Saturday, July 23, 2011

Neomailbox: a secure alternative to Gmail

If you have a Gmail account, Google scans your emails. Sounds harsh, but it's true. Of course, the reason why they scan your emails is to generate relevant advertising. The more relevant the ads, the more likely you'll click. And so, Google is literally scanning every message you receive.
So they're mining our email communications. Anonymously, we assume. And just for advertising purposes, we assume. After all, Google's motto is "do no evil".
For many people however, the scope of Google's data mining and user profiling system is not adequately defined. And they feel that these practices eliminate the concept of email privacy altogether. And that the "do no evil" motto is not good enough.
Fair enough. So what are the alternatives?
Every other 'big brand' email provider has adopted similar email scanning technology. Hotmail and YMail both offer a slick interface, loads of storage and the key features - but oh by the way, your emails will never really be absolutely private.
But let's ask a bigger question... in today's world, is any email message private ? Even with a theoretical 'secure and encrypted' email provider, it is by no means a stretch of the imagination to assume that your email conversation remains subject to 'exposure' at the lower levels of the communication chain.
An Opposing Trend
As governments, ISPs, and corporations accelerate the erosion of online privacy and anonymity - it's more important than ever for nerds to take measures to protect their information. To give patronage to those companies and organizations who DO respect privacy and anonymity. And to invest our nerd skills into developing systems that can evolve beyond short-sighted political tactics.
One such company is Duck Duck Go Inc. The new search engine - founded on these very principals - is a fast, kick-ass, and viable Google alternative; with an open commitment tonever tracking it's users.
So great, we have a secure alternative to Google search. But what about Gmail? To date, DuckDuckGo has no answer; no email service.
Recently though, founder Gabriel Weinberg speculated on a possible collaboration with Trancecrypt, a secure email provider - otherwise known as Neomailbox.
I can't speak to whether or not Gabriel will team up with Trancecrypt to bring a private labelled, customized version of Neomailbox for Duck fans. But I can take an objective look at it and share my review of Neomailbox in it's current form. 
iPad schedule with Apple notes

Before we take a peek at the inbox - let's find out why their service is more supposedly more secure than Gmail. The first thing that jumped out at me was the offshore servers. Neomailbox provides the option to host your email in Switzerland, rather than on US servers.

We believe that this traditional respect for privacy, both guaranteed in the Swiss Constitution and reinforced by many legislative and judicial decisions, makes Switzerland an ideal location for premium private email hosting.


That's one step in the right direction.
Secondly, Neomailbox has a set of core secure features including encryption at multiple levels, support for hardware authentication, and a generally secure infrastructure as the backbone of it's email service. But I'm no encryption or security expert, so a lot of the features are mostly rhetoric for all I know (though I'm assuming more security features are a good thing) . What I am most concerned with is the ability for my emails to be compromised at the lowest levels of the communication chain: namely at the ISP. Because none of these features matter all that much if unwarranted access is simply handed over via request by [insert government, authority, or big brother agency here].
Honestly, I'm not paranoid - this is just something every person on the planet should expect. Private communication is our right. Whether it's a phone call, an email, or a text message: nobody else but me and my recipients have the right to join in.
Encryption and other means of security technology help us reaffirm that right. But is it enough? Because if a military agency can simply install a backdoor surveillance system to gain access to our data, none of those 'top layer' security features mean anything. Already ISPs are facing pressure by the U.S. government to keep logs on it's customers indefinitely. Which in itself a fundamental fundamental violation of privacy. Having the NSA actively monitoring our messages in real time? Not cool.
Of course, if you're using Gmail - by Google, a company known to have contracts with the NSA- you have to assume your messages are already open to 'third party' scrutiny. And heck, for most Gmail users this isn't a big deal. It's just a casual email account anyway. Yet there are over a million businesses that use Google Apps, the private label Gmail solution for businesses. Should these million + companies be concerned ? Is "do no evil" good enough for them too?
Encryption FTW
Yet encryption does give us hope. After all, even if our data is exposed and actively downloaded to a 'third party' - theoretically they would still have to break the encryption; crack the code to see any real 'meat' in our messages. In a perfect world, we wouldn't be required to go to such extents to prevent unwarranted compromise in our communication - but at least we have encryption right? Well, turns out - even that isn't a guarantee.
The most promising form of email encryption, PGP - a form of 'asymmetric' key encryption, requires that both parties have their own 'public key'. Since A) you need to know your recipients public key before you send one and B) 99% of everyone you send email to will not likely have one anyway, true email encryption is not practical for every email sent. But it can at least provide you and your close network of people a way to send private, encrypted emails. That hopefully, cannot be cracked by a third party. It's quite possible that PGP (or the open source GPG) emails could be cracked with enough computing power, but at the very least - you ensure your messages are not blatantly exposed in real time.
In addition to their plethora of other security features, Neomailbox supports OpenPGP encryption. Another step in the right direction.
Interestingly, Google also supports PGP. But here's the thing: even with PGP encryption enabled you still get ads. Your PGP encrypted messages are 'unpacked' on Google's servers so they can be scanned. Since Neomailbox doesn't scan messages it can be assumed there is a higher level of encryption integrity.
The Inbox
Neomaibox users can login to the webmail from neomailbox.net/w
The super clean layout of the login screen is indicative of the overall theme for Neomailbox webmail. Simple, crisp, without ads or clutter.
Neomailbox login
The webmail inbox itself initially presents a three column layout. It's similar to Twitter, in how you can click on a message in one column, and the expanded version + details will show on the right.
Neomailbox inbox (column view)
Alternatively, you can view the inbox in a traditional list mode.
Neomailbox inbox (column view)
Everything is AJAX, though it's not quite as snappy as Gmail. And Neomailbox lacks alternate themes (unlike Gmail's rich supply of them). Yet one thing that Neomailbox does have on Gmail, is a feature that people have been asking Gmail to do for years: tabs.
Neomailbox tabs
The Neomailbox UI has a built in tab shelf. Whenever you open an existing message or compose a new message a new tab will be opened. The functionality is similar to how Yahoo! Mail does it. Unlike YMail however, there are built-in tabs for settings, contacts, and the inbox itself. This is smart UI. Plus the tabs are big and easy to find: directly at the top where you expect to find them.
And again, I can't stress enough - there are no ads and typical 'big brand' clutter-links.
Of course, the webmail interface doesn't matter much if you use desktop email software such as Mozilla Thunderbird. In either case, Neomailbox is fast and secure.
And if you're not a fan of the @neomailbox.net account name: you can specify your own custom domain.
Overall, the Neomailbox webmail truly is a viable alternative to Gmail. I highly recommend it.

0 comments:

Post a Comment