This is the third part of a three-part series.
At the time of writing, StartMail’s contacts implementation and contacts import functionality has yet to be completed. However, the following fields are currently shown as being available for each contact:
- PGP Key
- Always Sign
- Always Encrypt
It’s not possible to determine whether each contact’s PGP key is kept in-sync with public key servers, but presumably this has to be the case.
The exact cost of StartMail has yet to be determined but the figure being bandied about is $60 / year, payable by credit card or PayPal. Payment via more private methods, such as Bitcoin, has yet to be confirmed.
The webmail interface is very slick for day-to-day email user. Not only that, it also does an admirable job of trying to make key pairs intelligible to the casual user.
The company behind ixquick and StartPage, Surfboard Holding BV – a privately held Dutch corporation, has made its reputation by providing privacy-conscious search alternatives to Google. The company has owned ixquick since 2000 so in tech terms has a substantial pedigree and it would appear from its products and its products’ histories to be aiming for the privacy conscious user.
As far as I’m aware StartMail is not based upon code that is open source. Without peer-review of the source code, the efficacy and security of the system cannot be independently verified. This appears to be a big difference between StartMail and MyKolab, which uses the open source Kolab. Mind you, there’s only really MyKolab’s word that they’re actually running an un-patched version of Kolab.
Would I trust any company with my personal private/public key pair? No, absolutely not. I only trust me (and oftentimes not even me). If I were to use key pairs in StartMail I would create a pair only for use with StartMail but in effect that would mean that I would only be sending emails whose content I didn’t care too greatly about but didn’t want commoditised.
The question/answer challenge that can be added to sent email emails might find some mileage for quick, time-sensitive, mildly private emails. This option can also be used in combination with a key pair but that combination of an encrypted email plus a challenge/response does seem to add a confusing extra layer of complexity.
I imagine that StartMail subscribers will be people who don’t mind paying for a slick email service that doesn’t scan their everyday emails and serve up advertisements based upon their content.
It’s a tough service to sell. Users who care enough about their privacy to want to move away from Gmail, Hotmail or Yahoo Mail, and are prepared to pay for a service, may well have educated themselves enough to realise that email is pretty much insecure by design. Does adding on a mix of key pairs and question/answer make email more private or just a bit of extra hassle that’s likely to remain unused?
Personally I won’t be switching from MyKolab just yet. It’s more costly but also more fully featured. However my love of supporting companies that are trying to do the right thing may mean that I’ll be subscribing to StartMail as my alternative email provider.