Douglas Crawford

Douglas Crawford

June 17, 2015

Like ProtonMail and Tutanota, ChiaraMail is a new service that aims to provide the convenience and functionality of a webmail service (such as Gmail), while at the same time tackling many users’ growing concern over privacy and security. Unlike ProtonMail and Tutanota, ChiaraMail is not an email service as such, but rather uses its special ‘ECS’ technology to make sending email over users’ regular email service much more secure.

As many people already know by now (with more becoming aware of all the time), traditional email is fundamentally broken when it comes to security, as by default messages and their contents are sent in plaintext for all the world to see.

Free webmail services are worse. They scan the contents of all emails in order to learn intimate details about their users, so that they can build up detailed profiles which they monetize by serving up ever more tailored ads. Furthermore, thanks to Mr Edward Snowden, we now know that they pass much of this information onto the likes of the NSA and GCHQ (and what is not passed on is taken anyway!)

Traditionally, the best way to protect email messages from unwanted eyes is to use PGP encryption. This securely encrypts the body of the email message, and any attachments, but does not hide metadata (such as the subject line, who to, who from, and when sent).

Unfortunately, although if implemented properly PGP encryption is very secure, it is also very complex and confusing to use. This means that even if you can be bothered to learn how to use PGP to encrypt your emails (and actually do it!), most people you know will not. Since PGP only works if both sender and recipient use PGP… well… let’s just say that it has never really caught on.


ChiaraMail is a new secure webmail service that uses what it terms ‘Envelope-Content Splitting (ECS) technology’ to make sending emails more secure.

When the user opens an ECS message, the ChiaraMail software then reconnects the envelope with the content of the message (with no password or other verification required.) This is happens ‘on demand’ whenever the message is accessed, so if the message is changed (see later), the recipient will see the new content whenever he or she opens the message.

The greatest strength of this system is that it is completely transparent in operation. When one ChiaraMail user receives an encrypted message from another ChiaraMail user in a ChiaraMail-enabled email client, the experience is basically the same as receiving a regular email. This makes the system very easy to use (unlike PGP, for example), so that even the most technology-challenged family member should have no problem getting to grips with it. It also means that users do not need to set up a new email account and go through the arduous task of migrating to that account.


ChairaMail 1

This message is sent to recipients along with envelope

At present, however, the only such software available is on the Android platform, where it uses a modified version of the popular third-party email client K-9 Mail. ChiaraMail is also currently developing a webmail client, which it plans to roll out ‘later this summer.’

ChairaMail 2

We cannot take a screenshot of the mail ChiaraMail app screen thanks to sensible DRM security restrictions, but the app is basically a modified version of the popular, attractive, and highly capable K-9 Mail

Even ignoring the current lack of ChiaraMail software, this need to download and use additional apps/extensions is a drawback, and contrasts with both ProtonMail and Tutanota, which allow non-users to receive encrypted emails without the need for any additional software. On the other hand, both Tutanota and ProtonMail require non-users to know a pre-shared password, which is not required with ChiaraMail.

Another issue is that by sending the ‘envelope’ to users in plaintext via regular email, emails are still subject to metadata surveillance of the kind undertaken by the NSA. While this is a problem inherent in the way traditional email works, it is problem that Tutanota has managed to overcome.

 ChairaMai send+1

Here we can see the various special options available to ChiaraMail users.

Because the contents of emails are stored on ChiaraMail’s servers, this allows ChiaraMail to offer a unique feature – the ability to change the content of an email after it has been sent! If you modify the content of an email sent via ChiaraMail (ECS), the next time the recipient looks at the email they will see the updated content! This is a great feature, and could be a life saver in certain situations!

Another funky feature is self-destruct emails. When you send an email via ECS, you can set a timer for it (and choose timer length). And sure enough, when the recipient views the email a little timer counts down in the corner, and when it reaches 0 the email disappears.

‘Include content’ is used when sending an ECS message to several recipients, some of whom who cannot read ECS. If ‘Include content’ is selected, the content is included in the message, along with the ECS header fields, thus providing a readable message to everyone. Of course, in this case, the message content is now visible to everyone along the network path between the sender and the recipient, and is therefore not secure, but the ECS-enabled recipients at least retain the benefit of knowing that the message really did come from who it claims to be.

This touches on another big strength of ChiaraMail- that it completely removes the possibility of e-mail address spoofing and phishing. In this ChiaraMail claims to be the only solution to a problem that some experts calculate has a global cost of some $1 trillion. This in itself makes ChiaraMail a compelling product.

Privacy and security

The first thing to note about ChiaraMail is that unlike Tutanota, the technology is not open source (although the K-9 Mail android app the technology is currently built-into, is). Now, we do not usually recommend (or even review) closed-source software, as there is no way to guarantee that it is doing what the developers say it is doing…

However, as with ProtonMail, the ChiaraMail developers are keen to have the software independently audited by respected experts in the field. To this end, ChiaraMail has been in discussion with Mario Heiderich of Cure53 in Germany. In addition to helping patch vulnerabilities in the ChiaraMail server, Cure53 has agreed to perform a full audit of the ChiaraMail software.

An independent audit however, costs a great deal of money (apparently ChiaraMail has been quoted $27,500), so in order meet this fee (and other funding requirements) ChiaraMail has started an Indiegogo fundraiser.

In principle we much prefer to see code open sourced so that it is available for anyone to check, but it is also true that (reputably) audited closed source code is arguably better than un-audited open source code (which most open source code is). Until this audit is performed, however, early adopters will just have to trust the integrity of ChiaraMail, taking their promise of an upcoming audit as a sign of good faith.

By default, the content of messages is encrypted using the strong AES-256 cipher (but in ECB mode, with is considered the weakest form of AES implementation.) Encryption is performed client-side (i.e. it is end-to-end) using the default Android library, but the password is not. ChiaraMail explained that,

When the user configures an account using our mail clients, a request is sent to a Java servlet to register the user in our DB and generate a password. After it’s generated, the servlet salts and encrypts it before storing it in the database and returning it to the mail client (all communications between the client and the server are done via a secure link).

The password generated here is the content server password and is sent by the client to the content server whenever it wants to fetch, send, update, etc. content. For example, if the user wants to send an ECS message, it does so by sending the message content to the content server, along with the sender’s e-mail address and content server password that the server uses to verify that the sender is really who it claims to be (this is at the heart of our authentication scheme and is part of the reason why it’s so difficult, if not impossible, to spoof an ECS mail message).

When the content is encrypted, the encryption key is added to the message header and so the recipient has the access to it that’s needed to decrypt the content after the content server delivers it. Of course, anyone who has access to the user’s Inbox (criminals, the mail service provider, etc.) can also see the key, but unless they also get access to the user’s device, they won’t be able to fetch the content anyway. so it’s safe. Similarly, if someone gains access to the content (e.g., the NSA or some criminal) but not to the user Inbox, the data is likewise unreadable. Finally, if they get access to both, the senders may still change or delete their content before it’s grabbed’

This seems secure to us against outside adversaries, and is arguably much better than ProtonMail and Tutanota’s reliance on performing encryption within the browser using JavaScript. We were a little concerned, however, about whether the ChiaraMail staff themselves could access users’ content (for example if issued a FISA Court warrant). ChiaraMail CEO Bob Uomini responded,

This question has come up before and, in fact, I know of no way that I, or anyone, could read the content stored on our server without the encryption key. Since the key is generated in the client and is never sent to the content server, our compliance responsibilities end once we provide the content files to the authorities. Of course, if the authorities were to obtain a FISA order for both the content and the encryption key, they could come to us for the content, come to, say, Google for the mail message/headers (which contain the encryption key) and with both they could read the message. But… once the sender had been informed of the subpoenas, he could change or delete the content.  This is an option not available to PGP-encrypted messages.’

As already mentioned, the Android client is built on the K-9 Mail client. To use this client you must sign-in to your regular email account. This does worry us somewhat, but the same is true when using any third party email client (such as Mozilla Thunderbird), and ChiaraMail assures us that ‘ECS is in no way connected to your email credentials; in particular, your email password is never sent to or through our service. It’s only used to send and view email and is stored only in the email client.’ Until the audit is performed, we will have to take ChiaraMail’s word on this.

One thing that ChiaraMail is rightly proud of is achieving an A+ result on Qualys Labs’ SSL Server Test reports (Google only gets a B). For reference we also checked ProtonMail (A+) and Tutanota (A).


We liked

  • Very easy to use (if all parties have ChiaraMail software installed)
  • Protects against email spoofing and phishing
  • Message content seems very secure (more secure than ProtonMail and Tutanota)
  • Independent audit planned
  • Android app (a version of K-9 Mail) is fully featured, attractive, and easy to use
  • Ability to change message content after it is sent
  • Self-destruct messages )
  • No need for a new email account – uses your regular email service

We weren’t so sure about

  • For ECS to work all parties must have ChiaraMail software installed
  • Metadata is not hidden (the ‘envelope’ is sent in plaintext overs users’ regular email network)
  • Based in the USA (home of the NSA etc.)

We hated

  • Not open source (this will be somewhat offset when ChiaraMail receives a full independent audit)

In our tests ChiaraMail worked very well, and if you can convince other friends, family, and colleagues to join in, it provides an almost transparent way to secure email message content. We also think that the ability to change an email’s content after it has been sent is very funky.

One of the biggest hurdles for ChiaraMail to overcome is that all parties must be using it for ECS to work. ChiaraMail has big ambitions in this regard, however, as it hopes ‘to see, say, Apple, Facebook or Microsoft to add ECS support into their mail clients. They all talk about respect for user privacy, but if they were serious, they would bake ECS into their offerings and we would gladly provide them a free source code license to do so.’

One of the best things about ChiaraMail is that is makes email spoofing and phishing impossible, and it could be this aspect, rather than its email content protection features, that leads to wider adoption.

The fact that ChiaraMail is not open source bugs us, but we do see the value in it being fully audited instead (until this actually happens, though, we can only recommend ChiaraMail to early adopters and enthusiasts of ECS technology).

A problem that is not so easily fixed is that metadata (government spy agencies’ primary target) is not hidden. We are not going to be too hard on ChiaraMail over this, as it is a fundamental problem with all traditional email systems, but we would much prefer to see next-gen email services find solutions that hide this metadata (as Tutanota has done).

Assuming that it passes a full audit, ChiaraMail is an innovative and easy to use way to improve email privacy that does not require users to change their email account. For this it is to be commended, and receives thumbs-up from us.