Mynigma for Business

Frequently Asked Questions

Basics

Encryption

The basics

What is Mynigma?

Mynigma is a new kind of email client with built-in privacy protection. It boasts a unique encryption feature so user-friendly that absolutely anyone can use it. And we do mean anyone.

How does it work?

It couldn't be any easier. Simply receiving a message from another Mynigma user activates the encryption feature behind the scenes. Your reply and any future messages you exchange will be protected completely automatically. More details can be found here.

Why do I need it?

Your inbox amounts to a surprisingly detailed digital profile that, once on the internet, cannot be withdrawn. How it will be used in future is beyond your control. The contents of safe messages, on the other hand, never end up on the internet.

How much is it?

It's free for personal use. We believe that there is not enough privacy on the internet and that without it, there can be no democracy. That's why Mynigma has no advertising, no paid upgrades nor any other hidden costs. It's just free. Download it from here.

If you run a company, you may be interested in the business version for commercial use.

The encryption feature

How do I know if a message will be encrypted?

Simply start composing a new message. If the compose window turns green, Mynigma has taken care of the encryption completely automatically, so you can get on with your work and still rest assured that your data remains yours.

Who has access to encrypted messages?

Only you and the recipient. Opening your safe messages is impossible without access to your device, which even we don't have.

The details

What systems does it run on?

It is currently available for Mac OS and iOS. Versions for Windows and Android are also in the pipeline. Stay up to date by signing up for our newsletter.

Can I use it with my existing e-mail accounts?

Of course. Just log into your account with Mynigma and start sending safe messages.

What about people who don't have Mynigma yet?

In addition to making encryption user-friendly, Mynigma is also a fully functional email client. If a recipient doesn't have Mynigma, you will be offered the option to send an open message instead. Why not try it out for yourself?

Can I use it on the go?

Thanks to the Mynigma iOS app you can read safe messages on iOS devices. Apps for other platforms will follow in due course. If you let us know your email address, we will keep you in the loop.

Can I still read messages in other clients?

You will still be able to read ordinary emails on the web and in other clients. The same is not true for safe messages, which can only be read on your devices. In fact, this is the point of the encryption: putting your data out of reach even for your email provider.

What happens if I lose my device?

Messages are stored unencrypted on your device, for reasons outlined here. We recommend using hard-drive encryption and setting a strong login password/passcode. Using Mynigma on several devices will reduce the risk of data loss.

Privacy

What kind of data do you collect?

None. We take your privacy very seriously. Our personal use version does not collect any data at all. We do not even know our users' email addresses - unless they get in touch with us.

Why would I encrypt my emails if I have nothing to hide?

That's missing the point. One might as well say that people who use envelopes are up to no good or that curtains are the mark of a criminal. The right to privacy is central to democracy. Taking control of your own data is simply common sense.

Who is interested in my mailbox?

Advertisers (including, probably, your e-mail provider), criminals like hackers, scammers and identity thieves, government agencies and - depending on what you do for a living - many more.

Security

How secure is Mynigma?

Our strong, trusted encryption algorithms are unlikely to be broken even by the most sophisticated attackers. What sets us apart is a feature called device-to-device encryption. Put simply, this means that even your e-mail provider has no way of accessing your safe messages - nor do we. Bear in mind though, that there is no such thing as 100% security, and that due to weaknesses in operating systems and the problem of initial public key distribution, it is very difficult to protect yourself if you become the victim of a targeted attack, as opposed to passive data collection.

What about man-in-the-middle attacks?

In principle, Mynigma’s automatic encryption mechanism is vulnerable to the well-known problem of a man-in-the-middle (MITM) attack during the initial key exchange. For most users, passive data collection is a more prominent issue, but if such an attack is a worry, Mynigma will offer user-friendly means of detecting it - comparing a QR code either in person or via text message, for example. In addition, we ensure that key introductions must be signed with both the old and the new key, preventing a MITM from 'escaping'. Elevating the risk of discovery in this way raises the cost of a potential attack to a point where it may not be worthwhile in the first place.

How are the messages stored locally?

On your device, messages are stored in unencrypted format, within the app's sandbox. This has many advantages. For example, it becomes possible to search through messages at great speed. Local encryption would add few security benefits, since an attacker who is able to access Mynigma's sandbox would likely be able to install a key-logger or to access Mynigma's keychain items. In any case, it is important that you keep your device secure and pick a strong login password.

What algorithms do you use exactly?

We employ RSA with 4096 bit keys and OAEP padding, AES with 128 bit keys and SHA-512 for hashing. Unlike PGP and S/MIME we do not use broken or outdated algorithms like SHA-1. We also encrypt subject lines, as well as attachments. More details are available here.

Is the code open source?

Coinciding with its launch at the CeBIT 2015, we published Mynigma's source code under a GPL licence. With HTMLPurifier, we have already made available an Objective-C library for cleaning untrusted HTML, removing potentially harmful active content. We are very keen to let other programmers benefit from our work - and vice versa. If you would like to help us, please get in touch.

Alternatives

Why not use an existing standard?

There are several reasons why the existing standards are unsuitable for us. We think it's important to encrypt subject lines and to throw overboard broken algorithms like SHA1. That's why, unfortunately, a solution like OpenPGP is out of the question for a modern crypto-system designed to be future-proof. If you'd like to know more, why not get in touch?

What if the other party doesn't have Mynigma?

Just invite them to download it for free. If they don't have a Mac or an iOS device they might have to wait for Mynigma to become available on their platform.

How is it different from PGP?

If you have tried using PGP (a popular encryption solution) you may be familiar with the details of key exchange that confuse many users. When it comes to usability, Mynigma is in a different league. In many respects, it is also more secure. Nonetheless, an additional PGP feature will be integrated into future versions of Mynigma.

How is it different from S/MIME?

S/MIME is another well-known encryption standard. It is widespread in the business world, but has otherwise failed to attract the users it deserves. The main reason is that, just like PGP, it requires a basic understanding of public key encryption. Future versions of Mynigma will include S/MIME encryption as well.

How is it different from "E-Mail made in Germany"?

"E-Mail made in Germany" is an initiative launched by some German email providers in reaction to the NSA revelations. Its weak, incomplete encryption has faced a lot of criticism, because it lacks the kind of device-to-device security Mynigma provides.

How is it different from Posteo?

Posteo is an email provider with a focus on privacy and anonymity, which is commendable. If you write to someone with a different provider, however, your data will still end up in the hands of advertisers and the like. Of course you can also use Mynigma in conjunction with a Posteo account.

Why not use a plugin?

A standalone app like Mynigma is safer and generally more reliable. For example, plugins for Apple Mail often break if the underlying client is updated.

About Mynigma

How do you fund this?

We work part time to finance this project, which is very close to our hearts. We also sell a business version of Mynigma, available at our business site. Another source of income is prize money, like from the CeBIT Innovation Award 2015. Finally, your donations help us roll out new features even more quickly.

What kind of academic research is Mynigma based on?

Developing a program like Mynigma would be impossible without strong links into academia. The advice of our mentor, Prof Volker Roth, from Freie Universität Berlin, is invaluable to us. His paper 'Security and Usability Engineering with Particular Attention to Electronic Mail' is especially relevant. We also draw on numerous other pieces of research such as papers on authentication via short message digest comparisons.

Navigation