negative zero

2023 review: Skiff Mail

2023 August 15

[email] [privacy] [review] [tech]


Skiff is a source-available collection of privacy-focused services, most interestingly encrypted email. Privacy folks I follow have been talking about Skiff Mail lately, so I figured I'd check it out.

Quick disclaimer: I'm not a fan of encrypted email services in general, so I wasn't expecting to like this or want to use it myself. This isn't the right tool for me. Me saying negative personal opinions doesn't mean this isn't the right tool for you. Also, I didn't try installing any apps, so this is just a review of the web service.


Encrypted Email Providers

There are a few notable email services which offer(ed) encrypted email: Proton Mail, Tutanota, CTemplar (RIP), and now Skiff Mail. Generally, these have three main features:

  1. Emails sent to users of the same service are end-to-end encrypted.
  2. Emails sent outside the service can be optionally password-encrypted.

    3. (Skiff Mail does not currently have this feature. In my opinion, this feature is not very good, and that's fine.)

  3. Emails sent/received unencrypted by the service are stored encrypted such that the service can't read them.

These are (roughly) in order from strongest to weakest protection. For webmail, these services all rely on web clients which are downloaded on-the-fly and thus difficult to audit. (CTemplar had a cool way of addressing this, but that service doesn't exist anymore.) Section 5 of this paper on Proton Mail talks about this. (Tutanota and Skiff have more or less the same problems as Proton Mail, so this paper is relevant.)

I'm not a fan of these encrypted email providers. They don't offer standard email protocols (IMAP and POP3) to access your email from normal email clients like Thunderbird. You have to have a special app just for that service or manually log in on the web to read your emails. They don't offer forwarding features. This is inconvenient and makes it harder to move from these providers to another if you stop wanting to use the service. Basically, they're hard to move away from, so I feel like signing up for them in earnest represents a commitment to use them forever.

(...or you could use a custom domain.)


Skiff Mail's Privacy and Security

I did not read the privacy policy. I tried, but I couldn't get through the legalese. I'm normally pretty good at that, and this one seemed pretty standard, so I'm going to say I might have just been too tired for that this afternoon when I was setting up my account.

Skiff Mail has a human-readable Annotated Privacy Policy which I did read. It seemed okay. ToS;DR's page on Skiff doesn't have anything useful; it hasn't been graded yet.

But let's talk about technical stuff. Of the three normal encrypted email things, Skiff offers the first and third. Emails to other Skiff users are end-to-end encrypted, and messages sent/received unencrypted are stored encrypted. You can't send encrypted emails to non-Skiff users.


Encryption

According to the security model page, Skiff uses authenticated encryption for authentication and confidentiality. From what I can tell from this page and the whitepaper, this hybrid encryption scheme uses long-term public keys, meaning the compromise of a private key allows an adversary to decrypt old messages, i.e., Skiff Mail does not provide forward secrecy.

Emails which must be sent unencrypted are actually sent encrypted... to a decryption service which decrypts them, sends them on with standard SMTP, and deletes the unencrypted copy. This is fine but strange. My guess is this was just a simpler implementation because it allows the client logic to always encrypt outgoing emails. Similarly, incoming unencrypted emails are encrypted by an encryption service before going to the user's inbox. Skiff claims not to store the unencrypted emails. This cannot be guaranteed. (Note that this is a shortcoming of any system that allows unencrypted emails.)

Skiff doesn't use OpenPGP, and you can't encrypt emails to non-Skiff users. I'm not a fan of this lack of interoperability, even if OpenPGP would also not be great.


Verification

According to the Skiff Whitepaper, it should be possible to verify users' keys. It's possible to view your own public key's verification phrase (your public key, encoded as a sequence of words). However, I wasn't able to find a way to view other users' keys or verify them. I emailed support to ask how to do this and will update this section if/when they get back to me.

Update: I got a response which did not clarify anything but said "We hope to integrate this feature more deeply into Contacts." It asked me to submit a feature request on Canny. I didn't want to make a new account just for this, so here's a GitHub issue.


Tracking Protections and Whatnot

There's a "block remote content" feature which is off by default. I couldn't find a way to tell Skiff to render or send emails in plain text (which is good to do).


Features

Skiff Mail has a free tier with basic email features. I don't like webmail and didn't care to play with it too much. I expect Skiff Mail's free plan to be usable for most people, based on how few requirements are needed for email. You can schedule emails, which is cool.


Custom Domain

One thing I found very surprising is that Skiff Mail supports linking a custom domain on its free plan. This is actually really great because my biggest issue with encrypted email is the inability to move away from a certain provider. Setting up a custom domain and using the service with your custom domain gives you this portability. And you can do that for free with Skiff!

I set up skiff.negativezero.link as a custom domain on Skiff to test this. (I recommend using a more generic subdomain like mail or just using the root domain. I just used skiff because I was testing skiff and didn't plan to actually use that subdomain for mail.) The setup instructions assume you're using the root domain, so if you're running on a subdomain (like me), you have to adapt the DNS records they want you to set.

Here's what they told me to set:

A list of 5 DNS records to set to link the domain skiff.negativezero.link to Skiff Mail. These rules are written with the assumption that skiff.negativezero.link is a root domain, so the "Name" field uses @ for the skiff subdomain and otherwise omits skiff from the subdomain listed.

Suppose you're using mail.yourdomain.tld. Here are the actual DNS records to set to get it working:

Type Name Priority Value
MX mail 0 inbound-smtp.skiff.com
TXT mail N/A v=spf1 include:raqhecwbtrn5gni.spf.skiff.com -all
CNAME skiff1._domainkey.mail N/A skiff1.raqhecwbtrn5gni.dkim.skiff.com
CNAME skiff2._domainkey.mail N/A skiff2.raqhecwbtrn5gni.dkim.skiff.com
TXT _dmarc.mail N/A v=DMARC1; p=reject; pct=100; adkim=s; aspf=s

TL;DR: If it says "@" for the Name, use "mail" instead. If it says something else for the Name, add ".mail" at the end. (Replace "mail" here with whatever subdomain you're using.)

Update: GitHub issue


UI/UX

It's webmail. I don't like webmail, especially encrypted webmail. It tends to be pretty slow and unpleasant to use. This was about what I expected, more or less comparable to Proton Mail.

I found it slightly difficult to figure out how to navigate the interface, but that might just be because I'm not used to webmail.

There are two themes represented by in three options: light (default), dark, and system theme (adaptive light/dark). The dark theme is pretty, but the text isn't quite light enough to be easy to read. It causes me some eye strain looking at my inbox.

There's a "Sign off with Skiff signature" option in the Signature settings. It's enabled by default and puts "Secured by Skiff Mail." at the bottom of your emails. It's annoying but can be disabled fairly easily. If you really want to promote the service, you can leave it on, I guess.


Sign-up Process

I did not try to sign up over Tor or a VPN. I don't know if there would have been additional friction if I'd tried. The site prompted me to add a recovery email but did not require one, and more generally it did not require any personal information to sign up. So that was nice. I did have to fill out a CAPTCHA provided by hCaptcha. (Skiff uses Cloudflare, at least on some parts of the site, so that's probably why it uses hCaptcha.)

When I was signing up and pasted in my password, the site hung for several seconds trying to run its "is your password strong enough?" algorithm. It wasn't obvious to me that it was doing that (it looked like it just hadn't registered the paste), so I tried pasting again, resulting in even more wait time and additional wait time when I tried to delete my password from the box and re-paste it. It was fine, just annoying.


Conclusion

It's encrypted webmail. If that's your thing, you might like it. I like Proton Mail better because it lets you use encrypted email with people like me who don't use Proton Mail but do use OpenPGP. As far as I can tell, you can't verify other users yet, which is Not Great™. Skiff Mail supports one custom domain on its free plan, which gives you the portability to move your account if you want. I would highly recommend setting that up if you're going to use Skiff to avoid lock-in.

There are clients for Android, iOS, and macOS (and apparently a Windows one is in the works). I did not try any of these and can't speak to them.

Ultimately, this gets the standard privacy-focused email service review: It's Better Than Gmailâ„¢. If it works for you, I think it's fine.