Spyke

Posts

Back with an update on Elusive: heard you on closed source

Posted here two days ago about the encrypted email thing I'm building, closed source at the time, said it'd open at 300 users. A bunch of you called that an immediate trust killer, and one comment stuck with me: "GPL will give you the best input into holes." Fair. Didn't wait for the number, opened it now.

Whole thing's public: server, browser crypto, storage layout, AGPL-3.0.

The part I'd actually pay attention to over "source is up somewhere": every build is signed by GitHub Actions itself, not by me by hand, no private key of mine sitting around for anyone to leak. The signature lands in a public log. There's a widget on the site that checks the live server against it, so you don't have to take my word that what's running matches what's in the repo.

Also since last time: forward secrecy per message, each one sealed to a key that's gone the second you read it. Outbound mail auto-encrypts too now if the recipient has a published key, used to be inbound only. And the columns that were still plaintext, username, aliases, read state, are ciphertext now.

Go find what's still broken. https://elusivemail.xyz/security https://github.com/elusivecloud/elusivemail

View original on lemmy.world
7

I built encrypted email that shows exactly what it can and can't see. Closed source today, opening at 300 users. Tear it apart

Full disclosure: I am the maker. I am not here to tell you it is perfect. I am here because this community is best at finding the holes, and I would rather you find them now.

Elusive (elusivemail.xyz) is encrypted email. The thing I care about is honesty over claims. The landing page has a two-sided ledger showing what is sealed to your key versus what the server can see. Most services bury the second half. I put it front and center.

Sealed to your key: message bodies, subject lines, attachments, the sender and recipient of every stored message, and in keyfile mode the key itself. Visible to the server: who a message is from and to at the moment it passes through, your account details, and incoming mail the instant it arrives, before it is encrypted to your key.

The crypto: keys are generated in your browser (OpenPGP.js, curve25519, Argon2id). Your password never leaves your device, the server only stores a hash, so it cannot derive your key. End-to-end by default, plus a keyfile mode where nothing stored can decrypt your mail.

Where I will not blow smoke: incoming external mail is plaintext at receipt, the envelope is visible at delivery time to route mail (no logs), and it is closed source right now.

The whole plan is public and numbered on the roadmap (elusivemail.xyz): open source everything at 300 users, then a public API, native apps, our own hardware in Switzerland, a multi-server split so no single machine holds everything, an independent audit at 4,000, and eventually an encrypted communicator and drive. If a number slips, the page says so. Watch the roadmap, not my word.

It is free, no ads, I make no money. What would make you trust it, or not? What did I get wrong?

View original on lemmy.world
-25

You reached the end