Happy 1st Birthday!

It’s been officially one year since this wild and crazy ride began with asking myself the question, “What would it take to fix e-mail?” In the year since that thought experiment began, it has become apparent that this project will be far more than the question asked and while ridiculously ambitious, it is also possible.

What has been accomplished? Quite a lot. A bargeload of research (or two) has been done, and I have spent many hours learning domain knowledge, such as cryptography and the Go programming language. This website was created. Specs have been written for client-server communications, messages, contacts, and even a replacement for HTML that will be secure and protect user privacy. There is even both server and client code, even if neither is yet complete. Even some general design work for Anselus Connect, the desktop client,

How much code is there? The server code, written from scratch in Go, is a great start. A lot of foundation code has been written and it is possible to log in. Although it sounds very simple on the surface, peeking under the hood says otherwise. The second project milestone, account registration, is very close. Rather than just slap together some test code, writing a proper client base sounded like more fun and a better use of time. The test client has been largely a matter of designing and implementing storage infrastructure. All in all, not bad for just one guy with a family, a day job, and other responsibilities.

The road ahead is an exciting one. Once account registration on both sides is complete, there will be other server-side milestones, such as upload, download, and file synchronization, message delivery, and crypto. Once the server is able to be useful, the really fun stuff – writing the client – can begin. Here’s to a bright future!

November 2019 Development Update

It’s been quite some time since the launch of the project earlier this year. Not much code has been written just yet because more research and thought has been needed. Instead, the project has been developing proper technical solutions.

First in development was research into a possible new binary-to-text encoding algorithm based on another algorithm, yEnc, developed by Juergen Helbing with the goal of reducing overhead when working with non-text files, like attachments and encryption keys. yEnc leverages the majority of the ASCII character set, unlike the standard encoding algorithm, base64. The test algorithm made a few small changes for compatibility reasons. However, it was discovered that both yEnc and the test algorithm were not compatible with the way text is stored, an encoding algorithm called UTF-8. As a result, development efforts in that direction were halted and, instead, base85 was chosen as the preferred encoding scheme, increasing efficiency while still retaining compatibility.

Also under development is AnTM, a new text format designed for a balance of safety and expressiveness. It was inspired by BBCode, another system originally designed for online message boards. “Why do we need ANOTHER format” you ask? Because HTML is a mess in regard to security, complexity, and privacy. Messages on the Anselus platform need to be expressive without compromising user security. It is very much possible to have both: AnTM is easy to write with just a text editor, easy to read and write from code, privacy-friendly, and closes a potential avenue for attack from bad actors that is made available by e-mail.

The structure and architecture of Anselus Server has also been better fleshed out. Originally, it was thought that avoiding the use of a formal database would reduce complexity, but doing so had the opposite effect. For the moment, PostgreSQL has been chosen to be the first official DBMS supported for Anselus Server, having exemplary support, technical excellence, and cross-platform compatibility. Rust was originally slated to be the language for the server’s production code, but for a number of reasons it was decided that Go should be used instead.

The months ahead will focus on building the server side of individual workspaces, starting with completing the database interaction layer. It is an exciting time for the project to see first steps toward a bright future.

Is E-mail as Bad as You Say? Yes. Yes it is.

Here at the Anselus Project, we are very passionate about seeing e-mail take a permanent vacation. If it seems like that passion is unfounded, consider the articles in this reading list. For those who would rather just get to the point, each article has a quick summary.

The Guardian, 8/9/2013
Lavabit email service abruptly shut down citing government interference
Encrypted e-mail service chooses to shut down than give the decryption keys for its users’ e-mail to the U.S. government.

The Register, 1/27/2016
Cops hate encryption but the NSA loves it when you use PGP
NSA loves PGP e-mail encryption technology because while the contents of a message are encrypted, information about the message is not.

Reuters, 10/4/2016
Yahoo secretly scanned customer emails for U.S. intelligence - sources
One of the largest e-mail providers built a search engine so U.S. intelligence could read any of its users’ e-mail.

Counterpunch, 10/6/2016
A Scandal that Reveals More Than It Says: Yahoo Scanned All Users’ Mail for the Government
Scrutinizing public comments from other Big Tech companies reveals additional cause for concern.

CNN, 10/4/2017
Every single Yahoo account was hacked - 3 billion in all
The initial count of compromised accounts in their 2013 data breach, 500 million, was revealed to be far less than reality. Oopsie.

The Daily Dot, 7/9/2019
Fallout over Superhuman’s email privacy scandal continues
Premium exclusive e-mail startup violates privacy of all its clients and their contacts even after making changes to make it slightly less creepy.

ZDNet, 7/29/2019
DMARC’s abysmal adoption explains why email spoofing is still a thing
E-mail technology designed to prevent phishing largely not used because it’s too hard to implement.