HackerTrans
トップ新着トレンドコメント過去質問紹介求人

amilich

no profile record

投稿

Encryption Bans – – – What Is This, Russia?

wsj.com
12 ポイント·投稿者 amilich·3 年前·1 コメント

Russia Blocks Skiff

skiff.com
2 ポイント·投稿者 amilich·3 年前·0 コメント

Encrypted Email Company Skiff Wants You to Sign Out of Google Workspace Forever

forbes.com
1 ポイント·投稿者 amilich·4 年前·0 コメント

Skiff end-to-end encrypted calendar launched

skiff.com
5 ポイント·投稿者 amilich·4 年前·0 コメント

Custom Domains with E2EE Mail

skiff.com
2 ポイント·投稿者 amilich·4 年前·1 コメント

Skiff – Private, Web3 Email

medium.com
4 ポイント·投稿者 amilich·4 年前·0 コメント

Use a crypto wallet for your email

skiff.com
3 ポイント·投稿者 amilich·4 年前·4 コメント

Skiff for Startups

skiff.com
2 ポイント·投稿者 amilich·4 年前·1 コメント

Private, Decentralized Collaboration

blog.ipfs.io
3 ポイント·投稿者 amilich·5 年前·0 コメント

コメント

amilich
·9 か月前·議論
Hey - really sorry to hear this - could you email me [email protected]? Here are 3 suggestions to try- 1. Reset your settings.json - if shared with vscode, sometimes settings can cause perf regressions 2. Could you try cmd-shift-p -> "capture and send debugging data"? Will send us some profiling data to debug 3. Clear your user data (will delete chats) as a last resort - cmd-shift-p, "reveal user data," close the app, then delete this folder and restart the app
amilich
·3 年前·議論
Thanks for sharing! PGP support has been a huge request and enables end-to-end encryption automatically between large email providers for one of the first times we know of.
amilich
·3 年前·議論
It's enough of other companies making money on our data. That's why I started Skiff (end-to-end encrypted email/docs/drive/calendar)! It's harder to build products E2EE but you get long-term trust from users.
amilich
·3 年前·議論
Hello :)

Skiff cannot access email content, subject, and header info. To/from/cc/bcc fields are not stored end-to-end encrypted, though.
amilich
·3 年前·議論
Few notes - iOS issue stems from a recent upgrade from an iframe to a webview. It's fixed on all mobile apps and versions. - All DMARC-failing mail does go to spam. - Caching images on receipt was examined but deemed impractical. It balloons email size from generally 50-150 KB to possibly multiple MB. Even for a personal mailbox, this could lead to 100s of GB being stored. Some version of this could be done on device or in the browser and temporarily stored. I actually think iOS either does this or will do this in the future.
amilich
·3 年前·議論
Thanks for the report. I am investigating this now.
amilich
·3 年前·議論
I just compared Skiff and Tutanota on your tool. The results were the same. Thank you for confirming this.
amilich
·3 年前·議論
It's very simple. One of them had access to user's private keys (Lavabit).

One never has access to user private keys (Skiff).
amilich
·3 年前·議論
That's why Skiff has had 4 security audits, not just 1 3 years ago. And, with multiple of the best auditors.
amilich
·3 年前·議論
No, I'm not joking. We do have this option, and it's consistent with the defaults across private mail providers. Still waiting for your list of the ones that don't load images by default.

It does not load the images. That's just patently false disinfo.
amilich
·3 年前·議論
Any security engineer would have a heart attack if any employee, friend, or colleague said "security audit stuff [doesn't] matter." I wouldn't use software that doesn't undergo security audits.

Also, pentest ≠ audit. Completely different!
amilich
·3 年前·議論
Actually, that's completely false. Security audits are a standard, reputable process for software. Trail of Bits is probably the best (or one of very few top) firms in this category. Check out: https://github.com/trailofbits
amilich
·3 年前·議論
That's just false. Downloading crypto libraries over the web plagued Javascript crypto for years. We use tweetnacl, stablelib, and webcrypto - and tweetnacl also uses webcrypto!
amilich
·3 年前·議論
Yes - privacy focused mail providers offer this as an option but do not enable it by default. Mainstream mail providers do not even have it as an option.
amilich
·3 年前·議論
We use an open-source mailserver (Haraka), but security audits are the most trustworthy way to do this. We've had 4: skiff.com/transparency. Audits cover infrastructure.
amilich
·3 年前·議論
What mail providers block all remote content by default?
amilich
·3 年前·議論
Skiff encrypts all received emails with user public keys immediately on receipt. This is quite clear in our security model page and whitepaper. Skiff does not have access to any user emails, including external received ones.
amilich
·3 年前·議論
No: Skiff does not have access to a single email stored on our platform, including ones received externally. All are public-key encrypted, including subjects and content.
amilich
·3 年前·議論
We also don't do this. In a near future implementation you can just synchronize the end-to-end encrypted search index.
amilich
·3 年前·議論
This sounds like a possible captcha error. Can you email me at andrew (at) skiff.com ? Sorry about this.