I do agree that Skiff Mail is pretty good. In my humble opinion, Skiff Mail will be the second best after Proton Mail.
Thank you! 
We are very open to feedback; that has been the most valuable part of this thread. PNG attached and SVG at this link: skiff-org.github.io/assets/icons/mail-skiff-logo.svg at 1adb7f41597a4e94bc599bcb9812901977974aee Ā· skiff-org/skiff-org.github.io Ā· GitHub
1 Like
Sure the date thing was nitpicking but the general problem is that this company writes about GDPR while clearly not understanding its fundamentals.
My concern with the RUA was mostly addressed, if that wasnāt clear from above. I do however think that its weird that a privacy friend company goves data to a marketing company, that feels awkward. It could definitely help them to understand Skiff users as population, perhaps Skiff could still provide information on their data agreement on this as I already asked.
I donāt think thatās true at all. Your point above was wrong - our work never asserts that cookie banners are mentioned in GDPR.
We also donāt give any data to marketing companies. Please donāt make this stuff up!
Another discussion on Reddit regarding Skiff being hosted in the US worth reading is this one:
Skiff has severe focus on censorship and surveillance by Big Tech
3 Likes
Iād recommend reading the article that it links to. Donāt need to get into it here, but that seems like far less of an issue than:
- Tutanota - German court forces encrypted email provider Tutanota to create backdoor for blackmail case
- EU chat control - Chat Control May Finally Be Dead: European Court Rules That Weakening Encryption Is Illegal! | Tuta (from a few days ago!)
- Swiss mass surveillance - Switzerland votes in favour of greater surveillance | Switzerland | The Guardian
Also: The headline is meant in a positive way - we are completely focused on being anti-censorship!
1 Like
Just checking in. Let us know how else we can unblock this thread.
1 Like
Less of an issue how?
Yeah thatās a downer. But weāve seen the same thing happen to US companies before.
Google was forced to put surveillance on accounts based on purchases of a single product. Iāve yet to see a similar violation of privacy for a European country.
It hasnāt passed yet, and I fail to see how it could ever pass considering the implications it would have toā¦ well.. everything. Email services are also exempt from Chat Control, for whatever that is worth.
Ultimately, Switzerland does not have a FISA court counterpart. If you want surveillance of a Proton Mail account there is one hell of a circus to go through to get that to happen.
ā¦ While for some reason placing yourself in a country known for its surveillance. I donāt get it, personally.
To quote a user from the Reddit thread:
What happened at Tutanota is happening in the US as well, usually with US based VPNs. Thatās why Protonās location in Switzerland is uniquely advantageous. They are in a much better legal position than Tutanota or any US or 5 eyes company.
ā¦
The US and the EU have no capacity to compel action in Switzerland or on any Swiss company. And Switzerland has stronger privacy protection laws. Youāre at a substantial geographic disadvantage.Look, competition in this space is good, but companies based in the US are simply not competitive.
3 Likes
I donāt think thatās true at all. I also donāt think we should start a long thread speculating on this here, but:
-
What happened to Tutanota is far worse to anything than we know about happening in the US. Take Signal as the most trustworthy example here. Weāre comparing speculation versus a highly recommended email provider.
-
A lot of the Switzerland-privacy is marketing. I would suggest reading this: Rechtsanwalt Martin Steiger ā Steiger Legal. Again, I donāt think itās worth turning this discussion into speculation, but hereās a quote:
ProtonMail has to cooperate with Swiss security authorities. With the BĆPF Surveillance Act and the Intelligence Service Act (NDG) , Switzerland is a full-fledged surveillance state. Switzerland provides legal assistance to the USA on the basis of the 1973 legal assistance treaty , for example for gathering evidence in American criminal proceedings.
FYI, ProtonMail also operates servers in Germany - the very country that forced Tutanota to open a backdoor.
Anyway, I think national laws are incredibly important and US providers are not on worse footing. I do think @jonah or others could be helpful once they have a minute to discuss anything else needed on the listing PR, because technical implementations are far more important than anything else.
Brave, Bitwarden, Signal, and others are great examples here.
1 Like
Why not? Isnāt the point of Privacy Guides to discuss any and all privacy upsides and downsides?
For the average user it doesnāt matter if you use Tutanota, Proton, Skiff or Mailbox. But for the activists that risk their lives leaking war crimes committed in some cases by the US itself, I think itās a fair discussion to have.
Is it though? Seems like the exact same thing to me.
Take Signal as the most trustworthy example here. Weāre comparing speculation versus a highly recommended email provider.
Signal is a red herring in all of this. They are completely E2EE and naturally canāt be forced to log any incoming messages, since thatās impossible by design. Email certainly isnāt E2EE in most cases.
Itās not the privacy utopia weād all want, but itās magnitudes better than the US. Quad9 voluntarily moved from the US to Switzerland, and they did so for a reason.
Also, did you link the right thing? I donāt see a single mention of Proton in that link.
This is another red herring. BitWarden and Signal are both E2EE by design. Brave is a browser, and itās definitely not the same thing as an email host.
3 Likes
The debate is worthwhile, but itās not a āyesā or ānoā that weāll arrive at. We have tons of activists using Skiff (why this happened - Russia is blocking encrypted email startup Skiff | TechCrunch), some of which expressly told us they donāt use EU services because of E2EE concerns (like Germany) and abuse of Interpol by Russia.
1 Like
I actually donāt think being hosted in the US is your largest problem, but this reponse once again shows the lack of understanding from your side.
1 Like
Do you have anything constructive to add to the discussion?
1 Like
Personally, I think a warrant canary on your website would be a neat addition.
TLDR: no
5 Likes
Any update on this thread? Weāve just added bulk export as well, which was also recommended above a few times.
1 Like
Any plans to add the Android app to f-droid?
1 Like
My concern with the product is that it doesnāt seem to have people behind it that are passionate about privacy, rather than marketing the illusion of privacy.
I believe this is evident from product launch, with a privacy policy logging of user IP Address, Mac Address, Cookie Identifiers, Mobile Carrier (Cell Phone Provider), User Settings and Browser or Device Information. Yes, I understand you later changed this, but a company truly passionate about privacy would never dream of including such language in the first place. (https://www.ghacks.net/2022/05/18/skiff-mail-end-to-end-encrypted-email-privacy-policy/)
Next is the choice to HQ in the U.S., subject to secret court orders to hand over keys and back doors, and subject to penalty if informing users that this is happening. You could have incorporated in Panama like NordVPN, or anywhere in Europe where the legal process is more transparent for users. The argument that because BitWarden made a poor choice and people still use it, you too can make the same poor choice, is not a good argument.
Next is the App. Youāre saying, āhereās our product that is private unlike Google, now go download it from Google so they can track you in FireBase etc.ā Again, if the people running the company were truly passionate about privacy, there would be an APK download on the website or on GitHub or F-Droid, and it wouldnāt contain any trackers or dependence on Google.
Next, transparency. I canāt find information anywhere on your website where you are located or who is behind the company. Contrast that with Tuta where there are names and pictures of staff, and the company address. You also do not have a transparency report to inform users about how many times law enforcement has contacted you and how many times youāve handed over user data. And no independent audits that prove your product is delivering what it is promising? Again, if you were truly passionate about privacy this would all be at the forefront of your mind.
Best case scenario is that Skiff is run by marketing / business people who want to cash in on the privacy market and otherwise have little understanding and concern for privacy.
3 Likes
If Skiff really cares about Privacy they should create a simplified version of their Privacy Policy.
Iām using Skiff (Pro Plan currently) for almost a year.
I agree with all of your points.