Hacker News new | past | comments | ask | show | jobs | submit login

Hi keehun - thanks for posting this on HN! I'm the co-founder and CEO of Helm.

1 - First, we cross reference IP addresses we assign to gateway against known blacklists. This helps ensure emails will be delivered. We also fully support email authentication (DMARC, DKIM, SPF) and configure reverse DNS as well. Lastly, the IP address for a gateway stays fixed so the domain and IP will build reputation over time. Helm servers require the service to work to get around the residential internet connection challenges in the US (port blocking, dynamic IPs, untrusted IPs)

2 - We will be doing 2 things - first, we will publish as open source what is required for people to be able to run their own gateways with their own AWS account in the event Helm has to shut down. Second, the unit economics on the service are positive so as long as we have customers, my co-founder and I are dedicated to running the service. We take a page from Garry Tan and Posthaven in this regard.

3 - The way this works for sending emails, your devices that you compose emails on will connect directly with your Helm server over TLS. Your Helm server will then initiate a TLS session with the server hosting your recipient's email. So we as a company have no visibility to any of that data - at rest, or in transit. I hope this helps - I'm happy to explain this in more detail as needed.




>> 3 - The way this works for sending emails, your devices that you compose emails on will connect directly with your Helm server over TLS. Your Helm server will then initiate a TLS session with the server hosting your recipient's email.

If my helm server connects directly with the recipient's email server won't it create problems with SPF validation? Home networks usually don't have a fixed IP address so I am not sure how SPF will work.


> Your Helm server will then initiate a TLS session with the server hosting your recipient's email

I'm not sure how Helm doesn't see the metadata:

* For outbound (as described) and inbound mail, do all mail servers support TLS connections? I was under them impression that many still communicate unencrypted.

* How does Helm avoid seeing the metadata, who is communicating with whom and when?


WRT to TLS, see here: https://transparencyreport.google.com/safer-email/overview?h...

It seems that Helm has no obligation or business need to log any metadata if they are providing each customer with a dedicated relay. Any abuse will come from that relay IP and can trivially be attributed to the correct customer.


> Helm has no obligation or business need to log any metadata

The point of Helm is to provide privacy (and end-user control) through technical means, if I understand correctly. If it's just a matter of trusting motives, I don't need a home server.


I disagree. Seizing data stored on a server in your house is much, much more difficult that seizing data stored on a cloud server.


I can see that going both ways.

The feds know that Apple (for example) are fully lawyered up, and that they need all their legally required paperwork with it's "i"s dotted and "t"s crossed before Apple will even look at their request for your data. While we know they _will_ hand over legally required data when they can and the paperwork is OKed by their legal department, they also very publicly go head to head with law enforcement when those requests are legally questionable or technically impossible.

I suspect an overly broad probable cause warrant to seize all the electronic devices in your house is gonna be much easier to slip past an leo friendly judge and whatever legal representation you can muster up when they dawn-raid you - than "slipping one past" Apple's legal team.

Having said that, if you've got the feds interested in your digital comms, you probably want to be getting your security advice from a much more private and trustworthy source than randoms on Hackernews...


Also, if the feds raide your home you will know that your data was compromised. Apple won/can't tell you..


> Also, if the feds raide your home you will know that your data was compromised.

Not necessarily: https://en.m.wikipedia.org/wiki/Sneak_and_peek_warrant


nope. it's only fractionally more difficult as "the man" has to physically come to your house.

additionally, email is more usefully between 2+ parties. For normal people, the other parties are very likely to be using a cloud email provider. I would not be surprised to learn that it is common to issue a warrant not for a specific recipient, but for anyone that has corresponded with a specific person, ie for the sender instead of the receiver -> google, give me all emails sent by user@foo to any user on your server.

this is actually a big problem of SMTP and a big weakness of helm. i didn't study the product but it seems that it would be difficult for a user to know (and prove) that another user is a helm'er. if data seizure is the issue you care about, protonmail and other such services are a better solution.


Not really. If you are under investigation, seizing your server is as simple as a search warrant. The challenge is accessing the data - if you've encrypted it well, it's impossible to access. However, on your own server, you may get complacent and allow some data leakage.

Major providers like Gmail and ICloud will have a longer and more convoluted process to provide your data to state actors, but analysing that data is going to be far easier since it will come in a standard format.

If your goal is to make your data difficult to seize, a better option is probably to self-host on either a cheap VPS or a corporate-grade cloud service. That keeps the data out of reach of a warrant on your home, and keeps it unreadable after they've actually jumped through the hoops to seize it from your provider.


On a VPS, full disk encryption is not effective because the keys can be dumped from the hypervisor.


Not to mention having to wake up in the middle of the night when the VPS provider decides to reboot your VM so you can decrypt the volume on boot. Been there, done that for years.


not a problem for SMTP, which is store-and-forward.


According to this page (https://thehelm.com/pages/technology), the following is logged.

* Name, address, payment information, domain, DNS records

* Device diagnostics (such as temperature), software versions, enabled services, connection status, connection type, serial number

* Anything related to customer support, including information customers provide

So plenty of information to uniquely identify a system. The last bullet is a little concerning as it seems to be a catch-all.


The last bullet isn't intended to be a catch-all but to reflect the fact that we can't control what customers provide us via customer support.


I don't see what the issue with uniquely identifying a system is. The main metadata of concern is what other mail servers are being interacted with.


If everything has to go through their relay, they can pretty easily see what mail servers are being interacted with.


Thanks.

Please see my other questions here. https://news.ycombinator.com/item?id=18243685


Yes, but they don't have to log that, and given the way the system is described there's no reason it would by default.


It sounds like the hardware device is an SMTP server that sends the email itself directly over encrypted SMTP.

So, what's the subscription for?


Regarding #3, let's work through two use cases. A) I'm at home and B) I'm on the road.

A) I can connect directly, no biggie.

B) I am assuming that you would require a port opened/forwarded in the firewall to work in this case. Is this correct?


Hi newman314, we have a gateway server that we as a company manage the gives you remove access back to your Helm. We do this without requiring you to poke holes in your firewall because the Helm establishes an outbound VPN connection to the gateway.


Thanks.

Please see my other questions here. https://news.ycombinator.com/item?id=18243685


A) I can connect directly

Can you? you'll probably need your own DNS resolver because if the clients are configured for my.custom.domain.com, it's not going to resolve to 10.10.10.10 and your connection is down. So you can have the box do that, but generally, split horizon DNS is a thing you don't want to set up in a set it and forget it install.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: