HackerTrans
TopNewTrendsCommentsPastAskShowJobs

amilich

no profile record

Submissions

Encryption Bans – – – What Is This, Russia?

wsj.com
12 points·by amilich·3 lata temu·1 comments

Russia Blocks Skiff

skiff.com
2 points·by amilich·3 lata temu·0 comments

Encrypted Email Company Skiff Wants You to Sign Out of Google Workspace Forever

forbes.com
1 points·by amilich·4 lata temu·0 comments

Skiff end-to-end encrypted calendar launched

skiff.com
5 points·by amilich·4 lata temu·0 comments

Custom Domains with E2EE Mail

skiff.com
2 points·by amilich·4 lata temu·1 comments

Skiff – Private, Web3 Email

medium.com
4 points·by amilich·4 lata temu·0 comments

Use a crypto wallet for your email

skiff.com
3 points·by amilich·4 lata temu·4 comments

Skiff for Startups

skiff.com
2 points·by amilich·4 lata temu·1 comments

Private, Decentralized Collaboration

blog.ipfs.io
3 points·by amilich·5 lat temu·0 comments

comments

amilich
·9 miesięcy temu·discuss
Hey - really sorry to hear this - could you email me [email protected]? Here are 3 suggestions to try- 1. Reset your settings.json - if shared with vscode, sometimes settings can cause perf regressions 2. Could you try cmd-shift-p -> "capture and send debugging data"? Will send us some profiling data to debug 3. Clear your user data (will delete chats) as a last resort - cmd-shift-p, "reveal user data," close the app, then delete this folder and restart the app
amilich
·3 lata temu·discuss
Thanks for sharing! PGP support has been a huge request and enables end-to-end encryption automatically between large email providers for one of the first times we know of.
amilich
·3 lata temu·discuss
It's enough of other companies making money on our data. That's why I started Skiff (end-to-end encrypted email/docs/drive/calendar)! It's harder to build products E2EE but you get long-term trust from users.
amilich
·3 lata temu·discuss
Hello :)

Skiff cannot access email content, subject, and header info. To/from/cc/bcc fields are not stored end-to-end encrypted, though.
amilich
·3 lata temu·discuss
Few notes - iOS issue stems from a recent upgrade from an iframe to a webview. It's fixed on all mobile apps and versions. - All DMARC-failing mail does go to spam. - Caching images on receipt was examined but deemed impractical. It balloons email size from generally 50-150 KB to possibly multiple MB. Even for a personal mailbox, this could lead to 100s of GB being stored. Some version of this could be done on device or in the browser and temporarily stored. I actually think iOS either does this or will do this in the future.
amilich
·3 lata temu·discuss
Thanks for the report. I am investigating this now.
amilich
·3 lata temu·discuss
I just compared Skiff and Tutanota on your tool. The results were the same. Thank you for confirming this.
amilich
·3 lata temu·discuss
It's very simple. One of them had access to user's private keys (Lavabit).

One never has access to user private keys (Skiff).
amilich
·3 lata temu·discuss
That's why Skiff has had 4 security audits, not just 1 3 years ago. And, with multiple of the best auditors.
amilich
·3 lata temu·discuss
No, I'm not joking. We do have this option, and it's consistent with the defaults across private mail providers. Still waiting for your list of the ones that don't load images by default.

It does not load the images. That's just patently false disinfo.
amilich
·3 lata temu·discuss
Any security engineer would have a heart attack if any employee, friend, or colleague said "security audit stuff [doesn't] matter." I wouldn't use software that doesn't undergo security audits.

Also, pentest ≠ audit. Completely different!
amilich
·3 lata temu·discuss
Actually, that's completely false. Security audits are a standard, reputable process for software. Trail of Bits is probably the best (or one of very few top) firms in this category. Check out: https://github.com/trailofbits
amilich
·3 lata temu·discuss
That's just false. Downloading crypto libraries over the web plagued Javascript crypto for years. We use tweetnacl, stablelib, and webcrypto - and tweetnacl also uses webcrypto!
amilich
·3 lata temu·discuss
Yes - privacy focused mail providers offer this as an option but do not enable it by default. Mainstream mail providers do not even have it as an option.
amilich
·3 lata temu·discuss
We use an open-source mailserver (Haraka), but security audits are the most trustworthy way to do this. We've had 4: skiff.com/transparency. Audits cover infrastructure.
amilich
·3 lata temu·discuss
What mail providers block all remote content by default?
amilich
·3 lata temu·discuss
Skiff encrypts all received emails with user public keys immediately on receipt. This is quite clear in our security model page and whitepaper. Skiff does not have access to any user emails, including external received ones.
amilich
·3 lata temu·discuss
No: Skiff does not have access to a single email stored on our platform, including ones received externally. All are public-key encrypted, including subjects and content.
amilich
·3 lata temu·discuss
We also don't do this. In a near future implementation you can just synchronize the end-to-end encrypted search index.
amilich
·3 lata temu·discuss
This sounds like a possible captcha error. Can you email me at andrew (at) skiff.com ? Sorry about this.