We have big plans for Whiteout Mail and today we'd like to share a few more pieces of the puzzle: Placing the mail client under the MIT open source license to encourage community participation, announcing support for trusted web hosting, and a preview of the premium services that we are working on.
Open Source License
We are very excited to announce that starting today, the complete Whiteout Mail client will be put under the MIT open source license. Our client code has been open for inspection from day one, but the MIT license will allow us to build Whiteout Mail together with a very diverse open source community. We welcome non-profit contributors as well as commercial partners at every level of the stack. This is why we are very excited to see that Mozilla is using our email.js libraries in the Firefox OS 2.1 mail client.
We hope Whiteout Mail will become for multi-device PGP and the Web what Thunderbird is for the desktop and we look forward to your contributions and ideas!
We understand that different users may have different threat models in mind when selecting a solution for encrypted email. This is why starting today we will support Whiteout for three levels of trust:
1. Packaged App Installation
This is the default and most secure mode. We provide official builds for Chrome, Android and iOS (coming soon). There is no need to trust us when using these apps, as they are installed as signed apps from an App Store and the installed source code can be compared with our tagged releases on GitHub.
2. Trusted Webhosting
Starting today, you will be able to download and install WM to your own trusted web server and use it in the browser. Use cases could include your company's server or setting up your own self-hosted solution.
The cool thing is that the IMAP/SMTP logic is still implemented completely in js on the client. TCP traffic is proxied with the TLS session terminated in the user's browser using socket.io and js-crypto (forge). This means that the proxy on the webserver will see only encrypted traffic and never any user data like IMAP/SMTP passwords or message contents.
Like the packaged app, user data such as your private PGP key, are persisted only on the client (in IndexedDB), and the app's code is even cached for offline use (using HTML5 AppCache). The Application can be installed to the device’s homescreen and is configured to notify the user when the AppCache is updated. This makes the user experience as transparent as possible and works similarly to updates via an App Store.
Since users are getting the js crypto code from the web server, there will be a trust relationship to that server. But if this is your own trusted server this is ok. The web server enforces CSP (Content Security Policy) and HSTS (HTTP Strict Transport Security) to mitigate cross site scripting and man-in-the-middle attacks.
3. Managed Webmail
The third mode of operation is managed hosting by us. Due to the TLS connection from the browser to the IMAP server, our proxy will never see any of your data. But you will be trusting the Whiteout webserver to deliver the correct code to your browser in this mode. The threat model for this approach is discussed here and we will do our best to inform users in plain english about the security trade-off they are making.
Note that this mode of operation does not protect users against active attacks from Whiteout Networks, e.g. should we receive a subpoena for a specific user. But it will protect users against passive attacks, like dragnet surveillance and wiretapping of government agencies.
We think it's important that users are able to make an informed decision about how much convenience they want to give up for security. If you're a concerned citizen and don't want too much hassle to protect your email privacy, this might be the right mode for you. Just open your favorite web browser and navigate to mail.whiteout.io.
Although the WM client is completely free and open source, we will offer paid options for power users and companies in the near future.
Fully encrypted Whiteout Mailbox
We will offer paid mailboxes under the wmail.io domain. This is a fully managed mailbox with extra privacy features built in.
Upon uploading your public PGP key to our key-server, all incoming messages will be encrypted on the fly to your public key before being stored on our servers (hosted in Europe). Also: unlike free mail providers like Gmail, we will not log user data or scan your emails to show you advertising. With Whiteout you are the customer, not the product!
Messages stored in wmail.io will only be accessible with the private PGP key, stored on your device. This will protect your messages at rest on the server against hackers and identity theft. You will even be able to use other mail clients with wmail.io (like Apple Mail together with GPGtools or Thunderbird with Enigmail).
Remember: your email address is your identity on the internet and now you can protect it with an extra layer of security.
Expect to hear more about how to sign up for early access to the Whiteout Mailbox private beta program.
Premium Services and Volume Licensing
Using the Whiteout Mail client is free. Users who want to get the best possible experience will be able to select a paid premium service, which includes automatic updates, secure key synchronization for multiple devices, as well as a support hotline. Organizations who are interested in deploying encrypted email across larger groups of users will benefit from our volume licensing program. Watch this space for further updates.