 Okay, welcome. Welcome to stage no Four years ago the project mail pile became alive and now we have Bjarni with us Telling us more about it. Give a applause to Bjarni Hello The volume on this okay Feels like I'm a bit loud Thanks for coming I'm not sure how many of you Have played with mail pile or know what it is, but I'm guessing probably a few So just to put us in the right place Mail pile is an email application. It's an email client Something that you would use as a replacement maybe for Thunderbird or Outlook or something along those lines it was launched here four years ago as a project to sort of take email back and The message that we gave was you know, we want we're worried about privacy We're worried about decentralization and we're worried about sort of the state of free software email development and So mail pile was trying to address all of those things. I'll get into that in more detail the application itself is built around a search engine for email and It's intended to be an easy way to get started using PGP encryption And it has a web interface and this confuses people so people think that because it has a web interface It must be a server, but actually it's it's more of a client application something you run on your own computer It's free software. You can download it and run it yourself hack on the code written in Python and using web technology so in this talk Because it's four years since we launched I wanted to talk a little bit about Why we started what's happened in the meantime and and where we are now It's been a long time coming, but I am going to say that we're reaching a 1.0. I'll talk about what that means, too And I'm also looking for help So if you know people that would like to hack on mail pile with me a bit we have a small amount of money There's sort of a little bit of good news and a little bit of bad news giving a talk like this I mean the good news is hooray. The project is four years old and it's not dead I guess that's an accomplishment of sorts The bad news and and this almost kept me from coming to the conference at all And and this kept me from giving talks is that we haven't made a release that people can use We've been in development and we've been in development We made some beta releases and people couldn't get them to work and we went back to the drawing board and It's just been a really long time so I Managed to get some things that I think that people can actually use I'm able to announce a release now So that's the good news. So it's not all bad, but I would like to apologize to people that backed us In our crowdfunding campaign four years ago because we said we'd ship in a year and it's now been for so my apologies One of the things I said four years ago is that it searches fast everything else is easy This was one of the little talks about the technicalities behind how the project is designed I was looking through the slides and I felt that this really represents The how we had no idea what we were getting ourselves into Email is hard and it's a lot of work and at the time We raised a bit of money and we felt like we had loads of cash and loads of time and we had nowhere near enough neither time nor money So the project does go back a bit further. I'm calling this the four-year birthday, but work actually started in 2011 That was just an experiment. I wanted to try writing a search engine for email to sort of get a feel for how you would do that and I presented that at FS cons in 2011 just as a lightning talk just look ha ha I made this funny thing and then I got on with my life My friend Smoudy McCarthy, he kept badgering me to do something more with it He's sitting over there. This is to no small degree his fault And in 2013 The time felt right we had met a guy named Brennan, so there were three of us that were interested in the project and My life was calm. I had a little bit of spare time things seemed easy I looked was looking for a new challenge and we all were so we did that we prepared this crowdfunding campaign starting in the spring 2013 and how many people remember what happened in the spring of 2013 So there's a guy named Edwards noden and he released some stuff and All of a sudden everybody was really really excited about privacy and security And in email in particular but in general but it spilled over to email So we when we launched our crowdfunding campaign There was huge interest in this problem space and it was a problem space that nobody had cared about a year before So we raised a bunch of money. We raised a hundred seventy thousand dollars. We were only asking for a hundred so that was a good overshoot and With three thousand different individuals and organizations and companies threw money our way and it was it was really It was a really wonderful response And you know, that's the good news the bad news is that means that I feel guilty towards three thousand people But you know such as life so we started working and the context of the work and the context of the campaign was in 2013 Cool kids didn't write email software, you know email was not a cool thing to hack on There were a few people that did but they were they were Legacy, you know email was solved But at the same time, I think it was whether it was 2012 but Some memo from in Mozilla leaked and in the memo it said that they kind of wanted to get rid of Thunderbird So everyone was suddenly worried. Oh my god Thunderbird is going to die and Thunderbird was and still is the flagship free software email client If Thunderbird goes away, then there is no free software email client for Windows or the Mac You know, there's there's not a lot of options out there So we were worried about this because we care about free software We were also concerned that Everybody's email was moving into the cloud people weren't running their mail servers anymore people weren't storing their data themselves every anymore everything was going to these big companies and At the same time as the big companies get all the data Nobody is encrypting it So companies like Google and Google is a great company. I have nothing against them I worked there for a while, but I still don't feel like they should have a copy of everybody's email But that is pretty close to being the case today and or was in 2013 That's something like 90% of all the email that was written Went through Google servers and it went through them unencrypted There's a few other players, you know, there's Microsoft they run a large email service Yahoo bunch of people still use that But it's it's a very very centralized ecosystem if I think if you count like the top 10 It's a rounding error the email that does not go through and that doesn't mean that both endpoints are using those services But one of them is you're communicating with someone who uses Gmail even if you have your own mail server at home So that's a concern all of our eggs are in one basket if you if you will PGP or or any form of end-to-end encryption would address this problem, but nobody was using it because it's hard and scary and Look at all of these things and you think about how you change them the only business model people had for email is ads and spying and If your business model is to spy on the content and read it and and understand what people are saying You don't want it encrypted. So there's a conflict of interest there that the Big cloud providers are not going to solve email encryption for us They're not going to protect our privacy from themselves. They may protect our privacy from everyone else but they still have access to all the data and So Snowden pointed out why this is maybe a problem because law enforcement or spies or whoever they go for these honeypots. These are really attractive caches of information. So That's a problem And later that summer so I think a week after we launched our crowdfunding campaign the lava bit Provider went and shuttered its stores. Love a bit was a small business in the US that provided secure email and Their promise was that all of the data was stored encrypted on the servers and they did various things But there was the Achilles heel that everything went through their servers So when law enforcement came knocking and said we want the keys so we can decrypt all your stuff they had no choice but to shut the business and this was is demonstrated the problem of secure email sort of in the cloud on someone else's computer and it also happened in the middle of our crowdfunding campaign So people got even more excited about mail pile. It was convenient for us Fast-forward four years later what has changed I would say Point one is no longer true. Cool kids do write email software now There's a lot more going on in email and especially in email security People have realized that there's something wrong and people are working on it. It's not just not just mail pile and There's lots of different things being tried Thunderbird is no longer about to die Thunderbird is doing fine They've worked things out at Mozilla and they have you know They have more developers than I do and you know, they're an active project. It's great I'm gonna talk about the rest a little bit later But so on the topic of how much has happened in the last four years We've seen a whole bunch of businesses start up and all of these these business efforts All of them were focused one way or another on email privacy Love a bit died and then it came back to life again. They reached and recently reopened But they're still doing the same thing. They're still storing people's email in the cloud I think maybe they're doing a better job, but it's still an iffy thing from my point of view proton mail is server service provider in Switzerland and their sales pitch is trust us we're Swiss and That's fine, you know that that can be a valid solution for some people Whiteout that was a startup that started around the same time as mail pile and they were going to Open source a bunch of things but provide an online service They ran out of money. Unfortunately. They were really nice guys Lava boom similar story Toot on Otis still exists again. It's the same kind of thing It's an online service where they try to sell the businesses or individuals But one of the interesting things about all these efforts that I've listed here is all of them had an open source component Not all of them opened up all of their code But all of them opened up something so there was and and there has been this sort of understanding that you're not credible Doing security or encryption for email and less people can see your code So even though these businesses have died Not all of their work is lost if you're interested in in starting up an email project You can find whiteouts solution and start building on top of it, which is great And this was definitely not the case in 2013. There was a lot less going on Last four years people have also been working on protocols How many people here have heard about dime? The dark internet email environment This came out of the lava bit thing. It was the same guy So the guy had been running email servers for years and years and years and and he wanted to fix the protocols to make them properly secure and I actually think it's a really great spec, but it's also really really complicated But it's out there and maybe people will start implementing it. I hope so Memory hole is a much smaller effort, but also much more pragmatic This was an effort to just Encrypt the headers of the message So I don't know how many people here have sent PGP email, but usually when you send PGP email The subject line is not encrypted And neither is the from address or the to address, you know So there's all of this stuff that is actually Potentially sensitive that is sent in the clear So it's only the message body itself that gets encrypted and memory hole was an in is an attempt to Just pick minor tweaks to the way we do PGP email today to protect more of the the header information And it's implemented in mail pile. It's implemented. I think in a few other mail clients now I think an e-mail supports it That's great. It's progress. It's a tiny thing, but this was broken for like 20 years So good news WKD, sorry, I should have written that out. That's that's web key discovery So this is a protocol from the GNU PG developers and What they're trying to make address is the problem of centralized key servers and how difficult it is to Sort of find people's keys and they want to use the web for that So this is basically a specification of how you can put your keys on the web and they can still be discovered by people using PGP implementations, so that's great The final one that I'm talking about here is is called auto-crypt and this is the one that I'm most excited about And this is where we are using PGP technology But we're sort of leaving behind some of the cultural assumptions behind PGP and trying to make things a bit more like WhatsApp Where you install an auto-crypt capable email client and it will just start encrypting and if it needs to change keys It will just change keys It won't have the same security guarantees or the same promises as People have come to expect from proper PGP But it's still better than clear text and it's a stepping stone So once you've got auto-crypt working if you want to upgrade to a more secure way of encrypting your mail It's straightforward because you already have the keys. You have the software and you know how to use it So that's something that's ongoing Then a bunch of meetings and great fun I'm not going to talk about all these but there's just there's a bunch of Email projects in the free software space and I listed these because these are not really associated with any of those startups that I talked about before some of them are linked some of them are not but people are doing all sorts of stuff and The one that I'm personally happy about as a Python developer is finally there is a native Python library for working with PGP That did not exist when I started working on MailPile and if it had I probably would have used it as it is I'm not but I'm really glad that it exists And the GNU PG project has been very active The they've been innovating and improving a lot of things they have added a New trust model so instead of using the web of trust to find keys and evaluate how trustworthy they are They've added something called tofu, which is trust on first use sometimes called trust on first contact and They're actually I think making that the default in GNU PG 2.1 So it'll use tofu and then it will fall back to the web of trust and this is actually a major change and Is a usability win? Because the web of trust is just a bit confusing They're also starting to support Tor so you can do to key discovery and key lookups over Tor so you're not revealing how you your Your key lookups if someone's listening to the network It's very interesting to see which keys you're looking up that tells us a lot about who you're talking to So they've added support to do that over Tor. They've got support for ECC keys, which are much smaller You know, there's development is happening and it's it's great so the free software Ecosystem is a lot healthier than it was but everybody's email is still in the cloud and People aren't using these encryption tools yet. You email encryption is still the exception. It is nowhere close to being the norm It's it's such an exception that it's practically a rounding error and The only business model is still spying on your users if you want to make money doing software development or providing services online ads is the way to do it and Sort of as a community. I feel that we are failing because we need to have other ways to make money Otherwise people won't have any privacy And then there's a new point new bullet point, which is that Snowden is now just another bullet point And I mean no disrespect to Snowden and what he did but everyone is used to it now We just assume that everything is spied upon and we've sort of I know it feels to me like people have kind of given up They're the energy That people had four years ago for fixing this and doing something about it. It's not really there But we're still hacking anyway, and I love the topic of this conference You know still hacking anyway is very much what we're doing and what we need to be doing So back to mail pile This is the full timeline so far We launched in 2013 We worked and worked and worked we ran out of money. We worked a bit more. We launched some beta releases People hated them. They didn't work and we just kept on hacking Well, there were some attrition I've been the only person really able to spend much time on mail pile for about three years So and it's been mostly self-funded. I haven't been taking Money out of the donations that people gave us. I've been saving that for a rainy day, which is today well, actually it's not raining, but I'm looking to spend that money now and We have a release candidate now, so you can actually now go and visit our website Install it at a Debian repository app get install mail pile and it will probably work and it's a nice email client It doesn't do everything you want because email is actually really complicated But I've been using it full-time for three years a bunch of other people are using it And they don't want to switch to anything else. It is a suitable email client for some people So let's talk about what mail pile is or what's let's look at it. See how it looks So again back to this same slide as before It's an email client. The user interface is a web page It has a search engine and it's built around the search engine. So the the metaphor is not File Messages and mailboxes the message the metaphor is searching and tagging So it's like Gmail in that respect and different from Thunderbird or or something like I don't know desktop It's free software written in Python and our aim is that this is software for normal people this is not supposed to be software just for techies and That's what we mean by 1.0 We don't mean this software is perfect because it's not but we mean this software is useful and you don't need to be skilled engineer to make use of it, so I hope that we've reached that point now and Looking for feedback on how close we are to the truth Couple of things that mail pile is not because people get confused It is not a building block for building software as a service So if you work for an ISP and you want to put a really nice interface on the email You're providing to 10,000 people and tell them that now if they have secure email Mail pile is not designed to solve that problem Mail pile is designed to be personal software that you run on your own hardware and I'm sure someone's going to figure out how to shoehorn it in and provide a mail pile service at some point But that was not our goal and we have made some design decisions that will actually make that kind of difficult It is also not a synchronizing IMAP client and again this goes back to Well two things but on one hand the fundamental goal of the project is to get people out of the cloud To get people to own their data and take control over it and if you leave all of your email on the server You're not doing that. So we do want to encourage people to download their mail and store it on their own hardware I realize that's problematic for a lot of people not everyone's going to do it But we don't synchronization was not a priority when we started and it is something we'll probably add at some point But we're not there yet It's also not a profitable business. I'm not making a lot of money It's not a mail server So it doesn't replace send mail or post fix or something like that It's a mail client and it's not a calendar and it's not Facebook and it's not all sorts of things It's just an email client So demo time. I'm just going to show you guys so Start with the website actually I'm going to pull up my notes. So I don't skip anything So our website www.mailpile.is You can now click on download and click on download packages This link was not there this morning And we have both the Debian repository and we have individual packages if you want to download those So these are We're providing two packages. One is just mailpile itself And if you install that Then you're using it on your computer. It's sort of a desktop installation And then you can install mailpile Apache 2 Which will do a little bit of integration magic with Apache on that machine So you can provide mailpile to a small number of users So you create users Bob, Joe and Jill as Unix users on that machine They will be able to log on through the web, launch their mailpile and access it So for like a home setup using a Raspberry Pi or something like this Like that this might come in handy And these are no-arc packages. You can install them on any distribution Well any Debian-based distribution. So that includes Ubuntu Ubuntu We've got Debian 8 and 9 and Ubuntu LTS are all tested and they appear to work Need feedback. This is new And we have two different sort of repositories that you can follow You can either follow the nightly repository which will give you a package of whatever was in master The master branch on GitHub last night Where you can follow the release branch where it will make more of an attempt to keep things stable and only push bug fixes So what does that look like? So if I have installed mailpile I can run it And it will say that I'm hoping most of you can see this But mailpile at the moment is still in part a command line application You run it in the terminal and then you can give commands You know, hello, that's not a command But it has a web interface And when you first run it, the interface looks like this So this should be that instance Yeah I can choose a language and I'm just going to go for English We have a translation community Translators are a bit behind because I haven't been updating But that's one of the things that we will when the translators have caught up We'll call it a 1.0 and not a release candidate So if this were an SSL connection, my browser wouldn't complain So the first step is you choose a passphrase or a password And because mailpile will store your data encrypted on your local drive This passphrase that you choose unlocks everything It's also the passphrase that is used to protect whatever credentials You give mailpile for downloading your mail from other servers So I encourage people to use a good one But more importantly than using a good passphrase Use one that you can remember because there is no recovery So I've given it a crappy short password Instead of the one that it suggested So now we're in the app This is one of the things that has changed since our beta releases Our setup flow used to be 10 steps long and asked very confusing questions And that was one of the reasons people couldn't get the software to work So now we don't do that anymore There were no questions except just your password and your language We ask people to review their privacy settings They can also just ignore them and click save You can use Tor to protect your privacy when mailpile goes out to download something You can decide whether or not to send a ping back to the project To get information about new releases If you don't want to do that, you don't have to Mailpile will download things from the web It will download avatars from Gravatar And it will try and find PGP keys And it'll do things like that And you can tell it not to And you can control how your data is stored Obviously I think the defaults are great So I'm not changing anything And now I can add an account This is what that looks like So by default it would go and it would detect settings And then it tries to auto discover your mail server And do all of the things that you would expect a mature app to do Because I'm doing a demo, I'm not going to do that I'm going to show you the steps if you do it by hand Here I can choose various protocols But for simplicity, so this is what SMTP looks like You can choose password or OAuth authentication It's very basic It should be familiar to anyone that's set up a mail client I'm telling it that I'm just going to use local files at the moment Because mailpile is actually very good at that It's a pile of email that goes back 20 years It's in inbox files, mailders or something You can point mailpile at all that stuff It'll read it, index it, and it'll let you search it and work with it And that's something that I care about So I'm telling you to use local files You could also use imap or pop3 But I'll let you guys play with that yourselves Finally, by default, mailpile will offer to create a new PGP key for you And I'm hoping that most people will just go, Hey, what's that? Just click add go next And suddenly everyone has a PGP key That's one of the things we're trying to accomplish here So here we are, we've created an account And I was going to add some email So I was working with local files So I have to use this browser thingy I go home Oh look, there's a file with some mail in it I can tell it that I would like this email to be treated as new mail So it goes to an inbox There's something you might do on a legacy setup Where you have proc mail delivering to a file somewhere And you want to treat that as your inbox You can do that here If you want, you can tell it to copy the mail Or you can leave it where it is It doesn't matter So now things should be happening I go back here Hello hello, one two three Ah, I'm back So, sorry that didn't happen on a more interesting page But as we can now see, the PGP key for mail My email address is ready for use Hooray, and now we have a little lock here Which we didn't have before I was adding mail And you can see it's, I'm standing in the way You can see in the sidebar There's now a representation of local mail And the file, the mailbox that it pulled it from And I can click on that This is what that looks like The mail is also in the inbox But there's a difference here If you look at it in the original mailbox It will show you that it's been tagged with that Which is the inbox tag Whereas if you're in the inbox There's no point showing you that Because you're in the inbox You don't need to see the tag there Create a new tag And we have a whole bunch of options We can add it to the top here So that's the top section up there This is super important We can put it there We can hide it from the search results If we don't want it to corrupt things Various options One of the more exciting ones Is down here And enable automatic tagging And what that means is That there will be a Bayesian filter attached To this tag And anything you drop in Is treated as training for yes And anything you pull out And put somewhere else is training for no So you can have custom tags That learn categories from Statistically So not just spam basically We took the spam filter And we just repurposed it You can use it for anything you like I use that quite a bit myself To just take notifications from GitHub And spam from Facebook and Twitter And mailing lists and newsletters They'll probably just put that all to one side Which is nice So I've created the tag At the very top there Because I asked it to do that I can decide that that's a bit lame And I'm going to click on the organize button In the bottom I'm sure you couldn't see me do that In the sidebar There's a button that allows you to organize And then you can start dragging things around There's a lot of drag drop stuff In the user interface Which at the moment I need to tell you because the app doesn't Give people hints about that yet But both the tagging And a lot of the organizing is done by drag drop That's not what I wanted So I've moved Chah down here to the bottom And I can click on it There's nothing in it I can edit the settings again Give it a different icon Like this happy vacation Nice royal purple And now I can start tagging stuff So I go back to the inbox And I can drag Chah to something And that should have showed up Maybe we found a bug Now confused Alright It's there Not sure why it didn't show up Maybe I configured it that way by accident I can also drag things the other way I can take messages And I can pull them to the sidebar So I can say this message is spam And now it's gone to spam So that's mail pile You drag things back and forth If you're dragging a message Then you're moving it If you drag a tag Then you're just adding a tag To the messages you dropped on There are key bindings I can move around with the keyboard Select a bunch of stuff When things are selected You get little icons up there Underneath that big black thing You can do stuff You'll have to trust me on that I'm running a little short on time So I'm going to check my little list Yeah, I was going to show you Just what my own mail pile looks like So once I've used it for a bit I have a whole bunch of accounts I have a bunch of custom tags Here to the side These ones are notifications Is one of the ones that Is self-training Promotions as well eBay Oh, breast augmentation options That's not nice So some spam gets through When spam gets through The correct thing to do is Mark it as spam Goodbye Oh, that's that I'm going to show you guys the Another thing that happened Within the last year or so Is we now have a Mostly working responsive interface If I make mail pile The browser window smaller The tags move Maybe they change If I make it even smaller The layout becomes a bit more Sort of mobile phone friendly Oh, sorry So you can see the bottom If I make it narrow enough The tags move to the bottom You can still drag them and drop them But it's still the same interface But we move things around a bit I haven't shown you a message This is what it looks like when I'm reading mail EFF thing If it's part of a message thread If there's a conversation going on Then that will be displayed in the site Underneath the recipients I don't think I have any conversations in this But I can sort of create one I go down here and say reply I get a composer that looks like that And an important message, the EFF And so this is what the bottom Of the composer looks like I can tell it to attach my key If it hasn't decided to do that automatically If I have multiple accounts I can choose which account I'm sending as And here I have, in the corner I have some encryption options I can say I would like to encrypt it And it says you can't do that Because you don't have the keys I can click to search It's relatively straightforward One of the things that MailPile does Which is one of our Well, I think it's an innovation Is that the state of those buttons The encrypt or sign buttons Will depend, it's not always the same It depends on who you're communicating with So if you're exchanging email with someone Who always signs their mail with PGP And you have a key By default after a while MailPile will say Hey maybe we should encrypt to this guy So it will ratchet up The security of your communications Just over time And it won't do it uniformly It will try and be context aware Like if this person who you're communicating with PGP signs half their mail But the other half is not PGP signed It will not do the same thing It won't suggest that we should encrypt to that guy Because we have information that tells us He might not be able to read the mail And then it becomes a matter of The user can still choose to encrypt But we're not going to do it automatically Because that would interrupt the flow of conversation So we're trying to do things like that And it will be really interesting to see How that plays out when we have a few more people using it Finally this is the Multiple user interface Which I wanted to show you as well So here I've created a user With an account I can say tests I think it's password is testing It's a really good password And it does some things Thinks about it And if it's working There we go, we have mail pile So this is going through Apache So you can do this on a machine That is running other things I realize Apache isn't cool anymore I would like to do the same thing for Nginx But there's only so many hours in the day And maybe someone who knows Nginx can help out So that's my demo We've walked through a lot of the app Not quite all of it, but a bunch You can try it yourself And I encourage you to try it yourself We've built these Debian packages The source is still out there If you're not running a Debian-based distro If you're on Mac or Windows You're going to have to wait a little longer Unless you're that much more of a hacker And I have mail pile shirts So I'm going to do a little game over the weekend If you bring me your laptop And show me that you've installed mail pile I will give you a shirt And I really hope I don't have to carry All the shirts back home And I also have stickers as well Final point of the talk I'm looking to hire people To help me with the Mac and Windows desktop versions We need to do things like Think about app lifecycle What happens when people start the app How do you quit the app Sending people to a terminal To run it the way I just did for you Is not acceptable We need something more user friendly We need to integrate a little bit with the desktop There needs to be an icon somewhere There needs to be something familiar For people to interact with With their images And these are all things that I could figure out if I had Loads of time But I know there are people that already know how to do this And I would like to pay them some money to help me So the source of that money Is the Bitcoin that was donated at the beginning Of the campaign four years ago At the time Bitcoin was worth about 100 bucks I was told last night that it's at 3,000 now So I can actually afford to hire people again So even if you don't want to work with me And if you don't want to use MailPile Please make Bitcoin worth more money Just pump it up That's it Thank you for listening And I would love to take questions If there's time for that Do I do this myself? I hope Very slow Thank you for doing this awesome piece of software And thank you for your talk I've got one question What's the intent that you use For multi-device environment? Like how do you use it with multiple phones And desktops Good question To keep things simple Our multi-device story is MailPile has everything You use a mobile browser or whatever And the tricky bit there Is that Because this is meant for the average consumer So the average consumer They can figure out that they leave this on a computer Running at home And they don't know how to reconfigure their router So we need to work on solutions To allow people to expose The interface of their MailPile Without having to drill holes in their router And that happens to be my day job There are also things like Tor Which can do this So you can have a hidden service And then that also traverses NAT But this is one of the things That we want to work on in the future And the idea is MailPile has everything All of your devices talk to it So we need to worry about complicated synchronization Next question Yeah, my immediate concern is XSS So I saw when you were displaying the EFF email It was a plain text version Is that intentional and is that always? Could you repeat? I didn't get that I'm concerned about cross-site scripting attacks And the possibility of someone sending An email that is then somehow Leaked with scripts From the same domain that I'm loading All the scripts that actually Powered the interface So the question is what do we do About cross-site scripting and HTML mail Yes By default, we display plain text So the user has To request the HTML version And he can say I always want to see HTML from this sender And that becomes a relatively Comfortable workflow That means that if people called Email you from HTML We're just not going to display it That's our first line of defense Because we use Oh, I forget the name of it There's a very mature JavaScript library For sanitizing content Don't purify We use that before we display anything And we also try and lock things down Using the modern browser There are basically some headers And things that you can set That tell the browser that it's not allowed to do certain things And we make that as strict as we can There are limits to it though So it's a risk But we can't eliminate it And then how about For sandboxing for the server-side indexing Of the content So that means you have the content of my mail Which means you're parsing my mail And if you're parsing the HTML, that's complex If you're decoding mine stuff, that's also complex You're doing Bayesian filtering To try to identify spam, that's complex There seems to be a fairly large attack surface here So I'm wondering how you're trying to mitigate someone From getting arbitrary code execution In the same context that has access to all the other mail That's a huge topic Our first line of defense Is that we write as much as we can in Python So there are fewer ways To exploit Python code Than there are if it's a C library But we do use C libraries as well And there may be flaws And this is just like any other piece of software So I'm not pitching MailPile As the most secure email client It's an email client And all email clients, they have to think about these things And we need to get updates out there And that's why I didn't call it a 1.0 Until I had a repository where people could get updates So It's hard And we could use help Thanks My last thing is a comment Sandstorm has done a lot of really awesome work in this area And might be worth looking into For the sandboxing portions of this Sandstorm is very interesting Thank you Next Imagine the normal user Using this app A web app that Is also you can install the app But it's still a web app It seems kind of confusing for normal people So how do you imagine normal people using it So I think your question is Is this not confusing To the user, that it's a website That's also an app on their computer And how do we deal with that And I don't know And that's part of That is part of why I need help With the Windows and the Mac integration Is We need to see what we can do To make that experience At least intelligible So we need some sort of splash screen That says welcome to mail pile This is how it works It's a little bit different But maybe you'll like it We're just going to need to educate people On that Would you consider bundling it with WebKit Or do you really intend it to be Whether we want to bundle our own WebKit Use something We could ship an app that bundles WebKit And it all runs inside that The downside is then we become The owners of all of the Security updates for that Browser bundle and I would rather leave that to the operating system And the professionals, that's way too big It also has the downside that Then you have to think about the integration When the user is clicking on links Maybe they want to have three tabs open At the moment I'm leaning towards Putting people in their default browser Where they are comfortable And they just need to understand That there's a link between those things But if someone does a really good job Giving me an integrated WebKit I'm not sure I would say no But it's a hard task Okay, I think we have Time for last one Very short question, thank you How does mail pile Work together with smart cards Because what I learned from this Noten revelations was It's a good security measure To keep your private key Not on your computer But instead on a special device Like on a smart card How does it work together with mail pile The short answer is I don't know I have not tested it The strategy that we have For that is We're using GNUPE G under the hood So if you're running it On your desktop And GNUPE G has access to your Environment It can pop up the same dialogues as usual But this is not something That I consider to be a primary use case Because what happens When you do this Is encryption becomes special It is not something you do with all of your mail It's something you only do with the important mail Because interacting with the smart card Is annoying You have to type in a pin And if you're going to do that For every single email you send And then you have to do it again For every single email you read You're not going to like using that email client And if we want people to use Encryption as a routine thing All the time It has to be convenient So people that have Excessive high security needs And want smart cards I would like to support that use case But that is not my main goal Thank you very much Thank you very much Thank you very much