I'm not sure I understand how this improves privacy. It also makes things worse by making your email data more susceptible to being lost (which is different than protecting your privacy).
That's not nothing. :-)
But you're right there are trade-offs. If you don't have good backups, you are indeed increasing the odds of data loss by managing the data yourself. That is also true of encryption of data at rest, you are increasing the odds of data loss to buy some protection against unauthorized access. There are always trade-offs.
I had grand visions for how Mailpile could help mitigate such issues by encrypting the mail and re-uploading back to an IMAP server. But I haven't gotten that written, so for now it's just an idea. Someday, I hope.
Disclaimer: I wrote Mailpile. :-D
I'm going to go out on a limb, and assert that THE most common attack performed against peoples' e-mail, is a jealous person who knows their partner's password logging on to their e-mail and reading their mail.
I know people who have done this. You probably do too.
People trust each other, people routinely tell their loved ones their passwords. And relationships routinely fall apart and trust is routinely violated.
Deleting from the server mitigates this problem and greatly reduces the window of opportunity for the attacker.
The privacy cost/benefit ratio for routinely deleting from the server probably beats every other privacy enhancing technique out there. Super simple, super effective.
Techies too often forget that privacy isn't just about the NSA, APTs and TLAs. The fact is, the people most interested in violating your privacy are the people who know you personally...
How so? Even if you delete a message in Gmail they can still be subpoenaed for it. And usually the subpoena is for metadata anyway, like who sent you a message and when. They still have all that data whether you delete the messages or not.
> In enacting the ECPA, Congress concluded that customers may not retain a "reasonable expectation of privacy" in information sent to network providers. . . [I]f the contents of an unopened message are kept beyond six months or stored on behalf of the customer after the e-mail has been received or opened, it should be treated the same as a business record in the hands of a third party, such as an accountant or attorney. In that case, the government may subpoena the records from the third party without running afoul of either the Fourth or Fifth Amendment.
The third party isn't even obligated to let you know that the subpoena happened - Google usually does (unless there's a gag order), but does not promise to AFAIK, and I am not aware of the policies of other providers.
I shouldn't have to expose my email viewing habits just to get auto-displaying images in my email client.
I'd hesitate to implement it though, because of secondary risks. It would need to be thought through very carefully, and there are a whole bunch of abuse scenarios that would need to be avoided or mitigated.
As a rule, Mailpile does very little when it receives a mail - until the user has interacted with it, we have to assume the mail is junk and/or potentially hostile.
See the chapter on Oracles here: https://research.checkpoint.com/cryptographic-attacks-a-guid... - automatically triggering sender-controlled network access based on the contents of e-mail opens the door for such things.
This applies not only to cryptographic attacks, but also to more pedestrian exploitation of bugs in the app itself, or silly things like turning Mailpiles into DDoS attack robots.
I myself plan to migrate all of my data to my own services at some point, I already moved away from DropBox to Nextcloud. That could be a good solution to move my family out of the evil gmail, for instance.
Now what I'd like to know is which is better of MailPile, RoundCube, Zimbra, and the many other webmails available...
which essentially provide the whole email stack in a relatively nice bundle it seems (I have not yet forced myself to migrate).
I think mailpile and roundcube are just the "webmail" part of the stack.
Have it running about half a year and am really happy about it.
If you have the time imho migrating is worth it.
You can transfer your old mails via imap to mailcow, so migrating is easy
Does it run on my phone?
and go to https://[Local IP of Server]:33411
So sounds like it will run on the Librem 5 at least.
Interesting that their FAQ says it's easy to setup, but I don't buy it, at least from previous experience of setting up clients. (I once had to harden my VPS server rather substantially because they are juicy targets for hackers)...And I also once had to make it survive a reboot incase of too many connections were made by people trying to boot the machine offline (DDOS)
> How hard will it be to install Mailpile?
> It should simply be a double-click to launch an installer on Windows, or dragging an app to the Applications folder on the Mac.
> On Linux we hope to provide native packages for most of the popular distributions.
I would love to host my own mail though. Am I mistaken, or does mailpile solve those for you?
A easy solution for selfhosting would be mailcow.
Setup is basically a shell script which sets up the docker containers.
Backup and update is also just a shell script.
Includes spamfilter and a nice webgui as well as the sogo webmail.
Mailpile is just a client, it has no bearings on the privacy.