Mailelf - Encrypted Email for Everyone
Mailelf - Encrypted Email for Everyone
Mailelf brings encrypted email to your existing email accounts. Stop companies and governments from spying on your messages.
Mailelf brings encrypted email to your existing email accounts. Stop companies and governments from spying on your messages. Read more
About this project
Simple, Free, Government-level Security for your Email accounts.
Welcome to Mailelf - the private & encrypted email system you control. Stop anyone (even governments) from reading your personal messages. Mailelf won’t make you sign-up, pay-up, or join a new service! Designed to get the most secure email system into the hands of every Internet user on the planet.
Our privacy is important. Each of us should be able to share ideas and personal information without fear of repercussion. Unfortunately, in our modern world anyone with the know-how can eavesdrop on your email messages. In fact, companies and governments already spy on you every day.
Governments and criminals target our stored personal data on public services like Facebook and Google for their own purposes. Our identity and free speech are at stake. This problem will only continue to escalate if we don’t do something about it.
This is why we are bringing this urgent, and much-needed project directly to you.
Mailelf is a simple desktop application that anyone in the world can run without any technical or security knowledge. If you can use Gmail - you can use Mailelf - it is the solution to protecting your messages and controlling your data.
Simply download Mailelf, enter your email username and password (Gmail, Yahoo!, Hotmail, Apple, Hushmail, etc...) and you can begin reading and composing emails using your existing accounts in one convenient application which will add high bit length encryption to your messages when sending emails to other PGP or Mailelf users.
Mailelf encrypts your messages on your computer before it travels over the Internet, so that no one can read it along the way. (Encryption would be the equivalent of writing a letter, and shipping it inside a locked safe through the mail.)
Why Do We Need Our Own Encryption System?
When thousands of users store their decrypted data with an email service, someone from the NSA might come knocking. Recently, LavaBit and SilentCircle both closed their encrypted email service because of this issue. When too many people use a single site - the government is often attracted.
Governments aren’t the only organizations that gain access though. In addition, an outside company involved in a lawsuit might request the data because of a legal case requiring your provider to turn over the emails it has.
If you want encrypted emails, the best bet is to run the program yourself so you are not dependent on others, or part of a large target for some government agency.
The problem with running your own server is that most people are not tech-savvy enough to build, secure, and maintain our own servers, especially with all of the bells and whistles that mainstream email providers offer.
Mailelf is built to be simple and easy. By running your own application no one (not even us), has the ability to spy on the raw messages sent to you.
What Do You Mean By Encryption?
Mailelf is built on top of the existing PGP technology that has been used for years by governments and security professionals. Standard PGP/GPG email encryption uses RSA. The NIST has stated that 2048 bit RSA keys will be safe until 2030. We're not taking any chances though.
Mailelf defaults to using a minimum of 4096 bit RSA keys for our users (but will be compatible with current systems which use less secure keys). After our first stable release we will move into supporting Elliptic Curve Cryptography (the kind bitcoin uses) and an additional RSA + ECC double encryption system for those who are really paranoid.
Our goal is to continue to offer encryption schemes as technology continues to improve and new methods of securing our data evolve.
Where Are We Now?
Everyday more of our data is stolen forever. We realized that it was time to launch a Kickstarter project to help put the development and release of Mailelf on the fast-track to completion to equip you to keep your personal information safe.
We are currently working against an alpha prototype to get it ready for live use by our project backers. We are really excited about what we are building and want to get it into your hands.
Where Are We Going?
We want to secure email messages as fast as we can - which is why we are releasing the first beta version (with source code) to our backers in January. Lets start 2014 with security and privacy!
By pledging $15 or more you will be part of the beta-testing team that will be able to install, test, and begin using the system before we release it to the public. The rest of the world will get access to Mailelf (and it’s source code) after our first stable public release in March. From there, development will continue as we you vote on the features Mailelf needs most.
Who Are You?
My name is David Pennington and I’m the lead developer for the project. I have released many open source projects over the years used by hundreds of developers around the world. All of my work is completely free and licensed under the MIT so anyone can use it - Mailelf included.
However, I’m not the only one involved in the design of the Mailelf application. This project is a team effort and the money we raise will help to pay other designers and developers who are contributing to this project. We encourage more people to join the community.
I Want To Design My Own Inbox
You are in luck! We are building a modular plugin and theme system around Mailelf making it easy for anyone to invent a new way to sort, filter, or view their messages. While the default list-view of everything works well for most cases, projects like Immersion have shown us that there are a lot of possibilities when it comes to visualizing your data. Mailelf will not only protect your email, but it gives new power to find important connections and new ways of looking at your existing messages.
In fact, with Mailelf you don’t need to worry about someone changing your design when you like it.
A big focus is being able to bring many new and creative ideas to the email world without a large technical hurdle - especially for designers who often lead the innovation in user experience and creative interfaces.
How Difficult Will It Be To Install?
Don’t worry, ease-of-use is one of our primary goals. Mailelf will be very simple to run - just start the application and you can begin using it. It’s as simple as that. Unlike other mail systems, you don’t have to mess with complex dependencies or configuration files.
You can run it on any Windows, Mac, or Linux computer. In fact, you can even run off a USB drive or raspberry pi.
There are two options for those of you that want access to Mailelf on mobile devices (or computers away from home):
Upload Mailelf to a web server
However you use it, we will provide easy-to-follow videos to help you get going in no time.
If you are not a programmer - you can skip this section. Geekery to follow.
Mailelf is an self-contained "Go" application. Google Go is the ideal language for this type of project since it was designed to be lightweight, simple to develop with, and handle networking and concurrency with ease. Go compiles to a small, easy to download application binary which can be run on any computer.
For programmers who may not know Go, we are going to be recording a series of screencasts explaining the components and design of Mailelf so anyone can easily dive into the source code even if they have never written a Go application (it’s really easy to code in Go).
What About Storage?
Mailelf uses the embedded SQLite database for storage. SQLite is the most widely deployed SQL database engine in the world. In fact, if you are looking at this page in Firefox, on a Mac, or on your iPhone - you are already using it.
In addition to efficient resource usage, SQLite makes it easy to backup your email by providing a single SQLite database file which you can safely encrypt, backup, or delete whenever you wish. Perfect for TrueCrypt users.
** Entypo pictograms by Daniel Bruce — www.entypo.com
Risks and challenges
The biggest challenge in all types of software development is releasing the project on time. We believe the most important part of Mailelf is getting the system into the hands of you, the backers, as quickly as possible. The initial funding goal and our timeline has been calculated to meet this challenge with important milestones along the way to keep us focused and on schedule.
In all honesty, with such a small budget we know we will not be able to add every single unique feature that Gmail, Yahoo!, Outlook, Thunderbird and other mail clients might have. However, the funding we raise will go to the development of features that you, the project backers, vote on.
The second challenge we face is insuring that we learn from others mistakes. Encrypted email is nothing new, and we will continue to follow the best practices and approaches which have been established by the security work of those many talented penetration testers, mathematicians, and security experts which have gone before us.Learn about accountability on Kickstarter
Mailelf is targeted at people with existing email accounts so it's primary role is that of a mail client. We want everyone in your address book to easily run their own Mailelf application without changing anything.
However, many mail server features (like direct SMTP sending with graylisting support) are already planned which continues to edge Mailelf in the server direction as well. The programming language Mailelf is written in, Google Go, makes it well-suited for both tasks.
Mailelf encrypts messages before they are sent to the recipient. At the moment the recipient needs Mailelf (or some other PGP software/plugin) to decrypt the messages. Since it is Open Source software anyone can download it for free.
We are looking into a couple options for sending encrypted messages to users who don't want to download Mailelf. However, our goal is to make Mailelf super easy to install by removing the installation process most applications need so that everyone can get started quickly.
No one (not even other people running Mailelf) can decrypt a message sent between two Mailelf users. This is the primary goal of the software - bullet-proof transfer of private information. We will be pushing the highest bit length possible creating encrypted emails which will not be crack-able before the heat death of the universe.
Imagine SSL on steroids.
After Kickstarter and payment fees it's actually about $50,000. Then there are taxes.
The cost of writing software is often something that is underestimated. Current online email clients like Gmail, Yahoo!, Hotmail, and even Thunderbird or Outlook have millions of dollars in man-hours invested in them. Companies have spent years building and refining some of the most basic features we take for granted.
The fact is that it takes time and money to make quality products. We are asking for a lot less money than a single developer could make in a year. However, privacy for us and our friends and family is very important in our eyes. We are willing to put our careers on hold for a year to make Mailelf if it will help millions of people in the long run.
http://crypto.cat is a chat application while Mailelf is an email application.
Unlike PGP email, Cryptocat generates new key pairs for every chat which means that there is no way to verify that the person you are talking too is in fact who you think it is (even if the line is secure).
In short, cryptocat has had problems trying to build itself from scratch rather than being able to rely on tried-and-true components.
When you support Mailelf you are simply "pledging" to give only after we raise our full amount. If we do not meet the full $55,000 goal in pledges then you will not be charged anything. If you support our idea then pledge now so others will be encouraged to also support our work for free software and privacy!
No, we are just here to build the software. Mailelf is a self-contained powerhouse that (by design) does not rely on any third-party to function. If it did, then that third party could be compromised and weaken the system.
Since you will be running your own application the only person you need to trust is yourself. Like the saying goes; "In God we trust, all others bring data."
Any requirement to implicitly "trust" someone goes against our design goals.
Support this project
- (29 days)