Skiff.com and MsgSafe.io "secure email providers" sold.

edited February 10 in General

Skiff was frequently recommended as a great, "secure" and free alternative to Proton with custom domain support(in free plan). It was created by a small team of "trendy developers" paid by Venture Capitals, it was supposed to be "enterprise" Proton/Tuta alternative. Their infrastructure was entirely "cloud" based on Amazon using their "cloud" components and then allegedly encrypted and stored this way. It of course doesn't prevent Amazon from saving the email in plaintext making it even easier as they were using Amazon Mail Relays.

They were sold to another "trendy" and "enterprise" platform called Notion(with very similar backstory, Venture Capital baby).

Users have to export their data in 6 months with no exact date of closure stated.
Their "announcement" is puke inducing, they are of course kicking you out for your own good and they are "excited" about it :)
https://skiff.com/data-migration

MsgSafe was a known and "offshore" encrypted email provider frequently used by people censored by conventional providers. They operated out of Curaçao with own servers and network located there. It was operated by company called TrustCor which specialized in digital certificates. Said company is officially closing their doors unlike MsgSafe which is supposed to be sold to unknown 3rd party.
TrustCor started crumbling after Mozilla and Microsoft have removed its root certificates from their systems, making certificates pretty much useless.
Reason stated was alleged ties to U.S Intelligence exposed by some Washington Post journo.

Users have to export their data until February 29, 2024, its unclear at this point if MsgSafe will come back afterwards and in what form.

Comments

  • Team proton for lyf

    Team push-ups!

  • Just another VC-backed bullshit spitting in customers' faces.

    @treesmokah said: Reason stated was alleged ties to U.S Intelligence exposed by some Washington Post journo.

    Nice detective work from the WaPo.

  • edited February 12

    @Astro said:
    Team proton for lyf

    Not much better security/privacy wise than ones above, but should be good for most people. Its reliable and at least promises to not sell your customer data(only thing I would believe out of all their marketing, they have other subscription-based so selling emails to advertising companies doesn't really make sense).
    Tuta(nota) is also pretty sweet, I use it personally. Only 2 things I lack is mass export of email(for offsite backup) since they don't offer IMAP, but backup exports is something they are working on. I also wish they would offer a bridge similar to Proton, especially a CLI version of it allowing you to utilize it on headless environments and scripts. For most users none of these things are a concern, Tuta apps are excellent.

  • is proton and tuta offering pop3/imap and smtp? if not, they are out.

  • edited February 12

    @lapua said:
    is proton and tuta offering pop3/imap and smtp? if not, they are out.

    Both don't, due to client side encryption/decryption requirement.
    Proton offers a "bridge" which is a proxy running on your desktop allowing you to connect to your local client, but its not cross platform and isn't an ideal solution to this problem.

    There is a paradox of "security" these providers offer;
    They don't want to use server-side encryption for clients(enabling you to use pop3/imap/smtp just fine) because of having to store private keys in memory and it could be used against them in some backdoor govt case.
    But Email isn't end to end encrypted, their "relays" get plaintext emails and then encrypt it using whatever ciphers proton is using. It still leaves room for a Govt to requests backdoors at.
    Only way for E2E encryption to work would be both sides using a provider like Proton, but its very impractical and is it really even an Email anymore? Email was supposed to be decentralized, so if you gonna do something to it, at least make it work not only in proprietary environments. They took Email protocol and made it less practical and functional.

    What about PGP? Great for client side encryption using software of your choice, but you still leave metadata around. You cannot encrypt headers, destination, etc. Metadata is commonly used for correlating activity by Govt's and Feds, often more valuable than the content itself.

    I'd prefer a trusted encrypted email provider with server-side encryption, proper system configuration(sensitive shit only in ram and for short period of time) and in jurisdictions that doesn't allow for covert backdoors. Encryption at rest(the best you gonna get with email really) is useful, and I'm not a fan of how Proton and Tuta do it, their selling points often don't make sense when you really think about it.

    Email cannot be totally secure, and will never be, no matter how they sugarcoat it with buzzwords and "innovations" of the week. One way or another, you have to put a lot of trust in to provider, there is no way to make it universally or auditably encrypted, best you gonna get is proprietary closed systems like Proton(user->user communication), which can be hardly called Email.

    A lot of these "secure email providers" use deceptive or misleading advertising to make them like solution to a problem that will still exist even while using their product. Very similar to misleading advertising of VPN providers, NordVPN, ExpressVPN, ... and other scummy and shady providers you see everywhere.
    Privacy scene is and will be "dirty", on one side you have scummy corporations using misleading and untrue claims to claim their product is amazing and catering to harmless normies, on the other side you have criminals using provably secure solutions and catering to other criminals so feds have an issue with it or simply feds operating a honeypot. If something sounds too good to be true, it often is. I wish there was more middle ground companies, such as Mullvad or IVPN who cater to legitimate audience but still have ethics and offer genuine solutions to genuine problems.

    Thanked by (3)lapua bikegremlin Richard
  • edited February 12

    @lapua said:
    is proton and tuta offering pop3/imap and smtp? if not, they are out.

    proton does, sadly not free.

  • @ascicode said:

    @lapua said:
    is proton and tuta offering pop3/imap and smtp? if not, they are out.

    proton does, sadly not free.

    smtp/imap but no pop3 -> https://proton.me/support/imap-smtp-and-pop3-setup

  • Mailfence does offer Pop3/Imap and smtp in paying plans. Webdav, CalDAV and CardDAV in free plans. More info here: https://kb.mailfence.com/categories/mailfence-and-external-clients/

  • @treesmokah said: There is a paradox of "security" these providers offer;

    Remind me a lot of the arguments in the DNSSEC fiasco.

  • mailfence actually made a good impression and would be worth a try. but then i read this - https://mailfence.com/en/terms.jsp?forcelg=en - and with recognition of this whole listing, the service is actually not usable at its core.

Sign In or Register to comment.