April 2016 SecureMyEmail™ (SME) beta is scheduled for release and currently is in the funding stage on Indigogo. SME will be available for Windows, Mac, iOS, and Android. SME has several goals it will attempt to meet. First is to make PGP email encryption easy and seamless so anyone can secure their email (yes, even your mother). This has always been the problem with PGP and public key encryption. It is challenging for the average user to create a key pair, exchange public keys and encrypt email. It has always been this process which has turned most people off to securing their email. The entire public & private key management for SME is all handled behind the scenes.
Second, SME will allow for any user to keep their current email service. Whether it is Gmail, Hotmail, Yahoo or others. You will not have to create a new account somewhere else. In order for the average person to commit to a simple email security solution, their email address must remain the same and what they know. If these two basic goals can be met, SME has an excellent possibility of becoming an email security solution for just about anyone. The service will cost 99¢ per year, or get in early on one of the Indigogo perks.
Basically SME will work like this:
Download SecureMyEmail™ like any other email app.
I talked with Bill Bullock from SME in a question and answer session. Here are the answers to some of my basic questions:
Q: If someone doesn’t want to use the app or SecureMyEmail service, can they still send me encrypted email using another service?
A: If they’re using PGP in some capacity, yes. We developed an easy flow where SecureMyEmail (SME) users can accept public keys created with other apps.
Q: Where can others who don’t use SecureMyEmail get my public key? Will you be hosting your own repository of public keys?
A: We, originally, were going to utilize the public keyservers, but felt they were filled with impersonators and would open up users to SPAM. When you invite someone to use SME, and they activate it, we handle all the key creation and management behind the scenes. If we do our job right, SME users won’t ever have to know what a “public key” even is. :)
Q: Will SecureMyEmail offer compatibility with other public key repositories to retrieve other peoples public keys who do not use SecureMyEmail?
A: is fully compatible with outside PGP keys so experienced PGP users can upload their own keys into SME if they wish and SME users can accept those keys if they wish. We aren’t relying upon the key repositories, or linking to them, though, as they can open users to SPAM, are filled with impersonators, etc. But, it will be very easy for a legacy PGP user to use SME or even not use it and become a secure contact of an SME user.
Q: Have you considered offering an option for those on the recipient end who don’t use SecureMyEmail to perhaps use an agreeable password to decrypt the email message?
A: We did consider it, but always felt that was kind of clunky. The goal was to make true public/private key encryption easy and invisible so you wouldn’t need to do things like that.
Q: Does SecureMyEmail essentially access my email through pop3 or Imap? is SecureMyEmail basically an email client?
A: Great question. Yes. SME is essentially a suite of mail clients for Android, iOS, Windows (we’ll use Thunderbird to start), and Mac (Thunderbird to start, immediately followed by Apple Mail plugin.) IMAP is supported.
Q: Will SecureMyEmail be open source? If not, why? (How much will be open source? Which parts will not be?)
A: We’re working through all that, but our intentions are to be as transparent as possible and open source everything that we can. We welcome and desire peer review. To protect what was a massive investment on our part, we may have to license it in a way that excludes commercial use but we want everyone to be able to vet and review the crypto library and other components.
Q: Will the Android and iPhone apps be a single app that will handle all of SecureMyEmail’s functions and key storage?
A: Yes. the apps are full-featured mobile email clients, with powerful crypto built in. For non-technical users, they won’t have to know anything about PGP or cryptography to use. It will be like setting up any other email client. For technical users, we have some really nice key management and crypto features in the Advanced menu.
Q: What if I do not use a well known email service? Will SecureMyEmail work with it?
A: Yes. Although we have automated setup for major email providers, there is a manual setup for everyone else.
Q: Does all email have to be encrypted? Or will there be an option to send it in cleartext?
A: Great question. You can toggle on and off encryption and signing/verifying per email. The default is to encrypt and sign everything to all your secure contacts, but you can change the general setting or decide per email if you desire.
Q: Is attachment size dependent on my email providers limit?
A: Yes. your mail provider’s limits will still exist, but they just won’t be able to read your email anymore.
I really look forward to the release of SME and am pleased to see PGP & email encryption finally becoming a simple usable product for the average person. If you are looking for a simple and easy solution for securing your email, visit the SME Indigogo page and consider helping fund the future of this product. You can also help by getting as many people as you can to move to a simple email encryption solution such as SME when it is released.