#8: Bjarni Einarsson - Mailpile
03 Nov 2013
Bjarni Rúnar Einarsson talks about Mailpile, a mail client aiming to decentralize email again. Will people ever encrypt email? Can we make it cool to code on email again, and beat the central services?
Kindly transcribed by: Sally and Rabbit
Francis Irving: Hello! Welcome to Redecentralize interview, and today we’ve got Bjarni Einarsson from Mailpile, and he’s an open-source developer based in Iceland. He’s also done PageKite. So hello, how are you?
Bjarni Einarsson: Hi, nice to meet you.
Francis: Thanks for talking to us. So tell us about Mailpile — what is it?
Bjarni: Well, the basics — it’s just an email client, although I hesitate to use the word ‘just’ because it is a very ambitious project. What we’re trying to do is — the motivation behind it is we’re really concerned by how email is becoming increasingly centralised; to a very large degree people are relying on hosted services like Gmail. Gmail is probably the best example, and they actually have the largest market share as well and we believe that that’s just a problem. There are a lot of problems that come from that sort of centralisation. Some of them have to do with the ideals of software freedom and being independent online, and then as we’ve seen in the past few months, there are actual security implications for people who are concerned about that sort of thing, where Edward Snowden revealed a lot of information about how the US Government is pulling people’s data out of Gmail and other centralised cloud services. So people who care about that sort of thing, they’re going to want an alternative, and Mailpile is hoping to be exactly that.
Francis: It’s ironic really, isn’t it, that email was almost one of the great decentralized successes from the early Internet before the web, yet now you look around and see all the open-source hackers using Gmail at conferences and things.
Bjarni: Yeah, it was very sneaky in some ways, and I’m not going to say it was malicious. Gmail is a fantastic product. It works really well, and the fact that it is free — free of charge, not free as in freedom — means that people haven’t really been motivated to replace it. Also for a very long time, and to a large extent still, Google have been the good guys. They’ve been part, they’ve been very active in the open communities and very supportive of the open Internet, so people didn’t feel uncomfortable relying on them and I think that that’s changing a bit. People want their independence back and they want to move off.
Francis: So from a user’s point of view, at the moment what does Mailpile do and what kind of people are using it?
Bjarni: Well Mailpile is not ready. We’re in a pre-alpha state at the moment. The code that we have is a relatively powerful, fast search engine for email, so you can give it a large volume of mail and it will read it for you and index it, and then help you find things very similar to how you can do in Gmail — you can perform searches and get responses back very quickly. On top of that we’re building a user interface, and the user interface is web based, so you access it using your browser. Even if you may be running the software on your laptop or desktop computer, you’ll use your browser to interact with it, and this means that you also have the option of hosting it somewhere else. You can put it on a Raspberry Pi or run VPS, or you know, various places. Wherever a web app can run, you can run Mailpile, and we’re developing that now.
Francis: So it could run on one of the boxes, like FreedomBox or something that plugs into your network.
Bjarni: Absolutely it can. One of the bigger backers — so we raised money for this project on Indiegogo. We had over 3,000 people supporting the project and raised $163,000 on Indiegogo itself, and a bit extra via direct bitcoin donations. One of our bigger backers was Eben Moglen of the FreedomBox foundation because they would really like to use Mailpile and include it in the package that they are putting together.
Francis: So I know that one of the other things you’ve looked at is encryption, and I remember in the 1990s when PGP (pretty good privacy) was like all the buzz, and it never really took off — like a kind of end-to-end based encryption for email. So what is your take on encryption? What is happening there?
Bjarni: Well I think it’s a real shame that we’ve had this technology for so long and it’s not being used and it’s not accessible to people that need it, so we would like to fix that. And we believe that this is largely a user interface problem. Software could do a much better job making it easy to use encryption, easy to understand what it’s doing. And if you think about it, most of the PGP tools that are out there today are in plugins, like a plugin for Thunderbird — Enigmail. It’s good software, but it’s software that’s written for people who know what PGP is. And someone who wants privacy online, they don’t necessarily know what buzz words to look for, they just know that they want their communication to be secure, so we want to approach it from that point of view. We want to say, ‘How can we make people’s communication as secure and private as possible?’ without bothering them with the technical details of how it actually works.
Francis: So you won’t have to manage your keys by hand then, for example?
Bjarni: Well, you will be able to manage your keys by hand, but we feel that the software should do the sensible thing by default. It should know what is a reasonable key length to generate a new key, and it should just do that, it shouldn’t ask you about it. And key management should be integrated into your contact list. When you are looking at your contact list, you should just see which of these people you can communicate with securely and which people you can’t, and it should talk to the key servers behind the scenes without you having to do go and do so manually. There’s a lot of stuff that can be automated and simplified. This is not a trivial task because there are security implications to all of these things, and privacy implications, but we feel that no one has really taken this approach of trying to automate and simplify as much as possible, and make that the first priority, as opposed to strict 100% security being the highest priority. So we’re starting at a different point.
Francis: I’m really interested in the kind of business model for this. So you’ve got big companies, you’ve got Hotmail and Gmail and Yahoo! — massive email providers — and lots of other small ones. What’s your plan for getting the resources, like a business model to be able to scale decentralizing?
Bjarni: Well, one thing that we’re not doing is we are not going to host everyone’s email for them, so we don’t need to go and invest in large data centres and storage capacity and system administration teams; we’re just writing software that people can use. So that reduces our overhead quite a lot. At the moment there’s three of us on the team — two of us are having our salaries paid from the money that we raised on Indiegogo, and the third is having his salary paid by a company that wants to see this happen, so there’s a sponsorship going on there. And we have enough to do this for a full year. We have enough to build the software and bring it to a 1.0 release state, and by that time we hope to have developed further business models. And one of the things we’re looking at is just asking the community to support us directly. So we have, at the moment we have 3,000 people who are willing to put money into the project. We hope that some of them will be willing to do so again to get ongoing updates and developments, and once the software exists and people can use it we are actually just hoping that more people will sign up and say, ‘Yes, we want to support this and make this continue happening.’
Francis: So they voluntarily pay a small subscription.
Bjarni: We’re going to try. We’re going to see if people will go for that. I don’t think it’s been done before, so it’s an experiment, but it’s one we feel really good about.
Francis: Yes. I like the approach of not having venture capitalists to pay back, not having servers, and getting money from the actual users.
Bjarni: Yes. The thing is that software — it’s something that people sometimes forget — that software scales really well. If I write a piece of software, I can distribute a million copies for almost no charge. And if you run the software on your own computer, and you have a very powerful computer in front of you; we don’t need to provide infrastructure for that. So this entire push towards centralisation and moving everything into the cloud, it’s wasting a lot of resources that we have. It makes some things easier because you can have a specialised team running things and handling the upgrades and the administration, but it does mean that someone else has to run a computer and your computer is sitting there doing nothing much. So there’s waste there.
Francis: Yes — so in the making of Mailpile, what do you think the most technically interesting thing is? Tell us about the part of the technology that you find interesting.
Bjarni: Well email is a big, thorny problem. I really enjoyed working on the search engine itself. Brendan, who is our user interface and experience designer, is having a lot of fun just figuring out how to make the UI make sense to people. And we had a lot of talks about how to do the encryption interfaces and things, and there are a lot of interesting problems there to solve. I’m looking forward to getting back into developing spam protection as well. I worked for six years in a company doing anti-spam. And I moved away from that for a while, and we’re going to need that in Mailpile. So I will get my fingers dirty there again, see what’s happening in the open-source world, what tools we can use and how we integrate them.
Francis: Oh, I’d like to ask you about that, because one of the most interesting criticisms that I hear from — actually the smartest people who criticise this decentralization idea often say, ‘Oh, it won’t work because there’ll be spam.’ So do you think it’s possible to. . . so at the moment, like say Facebook — I don’t get any spam on Facebook because they’re really good at ensuring that spam users go away, and there are lots of data scientists analysing it and they have a central identity system, but is it possible with a decentralized communication service to fully get rid of spam but still make sure that everyone does get the messages that they are meant to get?
Bjarni: Well of course not, that’s impossible. If you think about it, it’s really interesting the technical community is very passionate about freedom of speech and network topology, but for some reason people forget all about that when it comes to spam. People are very happy to have centralised censorship tools to filter out their email and throw stuff away based on arbitrary criteria, and I just think that’s really strange, and really unfortunate if you have spam filters locally. If you are running spam filters on your own machine and you are controlling them, you’re training them, and instead of messages getting rejected they are just put in a spam folder where you can find them again. That puts you back in control.
And Bayesian filters, they work very well. There’s no reason why you can’t get very good spam protection in a decentralized fashion by looking at the contents of the messages, understanding the social graph of who you communicate with and who you don’t communicate with, and taking advantage of that. I think people have gotten lazy. Email hasn’t been cool, it hasn’t been interesting to the technical community for many years, and people sort of forgot about it, but I’m pretty sure we can do better than we did ten years ago, which is the last time there was active development on email in the free-software world.
Francis: Yes, so I find Gmail is pretty good at spam filtering these days, and I don’t get much spam any more. I only have like a bit every other day.
Bjarni: Well, there are a lot of false positives actually. I have to check my spam folder otherwise I miss important messages. If you’re getting a lot of spam, you don’t notice.
Francis: Where was it that you worked when you did spam filtering before — what kind of place?
Bjarni: An Icelandic company, an anti-virus firm. They recently got bought. They were called FRISK Software International. They made the F-Prot anti-virus engine, which dates back to the eighties. So they forayed into anti-virus services online — cloud-based filtering, and they needed an anti-spam component for that as well, so I worked on that.
Francis: OK, now let’s look a little bit into the future. Where do you see Mailpile going? What kind of interesting things will happen to it, and what would the effect be if there was mass takeup?
Bjarni: That’s a big question. To start — just where we are now, we are going to do more development. We hope to have an alpha release that techies and really enthusiastic people can try in January. Next summer we hope to have a 1.0 release which you can actually install. Hopefully we’ll have it well packaged so even a non-technical user can install it just as they would install Firefox or Thunderbird or Chrome or something like that. Then we’ll see, depending on the uptake, because if we succeed in getting a large amount of people to move their email back out of the cloud and onto a local device or a device that’s under their control, then we can start seeing people do encryption more because the. . . encrypting email is sort of fundamentally incompatible with storing your email with a third-party provider in the cloud, because if Gmail wanted to offer PGP encryption they would have to have a copy of the keys, and that kind of defeats the purpose. So we won’t see any progress at all on email encryption until we decentralize email back and start running the software ourselves. So if Mailpile is successful we might see a larger uptake in encryption, and we might see an actual improvement in privacy for people’s email communications. I’m very excited about that.
Francis: So it’s going to be like, writing plugins for it will be quite easy?
Bjarni: Yes, that’s the sort of thing that we want to make real easy — to do both plugins, and because it’s a web server it can have an API where other servers or other software can interact with Mailpile in a programmatic way.
Francis: Yeah, it frustrates me. I can get lots of amazing plugins for my browser or apps for my phone, but Gmail — I can just get the few ones in Google labs and that’s it, that’s the choice; even Thunderbird doesn’t have plugins.
Bjarni: So we’d like to see that sort of thing happen for email.
Francis: So I talked to one of your co-founders, Smári [McCarthy], and he mentioned this really interesting idea that email is already a really good identity system, and that it’s like open and it was made on the Internet in the past. And he was talking about how we could see Mailpile bootstrapping other systems, so for example video calls — so you could have a system that used the email identity and the Mailpile client to send mail with a special attachment that meant ‘ring the phone’ and then — is that something you’ve talked about? are thinking of? or?
Bjarni: Well, a little bit. I haven’t spoken with him about specifically that use case, but that is the sort of thing that we envision people doing if they start treating email as an interesting platform for development. And I mean, one of the things that people like you and me are concerned about — people that are concerned about centralisation — is the dominance of Facebook. And if you think about it, the only social network that is bigger than Facebook today is the world of email.
Francis: Yes, yes.
Bjarni: It’s the only one we have left. So if we want to be able to compete with Facebook and leverage network effects, email might be an interesting platform for doing that.
Francis: And I think it is the biggest because it’s decentralized, because it isn’t controlled by one company, so the other companies kind of all back it as well.
Bjarni: Handy because it’s pretty old.
Francis: Yeah, it was there early. OK, so just to end — how can people who are watching help? So is there a GitHub repository, and any particular interesting technical documents that they should read if they are hackers?
Bjarni: Probably the place to start is to visit mailpile.is. That’s our homepage. It doesn’t have much on it. There’s an introduction to the project and team; there’s a blog that we update, you know, every few weeks, and from there there are links to our GitHub repository; there’s a link to our Twitter account if you want to follow us and talk to us on a daily basis. We also have an IRC channel, and again that’s mentioned on our website, so that’s how to find us. Somewhat ironically, we don’t have a mailing list yet. We’ll be using this if people have issues, to communicate about technical things, and the IRC channel for more informal conversations and chat.
Francis: And I know it’s not ready yet for use by end users, but is there a way that end users can contribute financially? to help?
Bjarni: We’re not accepting donations at the moment, but we do plan to open up for that again soon. We’re a small team so we can’t do everything at once, but we will be accepting donations again, and over time once we’ve got more community infrastructure in place we’re going to have — as I was mentioning before — we are going to have this community where people can subscribe and become part of the larger Mailpile community, and they can actually have a vote on which direction we take the project. And we will be asking people to contribute money in order to take part in that way.
Francis: Fantastic! OK, I’m going to let you get back to coding because I want to use it in the new year, so is there anything last you want to say or. . .
Bjarni: No, just thanks for the opportunity to talk about this, and I encourage everyone who’s watching to check out our website and check out our code, either now or in January or next summer.
Francis: Thank you, it’s been fantastic talking to you.