invmail.io

compleo

Valued Member
Checked the web site & looks promising.

Invmail is built on a zero-knowledge architecture and comes with seamless client-side encryption as standard, this is packaged into an intuitive and highly secure email client.Invmail is a secure zero-knowledge end-to-end communications platform, offering facilities such as e-mail, vid/voice calling, and a messengering service."

"Every email, even if not sent with End-to-End Encryption, is encrypted at standard with your public key. We also do this for your contacts list, messages, video/voice calls too in a similar manner."
  • Does this mean that keys are not needed on the users end,like Tutanota.

"SIMPLISTIC USABILITY Security without a drama! Invmail is multi device compatible, no install and web-based. Invmail facilities are fully compatible with alternative providers, You can communicated back and forth without any obstacles".

"We believe that 4096 bit End-to-End Encryption is a must for emails in transit."
Server location - Switzerland

Free & paid versions.

"To-date our concentration has been on the functionality, however when we launch out of beta for both Invacio and Invmail we will begin working on mobile devices for both systems".
 

wjdw

Invmail
Hi there guys/ladies.

Sorry it took a few days to respond, most of my team are developers and generally i take care of responding to tweets/messages/external posts until we have one standardised response overall to questions etc.

Unfortunately i have been in West Papua on my charitable commitments which has meant no or rare connectivity.

I would need to know a specific question around this to answer.

  • Does this mean that keys are not needed on the users end,like Tutanota.
Correct any email sent over Invmail via the system will work in a similar method.
 

compleo

Valued Member
Thanks for responding.

I would need to know a specific question around this to answer.

Me personally & i'm quite sure others are interested the metadata,contacts/address book etc.

I just found this on the web site so this answers the question.

The public key is uploaded onto our key server and used to encrypt every email you receive and its metadata on receipt of your email. From contacts to emails, all personal data stored on our servers is encrypted client side by default.

Just wondering if the sender doesn't send the mail encrypted is the metadata,address book/contacts still encrypted?
 

wjdw

Invmail
Hi, if A) Google sends to B) Invmail but not encrypted then no, they would not be encrypted, however if B returns to A then yes.
 

compleo

Valued Member
Hi, if A) Google sends to B) Invmail but not encrypted then no, they would not be encrypted, however if B returns to A then yes.

This is what i've been trying to figure out when dealing with sending e mail to e mail providers who are not secure.Every e mail provider web site i checked doesn't elaborate regarding this.

So,if i'm reading your comment correctly.If i use an e mail provider which is encrypted & i send an e mail to someone,regardless if i encrypt the inbox or not to one who uses an e mail provider which is not secure my metadata,ip is stripped,attachments & address book /contacts are encrypted/secure.
 

wjdw

Invmail

Here's how Invmail works (i can not speak for other companies).... I hope this will alleviate your worries about emails being sent as plaintext (for PGP users).
1. abdul@invmail.io sends an email to bengy@gmail.com

Abdul already has a keypair (generated automatically at registration), and Bengy has one too. Abdul adds Bengy as a contact (or does nothing and is matched to Bengy's key from a public key server), and sends him an email. The email contents + metadata is encrypted before they leave the Invmail email client-side, and are encrypted all the way to Bengy. If Bengy uses an email client with PGP support, then he can decrypt the email.

2. abdul@invmail.io sends and email to zack@invmail.io

Same scenario as above, except that key exchange is done automatically for Invmail users (and emails don't leave our servers, making the process even more secure).

3. abdul@invmail.io sends an email to claire@gmail.com

Claire doesn't use PGP, so Abdul's email needs to be sent as plaintext. However, before storing the email to the database, it is encrypted with Abdul's key, and the plaintext version (residing in RAM) is deleted as soon as the mailer reports successful delivery. This way, only Abdul has access to her data, and Invmail is Zero Knowledge in respect to email contents, account owners etc.

Quote

This is what i've been trying to figure out when dealing with sending e mail to e mail providers who are not secure.

So,if i'm reading your comment correctly.If i use an e mail provider which is encrypted & i send an e mail to someone,regardless if i encrypt the inbox or not to one who uses an e mail provider which is not secure my metadata,ip is stripped,attachments & address book /contacts are encrypted/secure.

:- Meta Data = Encrypted where possible as standard or stripped, and where not obfustructed as standard.
:- All encryption is done client-side, all we see are armoured PGP messages.
:- IP = All emails appear to come from our own IP of one of our relay servers - your IP will never show on outgoing mail, and nor is it stored our end.
:- Attachments = External Attachments, we have blocked, we will launch a zero-knowledge storage system (we already have for Invacio - just need to re-work for Invmail) allowing you to just grab a link and share this way, we will look at external attachments but i do not personally believe they can be completely secured, further more cloud storage is the future for the ease of finding files etc. = please see attached screenshot.
:- Address book, contacts are of-course secured against your key, which we never see, please note, if you ever change your password (changes key also) that you should really take a copy of your old key to unlock your contacts as it currently encrypts them against the key etc, this way we allow you to burn your account in seconds, destroying the data against the key that only you have a copy off settings>security>key when logged in.
 

Attachments

  • Screen Shot 2015-11-20 at 19.35.44.png
    Screen Shot 2015-11-20 at 19.35.44.png
    362.4 KB · Views: 1,337

compleo

Valued Member
The very detailed response is very much appreciated...:thanks:


Here's how Invmail works (i can not speak for other companies).... I hope this will alleviate your worries about emails being sent as plaintext (for PGP users).
1. abdul@invmail.io sends an email to bengy@gmail.com

Abdul already has a keypair (generated automatically at registration), and Bengy has one too. Abdul adds Bengy as a contact (or does nothing and is matched to Bengy's key from a public key server), and sends him an email. The email contents + metadata is encrypted before they leave the Invmail email client-side, and are encrypted all the way to Bengy. If Bengy uses an email client with PGP support, then he can decrypt the email.

2. abdul@invmail.io sends and email to zack@invmail.io

Same scenario as above, except that key exchange is done automatically for Invmail users (and emails don't leave our servers, making the process even more secure).

3. abdul@invmail.io sends an email to claire@gmail.com

Claire doesn't use PGP, so Abdul's email needs to be sent as plaintext. However, before storing the email to the database, it is encrypted with Abdul's key, and the plaintext version (residing in RAM) is deleted as soon as the mailer reports successful delivery. This way, only Abdul has access to her data, and Invmail is Zero Knowledge in respect to email contents, account owners etc.

Quote

This is what i've been trying to figure out when dealing with sending e mail to e mail providers who are not secure.

So,if i'm reading your comment correctly.If i use an e mail provider which is encrypted & i send an e mail to someone,regardless if i encrypt the inbox or not to one who uses an e mail provider which is not secure my metadata,ip is stripped,attachments & address book /contacts are encrypted/secure.

:- Meta Data = Encrypted where possible as standard or stripped, and where not obfustructed as standard.
:- All encryption is done client-side, all we see are armoured PGP messages.
:- IP = All emails appear to come from our own IP of one of our relay servers - your IP will never show on outgoing mail, and nor is it stored our end.
:- Attachments = External Attachments, we have blocked, we will launch a zero-knowledge storage system (we already have for Invacio - just need to re-work for Invmail) allowing you to just grab a link and share this way, we will look at external attachments but i do not personally believe they can be completely secured, further more cloud storage is the future for the ease of finding files etc. = please see attached screenshot.
:- Address book, contacts are of-course secured against your key, which we never see, please note, if you ever change your password (changes key also) that you should really take a copy of your old key to unlock your contacts as it currently encrypts them against the key etc, this way we allow you to burn your account in seconds, destroying the data against the key that only you have a copy off settings>security>key when logged in.
 

wjdw

Invmail
Not a problem, unfortunately i think my posts are vetted before publishing hence the delay.

12pm GMT Sat responding
 

wjdw

Invmail
REF TLS

This isn't bad or an issue just states we do not use Open Relays, as the additional the layers of encryption are unnecessary. TLS protects you from "bad relays" that trace metadata from emails that passes through it, but no-one uses open relays these-days (or if they do you should not use them).

The sending email process on Invmail, our server directly resolves MX records / A records and ends up sending an email to the receiving SMTP server directly - there's no third party (especially considering that the connection is TLS-encrypted). If the service provider wants to analyse metadata, they will be able to do it anyway, but bare in mind the email data this is encrypted against your "Key", thus you and the receiver can only read.
 

Anonymous1

New Email
Unreliable email provider.
invmail.io is down and off-line.
I can't access my emails for months.
I didn't get or still see any information what's going on and when service will be on-line.
 
Top