over by cryptocurrency nuts that turned what would have been a good product into a token mining personal server for no good reason.
The founder of daplie is moving on to found ppl, which is also similar to helm, but without email being the primary focus. I started helping with the email feature before getting a new job and not having any spare time for the project. This is a better solution to email than we had come up with.
I still wonder, does one successful kickstarter mean there's enough market demand for these products to succeed? I just can't see personal servers at home becoming anywhere near user friendly enough for the general population. Go try a digital ocean 1-click install 3 times in a row. The results are different every time. I see that same problem happening with these personal servers.
I wish them all the best but I don't know a single person in the market for this. For geeks, programmers and DIY folks it's overpriced, for the casual user the benefits are questionable - you're switching from a proven, free blackbox (GMail) to an unproved, paid blackbox. It's a tough market to enter, I guess.
Sooo you want me to pay 100$ per year for hardware i'm running at home already?
Nope.
And i also do not want to have my email gateway at home. I do move, i do like to shutdown hardware, i like to travel and might not be able to access my hardware.
There are good small and secure email providers out there which costs money. I would even prever a managed vps server somewhere.
I have no idea who this is for. Non-technical people don't care, and this is still too complex for them. Technical people can use Fastmail or other secure, hosted options. $500 for proprietary hardware is so steep, there are software options for the Rpi that do something similar for $40!
Well I might be a good example. I’m highly technical and I never want to try configuring an email server again. Did that once and no thanks. I can do it, but since it’s not a particular technical subdomain I have much experience with and its difficult and time consuming. And doing maintenance is just an ongoing headache I don’t want.
However, I recognize the value of having my email served and saved on premises. If I could have a fairly secure and automated backup from my local files, that’s great.
If I can also use a self hosted webmail interface then I want that too.
I agree that $500 is a lot, but it’s not an absurdly large amount.
Even if you dislike the idea or the price, you should be happy there are companies trying to change what has become a real privacy problem these days. At least for me, it gives me hope to think people out there are working on these issues and trying new approaches with new technology.
I really appreciate that the "hero" video _asked_ me to click. That already shows you respect me enough not to just auto-play in my face. I think the video suffers from a bit too much dramatization, especially at the end with the triumphant movie trailer music and awkward shots of people looking directly into the camera. I also think some of the copy on the main page could be edited to sound clearer and more natural. For example:
* "Keys only you have access to" -> "Only you have the keys"
* "Room for growth" -> "Room to grow"
* "Gets better over time" -> "Always improving [etc.]"
I mention all the above because I really like what I see here and I'm looking for room in my budget after I post this comment :)
(I sent this as an email to helm's support but since the founders are responding here I am duplicating this here)
Your technology page mentions that you provide an mx gateway (presumably for inbound email for home networks that don't usually have a static IP address). You also mention that emails forwarded to the helm server via your gateway are encrypted end-to-end and your gateway cannot read the contents of that email.
I am unable to understand how this happens. TLS is not end-to-end -- since the sending mail server will establish a TLS connection with your gateway it means that you necessarily have to decrypt the incoming email before forwarding it to the helm server.
Looks quite cool but why put a server into my flat? :thinking:
If I'm somewhere and my internet goes down, I will lose access to everything. And as we all know, stuff will go down at some point (probably at the most inconvenient time).
I will be surprised if this takes off. Sounds like a glorified Western Digital's MyCloud with a raspberry pi server... Also that annual subscription is a joke after purchasing the hard disk outright.
$99/yr is insane for this. Here's the reasoning they provide in their FAQ:
> Internet service providers normally don’t provide their customers with networking capabilities that are required to run an email server. In most cases, upgrading to an expensive business class internet service is needed. The subscription service that is part of the Helm service handles this for you without you having to upgrade your ISP.
> We handle all fees associated with domain registration and renewal when you create a new domain for your Helm. In addition, we also provide storage for offsite encrypted backups and include access to new features, service and security patches.
Is it necessary to have a hardware device for this to function? I'd love to pay $99/year for a 120 GB encrypted email service, but don't want the hassle of owning more stuff. I'd go with ProtonMail but it's seriously expensive for the data price (24€/mo = 288€/yr for just 20GB).
I also can't imagine that having a hardware device in-home actually reduces the unit costs of that storage, so if this were an on-line service priced even cheaper, I'd love to pay for it.
Can anybody explain why they want me to buy a 500$ piece of hardware?
Can the same result not be achieved with a Raspberry Pi and any self-hosted open-source mail server?
Mh, not much convinced. I'm a fan of the idea of personal home server and I have built myself one having find a ISP that offer static IPv4 and v6 addresses with a reasonable price; for end-users I also understand the opportunity and need of pre-built appliance since they may understand actual sorry state of tech evolution but may not have enough knowledge to act autonomously but... Well your appliance seems to be too ridden by "modern design" I personally call it catastrophic.
If the thing you're going against is "corporate server controls your data", why is the answer "EC2 proxy we control"? It sounds like I have to trust that server just as much, and essentially you're telling me you're, for some unspecified reason, more trustworthy than Google?
Do you have stats on e-mail deliverability given that you're suggesting I send all my e-mail through a random EC2 EIP? (Is it actually an EIP, or is it just default EC2 egress?)
Hi lvh - it's not a proxy. The EC2 instance can't see your emails. The Helm server initiates and receives TLS connections through the instance so it's really an extra hop on the internet. We don't see or keep data on deliverability of individual Helm servers. We use a dedicated EIP that we ensure are not on blacklists and configure reverse DNS as well.
Honest question - What's up with that form factor? Seems designed to take up more space than necessary. Is there some reason for it or was it just an aesthetic choice?
They say the units will be stackable to increase storage capacity. The form factor seems suitable to that. Seems like it would also allow airflow on the bottom side without visible vents.
It's great idea, though i'm not sure who the target customer is.
Most people who care enough about security understand what this device does, along with actually buying one of these, will most likely already have the technical skills to setup something similar themselves.
That being said, once it supports multiple domains/domain aliases and webmail, I'll probably be picking one up, if not for anything else then for fun.
Is it open to users to be able to run their own docker images on it ?
> While offline, emails sent to you will not be delivered. This does not, however, mean that they are lost. ... the sender’s email server will periodically retry sending the email at a later time.
It could be interesting to see whether MTAs evolve away from that design feature/constraint. Email seems ever-more centralized. Then again, it's a great robustness feature with a very small downside if any, so hopefully it's just my paranoia.
Helm just works with your home network—no configuration needed. Helm connects securely to a unique gateway, which is assigned a static IP address so Helm is reachable by other mail servers and secure TLS sessions can be established.
This sounds like Helm becomes the email gateway. Sure, an email server might be running on the device, but emails will be routed through Helm the company. Am I missing something?
Hi apo - Giri Sreenivas, co-founder and CEO of Helm here. The gateway funnels packets to and from the Helm servers in people's homes. These are packets of encrypted TLS sessions so we can't do anything with this traffic. Happy to answer any further questions or concerns.
That is not entirely true. Perhaps in the stated configuration it is, but since the domain points to the EC2 instance, you could always register a new LetsEncrypt certificate for it, and do a silent MITM.
Perhaps the architecture you describe is the best, however I would hope for two things to be supported:
1) The ability to run your own gateway server instead of having to trust one managed by your company.
2) The ability to disable the gateway entirely if you happen to have a business connection already.
It's possible but not something we would ever do. We are looking at STARTTLS Everywhere from EFF as means to help ensure that any cert changes would be tracked transparently.
If running our own gateway server on a cloud provider of our choosing will really be an option, that might sell this for me. Would that remove the yearly $99 requirement? I understand we wouldn’t get support for a lot of the things you handle transparently behind the scenes blacklist/DNS-wise.
Not sure about the Helm but i havn't found any source code nor any description on which open source components they use. But i for one would not trust my personal information to a closed box.
Good luck with AWS/Azure IP addresses. Most cloud providers have their entire IP blocks of compute services (VM, etc.) blacklisted by the majority of DNSBL and antispam actors. If the EC2 instances act as the last outgoing relay (the last IP) you will encounter email being rejected by recipient mail servers at some point.
Best solution is to have your own AS number and IP ranges and your own hosting.
This is cool guys. Kicking things off at the right time as well. However think I might be missing a few things.
1) Wasn't the whole point of email moving to the cloud to enable access on any device anywhere? If I move my email to Helm can I still access it on the go?
2) Assuming I can access it on the go. I'd need pretty fast upload speeds right? I live in Australia, and our internet is god awful.
1.) it is globally accessible through the gateway it connects to
2.) for email services, you don't need much in the way of bandwidth for this to work very well.
This feels like the infamous HN dropbox thread. I don't know if it's solving the problem well or not but this can totally make a killing. Privacy has really gone mainstream, it's pretty clear people are looking for new ways to engage with tech regardless of utilitarian considerations. The holiday season is coming and 500$ is reasonable.
I like the design. Its cool. But i cannot see the price to be reasonable. Personally if someone wants local server - mail with be not enough of a selling point for 499usd. So why not buy ds218+ (300usd) from synology and two 4tb NAS hard disks (200usd)- 500 usd? The setup is dead simple. It has mail server backup and media software.
Who is this for? The regular person doesn't trust Helm any more than they trust Google... nor do they care that much.
The privacy oriented techie doesn't trust Helm any more than they trust Google... so they're going to do everything themselves from scratch anyway, so what does Helm do for them?
As someone who has a homelab, I would be interested if there was an option to use your own hardware, and just subscribe to their email service. I would accept the "risks of having my own hardware" that they couldn't guarantee up time etc. +1 if it was containerized.
I personally like very much the solution, but I don't like having one more device on my table.
PS: For some reason, people are willing to pay more and see more value on "physical things" than virtual solutions. Anyone knows the psychology behind this behaviour?
I can't help but feel that this is something that Apple should do with their AirPort Time Capsule. Give user the choice of hosting their own iCloud instance on the AirPort Time Capsule. It feels like a great way of selling more hardwares.
Interesting idea, but i'm not going to lie - I hate the case design. it reminds me of how obnoxious the Boxee Box was. Needs its own footprint, can't stack it or anything else, and it is anything but unobtrusive.
Helm, also known as "Hillary Clinton" v1.0 (just joking, no politics intended). Anyway, while it is kind of awkward having a physical server at home or office, there's a sense of peace knowing i control my own privacy, especially when I can see the server with my own eyes. While people argue about using SaaS email service like Fastmail, nothing can be truly secure, with exception to true end-to-end encrypted email service like ProtonMail. Most email providers, even the privacy-centered email service like Mailfence, are still required to turn over their data in case of local (Belgian) court order.
The only thing I'd really want is to have option to not pay for annual $99 fee, and instead have everything configurable so that I can point tunnel it to my own VPS/VPN or I can use it at the office, where the business ISP account allows me to host my own email server.
Have you heard of Synology? Their NAS's are not just personal email server, but personal document servers, web servers, everything, configured through an online interface. I would highly recommend you check it out.
If you have to rely on propriety code which makes a constant connection to a server hosted on AWS, I don't see any benefit over Fastmail or Proton. It's less secure and has a higher failure rate.
Am I missing something or is 500$ an awful lot for an email server?
You could probably set up a personal e-mail server with a Raspberry and have more or less the same functionalities.
I would never invest in anything like this because we should all be making strides to kill email not make it better or owning it or building services around 40 year old tech.
People have been trying to kill email for 40 years and failing. Their reinventions are usually worse than what they're trying to replace.
Unix, vim, emacs, lisp, the shell, and even the web itself is all old tech at this point. Old doesn't have to mean bad. It's tech that's stood the test of time.
"Helm currently ships to anywhere in the United States. Unfortunately, we cannot ship to PO Boxes, Army Post Office (APO) or Fleet Post Office (FPO) addresses."
The average home computer user has terrible security practices. Frankly, their email is safer being managed by a competent business. So who is the intended market here?
I got a long way down the page before I realized this was a physical device. Most of the text suggests it's a self-hosted email server, like postfix etc.
How hackable is this I wonder? Would just be cool to have a machine this shape. Of course you could probably do the same with a raspberry pi and a 3D printer.
Alex - Giri Sreenivas, co-founder of Helm here. We've designed security from the silicon up to make this device very difficult to hack. That means implementing secure boot, full disk encryption and utilizing a Secure Enclave for managing keys on the device.
And yes, you could definitely do this on a raspberry pi. That's what we used to prototype. It's not great for a long last, durable and secure platform though.
Sorry if that wasn't clear. We did not design our own ICs. We selected an SoC for its security capabilities and designed our solution to utilize it integrated with our firmware. We're using an SoC from NXP.
As someone building a personal email system in using Helm (the kubernetes package manager) I have a feeling the naming conflict is going to get confusing.
Email has several retries. Something like 6hr, 1day, 2days... After that the sender receives a delivery error.
All that is managed by the SMTP servers and the numbers change, but normally just losing internet connection or power for some hours doesnt make emails dissapear. By design.
While I have a cellphone, and can and do use it as a hotspot, I wouldn't exactly say it could provide a fallback connection for a server in my home, because it usually spends a significant part of the day out of WiFi reach of my home.
MTAs will retry delivery for up to a week. There are other options for more advanced usage though, e.g. one can configure multiple mail servers with different priorities, `the helm` having the highest priority and if it's down a MTA would try the next mail server which could be just a forwarder like mailgun.
Odd that they hide their FAQ in the shop page and hidden below the fold on a 13" screen. I looked everywhere but there. You'd think you most customers would want their questions answered before buying.
Don't most home ISPs block inbound server ports? I know Cox in particular does, as well as a few others. I have a business account for this reason that I pay a bit more (better support response too), but not sure if this is something a lot of people can even use without a backing service.
Cool idea though.
As an aside, any suggestions on easy to install/configure/update mail in a box + letsencrypt options? Thinking of throwing something on an rPI for similar chores.
It almost looks like there's a port in the top that expansions attach to. However, in the specifications, there is no expansion port listed. This makes me think that stacking is simply stacking, then we use a usb cable to attach the pieces.
If I leave my car in a garage for repairing, I still own the car, even the garage can access it.
That means, even google can scan my emails, I still own the emails. The topic is about privacy while the title makes it to ownership. That's the misleading part.
One of the worst ideas. Every big email provider (gmail, yahoo, outlook ...) do block every mail sent from a home isp. so you will not be able to send anyone a mail.
Hi tpetry - Giri Sreenivas, co-founder and CEO of Helm here. You raise an important issue with residential IP addresses not being trusted by email senders. This is why we use a static IP address assigned to a gateway for each customer. The Helm Server appears to have this IP when communicating with other email servers. This also allows us to define reverse DNS for a domain which is another marker of trust for email servers.
1. How do they ensure high, non-spam delivery rates to the main email services like Gmail, Fastmail, Yahoo, and Microsoft?
2. How would the product work in case Helm the company/service goes away (or even just service outage)? Can the device work on its own without the need for their web service (perhaps with lower delivery rate/higher spam score)?
They claim:
>> We’ve designed your Helm to ensure as little information about you as possible is communicated back to us. That’s why the only account you create is directly with your server, not with us, and why only encrypted data passes through our servers.
But how does that work with sending emails? (Please excuse my ignorance on this matter.)