First, the good news. There's been a lot of progress toward letting people talk to each other securely. Signal is amazing, and it showed the world that strong cryptography can be clean and easy to use even for our smart but nontechnical friends. It proved that end-to-end encryption is not just for nerds who use PGP and Linux and go to "keysigning parties".
WhatsApp is rolling out end-to-end encryption to 800 million people, most of whom have never heard the word "cryptography" and have no idea what a "key" is. It's incomplete and imperfect, but still a huge step forward.
Unfortunately, while been lots of progress for messaging apps, email is still insecure. This sucks because email is the system of record. Messaging apps come and go. The messages themselves are often ephemeral as well. If you lose your phone, all your SMS and all your Signal messages are gone. Messengers deal in plain text... sometimes you can add pictures or emoji.
Email is more real. It's an open standard. It lasts forever. It's global. It supports rich text and attachments and everything. It's the modern replacement for mail, for quills and parchment and envelopes. Here in America, the Fourth Amendment guarantees people
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures
That there could be a big building where bureaucrats rip open every letter, read it, reseal it, and send it on to its destination, like in East Germany, sounds ridiculous. We're a free country, that's not how we roll. And yet that extra letter, the e in email, the implementation detail where mail is sent digitally rather than on literal paper, seems to void those protections. In countries like China and Kazakhstan, people are even more vulnerable. It's a chilling thought: a democracy movement, like the one that liberated Chile 25 years ago, might be impossible today because we've accidentally made it easy for states to read all mail.
To fix this, end to end encryption must be the default--not just for WhatsApp, but for email. We also need metadata security. To protect freedom of association, an observer shouldn't be able to tell who's talking to whom.
1. You install a new mail app on your laptop. It's open source and well vetted.
2. You log into Gmail, your university mail, all the accounts you have. The app syncs your mail. You have a modern mail client with a nice UI and fast search, even when you don't have internet.
3. Bob installs the app as well. The next time you send him an email, it's automatically encrypted, signed, decrypted, & verified.
I want to do for email what Signal did for texts: I want to make end-to-end encryption easy.
Under the hood
Key exchange is automatic and centralized, like Signal. Encryption using Axlotl provides forward secrecy.
Finally, we want metadata security. We don't want to leak who's talking to whom, so we'll send all encrypted mail with a hardcoded From and Subject.
Of course, Bob's app will show him the real, decrypted From and Subject.
The last piece of the puzzle: we can’t just connect to our outgoing mail server directly. That would let it see your IP address and your recipient’s email address, again revealing both sides of the conversation.
Instead, we'll send all outgoing encrypted mail thru Tor.
Easy to use encrypted email, with modern crypto, providing both content and metadata security.
Could this work? Would you use it?
Let me know your thoughts!