Home Gadget Promises More Secure Email

John Lister's picture

A new gadget is designed to keep emails "totally secure and private." It comes with a big financial and convenience cost, however.

Helm is promoted as an alternative to web-based email such as Gmail. It's based on the idea that such services pose a risk because they could be hacked or the providers forced by a court to hand over messages.

Instead, Helm wants people to use a personal email server in their home - a bit like an ultra-secure mailbox. Normally email servers are bulky and require considerable technical knowledge.

Device Requires Physical Key

The Helm device is instead about the size of a home broadband router, though it more resembles a thick folded book. The company says it takes just three minutes to set up. (Source: mashable.com)

The user's messages are physically stored on the router and anything that goes in out of it is sent in encrypted form via a Virtual Private Network (VPN), making it difficult for would-be hackers or spies to even known where the messages are going to and coming from.

The device contains a hard drive that's encrypted and can only be decrypted with a physical USB key. While there's an option to back it up online nightly, that backup is also encrypted and requires the key to access. That means somebody who stole the device couldn't access the messages without the key.

To read the messages, the user needs to authorize a nearby device such as a computer or phone using the key. That creates a one-time password that will only work for that device, which can then access messages from anywhere by connecting remotely to the server.

New Email Address Needed

As well as email accounts, users can set up a digital calendar and a contacts file, both protected in the same way.

The setup does have some major practical limitations. Users need to create a new email account and address in order to use the device; they cannot port their gmail or hotmail over, for example. Users will also need a reliable home connection: unless the server device is powered on and online, they won't be able to access messages. (Source; arstechnica.com)

It's not cheap, either. The device costs $499 including the first year's service. After that it costs $99 a year to use.

What's Your Opinion?

Would you be interested in such a product and service in principle? Is the price realistic? Do you trust the security on free email services such as Gmail?

Rate this article: 
Average: 5 (6 votes)

Comments

Dennis Faas's picture

There are so many issues with this setup that I guarantee it will never, ever work.

The first issue is the price point. $499 is ridiculous for email when you can sign up and get it for free.

The second issue is how emails are delivered. It does not say exactly how this is achieved, other than a "VPN is used to deliver emails." The big question is: who is on the other end of the VPN? We will have to assume it's the Helm "headquarters" email server. With that said, 99.99% of all of the major email providers don't use VPNs to accept and send emails - they use TLS. The only way an email is guaranteed 100% secure is if the destination email provider is also using secure email (using TLS connections). So in this case, after you dump off your email to presumably another Helm HQ server, they still need to send it off somewhere else using a TLS connection and ONLY if one is available. So to say that your "email is secure" is a load of horse manure.

The third issue is the biggest issue of all, and has to do with email server reputation. If your "private email server" is used to send email out to another server and your private server doesn't have any kind of reputation, then the email won't be delivered on time, or will be rejected outright. So unless your emails are being delivered directly to Helm HQ then I don't see how this is going to work. Even so, other users using the same Helm HQ server may be sending spam, which will lower the Helm "deliverability" score.

The fourth issue is spam. Malware these days will infect a computer and then the same machine is used to send out spam to thousands of other people (controlled by remote). If you host your own email server then this makes it even easier for spammers to hijack your machine and start mass emailing people. Because of this it will lower your reputation score whether you're sending emails directly to destination servers or through Helm's HQ email server over a VPN connection.

So there you have it - this idea is doomed to fail.

DavidInMississippi's picture

Dennis and All,

I have recently come across an Austrian-based company that focuses on totally secure email - ProtonMail.com

They have a free tier if you want to use their browser-based interface. But at their paid tier (I believe they start at $4 a month) they offer an app that works with email clients like MS Outlook. According to a support request response I received earlier today, this app decrypts incoming mails before delivering them to your inbox, and it encrypts outgoing emails before sending them out over the internet.

Sounds fairly safe to me, but I'm just not ready to pony up that much ongoing obligation right now. Nothing I do is in need of that much security, and the rare thing I do send out I can probably do over their browser interface.

Still, for those looking for this type of solution, they might be worth checking out.

Focused100's picture

Hi Dennis

What were they thinking when they came up with this?
It's a solution looking for a problem

bill-marrob's picture

For several years I've used an app called AxCrypt for commercially sensitive messages between other colleagues. Simple to use for non-techs and updated regularly.
What's your verdict, Dennis?
https://www.axcrypt.net/

Dennis Faas's picture

I have already investigated this issue - you can read my comments here on how to send and receive emails securely for free. This does not answer your question about axcrypt specifically but the sentiments are the same, regardless.