[sipior]

Yes gioele, I know. But we're not talking about flaws in the mailpile cryptosystem. Obviously their implementation of GPG will have to be professionally vetted. The other flaws (vulnerability to traffic analysis, reliance upon the recipient to store the message contents securely), are, to put it mildly, very hard to solve with email in its current incarnation. Taking the piss out of the mailpile folks because they don't solve these issues seems churlish at best.

With luck, they'll deliver a good, self-hosted gmail replacement with a secure mail store that's easy for folks to install on their own. That's surely a step forward.

[toyg]

Not really. NSA already use their mail mass-dumps mostly for aggregated analysis, to pinpoint networks of interlinked individuals which they can then pass to other agencies for parallel construction.

Mailpile will not change that.

At the very least, we need metadata encryption right about now.

[sipior]

I don't disagree with your last statement, but I also wish to point out that there are, believe it or not, other reasons to encrypt email that do not involve the NSA.