Skip to content
This repository has been archived by the owner on Oct 6, 2019. It is now read-only.
/ sephia-five Public archive

A secure and PGP enabled webmail module for Phosphorus Five

License

Notifications You must be signed in to change notification settings

polterguy/sephia-five

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Sephia Five - A PGP webmail client

Sephia Five is an webmail Phosphorus Five module, with support for PGP cryptography, and many more interesting features.

alt screenshot of Sephia Five

Security is more than cryptography

Most intrusions and data leaks occurs due to human behavior. Kevin Mitnick often referred to himself as a social engineer, and not a hacker, since he would primarily take advantage of human weakness, instead of launching a direct attack on a computer system. Medio 2017, the Norwegian government had a huge data leak, which created a lot of problems to the Norwegian minister of fish Per Sandberg. The reason was that a fishing tycoon had sent an email to what he thought was Per Sandberg's private email, but actually lead to a completely different guy.

alt screenshot of Sephia Five

Virus elimination

Sephia Five can be configured to be 100% secure in regards to virus and malware, never allowing an attachment that could potentially contain malware to be downloaded to the client. By default unfortunately, some attachments such as PDF files, which actually are responsible for more than 50% of malware in email attachments - Are notoriously popular in use. We have solved this by having two types of "whitelists" for attachments. One list of 100% safe attachments, such as images and text files, which will be downloaded immediately. Another list that will warn the user when he or she tries to download a file, that could potentially contain malware.

alt screenshot of Sephia Five

You can easily configure which file types are legal, illegal, and suspect.

Privacy is more than avoiding data theft

99% of all emails that are composed with rich HTML, are ads and distractions, intended to steal your attention. Microsoft once conducted research in this area, and found that even the smallest distractions, would destroy 23 minutes of productive work. Sephia Five will always prioritise showing you plain text emails, and only resort to showing you HTML emails, if there exists no text-based alternative. This will reduce the amount of "cognitive noise", and allow you to enjoy your privacy, and stay more focused within your zone.

alt screenshot of Sephia Five

Compare the above email to your latest email from YouTube, and you will understand what this implies for your privacy. Notice, you can still apply some basic formatting to emails you send, since Sephia Five supports composing emails using Markdown.

Hollywood spam filter

In Hollywood there is a saying - "Don't call us, we'll call you". In Sephia Five we have created a spam filter according to these ideas. If you wish, you can turn on the Hollywood spam filter, which means that you will never again have an email from a person whom you did not send an email to first.

alt screenshot of Sephia Five

For the record; You can create exceptions to the above rule, for explicitly chosen email adresses.

Time slots for reading email

"Innocent distractions" are one of our primary productivity thieves. Often these can be social emails, sent by coworkers or friends, intended to allow people to socialise and interact with each other. In Sephia Five we have solved this by allowing you to declare at which times during the day its users are allowed to check for email. If an employee or user attempts to check his email outside of these times, Sephia Five will simply not check for email, and not allow him to update his or her inbox.

This allows your employees to "stay in the zone", and focus on the task at hand, without distractions. This can of course be configured on a per user and role basis, and filtered according to the user's role. This allows you to for instance have your sales staff be able to check their emails all the time, while your system developers can only check their emails 08:00, 12:00 and 15:00 for instance.

If a user tries to check his email outside of his allocated time slots, he will simply not receive them.

PGP miltary grade cryptography KISS

When Edward Snowden fled to Russia, he was communicating with journalists using PGP cryptography. Bruce Schneier once said "PGP cryptography is the closest you come to military grade cryptography in the public space". PGP is however unfortunately ridiculously complex to use for people who are not computer geniouses. In Sephia Five we have reduced the complexity of using PGP cryptography, to the point where it almost automagically happens.

alt screenshot of Sephia Five

Encrypting the subjects of your emails

In Sephia Five we will even "babelize" the subject line, by encrypting the original subject, and inserting a randomly fetched subject. This "babelized" subject will be automatically fetched from a news provider, such as the New York Times, Wall Street Journal, or any other website you wish to use as a "babelizing service". For an adversary picking up on your conversation, the email will be perceived as an innocent discussion about some random news article - While it could actually be a conversation between the US President to his minister of defense, carrying nuclear rocket launch codes, without any adversary having as much as a single suspicion.

With Sephia Five you can also create PGP key pairs up to 8192 bit strength, implying that every single super computer on the planet, would need billions of years working together, to be able to decrypt as much as a single byte from the original email.

alt screenshot of Sephia Five

Look carefully at the above screenshot, and notice the smiley. A happy face implies that the email was sent encrypted, and that it was cryptographically signed, with a private PGP key, that you have verified belongs to the one who claims to own it.

If you print your PGP fingerprint on for instance your business cards, then anyone you meet, and hand out a business card to, can easily verify that an email conversation has been cryptographically secured between you two.

Basically, as long as you receive a happy email, you can be 100% perfectly confident on that the communication have been cryptographically secured. If you receive a neutral face email, you can be almost certain, but not entirely sure of that the communication is secured. If you receive a sad face email, the email was not sent encrypted, but rather in plain text.

Compose your emails using Markdown

Although Sephia Five does not accept HTML emails, you can still apply formatting to your emails using Markdown. This allows you to easily create some simple formatting to your text, by writing your emails using Markdown.

In addition, Sephia Five also supports something we have invented ourselves, which we are particularly proud of, which we refer to as "conversations". Conversations allows you to keep the context in your email replies, by having Sephia Five automatically deduct who said what, as you bounce an email conversation back and forth a couple of times.

alt screenshot of Sephia Five

Notice, the "conversations" feature of Sephia Five requires both ends of the conversation to be using Sephia Five, in addition to taking a little bit care as your reply to an email. Sephia Five will also accept any Markdown, but still "whitewash" all emails it displays for any potential malicious HTML elements, such as script inclusions, etc.

Extreme availablity without compromising security

Even though Sephia Five is first of all built to be secure, it is also extremely easy to use, and has extreme availability. If you wish, you can set it up on a web server, and access your emails from any device you own, regardless of where you are in this world. If you combine this with SSL, you can have the convenience of reading your email from anywhere you might be in the world, while still having bullet proof cryptography protecting your privacy.

Disclaimer - It is crucial that you setup your web server to only serve Sephia Five over SSL if you allow access to it over the general internet. Otherwise, all the security measures we have created for you, are pointless!

Usability

Sephia Five is carefully created to be as easy to use as possible. For instance, in Sephia, you can read multiple emails at the same time, and go back and forth between them, while replying to multiple emails, and composing several new emails at the same time.

This allows you to cross-reference content from multiple emails, empowering you in your communication, without having to juggle multiple browser windows. You can even perform a search for an email, open that email, perform another search, page back and forth several times, for then to open up another email - And the email you opened up originally will "stick", and still be open.

alt screenshot of Sephia Five

These features of Sephia Five, gives you an enhanced user experience, allowing you to work the way you wish to work.

Bandwidth consumption

Sephia Five is ridiculously small in its bandwidth consumption. This implies that it will load faster over very slow internet connections, compared to other web mail clients. Below is a graph showing the difference in bandwidth consumption between GMail and Sephia Five.

alt screenshot of Sephia Five

For the record, less is more, and smaller is better. This implies that Sephia Five will load 25 times faster than GMail on a slow internet connection - All other parameters being equal.

Add your own design

Although we ourselves are not particularly happy about "color salads", it is very easy to apply your own design to Sephia Five. In fact, out of the box, Sephia Five comes with no less than 5 different themes, that you can easily customise according to your own needs. Below is an example of how the settings form will look like with the "Sea Breeze" theme. Each user can in fact also choose his own theme, and such apply whatever design he or she feels are covering their needs.

alt screenshot of Sephia Five

A seasoned web designer could easily use any of the pre-existing themes, to easily apply your color profile and design to the system.

Installation

The easiest way to install it, is to install phosphorus five, for then to visit "The Bazar", and simply install it through the Bazar on your local machine/server. However, if you want a more manual installation path, you can download the latest release, unzip it, and move the unzipped root folder into your "core/p5.webapp/modules" folder. If you choose this path, you should rename the folder, removing any version information, making sure your module folder is called exactly "sephia-five". Installation through the Bazar also requires you having some sort of GnuPG client on your machine/server. If you don't want to fiddle with installing GnuPG, you can resort to download the latest zip file release directly. However, since Sephia Five itself is dependent upon GnuPG to use PGP cryptography, this is arguably a mute point.

Using Sephia with your GMail address

Sephia Five's default configuration, points to GMail's POP3 servers and SMTP servers. This means that as you start up Sephia Five, and go through the setup process - The only thing you'll have to do to test it with GMail, is to supply your GMail username and password, and Sephia Five will immediately start using your GMail address.

You might have to make sure you enable POP3 access for your GMail account, but Sephia Five's setup process will guide you through these steps.

alt screenshot of Sephia Five

If you use Sephia Five in combination with your GMail address, all your email will still be perfectly encrypted and safe, and not even the employees of GMail can read your email. Not even the subjects of your emails.

License

Sephia Five is licensed under the terms of the GNU GPL version 3. See the attached LICENSE file for details.

There also exists commercial sub-licensing options for those wanting to sub-license Sephia Five. You are also welcome to send me an email at [email protected] - If you'd like to speak to me about commercial venues, or other issues.