Replace Rainloop Webmail with Mailpile Webmail? The latter has better privacy through in-built PGP support. Checkout https://mailpile.is
Using gpg via webmail while you can use any gpg enabled mail client is just wrong (imo). Mailpile can be (and should be) installed on your own machine to provide best security. We have not yet look into mailpile in detail (though it does support autocrypt which is awesome) as we always thought of it to be a mailclient (although built on web technologies) to be rather installed locally then as a webmail of a provider.
As we are considering switching webmail (or providing two) mailpile is definatelly something to look into.
Rainloop provides gpg support too, although not as good as mailpile i suppose. I’m guessing mailpile does not wipe your gpg keys when you logout. It’s all a matter of how you look at things. Our current standpoint is that webmail is rather on the go solution, when you dont have access to your device on which you are running your mail client (evolution, thunderbird, k9 or mailpile). In this cases you do hope that your key you used (eg. form your usb stick) is not going to stay forever on someone else computer. This is the reason we have picked Rainloop.
A friend of mine wanted to try to upload his own keys to webmail but never managed to make it work in any webmail client. I don’t like the idea to upload keys from local computer to a server, but since I was curious I had a look. Roundcube has no web option to upload private and public keys, but with Rainloop it worked fine, but you must make sure to avoid white spaces, and the keys need to be RSA, and not the newer EC keys which seem default in Thunderbird now. Regarding Mailpile : Cool project, cool concept, but not meant to use on anything than your own computer. Also Mailpile has still not reached stable 1.0 version and the main developer is busy with other things as well. Besides that main developer is worried about implementing delete option in Mailpile so you cannot even really remove emails. Mailpile is not suitable as main webmail option for a lot of people, for sure, imho.
Rainloop does not upload keys to the server. It stores them in browser session locally. It is just a mail client like thunderbird. But since the key is stored in the local session of the browser it means that if you do not make a backup of the key you generated in rainloop, you will loose your key upon re-login.
Mailpile I havent tried much and specially not on multiuser setup but it owuld be anice to experiment with. At this moment we are more and mor ethinking about roundcube as its the most mature webmail out there and it does have nice pgp plugins as well as they are implementing autocrypt (or at least planning to). Rainloop is nice light and fast, but lacks more and more features and it is hard to communicate with devs and see whats on their roadmap (for example autocrypt).
Coming year we want to put some more work towards email. Starting with better webmail expereience as well as push for autocrypt and mailbox encryption whether server side or using public gpg keys. Our main criteria for promoting mail clients will be autocrypt. We want to create ecosystem with proper but easy use of GnuPG (autocrypt, key server, auto encrypting incoming mails with gpg). Lots of work but could result in proper end to end fully open source solution.
@yellowfrog nice to see you back btw.
Cheers! I just logged in here wanting to file a little bug report re: the text here : https://disroot.org/en/services/email “NOTE: Please be aware that this is a server side encryption, which means you don’t have control on your secret key.” which suggests that all keys are stored on the server.
Recently I found out more about this myself in a test setup. Automatically removing web storage in Firefox settings made my imported test keys in RainLoop vanish, while in Roundcube webmail they stayed. After some reading it turned out that indeed RainLoop does not store the keys on the mail server, but the Enigma plugin for Roundcube does.
Perhaps it is good to mention that it seems that RainLoop still only supports RSA based keys and not the newer ECC format (which is default in Thunderbird Enigmail). https://github.com/RainLoop/rainloop-webmail/issues/1945
Please be sensible about it. Don’t replace Rainloop all of a sudden. Add an alternative and, in time, if it proves to provide all Rainloop features (and more), then remove it.
There is no intention to replace Rainloop suddenly and without the necessary tests. Especially not without informing the community.
Thanks for your concern. We take note of it.
In your blog post announcement you post as a highlight:
Drag-&-drop message management: move your messages with your mouse.
I think that’s a pretty silly remark. One thing that I rely on Rainloop (and modern web UIs like GitHub, for example) is keyboard shortcuts. I think that we became a bit more skilled than regular “mouse” users, over the years.
Rainloop lets you move your messages to desired folders with shortcuts keys, not just with the mouse.
Roundcube says keyboard shorcuts are among their planned features.
My request, can you keep both clients for now?
It’s not possible to keep both clients as you run into issue with 2FA.
As for your remark on skilled then regular mouse user. Why do you use webmail in the first place? Why not native clients like thunderbird/evolution/outlook/clawsmail on desktop and fairemail/k9 on android? It provides all features you need including much better integrtion with your operating system.
Why do you use webmail in the first place?
Because you provide it.
Why not native clients like thunderbird/evolution/outlook/clawsmail on desktop and fairemail/k9 on android?
I already use a desktop client at home (OS X Mail) but at work I have to use webmail since I don’t have permissions to install and configure a desktop email client. I don’t own a cellphone (yeah, I still call it “cell”, not “smart”) for more than 15 years so no Android either.
So yeah, I do most of my message browsing and archiving through webmail, when I have more time to do it (I spend more time at work than at home, like most day-job working individuals).
However, if it’s not possible, then it’s not possible, and that’s enough.
Let’s hope you wont be disapointed wiht roundcube.
Additonally, until nextlcoud’s email client becomes production ready we will still provide rainloop within nextcloud so you will have a way to still use it. At least for the time being.