@obra Thanks for the feedback!
We would be just as sceptical as you of someone rolling out their own crypto.
However, if you look into the details, there are very good reasons why neither PGP nor S/MIME is suitable for us.
It is irresponsible to design crypto software in 2015 that still depends on SHA1. So OpenPGP and S/MIME up to version 3.1 are out.
We want to encrypt subject lines, so both PGP and S/MIME are out.
Our crypto container has many other advantages. For example, it is provably CCA secure, as has been confirmed in an independent audit.
None of this means that we do not want to support PGP and S/MIME. It's just that we don't currently have the resources to implement them as well.
Hey Jack! Thanks for the hunt!
We created M when we realised that email encryption is still far too complicated. Our vision is an email app with simple, foolproof encryption by default.
M is free for personal use, with no in-app purchases or anything like that. We don't collect any data on our personal users. In fact, since encrypted emails are still routed via the usual providers, we don't even know who our users are.
Encryption between M users is enabled by default. All you need to do is send an open message back and forth.
Many improvements are on the way. For example, using M on multiple devices will become dramatically simpler in future versions.
We are a team of three developers who have worked very hard to create beta versions for Mac and iOS as well as an Outlook plug-in in alpha. An Android app is also in the pipeline.
Your feedback and questions are very much appreciated.
Edit: A bug in Apple’s key chain is currently preventing new users on Mac OS from sending encrypted messages. We have submitted a fix and requested an expedited review. iOS should be working fine.
Report
@lksnmnn Can you please explain the team expertise in terms of encryption and technology?
@llabball@lksnmnn Sure!
We are all mathematicians/computer scientists.
I studied Mathematics in Cambridge and then got a PhD in Computer Science from Oxford. Lukas is studying Computer Science and Marco holds a PhD in Mathematics from Universität Tübingen.
Since we get no money out of Mynigma, we have occasional part-time jobs as app developers and IT security consultants.
It is fair to say that the mathematical/cryptographic side of things is our comfort zone. We are also very grateful to be able to rely on a number of mentors (professors from places like Oxford, FU Berlin and TU Berlin), who are leading experts in their fields and have published on the subject for years. A lot of work and expertise has gone into creating our crypto and we take great pride in getting the details right.
A security critical case aside the email encryption is the communication (Auth/Encryption) with the mail server. Can you explain what you care about (e.g. Chiphers, FPS, Heartbleed ...)? We don't have to go deep into technical details but it would be interesting to read about your position when it comes to decide to lower the security level or shut out potential customers.
@llabball Thanks again for your interest.
Of course we encourage the use of up-to-date ciphers and PFS, but we do not shut out users whose providers don't follow best practices. It is a real conundrum for us, since we care about our users' security, but errors like "Your provider's SSL settings do not support cipher XY. Please switch your provider." are certainly not the way to widespread adoption of proper email encryption.
After all, these problems are just another good reason to use end-to-end encryption. Users with providers whose security is sloppy need it even more.
Report
Do I need other people to download the app as well, or they would still receive my mail?
@jakemor With mass surveillance and other threats to privacy, security and thus democracy on the rise, now seems a lot better than later.
Why not earlier? Well, building a usable solution for secure email encryption is simply a hard problem.
As for the bad guys: they could always use existing solutions like PGP. And there are a lot more good guys who need proper protection.
Report
if you don't want to get hacked but still want to connect and share use InnerGroup www.innergroupapp.com no data collection, no ads, no selling of your data, end to end encryption, no server retention of your posts.
Keyboardio
M for iOS
M for iOS
M for iOS
Hustle X
M for iOS
M for iOS
Superwall
M for iOS