Dutch company introduces webmail service with PGP support




The Dutch company behind the search engine Ixquick and Startpage has an e-mail service with built pgp support introduced. In addition, messages are encrypted on the Start Mail server, rather than on the client side.

The service, which costs 50 euros per year, allows users in two ways encrypted mail. For contacts which have a PGP key can be used that key; contacts that do not have PGP, the Dutch company has devised another solution. The sender invents a secret question and answer, used to encrypt the message. The recipient will receive a link to the Start Mail’s website and there should enter the answer to the secret question in order to decrypt the message.

The service from servers located in the Netherlands, and Start Mail promises to never participate in programs like Prism, that US intelligence gave access to servers of Internet companies. The email user is not read, promises Start Mail, “unlike many” free “webmail services.

Start Mail Start Mail Start Mail

PGP encryption is widely used to communicate confidentially. Although most mail services offer encryption, thereby usually only comes to the connection between the server and the user. PGP encryption is end to end: the encryption is set by the sender, and will only be decrypted by the recipient. Large mail services do not offer built-in support for PGP, though Yahoo by now pgp support announced .

Start Mail encrypts messages on the server: the user’s private key is stored on them. It is precisely at pgp customary to let the encryption decentralized expired, but Start Mail would have chosen because of the convenience for server-side encryption. “Otherwise you have to walk around with your PGP key,” said spokesman Alex Eesteren Start Mail. The passphrase that the key is protected, not stored and therefore should be introduced from time to time.

That the user keys stored on the servers of Start Mail, for hacker Juerd Waalboer a reason not to use the service. “You use encryption precisely to other companies not to have confidence,” said Waalboer. “But you have to in this case Start Mail fully confident with your private key.”

According Waalboer true there is little of the Start Mail claims that they e-mail users can not read, after all, a user must enter his passphrase on the website of Start Mail, and the service would be able to intercept. “And then they can read all your mail. I suspect Start Mail still can be trusted, but what if someone gets unauthorized access? A service like this is a popular target.” In addition, the government could claim the private key at Start Mail as part of a criminal investigation or surveillance by gehieme service.

Of Eesteren notes that the end user will always be someone to trust: the software that is used to encrypt messages, after all, is made by someone. “And we will ensure that the service is secure,” Van Eesteren promises. Hacker Mendel Mobach says it will use the service itself, but is ‘to some extent’ in favor of built-in encryption webmail. “I do not know them, so I will not use it. But it’s better than no encryption,” said Mobach.

Although the service “PGP encryption with the touch of a button ‘promises, which is not yet developed at this time. Users must themselves choose to set PGP and PGP keys must be imported manually via the settings page. Thereby Launch Mail does not offer the ability to search for email addresses using a keyserver. Those servers ensure that users do not have to go looking keys to enter an e-mail address is sufficient.

The service is not free of bugs: in a test on the editorial board of Tweakers succeeded Start Mail not to decrypt messages. Perhaps more serious is that the service does not support two-factor authentication. Which allows users to more secure login method in addition to a password to perform a second verification, for example with a code which is generated by a smartphone app.


In: Technology & Gadgets Asked By: [ Grey Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »