What is it?
In short, imagine if Microsoft Outlook, which people use at work, could be used on pretty much any computer and with security in place that completely eliminates spam and, theoretically, phishing and malware delivered by e-mail. It sounds too far-fetched to be impossible, but it isn’t.
The longer answer is that Anselus is an open platform for communications and collaboration. It centers around encryption and careful control of information. Although originally conceived to replace e-mail, it is flexible enough to do much more. Tentative plans for the client include notes, to-do lists, an address book, scheduling, and possibly social media.
How can I download it?
It’s too early for that, unfortunately. Anselus is a very young project. Right now, we need lots of help to get good forward momentum, largely from sponsors and developers.
How does Anselus work, technically speaking?
An Anselus account focuses on workspaces which can belong to individuals or groups. The platform is engineered to stay as close to zero-knowledge management as possible on the server side. Both symmetric and public key cryptography are used to protect information. In addition to messages exchanged by users, system-level messages are passed around to communications, such as for read receipts, contact requests, and other background tasks.
Existing standards have been leveraged where possible, using them directly or heavily borrowing from them. JSON is used to structure data. A dialect of BBCode has been created for formatting rich text. The client-server protocol in its current form is inspired by several messaging protocols, including POP3 and Simple Mail Access Protocol.
How does Anselus protect my privacy and ensure security?
The current era of surveillance is a far cry from the early days of the Internet. E-mail is scanned by nation-state actors, providers, and anyone else with the desire and opportunity. It is also the enabler of the vast majority of cyberattacks. The Anselus team intends to change that. Privacy and security are top priorities for the platform.
Spam will become a bad memory. Messages are accepted by the client only if the sender is in the user’s address book. Server administrators can limit the amount of messages sent by individual users and also limit traffic received from other servers. Traffic is not relayed by servers – it is sent directly to the destination over an encrypted connection, or accepted from another server to be delivered locally.
Phishing will be much more difficult. A new rich text format takes the place of HTML. Embedding code of any kind is strictly forbidden. The strong identity facilities built into the platform make it less likely to receive a malicious message, but even then website links are carefully handled, providing the user the necessary information to see where they are going when the link is clicked. While malicious actors are clever and constantly devising new tactics, these measures should make online communications much safer.
Anselus is also designed to not require any personal information. Anselus addresses work similar to the way computers communicate on the Internet: your workspace has a unique numeric ID which never changes and a friendly name which you choose and can change at any time. You can literally communicate with people using just that numeric address – no name or anything else required. You choose what information is sent out with a contact request. Most people will put basic public information in them (name, company, etc.), but if you have a need to be anonymous, Anselus will support you.
What do these terms ‘Open Source’ and ‘Free Software’ mean?
These terms are similar in meaning. Open source means that the files used to create software are available for your review. Free Software is software which is free as in freedom. It means that it is not just open source, but you are given the right to make changes, give those changes to others, and use the software for any purpose. More information on how Free Software works can be found on this article at Wikipedia. All software made by the Anselus team falls into this category.
What about DMARC? Doesn’t it help?
DMARC, short for Domain-based Message Authentication, Reporting, and Conformance, is an e-mail security protocol which utilizes two others, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). SPF specifies which IP address may send e-mail for a particular domain. DKIM combines DNS and public key cryptography to sign outgoing e-mail. DMARC builds upon these and ensures that only authorized senders can use a particular domain. In short, it checks the From: field to make sure it’s OK and can optionally have reports sent to you when someone receives bad e-mail supposedly sent from you or someone at your organization. The problem is that is not only non-trivial to implement, it’s hard to get right, and even then, it doesn’t protect you–it only protects everyone else. In short, DMARC is a Herculean effort which does a lot right, but doesn’t go nearly far enough.
Why not just use PGP / OpenPGP?
We actually use a form of OpenPGP, but not the way that is used for e-mail. The difference is critical: individual messages are completely encrypted, metadata and all. PGP when applied to e-mail only encrypts the message body and attachments. This means the subject line, sending address, and all other metadata is exposed. Metadata is minimized for Anselus messages: visible information is limited to the recipient’s numeric address, information about the encryption used, and the message API version. That’s it. For more information, the Electronic Frontier Foundation has published an article about why this is important: Why Metadata Matters.
How Does Anselus Compare to
Slack / Mattermost / Microsoft Teams / Matrix
Anselus is first and foremost a platform; programs are built on top of it. Matrix is a platform with similar goals, but a very different implementation, i.e. synchronous real-time communications. E-mail and chat are different in some significant ways, but they do share some similarities.
Anselus Connect is the desktop software written for the platform. For purposes of comparing to Connect, Slack, Teams, and Mattermost are all pretty much the same. Chat clients are concerned with short messages sent in real time, some file exchange, and maybe a few other lesser features. Connect does much more than just send messages, helping you with scheduling, tracking tasks, and more.
The implementation differs greatly. Chat clients focus on conversations and provide history of that conversation and not on individual messages. Connect drills down to the message level, but can group them together into conversations. History is not maintained unless you want it to be. At the technical level, the differences are like night and day because of what problems they intend to solve.
In many ways, the Anselus platform can be viewed as a close cousin to Exchange and a direct competitor. Microsoft has constructed a compelling groupware product that powers a multitude of businesses. We believe that the ability to communicate and organize one’s life digitally should available to anyone, regardless of demographic. The server side of the Anselus platform offers seamless encryption, better security, more privacy, and no legacy to hold it back. Anselus Connect, the counterpart to Outlook, will be less complex and cross-platform.
NextCloud / OwnCloud
In short, Anselus has a lot in common with these two projects. For example, many values are shared; the technical conclusion just doesn’t go far enough. Both OwnCloud and NextCloud are platforms which enable anyone to host a group of services similar to Google’s apps suite, encompassing file sharing, document editing integration, online chat and web meetings, calendaring, and a lot more. Encryption and data security are taken seriously. Both app suites are Free Software.
They are doing an admirable job of building a secure and polished product based on existing standards. Utilizing existing standards can only take one so far, however. Legacy can be restrictive–spam and phishing are still easily possible. Encryption keys still need to be generated and shared. Address book information still gets stale very easily. Compatibility is problematic. When combined together, the many standards for e-mail, calendaring, and contacts are such a mess that we think starting over is the best choice. Nevertheless, we wish them well.