Hacker News new | comments | show | ask | jobs | submit login
Ask HN: Cloud Email with Strong Privacy
4 points by josephby 1602 days ago | hide | past | web | 5 comments | favorite
HELP! A client of mine is looking for an easy-to-use cloud-based email solution with strong privacy protection.

They've got four requirements:

1) no cleartext is stored in the cloud

The only way to read the mail is to enter a secret at the beginning of each session.

2) email is encrypted instantly upon receipt by the service

e.g. an SMTP daemon is running that encrypts each email using a public key and stores only the encrypted copy

3) email can only be read by the person who holds the secret

4) the mailbox should be easily accessible using a client application

And one non-requirement:

The solution doesn't have to protect plaintext emails from intercept in transit.

I'm not talking about encrypting emails between parties; I'm just talking about storing them securely while preserving ease of access

Something like this you're looking for? https://code.google.com/p/gpg-mailgate/

I think requirement 2 is a problem here.

If your cloud provider has the plaintext how can you trust it?

The solution doesn't have to protect against intercept-in-transit.

For example, suppose that this was implemented on a VPS on some random hosting provider, and I own all of the code on the VPS. The hosting provider could record all email traffic coming into that box, but that problem isn't in scope (and could be addressed with, say, openPGP).

Just store your mail in an EncFS or truecrypt container on your VPS then?

Who/what are you trying to defend against?

That might work; can either of these be configured with separate encrypt and decrypt keys?

Basically, if someone takes control of the hardware or software we're hoping that it would still be very difficult to get at the contents of the emails.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact