Hacker News new | past | comments | ask | show | jobs | submit login
Mailpile: Email that protects your privacy (mailpile.is)
78 points by decentralizer 76 days ago | hide | past | web | favorite | 28 comments

So this is a mail client that by default deletes all the messages off of the mail server. So your privacy is still dictated by the mail server you choose to use, and then also your data integrity is 100% on you.

I'm not sure I understand how this improves privacy. It also makes things worse by making your email data more susceptible to being lost (which is different than protecting your privacy).

Unless your adversary has a time machine, deleting from the server protects your past e-mails from any server-side compromise.

That's not nothing. :-)

But you're right there are trade-offs. If you don't have good backups, you are indeed increasing the odds of data loss by managing the data yourself. That is also true of encryption of data at rest, you are increasing the odds of data loss to buy some protection against unauthorized access. There are always trade-offs.

I had grand visions for how Mailpile could help mitigate such issues by encrypting the mail and re-uploading back to an IMAP server. But I haven't gotten that written, so for now it's just an idea. Someday, I hope.

Disclaimer: I wrote Mailpile. :-D

To expand on this slightly, and illustrate:

I'm going to go out on a limb, and assert that THE most common attack performed against peoples' e-mail, is a jealous person who knows their partner's password logging on to their e-mail and reading their mail.

I know people who have done this. You probably do too.

People trust each other, people routinely tell their loved ones their passwords. And relationships routinely fall apart and trust is routinely violated.

Deleting from the server mitigates this problem and greatly reduces the window of opportunity for the attacker.

The privacy cost/benefit ratio for routinely deleting from the server probably beats every other privacy enhancing technique out there. Super simple, super effective.

Techies too often forget that privacy isn't just about the NSA, APTs and TLAs. The fact is, the people most interested in violating your privacy are the people who know you personally...

It means they can not be subpoenaed for a message that you have already received. That is an important distinction, since much of the time, not having received a given communication is a defense against its incriminating effect.

> It means they can not be subpoenaed for a message that you have already received

How so? Even if you delete a message in Gmail they can still be subpoenaed for it. And usually the subpoena is for metadata anyway, like who sent you a message and when. They still have all that data whether you delete the messages or not.

There’s some ruling that any mail left on the server for more than 60 days or so is considered abandoned and is essentially an all-you-can-eat buffet for law enforcement, even if you search/read it every day.

Source for that statement? I have never heard anything similar.


> In enacting the ECPA, Congress concluded that customers may not retain a "reasonable expectation of privacy" in information sent to network providers. . . [I]f the contents of an unopened message are kept beyond six months or stored on behalf of the customer after the e-mail has been received or opened, it should be treated the same as a business record in the hands of a third party, such as an accountant or attorney. In that case, the government may subpoena the records from the third party without running afoul of either the Fourth or Fifth Amendment.

Thanks, I misremembered the 6 months for 60 days.

The third party isn't even obligated to let you know that the subpoena happened - Google usually does (unless there's a gag order), but does not promise to AFAIK, and I am not aware of the policies of other providers.

This doesn't appear to support read receipt privacy, which is when the mail server caches tracking images on-delivery instead of on-read.

I shouldn't have to expose my email viewing habits just to get auto-displaying images in my email client.

That's an interesting idea.

I'd hesitate to implement it though, because of secondary risks. It would need to be thought through very carefully, and there are a whole bunch of abuse scenarios that would need to be avoided or mitigated.

As a rule, Mailpile does very little when it receives a mail - until the user has interacted with it, we have to assume the mail is junk and/or potentially hostile.

See the chapter on Oracles here: https://research.checkpoint.com/cryptographic-attacks-a-guid... - automatically triggering sender-controlled network access based on the contents of e-mail opens the door for such things.

This applies not only to cryptographic attacks, but also to more pedestrian exploitation of bugs in the app itself, or silly things like turning Mailpiles into DDoS attack robots.

It be better if it were actually a native application rather than a web 'app' that uses a local webserver instead of headless chrome. They've traded security for ease of cross platform development. That's not a great choice for software that markets itself based on those traits.

There are already scores of email clients with support for GPG, etc. However more and more people (probably an overwhelming majority nowadays) use webmail only. I suppose they're the intended target.

I myself plan to migrate all of my data to my own services at some point, I already moved away from DropBox to Nextcloud. That could be a good solution to move my family out of the evil gmail, for instance.

Now what I'd like to know is which is better of MailPile, RoundCube, Zimbra, and the many other webmails available...

Just as a heads-up, you should maybe have a look at mailcow and mail-in-a-box:

* https://mailcow.email/ * https://mailinabox.email/

which essentially provide the whole email stack in a relatively nice bundle it seems (I have not yet forced myself to migrate). I think mailpile and roundcube are just the "webmail" part of the stack.

vote for mailcow.

Have it running about half a year and am really happy about it.

If you have the time imho migrating is worth it.

You can transfer your old mails via imap to mailcow, so migrating is easy

It seems like this is designed to be accessed across multiple devices, say a desktop and a phone -- how would you implement something like that without a local or self-hosted webserver? The data has to sync somehow.

> Mailpile is an e-mail client! Mailpile is a search engine and a personal webmail server (...)

Does it run on my phone?

Yes, it is possible. You need to run as 'mailpile --www= --wait'

and go to https://[Local IP of Server]:33411

No, that is not running it on your phone. That is accessing it on your phone.

I just went to the download page and it says: "Mailpile packages are currently available for recent Debian-derived distributions, including Ubuntu. The packages are architecture-independent and should be compatible with most desktops, servers and embedded hardware (such as the Raspberry Pi). They have been tested on Debian 8, Debian 9 and Ubuntu 16.04 LTS."

So sounds like it will run on the Librem 5 at least.

You can probably run it on Android using Termux if it doesn't require root.

No one has built packages for that yet, but it shouldn't be too hard to use python-for-android's webview.


Which part?

I wrote [most of] Mailpile. I'll check back here now and then and try to answer any questions folks have.

I like this, but it looks tricky to setup. There is an old dogma that has existed for a long time where people are advised not to run their own mail client because it's rife with show-stopping quirks that require lots of heavy Googling to fix and amend.

Interesting that their FAQ says it's easy to setup, but I don't buy it, at least from previous experience of setting up clients. (I once had to harden my VPS server rather substantially because they are juicy targets for hackers)...And I also once had to make it survive a reboot incase of too many connections were made by people trying to boot the machine offline (DDOS)


> How hard will it be to install Mailpile?

> It should simply be a double-click to launch an installer on Windows, or dragging an app to the Applications folder on the Mac.

> On Linux we hope to provide native packages for most of the popular distributions.

from what I’ve read in threads on hn, I thought there was a large chance that your email gets blocked by gmail when hosting your own mail, and that you have to worry more about availability.

I would love to host my own mail though. Am I mistaken, or does mailpile solve those for you?

As long as you use a VPS with a dedicated IP and configurer DKIM and SPF correctly gmail doesn't block you.

A easy solution for selfhosting would be mailcow.

Setup is basically a shell script which sets up the docker containers.

Backup and update is also just a shell script. Includes spamfilter and a nice webgui as well as the sogo webmail.

Mailpile is just a client, it has no bearings on the privacy.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact