New on LowEndTalk? Please Register and read our Community Rules.
Free End-to-end Encrypted Mail and 10 GB Storage (Replacement for G-suite)
Skiff is an open-source, fully end-to-end encrypted and decentralized collaboration platform, externally audited by third-party. Backed by Sequoia Capital, Skiff has raised $23 million in funding and is advised by leaders in the privacy space including Signal CTO. It provides
- Skiff Mail - An end-to-end encrypted inbox that keeps your messages private to you. Add multiple aliases, use custom domains, and import existing email for an even more powerful inbox. Easily migrate from Gmail, ProtonMail or Outlook.
- Skiff Pages - Write, share, and upload end-to-end encrypted documents and notes on Skiff Pages. Jump directly from your inbox to a full collaborative suite, including powerful tables, in-page embeds, and real-time collaboration.
- Skiff Drive - Upload, import, and share end-to-end encrypted files of all types. With 10 GB of free storage, Skiff helps you transition from other online cloud storage providers to a fully private storage platform, where your data is owned by you. Users have the option to store all Skiff Drive files on a centralized server on the cloud or the IPFS decentralized network
- Skiff Calendar - Protects your personal and professional life by keeping your schedule end-to-end encrypted.
Here's the ref link which gives extra 500 MB storage - https://app.skiff.com/signup?mail&referral=skiffor
Non-ref link - https://skiff.com/
Thanked by 2lala_th TimboJones
Sadly, custom domains is not included in the free plan.
Never heard of them before but they look cool. Any reviews?
Lots of reviews on the interwebs, many postive. I have tried it and like it. Not sure about the "pro" pricing though, seems steep compared to other similar services for sure, but the free plan is right up there with other encrypted services. They've raised a lot of money and seems like they are trying to give ProtonMail a worthy competitor.
Personally, I'd say jump in now and get the username you want while it's still available. They're still pretty new so you might get a decent one.
And for those who complain about no custom domain names for free -- I think that's kind of reasonable from a free service that is trying to compete with ProtonMail. Just like ProtonMail, they need some incentive to get you to upgrade. And you can always use a forwarding service with a custom domain name, so I think for a free offering, what they are giving is pretty good, with the encryption, files, notebook and calendar. I think it's worth trying it out.
BTW, the notebook (or "Pages") feature is an encrypted multi-user shared environment. Very usable actually. ProtonMail doesn't offer something like that yet. So they've raised the bar in encrypted collaboration tools compared to direct competitors.
The calendar is very simple IMO, and the first version of the app was kinda buggy. But it's become more stable recently. Still missing some views and features I would like.
The files feature has seen several improvements from launch too... initially it was almost unusable for me, but their recent upgrade has seen a big speed improvement.
And all the smartphone apps are usable and generally good looking.
So they are seriously burning through some investment money right now with their developers, and it shows. I am sure ProtonMail is paying attention if they weren't already.
Fair point. I think they softened it a bit from when they launched, and I'm sure their highly-paid lawyers cooked that up to appease certain big investors. The biggest thing any privacy enthusiast would likely notice is that Skiff is based in the US. So that's definitely going to be a problem for die-hard privacy people who insist that hosting anything in the US is a terrible thing. End of story.
On the other hand, Skiff is open source, so if their encryption is as solid as they say it is (and it has been audited from what I recall), then the issue of US hosting is maybe less of an issue. Even Lavabit's current incarnation is based in the US.
I think it's got a lot of potential, as long as they stick to their privacy-first focus, notwithstanding their TOS and AUP.
free is ok because its free, but paid is too expensive if e-mail on a custom domain is the only thing you need. Much cheaper options available for that, such as tutanota.com or mailbox.org
Agreed, the "pro" and "business" prices are too high.
The pro subscription comes with 100GB of storage, so maybe they are leaving room to introduce another subscription with lower storage and a lower cost. But yeah, I agree, it's steep right now.
Hosting in US can be a positive too. IIRC three letter agency can’t just enter servers on national soil without warrant, but can do if the server is not located in US. Not sure how this holds up.
The common counter-argument to that is they get a FISA gag order and then who knows what will become of that server, and anything going into or out of that server at the datacenter, etc. Good luck on transparency.
Still, if the open source encryption approach that Skiff designed holds up to scrutiny (and I believe it passed some level of scrutiny with an audit or two), then it should be somewhat robust to that kind of action, if that matters to the user.
And this side of the discussion assumes a specific use case that might not be important at all to a potential user. So it depends largely on a person's specific needs and honestly their individual risk assessment, and hopefully someone who really needs a higher level of privacy would know what a risk assessment is.
But really, I don't think Skiff's developers are targeting the Snowdens of the world. I think they are mainly trying to provide a "private" alternative to Google's productivity suite and also compete in general with ProtonMail. It's a growing market filling a need that many people are asking for (evidenced by ProtonMail's growth), and Skiff is a welcome option.
I don't think most of the email providers provide custom domains in free plan. Maybe in future but not available right now for free.
They are new but gaining momentum for privacy. There are few reviews in Reddit and other sites too. One of such review
Most of the desired/popular usernames are already taken lol.
Since they are new, probably, they will reduce price in future to compete with other mainstream providers.
And already they are in the list of Russian government's blocking along with the popular Protonmail and Tutanota. So, Skiff must be moving in the right direction
Indeed, that is a good sign. Any encrypted email service blocked by Russia must be doing something right. I would be more concerned if Russia did NOT block it.
Key word: "most" -- but they still have some! I think Skiff still has less than (or around) 1 million users. That's over 1800 times better than getting a good gmail address (with 1.8 billion users!). And still way better chances to get something decent than a ProtonMail address too. (I can't remember how many users ProtonMail has now -- I think about 70 million?) So maybe you can still get something good. A custom domain is the way to go, but as has been mentioned, that's overpriced with Skiff, at least for now.
I don't like predicting, but I believe skiff is going to be one of the 'good ones' to use.
I agree. They do seem headed in the right direction at least.
I think the smartest thing they did was go the open source route, unlike some other encrypted providers. That increases credibility, and counters some of the concerns raised from jurisdictional criticisms.
They also solved the conundrum that PGP-oriented providers have with unencrypted metadata. Similar to Tutanota in this area, but still an important strategic move. The downside is lack of interoperability, but the upside is it's a closed system that is theoretically private if you only email other Skiff users.
To me it seems like they have been paying close attention to the market.
Also, I really like their notes/Pages app. The more I use it, the more surprised at how good it could eventually be. It's still simple right now, but it's effective. It's the first free encrypted real-time collaboration platform that I have seen. Maybe I've missed someone else's product out there, but this one is real-time, it works well, and is pretty flexible. That's not a small accomplishment in such a short time.
So I'm hopeful about Skiff. Let's see what happens when we hear about some court order though.
I just noticed this thread including the claimed "end-to-end" encrypted email. The end-to-end claim only applies to documents and communications that stay within the Skiff system. That is what I expected to find, but wonder if people understand that this is a "closed system"?
Skiff's competitors are able to interact with outside systems. You can send or receive email or interact with documents related to a Gmail account from anywhere.
If Skiff would even allow such communications, it would not be "end-to-end encrypted" without a specialized tool or client.
I would hope that anyone who signs up for an end-to-end encrypted system would already know what kinds of limitations there are and that communication outside the system loses the benefits of the system. But I think you make a great point that Skiff (and other encrypted providers) should be more clear what happens with outside communications.
You can of course email outside of Skiff to non-Skiff addresses, but they won't benefit from the Skiff encryption system, except in the sense that for the Skiff user, the email is stored inside Skiff itself in an encrypted form. The whitepaper describes what happens: "For emails sent to or received from external services, Skiff will never store a plaintext copy of any sensitive information (subject, contents) in the email."
However -- and this is the key people need to understand -- the non-Skiff user will have the content of that email inside their email service with no different treatment than a regular email. So Skiff loses its encryption benefits when dealing with outside services. A Skiff user emailing a Google user will indeed have a copy of their email sitting on Google servers just like all the other email the Google user has.
This is similar to any other encrypted email provider, depending on how they designed their encryption protocol. The disadvantage of using Skiff is that it is NOT using an open standard like PGP so it has no encrypted interoperability with services like ProtonMail. Skiff is more like Tutanota in this regard, since both are closed systems for encryption. In that sense, ProtonMail has an advantage, since ProtonMail can talk to other PGP-based encrypted providers. However, ProtonMail (and all PGP-based systems) expose metadata! So some people don't like that. And therefore the advantage that both Tutanota and Skiff have over ProtonMail is that they encrypt all the metadata.
So there are trade-offs with either approach, and plenty of opinions about what is better.
Lastly, there is a nice feature that both ProtonMail and Tutanota currently have that Skiff does NOT yet have. And that is you can send a password-protected encrypted email to someone OUTSIDE of ProtonMail or Tutanota to a non-encrypted email address like Gmail. The way they both do it is that the actual email text is NOT sent to the recipient, but rather a link is sent to the recipient that they have to click on, and then they are directed back to the Tutanota or ProtonMail websites, where they have to type in a password to retrieve the encrypted email from either Tutanota or ProtonMail. This is a great feature that Skiff will hopefully add soon.
So Skiff is still in the early years, with lots of features they need to add. In some areas, they have surpassed ProtonMail and Tutanota (for example the Pages app), but in other areas, they are still catching up (for example the password-protected external email feature).
BTW, my explanation above is probably not super clear. Sorry about that. For those veterans of encrypted email, they will know what I'm trying to explain. For those new to encrypted email services, the bottom line is that if you want to make sure your email remains encrypted, then only send email to compatible providers with the same kind of encryption.
ProtonMail uses PGP, so it can send and receive encrypted email to/from anyone who uses PGP, including other PGP-based providers, or even people who use regular providers but use PGP manually or with something like Mailvelope, etc. So ProtonMail has a huge advantage in that sense that it's the most interoperable if the recipient has a compatible service or knows what he's doing with PGP. However, PGP encryption leaves metadata exposed. So this is a big disadvantage.
Tutanota and Skiff, on the other hand, chose the closed approach to encryption, where both services use their own unique approach that encrypts all the data, including metadata, but that only works between Skiff to Skiff users and Tutanota to Tutanota users.
And then there is an exception to the rules above -- sort of an additional way to send encrypted email. I mentioned this in my previous post, that both ProtonMail and Tutanota both offer, but Skiff does not yet offer. And that is with a password-protected option that ProtonMail and Tutanota offer which actually doesn't send the email contents at all, but rather a notification and means by which the recipient can obtain the encrypted email.
Hope that makes a little more sense than my prior post.
That's helpful information, but take the time to think about the implications of what you have said.
In order for Skiff end-to-end protections to work between collaborating individuals at scale, "everybody" must be part of that Skiff ecosystem. At some point, Skiff must grow as big as the monopolistic providers they want to compete against (read: replace). At some point, they may reach a size where they can be coerced by government pressure or policy. The government could require Skiff to update an investigation's target with a version of Skiff software that exposes keys to law enforcement, for example.
It also implies the possibility of growing into a vulnerable monoculture.
I am learning more in details from your posts than from those mail providers' websites. Your posts are the 2nd Reddit to learn from. Thanks
Indeed, all that is possible, and is the exact same scenario with any of the other encrypted providers. One could argue ProtonMail already succumbed to a similar scenario when they gave up IP logs on a user (and thus backtracked on a no IP logging marketing position), under pressure from Swiss authorities. This was all over the privacy community back in 2021, here's one example article about it -- https://restoreprivacy.com/protonmail-logs-users/
Then we have the epic fail of Hushmail, a once-beloved privacy platform, which had a significantly more egregious breach of trust, which destroyed their reputation among privacy experts. You don't see them listed on any reputable privacy lists any more, although they are listed on some HIPAA compliant lists of providers, for other reasons, and they've rejuvenated their reputation in certain market segments.
I can give many examples of other providers. But no one will read my overly long posts anyway, lol.
The ProtonMail situation is very different than Hushmail, though, as ProtonMail was only able to give up the IP info, and no encrypted email contents. And also ProtonMail has a transparency report and you can see how many Swiss court orders they have complied with. And you can read their policies about illegal activities AND they have repeatedly stated they are subject to the Swiss court system.
All encrypted email services face similar challenges, and are subject to the jurisdictions where they are based. That's part of the risk assessment you'd have to make yourself about what you actually need. So you'd need to research the different jurisdictions too, if you really want to get into it! I won't bore you with details here.
However, a mitigating factor to all of this is that ProtonMail and Skiff (we're primarily talking about Skiff after all!) are both open source and theoretically audited, which are huge confidence boosts. So in that sense, the jurisdiction matters a bit less. If anything, the case with ProtonMail is encouraging to some privacy experts because even under pressure from the Swiss court system, they were NOT able to get email content.
Technically, Switzerland is a "better" jurisdiction than the US for privacy, for many reasons, not the least of which is that the US system can force a gag order. However, the fact that ProtonMail and Skiff are both open source and audited, levels the playing field somewhat, with a slight preference for ProtonMail... HOWEVER, ProtonMail does not encrypt the metadata like Skiff does.... so then, maybe we're balanced out again. You decide.
But yes, you are right that all of these encrypted providers have very difficult challenges, and they are all dealing with it differently. Hushmail is not open source, for example, and it has cooperated with law enforcement with basically full decrypted data, so I'd say Skiff and ProtonMail are both significantly better. That's an easy comparison.
But also contrast all that to the Google ecosystem, and then both ProtonMail and Skiff are completely different than Google in their business model, privacy, track record, and the list goes on and on. I'd take ProtonMail and Skiff over Google any day of the week. Again, you decide what you need.
And back to Skiff, I think they are striking a pretty good balance of what they are offering for privacy and usability so far, making tough but hopefully smart choices about how they are doing encryption. I wish they were in a different country, but on the other hand, it's doubtful they would have received the big funding they have received unless they were friends with the tech venture money people in the US. I'm guessing they pitched the idea of a US-based ProtonMail alternative, and funding was easier to get.
But if someone is really looking for true and complete privacy in email, though, the biggest message I can share is that true privacy in email DOES NOT EXIST. All you can ask for realistically is to find services with various degrees of privacy -- it's a big spectrum -- and YOU decide which service matches your needs. Even the "good guys" of encrypted providers have drawbacks. People just need to become informed and make decisions based on what they need. Hopefully Skiff is a "good guy" and so far they seem to be going in the right direction. They are set up for building a trustworthy platform IMO, just whether or not they stick to that path. Time will tell.
Haha! Thanks, don't encourage me! When I get going on something, I'll keep on writing!
never heard of Skiff...
Don't stop! Keep on writing as you explain in such a simple and detailed way for everyone to understand. If you have a blog, would love to read your posts.
Now you heard it lol