Hey - really sorry to hear this - could you email me [email protected]? Here are 3 suggestions to try-
1. Reset your settings.json - if shared with vscode, sometimes settings can cause perf regressions
2. Could you try cmd-shift-p -> "capture and send debugging data"? Will send us some profiling data to debug
3. Clear your user data (will delete chats) as a last resort - cmd-shift-p, "reveal user data," close the app, then delete this folder and restart the app
Thanks for sharing! PGP support has been a huge request and enables end-to-end encryption automatically between large email providers for one of the first times we know of.
It's enough of other companies making money on our data. That's why I started Skiff (end-to-end encrypted email/docs/drive/calendar)! It's harder to build products E2EE but you get long-term trust from users.
Few notes
- iOS issue stems from a recent upgrade from an iframe to a webview. It's fixed on all mobile apps and versions.
- All DMARC-failing mail does go to spam.
- Caching images on receipt was examined but deemed impractical. It balloons email size from generally 50-150 KB to possibly multiple MB. Even for a personal mailbox, this could lead to 100s of GB being stored. Some version of this could be done on device or in the browser and temporarily stored. I actually think iOS either does this or will do this in the future.
No, I'm not joking. We do have this option, and it's consistent with the defaults across private mail providers. Still waiting for your list of the ones that don't load images by default.
It does not load the images. That's just patently false disinfo.
Any security engineer would have a heart attack if any employee, friend, or colleague said "security audit stuff [doesn't] matter." I wouldn't use software that doesn't undergo security audits.
Actually, that's completely false. Security audits are a standard, reputable process for software. Trail of Bits is probably the best (or one of very few top) firms in this category. Check out: https://github.com/trailofbits
That's just false. Downloading crypto libraries over the web plagued Javascript crypto for years. We use tweetnacl, stablelib, and webcrypto - and tweetnacl also uses webcrypto!
Yes - privacy focused mail providers offer this as an option but do not enable it by default. Mainstream mail providers do not even have it as an option.
We use an open-source mailserver (Haraka), but security audits are the most trustworthy way to do this. We've had 4: skiff.com/transparency. Audits cover infrastructure.
Skiff encrypts all received emails with user public keys immediately on receipt. This is quite clear in our security model page and whitepaper. Skiff does not have access to any user emails, including external received ones.
No: Skiff does not have access to a single email stored on our platform, including ones received externally. All are public-key encrypted, including subjects and content.