[Guest9812398]

Agreed. For a service that is about security, it honestly leaves me feeling very vulnerable, and I wouldn't consider it for that reason. I'm concerned about my emails being delivered, increased spam, a thief (or government employee) walking out of my home with my email server, my modem needing a reboot while I'm on vacation and not being able to send or receive emails, and my neighbor accidentally burning down my apartment, taking my email with it.

I'm a Fastmail user and pretty happy with the service. But, what's the real world benefits of Helm over an encrypted email service, like ProtonMail?

[gsreenivas]

Using a hardware root of trust, secure boot and a Secure Enclave for managing keys used for full disk encryption, it will be very difficult to extract decrypted data from a Helm server. The keys never leave the Secure Enclave, they aren't available to the application processor or memory.

Most cloud-based email services hold email in the clear - we believe this means you don't really own your data. Encrypted email services have challenges around search, access via proprietary protocols and the risks of running highly sensitive operations in client-side javascript.

[lvh]

Hang on: are you suggesting cloud e-mail services don't use FDE?

[lolc]

They may but they also hold the keys.

[lvh]

I mean, sure? You can use encryption to get security and privacy features but "FDE" isn't it. FDE is more important for Helm but that's a problem of their own design: suddenly the e-mail is in a box in my kitchen and it's a lot easier to walk out with a box in my kitchen than it is to walk out with a drive from us-east-2a :-) For anything in the cloud it's a belt-and-suspenders/compliance thing.

[lolc]

How many people have access to drives in us-east-2a? Do you know? Can you verify?

Assuming the software works flawlessly (if it doesn't, it doesn't matter where it runs) you'll need RAM and storage access to recover the keys and the data. If you're in the cloud, you won't notice when insiders or state agencies take a peek. If the device is in your home, you can set it up so you notice.

It all depends on the threat model.

[lvh]

> How many people have access to drives in us-east-2a? Do you know? Can you verify?

AWS, like every non-clownshoes provider, is transparent about the security controls on its datacenters. It has those verified by independent third parties and auditors (for relevant compliance standards). They have published whitepapers and compliance/audit reports, and continue to.

The odds that someone compromises a Helm update and the odds that someone walks out of us-east2a with a drive are not in the same ballpark.

To reiterate, because somehow I'm in the "FDE is an important threat model!" corner: it is not. Walking away with a Helm is not the easiest way to read e-mail on that thing, especially not for an organization capable of dragnet surveillance in general.