elusivemail

joined 1 day ago
[โ€“] elusivemail@lemmy.world 1 points 8 hours ago

Sorry you waited 15h for this, solo project so answers come when I'm awake. Good questions:

  1. Web only right now, no IMAP/Thunderbird yet, but client access is on the roadmap with the desktop and mobile apps. Coming, just not today
  2. Quick clarify so I'm straight with you: the OpenPGP encrypts your stored mail to your own key, so we're not interoperable PGP, outgoing mail leaves as normal email. Nothing between us and Proton/OpenKeychain to test there, so your Thunderbird issue is separate from us. If that interop matters to you, fair feature ask.
[โ€“] elusivemail@lemmy.world 0 points 1 day ago (2 children)

Haha, thanks, I appreciate that. Let me know how you get on with it. I'd love to hear what works, what doesn't, and anything that feels off. And yeah, keep an eye on that 300-user milestone. ๐Ÿ˜‰

[โ€“] elusivemail@lemmy.world -2 points 1 day ago (4 children)

Apreciate this, genuinely.

  1. Opening it at 11 users does nothing, nobody audits a nobody. Want a bit of recognition first, and honestly want it rock solid before the whole internet tears into it. Opens at 300, that's the deal.
  2. Fair one. "No money" means no ads, no data selling, no investors, not zero revenue ever. It's cheap to run now and I cover it myself. As it grows: donations first, then paying for capacity like storage and extra aliases, anonymous payment. Never charging for privacy itself.
  3. Honestly, we want to be real competition, not just another inbox. The goal is a full private cloud: mail, messaging and drive on the same keys, with real anonymity built in. Crypto itself is standard (OpenPGP, curve25519, Argon2), the bet is the honesty and the full anonymous stack, not fancier math. We're 11 users and a long way off, so judge the steps not the dream.
[โ€“] elusivemail@lemmy.world -3 points 1 day ago (2 children)

Fair. Want to build a bit of recognition first, then it all opens at 300, it's on the roadmap. Honestly til then I'd treat it as alias and disposable mail more than your main inbox. Once it's open and audited you can verify all of it yourself

 

Full disclosure: I am the maker. I am not here to tell you it is perfect. I am here because this community is best at finding the holes, and I would rather you find them now.

Elusive (elusivemail.xyz) is encrypted email. The thing I care about is honesty over claims. The landing page has a two-sided ledger showing what is sealed to your key versus what the server can see. Most services bury the second half. I put it front and center.

Sealed to your key: message bodies, subject lines, attachments, the sender and recipient of every stored message, and in keyfile mode the key itself. Visible to the server: who a message is from and to at the moment it passes through, your account details, and incoming mail the instant it arrives, before it is encrypted to your key.

The crypto: keys are generated in your browser (OpenPGP.js, curve25519, Argon2id). Your password never leaves your device, the server only stores a hash, so it cannot derive your key. End-to-end by default, plus a keyfile mode where nothing stored can decrypt your mail.

Where I will not blow smoke: incoming external mail is plaintext at receipt, the envelope is visible at delivery time to route mail (no logs), and it is closed source right now.

The whole plan is public and numbered on the roadmap (elusivemail.xyz): open source everything at 300 users, then a public API, native apps, our own hardware in Switzerland, a multi-server split so no single machine holds everything, an independent audit at 4,000, and eventually an encrypted communicator and drive. If a number slips, the page says so. Watch the roadmap, not my word.

It is free, no ads, I make no money. What would make you trust it, or not? What did I get wrong?