StartMail on EFF's Secure Messaging Scorecard
Last modified on 21 February 2020 12:53 PM
The Electronic Frontier Foundation (EFF) is a reputable nonprofit organization dedicated to preserving civil liberties in the digital world. As part of its research and user education efforts, the EFF previously published a Secure Messaging Scorecard that compares the security features of a number of different messaging platforms. (The Secure Messaging Scorecard is out of date, and is preserved for purely historical reasons.) No actual scores are awarded, but services are given a simple yes or no indication for whether or not they meet each of the seven requirements.
You can see the Scorecard here.
StartMail appears on the EFF Scorecard with a mix of yes and no responses to the following seven features. A 'no' to a given question isn't an admission of insecure design; in some cases, StartMail has made implementation decisions that use different techniques than the ones presented here, but always with the convenience and security of the user in mind. A full overview of each criterion, StartMail's status, and an explanation of cases where StartMail does not include a given security feature is given below.
1. Encrypted in transit? - Yes.
2. Encrypted so the provider can't read it? - No. StartMail chose to bring encrypted email to the masses where it can do real good. We believe that encryption helps only a few if it's too difficult for most people to use, or too time-consuming for power users. We give users the choice to store their encryption keys with us, as most users will do, or allow users to store and use their private key on their own devices only by encrypting messages offline and then sending them via IMAP.
For Web mail users, StartMail does not generally have access to the user's private key, since it is stored in the user’s vault where it is inaccessible to StartMail. However, when the user logs in and the vault is opened, StartMail accesses the key to encrypt and decrypt the user's communications.
Users who are more familiar with encryption tools can choose to manage their encryption keys themselves with GPG, since StartMail fully supports IMAP.
Chapter 2 of our StartMail Technical White Paper explains:
"Advanced functionality is available to power users who have enough knowledge and experience to benefit from it. For example, users can autonomously store their recovery code, import and manage existing OpenPGP keys, or even manually handle all the OpenPGP interactions altogether, making StartMail the relay platform for their own secure communications.
We aim to make secure communications as transparent as possible. To this end, OpenPGP is used. Power users have the option to opt out from all cryptography-related functionality and handle their cryptography themselves, then access their email through IMAP. But by default, StartMail offers the following security features to users:
- Asymmetric encryption and signing using OpenPGP to both StartMail and non-StartMail users;
3. Can you verify contacts' identities? - Yes.
4. Are past communications secure if your keys are stolen? - No, since this criterion is dependent on a yes answer to #2.
5. Is the code open to independent review? - No. For security reasons at this stage of our product's development and adoption, we have purposely chosen not to make our code open source. We strongly believe this is a feature, not a bug, as we describe on in chapter 3.5 of the StartMail Technical White Paper:
"Open source code provides a security advantage, since a large number of people can access the source code and help to secure it by performing audits and reporting vulnerabilities. However, we believe the advantages of open source code only apply to large projects with a strong supporting community. When a project is still too small to draw attention from external security experts, releasing the source code could pose a security risk that offsets the benefts. Potential attackers are given a powerful extra weapon: the source code of the application.
Therefore, we have chosen to keep our source code closed, as a security measure, and hire independent, third-party auditors to verify our privacy and security measures. As StartMail grows, the potential benefits of opening up our source code may at some point outweigh the costs, and we will re-evaluate this decision at that time."
6. Is security design properly documented? - Yes.
7. Has there been any recent code audit? - Not yet. We recognize the value and important of a security audit conducted by a neutral, skilled third-party. StartMail has been in active development for some time, and it has not been practical to arrange for a code audit while our product has still been in a state of change and improvement.
However, we are working on arranging an external audit by a trusted third-party. When this is done, we will work with the EFF to update the Scorecard appropriately.
Still haven't found the answer to your question? Click here to contact support.