Safe email made simple - Mynigma

Frequently Asked Questions



The basics


Mynigma is a new kind of email client with built-in privacy protection. It boasts a unique encryption feature so user-friendly that absolutely anyone can use it. And we do mean anyone.

It couldn't be any easier. Simply receiving a message from another Mynigma user activates the encryption feature behind the scenes. Your reply and any future messages you exchange will be protected completely automatically. More details can be found here.

Your inbox amounts to a surprisingly detailed digital profile that, once on the internet, cannot be withdrawn. How it will be used in future is beyond your control. The contents of safe messages, on the other hand, never end up on the internet.

It's free for personal use. We believe that there is not enough privacy on the internet and that without it, there can be no democracy. That's why Mynigma has no advertising, no paid upgrades nor any other hidden costs. It's just free. Download it from here.

If you run a company, you may be interested in the business version for commercial use.



The encryption feature


Simply start composing a new message. If the compose window turns green, Mynigma has taken care of the encryption completely automatically, so you can get on with your work and still rest assured that your data remains yours.

Only you and the recipient. Opening your safe messages is impossible without access to your device, which even we don't have.



The details


Of course. Just log into your account with Mynigma and start sending safe messages.

In addition to making encryption user-friendly, Mynigma is also a fully functional email client. If a recipient doesn't have Mynigma, you will be offered the option to send an open message instead. Why not try it out for yourself?

Thanks to the Mynigma iOS app you can read safe messages on iOS devices. Apps for other platforms will follow in due course. If you let us know your email address, we will keep you in the loop.

You will still be able to read ordinary emails on the web and in other clients. The same is not true for safe messages, which can only be read on your devices. In fact, this is the point of the encryption: putting your data out of reach even for your email provider.

Messages are stored unencrypted on your device, for reasons outlined here. We recommend using hard-drive encryption and setting a strong login password/passcode. Using Mynigma on several devices will reduce the risk of data loss.



Privacy


None. We take your privacy very seriously. Our personal use version does not collect any data at all. We do not even know our users' email addresses - unless they get in touch with us.

That's missing the point. One might as well say that people who use envelopes are up to no good or that curtains are the mark of a criminal. The right to privacy is central to democracy. Taking control of your own data is simply common sense.

Advertisers (including, probably, your e-mail provider), criminals like hackers, scammers and identity thieves, government agencies and - depending on what you do for a living - many more.



Security


Our strong, trusted encryption algorithms are unlikely to be broken even by the most sophisticated attackers. What sets us apart is a feature called device-to-device encryption. Put simply, this means that even your e-mail provider has no way of accessing your safe messages - nor do we. Bear in mind though, that there is no such thing as 100% security, and that due to weaknesses in operating systems and the problem of initial public key distribution, it is very difficult to protect yourself if you become the victim of a targeted attack, as opposed to passive data collection.

In principle, Mynigma’s automatic encryption mechanism is vulnerable to the well-known problem of a man-in-the-middle (MITM) attack during the initial key exchange. For most users, passive data collection is a more prominent issue, but if such an attack is a worry, Mynigma will offer user-friendly means of detecting it - comparing a QR code either in person or via text message, for example. In addition, we ensure that key introductions must be signed with both the old and the new key, preventing a MITM from 'escaping'. Elevating the risk of discovery in this way raises the cost of a potential attack to a point where it may not be worthwhile in the first place.

On your device, messages are stored in unencrypted format, within the app's sandbox. This has many advantages. For example, it becomes possible to search through messages at great speed. Local encryption would add few security benefits, since an attacker who is able to access Mynigma's sandbox would likely be able to install a key-logger or to access Mynigma's keychain items. In any case, it is important that you keep your device secure and pick a strong login password.

We employ RSA with 4096 bit keys and OAEP padding, AES with 128 bit keys and SHA-512 for hashing. Unlike PGP and S/MIME we do not use broken or outdated algorithms like SHA-1. We also encrypt subject lines, as well as attachments. More details are available here.

Coinciding with its launch at the CeBIT 2015, we published Mynigma's source code under a GPL licence. With HTMLPurifier, we have already made available an Objective-C library for cleaning untrusted HTML, removing potentially harmful active content. We are very keen to let other programmers benefit from our work - and vice versa. If you would like to help us, please get in touch.



Alternatives


There are several reasons why the existing standards are unsuitable for us. We think it's important to encrypt subject lines and to throw overboard broken algorithms like SHA1. That's why, unfortunately, a solution like OpenPGP is out of the question for a modern crypto-system designed to be future-proof. If you'd like to know more, why not get in touch?

Just invite them to download it for free. If they don't have a Mac or an iOS device they might have to wait for Mynigma to become available on their platform.

If you have tried using PGP (a popular encryption solution) you may be familiar with the details of key exchange that confuse many users. When it comes to usability, Mynigma is in a different league. In many respects, it is also more secure. Nonetheless, an additional PGP feature will be integrated into future versions of Mynigma.

S/MIME is another well-known encryption standard. It is widespread in the business world, but has otherwise failed to attract the users it deserves. The main reason is that, just like PGP, it requires a basic understanding of public key encryption. Future versions of Mynigma will include S/MIME encryption as well.

"E-Mail made in Germany" is an initiative launched by some German email providers in reaction to the NSA revelations. Its weak, incomplete encryption has faced a lot of criticism, because it lacks the kind of device-to-device security Mynigma provides.

Posteo is an email provider with a focus on privacy and anonymity, which is commendable. If you write to someone with a different provider, however, your data will still end up in the hands of advertisers and the like. Of course you can also use Mynigma in conjunction with a Posteo account.

A standalone app like Mynigma is safer and generally more reliable. For example, plugins for Apple Mail often break if the underlying client is updated.



About Mynigma


We work part time to finance this project, which is very close to our hearts. We also sell a business version of Mynigma, available at our business site. Another source of income is prize money, like from the CeBIT Innovation Award 2015. Finally, your donations help us roll out new features even more quickly.



© 2012-2016 Mynigma UG (haftungsbeschränkt) | We do not use cookies.

© 2012-2016 Mynigma UG (haftungsbeschränkt)
We do not use cookies.