How we operate

The Snowden publications gave rise to a new breed of applications and services, most of which follow Bruce Schneier's advice: "Encrypt everything". Still, not all of those are created equal. Some weigh convenience over privacy, others provide anonymity. Some focus on ease of use, others are tools for crypto experts. Different needs for privacy or anonymity require a refined set of rules to make a choice for one service over another.

At Whiteout Networks, we strongly believe that privacy and ease of use is what sets us apart. The services provided by Whiteout are crafted with a particular set of rules in mind:

  • Your data is yours.
  • Your data is encrypted.
  • We can't read your data.
  • You don't need to take our word for it.

Your data is yours.

Every user can join or leave the Whiteout services at any time. There is no artificial lock-in, you are free to take your encryption keys with you or bring your own keys. We strongly believe in open standards, especially OpenPGP which has been tested time and time again. If it is good enough for the world's leading security experts, it is good enough for us.

You want to bring you own encryption keys? Fine!
You want to stay at your current mail provider? Fine!
You want to be interoperable with other OpenPGP mail clients? Fine!

Your data is encrypted.

No sensitive data is stored or sent in the clear. Ever. There is just no way around that and we believe that this is the only way to ensure real privacy.

We can't read your data.

Encryption and decryption happens on the client and nowhere else. We take pride in providing uncompromised end-to-end encryption. If you hand over data to our services, it was encrypted by you before. If the client receives data from our Whiteout services, it will be decrypted by you. You are the only person that has access to the decryption keys, and this is the way it should be.

This sets us apart from other approaches, most notably the web mailers where encryption is handled for you on the server. If our services should get compromised at any point by any type of adversary, we simply can't compromise your privacy. We didn't trust ourselves when we develop our services, so you don't have to, either.

You don't need to take our word for it.

Encryption happens on the client, with the source code open for inspection. On top of that, there are regular audits by independent security and cryptography experts.