this post was submitted on 13 Jul 2026
-11 points (17.6% liked)

Privacy

10296 readers
638 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 3 years ago
MODERATORS
 

Full disclosure: I am the maker. I am not here to tell you it is perfect. I am here because this community is best at finding the holes, and I would rather you find them now.

Elusive (elusivemail.xyz) is encrypted email. The thing I care about is honesty over claims. The landing page has a two-sided ledger showing what is sealed to your key versus what the server can see. Most services bury the second half. I put it front and center.

Sealed to your key: message bodies, subject lines, attachments, the sender and recipient of every stored message, and in keyfile mode the key itself. Visible to the server: who a message is from and to at the moment it passes through, your account details, and incoming mail the instant it arrives, before it is encrypted to your key.

The crypto: keys are generated in your browser (OpenPGP.js, curve25519, Argon2id). Your password never leaves your device, the server only stores a hash, so it cannot derive your key. End-to-end by default, plus a keyfile mode where nothing stored can decrypt your mail.

Where I will not blow smoke: incoming external mail is plaintext at receipt, the envelope is visible at delivery time to route mail (no logs), and it is closed source right now.

The whole plan is public and numbered on the roadmap (elusivemail.xyz): open source everything at 300 users, then a public API, native apps, our own hardware in Switzerland, a multi-server split so no single machine holds everything, an independent audit at 4,000, and eventually an encrypted communicator and drive. If a number slips, the page says so. Watch the roadmap, not my word.

It is free, no ads, I make no money. What would make you trust it, or not? What did I get wrong?

you are viewing a single comment's thread
view the rest of the comments
[–] WhatAmLemmy@lemmy.world 4 points 16 hours ago

You're not gonna trust some rando on the internet with your sensitive data? You're crazy!