Remove Skiff

I’m surprised that the audit didn’t determine that to be a flaw, so between that and still sending marketing emails to people’s recovery addresses.

I really dislike these these kind of blog posts. CTemplar did that for a while and I do clearly remember pulling them up on that.

As we begin to shift focus to our shared efforts with Notion, we will be closing down Skiff’s product suite after a 6-month sunset period We are deeply appreciative of the trust users have extended to us, and we are committed to honoring that trust by ensuring that all data on Skiff is easily exportable. For the next 6 months, Skiff services will continue to operate without disruption, and users can freely duplicate, migrate, or export data. You can now also set up a forwarding address to redirect mail to any other provider.

I wonder if their VC decided the current model was unsustainable. There must be a reason in which they don’t want to just continue the product as is. I wrote this in the other thread:

I suspect the other reason maybe that Notion thinks they can do a better job with marketing, which I certainly think improvements there could have been made. Unfortunately rather than having someone with that background certain people were wearing multiple hats.

4 Likes

Did Skiff ever release a copy of there Audits? I note on reddit they would go quite when asked about Audits.

No, I asked repeatedly and they threw out that not all providers eg Proton release full audits and only letters of attestation.

iirc they never released anything to indicate the feedback from Trail of Bits.

I haven’t forgotten about this, it’s #1 on my to-do list to check out.

4 Likes

Thanks for confirming. I note there Audit from Cure 53 was also never posted.

2 Likes

i’m kinda confused about the current situation of skiff. notion acquired them (which is a company not so good for privacy) so what is going to happen to all of our data now? they did have a clause about acquisitions in their privacy policy iirc so is all of it going to be transferred to notion now? they do say that it’s gonna be e2ee but not everyone communicated with other skiff users, so will notion be able to read all of our emails now? and are they closing down their email and drive services too or is it just the pages?

They seem to be wrapping up the service in order to turn it into something else, their website states:

As we begin to shift focus to our shared efforts with Notion, we will be closing down Skiff’s product suite after a 6-month sunset period We are deeply appreciative of the trust users have extended to us, and we are committed to honoring that trust by ensuring that all data on Skiff is easily exportable. For the next 6 months, Skiff services will continue to operate without disruption, and users can freely duplicate, migrate, or export data. You can now also set up a forwarding address to redirect mail to any other provider.

No, it’s just that they aren’t continuing the service.

They mention “the suite” so I would take that as all products.

Nothing to say more than you all already said… I just wanted to share my frustration with this “ppl”. Skiff was the worst scam in the history of the open source.

1 Like

to this entire thing:

LOL.

1 Like

but their privacy policy stated that in cases of purchase of the company “your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.” and also says “If we are ever sold, the information and encrypted data stored by Skiff would be transferred to the new owner.” they do say that encrypted data but since most of the emails of users weren’t e2ee as the majority communicated with non skiff users, that would mean that notion would get access to our data won’t it?

I use Notion at work and currently I’m a bit confused over how in the world they could be purchased by them, seeing as, to my knowledge. Notion doesn’t even do email. Maybe they are planning on starting, I dunno.

This is weird AF regardless.

At the point they are stored on Skiff’s servers they are E2EE (even if they were external users), the reason is these messages are not being transmitted through Skiff’s external gateway, simply stored in a database.

So I don’t think there is anything at all strange about that.

Skiff also did more than just email, it had the whole document/collaboration think that was E2EE. This is probably what Notion wants.

Not been here a week (due to hospital visit, but thats totally unrelated here), now Im back and Skiff drama is far from being over.

If Skiff telling lies about their service, than just remove them from PG and thats it. Simple really.

As of Notion, we use them at work, are happy with them. Great service. Let them live long.

Off-topic

Do you guys have free plan with built in domains?

I really don’t understand. Is Skiff completely shutting down its services? So what’s the point of acquisition, then?

I am completely disappointed with the attitude of the team responsible for Skiff.

For the vast majority of 2023, I was a daily user of the service with my own domain. When asked, I was the first to recommend Skiff. The rapid evolution, the strong community, the fact that they took on board the advice and requests of users captivated me. The CEO himself was able to resolve issues with my account in minutes, after a few private messages via Reddit or Discord.

In December 2023, I subscribed to Proton Unlimited due to some of Skiff’s less positive points, namely the slowness of the applications, the search, the emails not being delivered to the recipient, among other details. Although I had already been a Proton user (in the free version), I never used it on a daily basis.

I decided, because there is unanimous opinion in the privacy community that Proton is currently the best encrypted email service, that I would try the paid version because I am interested in the rest of the Proton services. I’m happy to have made the transition at that point and no longer depend on Skiff today. I’m even happier to have all my online accounts set up with email from my own domain.

Although the evolution is taking place at a slow pace, it is undeniable that all Proton products are the benchmark for me.

May this serve as a learning experience for me. I’ve now deleted everything on Skiff, including the account itself.

Shame on you, Skiff.

5 Likes

Might just have to be on case-by-case basis to be honest. Adding a service you can more easily take these things into account (and just not add them) because it’s at your discretion. But when removing a service it’s harder as you have to give a reason why they broke your criteria and you recommended them before but not now. Skiff just gave you a massive reason to remove them with the Notion stuff, so that’s the silver lining. But I guess what I’m saying is adding services should be done cautiously, as just because service appears to fulfill all your criteria doesn’t mean they have to be added. You guys have done a pretty good job at that for the most part.

But especially when company comes to you and pushes you to recommend on your website, I’d proceed with caution.

1 Like

I mind add, Skiff did go through quite an extensive review process during our initial look at it. As a result we made sure to add the concept of data liberty from the criteria. Skiff was also open to adding export features to the mail product (which they did not have when they came to us).

Unfortunately though there is very little way to determine from the outside the health of the company. I did hint at it with my questioning about the fee structure for the plans that were available to customers.

I wish we had though about testing password reset functionality in regard to logging out existing accounts - that is a serious design flaw that we missed.

It’s not so much the purchase by notion, it’s the announcement of discontinuance of the product.

2 Likes

Getting the developers.

Also Notion earlier acquired a calendar app named Cron that also shut down and now there is Notion Calendar. So perhaps Notion Mail and Notion Drive will see a light. Doubt it will care about encryption.

Notion in the past had once plans to adopt and implement e2ee for notes but afaik they never did.

1 Like

Given the discussion before this news this probably would have happened regardless. But now this made the discussion easy.

1 Like

I think there is a shift towards E2EE from larger tech corporations in order to remain profitable and deal with compliance/safety issues.

TLDR there’s a lot of users on the internet a good portion of them are bad people and do bad things with a service and a company would be better off not having access than having to have a thousand moderators check everything.

2 Likes