FAQ

Where do I report bugs and give feedback?

Please send us your comments and ideas. We want to hear from you. Please send to support@whiteout.io.

You can see a list of known problems here.

Encryption and Security

Where are the data encrypted and decrypted?

Whiteout provides genuine end-to-end encryption. When you compose a message the data are encrypted with your private key before they leave your computer. We do not have this key and can not read your messages.

What exactly is encrypted?

The Whiteout Mail app encrypts your message body and all attachments. We do not encrypt metadata, especially sender and recipient name and address, and the subject line. This is not part of the OpenPGP standard that our application implements.

We plan to support new standards for secure email that also encrypt metadata in the future.

What encryption is used?

The encryption is based on the OpenPGP standard and uses well-known and widely accepted algorithms, primarily AES and RSA. See openpgp.org for further information on OpenPGP.

Is browser-based security really possible?

The Whiteout Mail app runs on your computer, not on a server. It is deployed to your computer as a fully packaged application, in the case of the Chrome browser as a Chrome Packaged App.

How do I know that this is secure?

We have specifically based our design on the OpenPGP standard, which is well understood by the security community.

We have specifically not implemented any proprietary encryption or key management algorithms. We are continuously working with noted security experts who advise us on architecture and implementation of our software.

All encryption and decryption takes place on your computer in the Whiteout Mail app. The source code for the complete application is published here for inspection and review by the international security community.

Keys and Passphrases

Where is my keypair stored and why can I export it?

Your keypair is stored locally on your computer. It is encrypted with your passphrase. You can export the keypair to a safe location of your choice (e.g. a USB flash drive) in order to install the Whiteout Mail app on another computer.

Can I change my passphrase?

Yes, you can change the passphrase any time you like.

How do I use Whiteout Mail on a new computer?

When you install the app on a new computer it will know that there is a keypair for your email address and you can import your keypair.

I forgot my passphrase and/or lost my private key. What do I do now?

If you forgot your passphrase, you can reset your key here. Your Whiteout contacts will automatically receive an update of your public key the next time they send you a message or receive one from you.

PGP

How is this different from OpenPGP?

It isn’t. This is standard OpenPGP with the cryptography provided by the OpenPGP.js library used in many products and projects. Our development is focused on packaging this technology in an application that is very easy to use and that runs on desktop computers, tablets, and smartphones.

Status and Roadmap

Is it safe to use for critical content?

At this time this is “beta” quality. Yes, we have been using it ourselves for a while and everything seems to work and, yes, we have done multiple security audits. But for the time being you may want to think twice before using it for really sensitive content.

Which desktop operating systems and browser platforms will you support and when?

We support the stable version of Chrome running on Windows, Mac OS X, and on Chromebooks. Additional browsers are planned for the future.

Which mobile platforms will you support and when?

We are working on packaging the Whiteout Mail app for the popular mobile platforms. Expect to hear more in the near future.

Is this an open source project?

No. The Whiteout Mail application is not available under any open source license. We do, however, publish our source code for community inspection and review.

Note that our application contains several open source libraries. The work that we contribute to these libraries is of course available under the license of the specific library.

What does "The SSL certificate for the mail server (...) changed" mean?

SSL provides is security layer to protect your data on the wire on top of PGP email encryption, very similar to how your web traffic is secured on the wire when visiting websites with https. When you log in for the first time, the app remembers the identity of the server. If the identity of the server changes, the app alerts you. There may be legitimate and illegitimate reasons for this. Legitimate reasons could be that the provider's certificates have expired, forcing him to renew all certificates, or a change in the provider's technical infrastructure. Illegitimate reasons may be someone trying a Man-in-the-middle attack, e.g. a criminal third-party or a nation-state adversary. When this error dialog pops up, the app refused to connect to IMAP/SMTP.

If you are on a trusted network and/or trust the mail provider with the certificate update, go right ahead, and the app will reconnect with the new information about the mail server identity.

I want to use Whiteout Mail with my self-hosted server. Is that possible?

Yes, you can. In order to make things run as smoothly as possible, please make sure your IMAP and SMTP server stick to the respective protocol. Also, there are some IMAP extensions you can use that help in many ways:

• IDLE helps us to keep track of what is happening on the server. Defaults to polling.
• MOVE allows us to move messages rather than copy-delete them
• CONDSTORE allows us to make quick mailbox synchronizations at startup
• SPECIAL-USE points out which folders are meant to do what
• NAMESPACE
• ID
• UIDPLUS

If those extensions are not present, the app will still work, but the extensions are meant to fix shortcomings of the original protocol so that we can work with your server in a more robust and effective way. On the handling of TLS with a self-hosted server (probably with a self-signed certificate), refer to the preceding paragraph.