Ever since the Snowden documents emerged, multiple encrypted email services have appeared as a response to the increased demand for strongly encrypted email. Some don't use end-to-end encryption, others do but don't use proven crypto, and still others haven't figured out how to do PGP encryption for email that's easy to use and cross-platform.
Whiteout is a new email client and service that offers end-to-end PGP encryption that works everywhere, including on your PC, Android device or iPhone. If users want to send emails from multiple devices at the same time, the private key can be synced between devices. All of the company's code is open source so people can verify whether the company is up to no good or not.
Whiteout Networks, the company developing the Whiteout client and service, said that it believes in strong end-to-end encryption.
"Sending an email is like sending a postcard. Anybody can read it. At Whiteout Networks we believe that everybody should be able to encrypt their sensitive information everywhere. And we mean everybody. If you want to protect your privacy, you need end-to-end-encryption."
The email client uses the well known OpenPGP.js library used by other services and browser extensions, which makes it compatible with other PGP clients. When people send PGP emails from other PGP clients, the Whiteout client will be able to open those emails.
The Whiteout Mail client allows you to send and receive encrypted email for free. Whiteout Networks monetizes the service through the "Whiteout Mailbox" service which allows you to store your email (including plain-text email that you received from other services) encrypted on its servers. The emails are encrypted with the user's public key, and only the user can open them.
The company has already launched client apps for Chrome, Android and iOS. The Whiteout webmail interface can work from other browsers as well (Firefox, Safari, IE11), but this way it's not protected against active Man-In-The-Middle attacks, only against passive surveillance.
PGP is not the perfect end-to-end encryption protocol, and it has some major disadvantages such as a lack of support for Forward Secrecy (which means others can decrypt your past messages with a stolen key) and being generally very hard to use by most people. At the same time, it has also been proven reliable for the past two decades.
Multiple companies, including Google and Yahoo, are trying to make PGP easier to use, and Whiteout has attempted the same with its service by making it as easy to use as any other email service.
The main difficulty in using PGP encryption is exchanging public keys with your contacts. The process is so difficult and cumbersome that many just give up on trying to make it work. Whiteout does this automatically by querying well-known public key servers and finding your contacts' public keys, which then allows you to send them encrypted emails.
Oliver Gajek, the founder of Whiteout Networks, also said that the company is aware of Google's efforts, and when the End-to-End project is complete, Whiteout will talk to that service as well.
Whiteout Networks recently launched an IndieGoGo campaign to try to raise more funds to further develop the service. According to the company, the funds will be used for:
Development for the client application on all mobile platforms, including Android, iOS, Firefox OS, Windows Phone.Engaging top UI/UX experts to improve the ease of use of application and service even more.Working with the open source community on developing an industry standard for synchronizing private and public keys between devices.Scaling the backend server infrastructure for running Whiteout Mailbox.
Whiteout Networks is based in München, Germany and thus should benefit the users thanks to Germany's and the European Union's stronger privacy protections. However, given the fact that the service encrypts the emails end-to-end, on the client side, the location of the headquarters is more or less irrelevant. Still, the extra protections should provide some extra peace of mind that Whiteout won't end up like Lavabit, being forced to shut down because it wouldn't provide its customers unencrypted emails.
Follow us @tomshardware, on Facebook and on Google+.
