I'm in the crowdfunding business, so I feel strange saying this, but I'm really turned off by this model of 'pay us in advance for developing a product that hasn't been market tested or validated,' especially when asking for a sum as large as is $100,000.
What happened to building something and selling it?
According to the campaign page, the need is so great because:
"We're asking for a lot of money, so of course you should know why. $100.000 means paying two people $4166 a month for a year, including all taxes, insurance and other fees."
I suppose people get what they pay for, but I find it insulting to ask me to pay your salary for a year so that you can avoid risk.
If you were truly concerned about online privacy, you'd build it anyway. So is privacy the mission, or the pitch?
> What happened to building something and selling it?
Since they are already providing it for free to those who need it, and producing at as free software, selling it as a finished product is unlikely.
> If you were truly concerned about online privacy, you'd build it anyway.
Many people do altruistic work during their free time. crowdfunding means you can do the same work, but not be limited by what scraps of time that exist after work.
The extremely few people in the world that would quit their job to do altruistic work is few. They are so few that almost every time it happens, it get posted here as news.
If I made a poll, asking how many people here cared strongly about something in the world, I would get close to 99% hands that said yes. If I then asked how many of those people would agree to quit work to work altruistic on that subject, how many hands would I see?
I have actually been working on Mailpile "altruistically" for a while, but sorely missed the ability to dedicate myself to it full time. Thus the fundraiser.
Totally get it, but why not share some of the risk with your supporters and meet them halfway? Asking for a full (decent) salary for two people for a year places all of the risk on your supporters and makes you look uninspired.
Edit: I can't reply to child, so I'll do it here.
It has nothing to do with a free ride. I don't want the product because the solution isn't right for me, but I would much prefer to pay a monthly fee for something than give a 'free ride,' as you call it, to a developer, in advance.
I have no sympathy for the family argument, because I spent a year building a business on the side while I was employed full-time, so that when I quit my job, I could support my family.
I believe there's something to be gained when the venture does not include a parachute.
I don't understand your objections at all. These guys are making a proposal, which individuals are free to accept or reject as they see fit. Those who accept it know what they're getting themselves into and accept the risk. No one is getting scammed. If these guys want a parachute, that's their prerogative. Just because you wouldn't take the same approach doesn't mean the approach is a bad one.
Point blank - I'm tired of people abusing crowdfunding as some sort of money grab (Spike Lee's recent Kickstarter as an example) and because I'm involved in the industry, I have a vested interest in seeing crowdfunding, as an industry, prosper.
These guys probably have a great product, and are probably great people, and for that reason alone, I feel bad that my comment leads the thread. However, I never said anything that suggested this was a scam, and I don't believe it is. Like I said, people get what they pay for. It's just that I see this trend getting worse, and I think long-term it will hurt crowdfunding.
I can see where you're coming from and I think that your argument would be stronger if you took your own feelings out of it. For example, you say that you find it insulting that they'd ask you to pay for their salary. Well, why should it matter to anyone else that you feel insulted? If that's your reaction then they're probably not talking to you. Besides that - why should anyone care about whether you feel insulted? You also mention that you feel no sympathy for the family argument because of your experiences. In this context, why does that matter? I don't mean this to be dismissive of you personally; I'm just trying to share my minor analysis.
You also say that you're not suggesting they're running a scam but at the same time you compare their outreach to a money grab.
I don't know, perhaps your arguments are very good ones and I am a heartless bastard because they don't sway me. At their root, it seems like you're saying that these guys are proposing something that violates your sense of fairness somehow. I'd be interested in seeing an argument that applies more universally, and not just that you personally find it unfair.
Myself, I think the cool thing about crowdfunding is that it's so open and free. I might personally find it frustrating or unfair that money gets allocated in a way that doesn't match my values, but too bad for me!
You make some great points, and I can't say that any of them are off-base. My comment is obviously filtered by my experiences in the industry, which might be unfair to the founders in question.
However, my comment seems to have resonated with many others, so could be offered as advice for ways to improve the campaign.
> I'm tired of people abusing crowdfunding as some sort of money grab (Spike Lee's recent Kickstarter as an example) and because I'm involved in the industry, I have a vested interest in seeing crowdfunding, as an industry, prosper.
I'm curious, what does "abusing crowdfunding" mean, in precise terms? What is wrong with what Spike Lee's request for money? I understand crowdfunding to be simply a kind of transaction. A banker's job is to facilitate transactions between people, not to discriminate in favor of the ones he likes.
Crowdfunding will continue to diverge into two camps: Kickstarter-style, curated and reputable, and IndieGoGo-style, a roll of the dice where you might get left hanging, or even scammed. Given that it is now trivial to roll your own crowd finding site, you can't make the latter go away. The best you can do in terms of perception management is to put yourself in the former category: "We're not like those other crowdfunding sites..."
True, an engineer could make twice as much, but discussing compensation rather than strategy might be missing the forest for the trees.
Why do the Mailpiles believe privacy is the best angle to help people the most in taking email back? If you were to work on only one thing to fix email, would privacy be the most important thing to work on?
The counterargument here isn't examples of specific cloud services like Dropbox that people can trust. It's an argument for general global security. Organizations like the United Nations Security Council and NATO generally provide a much stronger joint defense against evil than individual pieces of armor offered to citizens.
There certainly are engineering jobs at $150K and higher, but every survey I've seen -- and this more or less matches the offers I've seen -- suggests the median engineering salary here is just a little over $100K.
I could not disagree less. Asking him to "meet supporters half way" makes it sound like you want a free ride. No offense. These are adult guys, who need to support themselves and possibly a family. The software is already open source. And you want them to take even more risk although the Mailpile author has given a lot of his time to the community already? You seriously think everybody would be better off if he risks the financial stability of his family?
I think you mean, "I could not disagree more." What you wrote means you agree perfectly. It says that if you take the amount of disagreement between you and your parent, there could not be less disagreement, i.e. there is zero disagreement.
Ask for enough money to have say 3-6 months of resources, which would force them to figure out pricing/business economics before the money runs out, and forces them to invest in the idea as much as their backers do.
First reaction for me was: 'Wow, this is awesome, and I'm looking for something like this. How much do they need? Wow, 100k to build a mail app? No thanks.'
I get that this is a free product and is open source, but I'd like to know what they plan to do after the 100k is gone? Instead of a proposal a) pay us to work on it for a year, I'd like to see proposal b) help us bridge between now and phase 2, which is where we'll x.
I'd just like to see a little more thought put into it.
We have actually put a fair bit of thought into this, but the pitch has to be relatively focused. Publicly speculating about things which may change is not a good way to manage expectations.
One core question is: how big a team will we need in a years time to continue development? The answer to that depends on many factors - since this is open source, it is actually perfectly OK to work for a year, ship something awesome and hand off to the community once things are a bit more mature.
However, since we do assume there will still be quite a bit of work to do in a years time, our preferred business model is actually listed in the pitch: backers are joining a community and we will reach out to them again in a years' time and ask them to continue supporting us if they are happy with the work we have done. Mailpile has a broad enough appeal that it may be possible to sustain the team using this model alone, which would IMO be ideal.
However, plan B includes things like grants from human rights / free-speech orgs that need better tools for activists in the field, corporate support from companies unsatisfied with the current crop of tools, and subscription support services (like https://pagekite.net/, SMTP relaying, etc) which help the average Joe run his own Mailpile.
The majority of backers are paying $23. That's not even 15 minutes of software development time. I fail to comprehend how backers are investing as much into the idea as the developers.
Well I can say that being married and having obligations makes bootstrapping a company extremely hard. I know because I'm currently doing this and the added stress for me has been 5x what it could have been.
> but I'm really turned off by this model of 'pay us in advance for developing a product that hasn't been market tested or validated
Um, you mean software consulting?
This model is beautiful. It's a bunch of email privacy advocates hiring a couple of skilled guys for a year to write the open source software we all wish existed.
Seems fair to me. I'm not so entitled as to demand someone altruistically create this for me.
And I explicitly _don't_ want them to make a business of it, because that changes the incentives completely.
I hear what you're saying, and I was initially tempted to feel the same way, until I caught myself.
I think your take on this is a function of our indoctrination into a particular form of capitalist mindset. We don't reward what's of value to society. We reward what can be sold. It's skewed.
In addition, there is this idea that we should be cogs in the machine as kind of a de facto life goal. Get an education and go to work for someone else. Want to be an entrepreneur and do more? Well, it will cost you dearly. You either go see the gatekeepers with capital and hope they smile on you, only to end up back in the position where you are essentially working for someone again (your investors). Or, you bootstrap and work your ass off trying to support yourself/family while holding down a day job. BTW, like you, I did the latter.
I think this is exactly why we don't have enough people using their talents to contribute something vs. just trying to make cash.
Society should encourage this, and if crowdfunding can help more people to pursue their talents/dreams (especially for the good of society), then I am all for it. We need more of this.
I don't know about that. I think we're having a discussion about how things are vs. how they could be.
I mean, why is it the mindset that we must endure some arbitrary and unrelated pain in order to pursue our passions? Isn't this part of the problem?
Is the need to make a living in a society that values only what is profitable really a meaningful test of one's mettle or determination? Am I more ready to pursue my business/project simply because I hustle and hold down a day job in order to eat? Or, am I simply distracted and spending only half my time pursuing my project, and therefore less efficient and less likely to complete it?
Our tendency to believe that one must struggle in the prescribed way to prove one's self is a product of that same indoctrination. It's just how things are now. But, what if more people could make a living pursuing passions and interests that benefit society? I think they would be even more determined, because it is their own passion/cause/etc.
Wow. I hear what you're saying, but I don't know why it's desirable to weed people out in such an unrelated, arbitrary fashion. I mean, that's not much different than saying we should line up would-be competitors and beat them with sticks. The last ten standing obviously want it bad enough, and so, get a chance to compete.
To your point, competition might indeed be greater, but that would be a good thing. Why would we want to stifle access and opportunity? Everyone would still have to bring their A-games and compete against others who are presumably now also able to focus on their passions. So, with focus and dedication, everyone's A-games just get better. Everyone benefits, including consumers, stakeholders, other beneficiaries, and society.
But, what you seem to be suggesting is that we continue to insist that only those who run the gauntlet and/or get by the gatekeepers get a shot. There could be some extraordinarily well-qualified individuals who could launch revolutionary businesses if only given access. To my mind, that's part of the promise of crowd-funding.
So, I have to say, it's kind of odd to me that someone in crowd-funding holds the position you're describing. Crowd-funding is supposed to democratize both investing and access to capital. So, "the people" decide what's of value to society vs. the same investor class. But, what you seem to be advocating sounds more like the gate-keeping and denial of access to opportunities that are the current norms. In my mind, it's hard to reconcile the spirit of crowd-funding with that position.
> I'm really turned off by this model of 'pay us in advance for developing a product that hasn't been market tested or validated'
Isn't that the whole premise behind a huge chunk of the projects on indiegogo and Kickstarter? "I want to make a cool thing, but I can't afford to quit my day job; please pay me up front"?
I mean, I'm truly concerned about online privacy, but there are several barriers standing between me and my solution--not the least of which is the ability to eat and shield myself from the elements while crafting said solution. How is what these folks are asking any different from pitching a business plan to a VC? Sure, if you're going to a VC it's expected you'll actually have a business plan, but the function is the same: Convince people with resources that what you're doing is worthwhile and achievable, so they'll give their resources to you.
Except with VC, the money is given with the expectation of an occasional huge return. With a crowd-funded open source project, one there is no possibility of getting anything more than a program you could get for free if others funded its development. This is clearly a very different situation.
But as a crowdfunder, I know that going in. Donation levels are clearly marked with what returns, if any, I can expect if the project is successful. "Worthwhile" to a VC means "big financial returns"; "worthwhile" to a crowdfunder means "this cool thing gets made". It's exactly the same concept; how it works out in practice is just mechanics.
Actually, I don't think they are looking to build a business out of this? From the web site: "This is the Mailpile business model. As long as members of our community are willing to fund development (we will ask you to renew your membership in a years' time), we will dedicate ourselves to Mailpile and build the secure web-mail client you want."
This and the parent combined are the interesting bit.
So this is exactly the Richard Stallman model of software. Pay people to develop it, don't charge anything for the software and give away the source.
There is no economic incentive for the donors (they might get a mail program, might not, but they will never get their money back or a return on that money.)
I suppose rms originally imagined that someone like the mailpile people would take the money they were given to create mailpile and give it to some other developer to create the tools they need. However, as we see in this campaign, all the money they get will go toward feeding, housing, and insuring themselves. (wait till they learn about payroll taxes, that will make them fiscal conservatives in a hurry :-)
Like the parent comment I can see how this works in the "old" world (make a company, product, sell it, rinse and repeat) but am curious to see if it can work in this other way.
I don't see why would this be the "Stallman model of software", and not any of the other business models that don't involve selling users proprietary software or closed computers. In fact, rms himself has sold copies of Emacs in the past.
I called it that because I first heard about the model that one should pay for the creation of software but not its use in the "GNU Manifesto" [1] which Richard wrote.
'pay us in advance for developing a product that hasn't been market tested or validated'
The closest model I'm familiar with to what they're doing is the FreeBSD Foundation, so this is more classic "pay us for OSS" than anything else. So I don't think this is a startup proposal. Unusual for HN I know, but given the plan I doubt they're tracking pirate metrics or blabbering about pivots.
Which is sort of a pity because actually my problem isn't email (there is plenty of webmail I can deploy privately), my problem is group calendaring with multiple share/sync options (for which only Google Apps meets my requirements).
It's not all that thorny really; you don't get any money from your third party patches. The indiegogo funding is for three man years of funded development work split between two men. It's opensource so you are free to help out if you want, just don't expect to be paid.
I seem to recall a recent study that suggested paying some people explicitly for their open-source work (versus scratching-an-itch) had the effect of discouraging contributions from everyone else. Unfortunately my google-fu is too weak right now to find a reference.
Mozilla is probably the best example of paid developers plus open source contributors.
I've spoken to someone who worked there, and they agreed it was hard to keep the balance - if you start hiring all open-source contributors, then the remaining coders out in the open will get de-motivated, since they weren't offered a job.
I see it as a form of customer development. The days of building something and hoping people like it when you're done should be over. If they can generate enough interest to support the development they know they are working on a product that people are interested in and will actually pay them for.
What's wrong with taking the risk out? If there are people willing to pay in advance, then it's a better solution for everybody. It could mean, for example, they can make a better product as they are not constrained by living on their savings. I find it bizarre that you find it "insulting".
How is this any different from somebody drawing a salary while working at a charity? Not everyone is independently wealthy and able to just volunteer their time.
People will look at the app for themselves, decide whether it's a good value proposition for them or not. Nobody needs your bitching and moaning; if you don't like it, don't pay anything.
You're just demoralizing people for the sake of it. I'm disgusted that yours is the top ranked comment.
On one hand I agree with you, but playing devil's advocate - isn't this a discussion board, precisely the place where people would pay attention to such things? Applying your same logic, one could say "He's just expressing his opinion. If you don't like his comment, don't pay attention to it"
But on that logic, my opinion here would be fine too, right? So your answer "if you don't like my comment, don't pay attention" would apply to mine too.
But on a deeper level, your response equivocates between two entirely different things, i.e. giving an opinion on a board vs. paying for something.
My problem with the OP's opinion wasn't that he was giving his opinion, it was that his opinion was completely arbitrary. Why is it wrong to ask for donations of 1/2 salary for a year? Maybe the OP is jealous, but certainly he has no good reason.
On the other hand, this mail application seems to have good grounds for existing, and their method of funding is just a simple use of the market -- people choosing to buy something if they want it. There's nothing arbitrary about it at all.
This is exactly what I've been looking for! It seems the product is aimed at technical users (at least initially), though there are some technical details I didn't see in the video, description or FAQ:
- This is an MUA, correct? Based on the features on the project page, it sounds like MailPile will not act as an MTA or MDA, and is predominantly interfacing with mbox/maildir. I see features for IMAP and POP3 on the roadmap, but its not clear if using those protocols is idiomatic for MailPile.
- How is PGP/GPG handled? The server-side code for MailPile must have access to my secret key, correct? Is MailPile's web interface then accessible via HTTPS (given the proper cert)?
- Is there a plan for a key management interface?
- It sounds like the MUA itself (MailPile) is a server, and it would access maildir/mbox directly. Is there any API planned for accessing that data through MailPile's programatically, or is MailPile's main goal to provide a browser interface?
- This might have been covered, but will the web interface support mobile as well?
Thanks for working on this...it really sounds like a great project!
Thanks! The idea is you run Mailpile on a machine you control (it is an MUA), either your laptop (and connect to localhost) or a home server like a plug computer or something like that - basically somewhere where you feel comfortable storing your secret keys.
And yes, API access to mail is something we already support, every "command" can return either HTML, plain text or JSON. Probably XML to come as well.
We'll have to help with key management, otherwise it won't be usable by normal folks.
Mobile web support, yes, probably sooner than later.
I personally use (al)pine over SSH, so I don't need this ... my email is already on my own mailserver and I already access it over a secure channel, etc.
But my wife ... she's not going to put up with pine. So then I run a pop daemon. And she pops from gmail. And her email is in third party hands, etc.
If there were a decent web mail client, I could turn off popd, one less open port, and access only over SSL. Which I would hide with port-knocking, of course. I can teach her port-knocking, right ?
It sounds like your approach to storing the secret key is going to be an issue for some people. I see the reasoning behind your current design, but still none of the options look really great...
a. Home server. Most people don't have a fixed IP or domain name, so it's going to be a pain for them to access their home server on the run. I do have a fixed IP, but I'd still hesitate to rely on my home connection whilst I'm roaming.
b. Localhost. No one can complain about reliability or accessibility when you are hosting the service right there on your own PC. But now I'm tied to that one PC - I can't check my e-mail from work, or from my phone.
c. Cloud / co-location. Now we have reliable hosting, but privacy?? I'd hesitate to upload my private key to a cloud server. Also, I now need 24/7 internet access even to read my old mail.
Perhaps localhost is the best place for it. My canonical e-mail store can remain IMAP in the cloud, but I can run an instance of Mailpile on each of my devices.
Will the client/server model work on a phone? - Surely most phones refuse to give enough CPU time to apps in "the background". I suppose you could weld a browser instance on to the front of it, and call it a standalone app.
I'm not sure how you plan on doing it, but I think you should tie everyone's public keys to their names/id's. So let's say you know someone who uses Mailpile. You shouldn't have to ask him what's his key. You should just "enable PGP" (if it's not default, though maybe it should be), and he should just get the e-mail.
So try to do the key management as automatic and "out of the way" for users as possible. That's the biggest hurdle with using PGP right now.
That's how PGP itself works - you have keyservers, to which the keys can be submitted and then other people can query it using the person's name and/or email.
The problem is, of course, ensuring the key is correct, and not some hijacker's.
Why? You can just run the server on your own machine. That's how the git annex assistant works, for example - start a local webserver, then launch the browser pointing to it.
There is no possibility to build this in a web app without the server having access to the key. The only way to get this is by some (currently) non-standard support in the browser, e.g. by an extension – given the auto-update functionality of most such extensions, this is the same game again.
I applaud these goals however if we were to ever consider moving from Google Apps (which we would) it would only be for an open source project given that privacy is becoming the more critical issue as the years go on. It would be great to see a subscription based email service such as this where the source is fully available for scrutinizing and patching.
That's fantastic. I didn't see any information about this on your page so you might want to make this clearer (I assure you I read it first before commenting, then went back and saw the Fork on Github ribbon, the only indication).
By subscription I mean that I am happy to support an open source project with regular funding. Initial funds from Indiegogo are not sufficient to maintain a long-term service and we'd be hesitant to move our most important business infrastructure to something that may not be updated regularly as the security environment changes. If you were to look into making this a business with recurring revenue I believe you would find there is a lot of support.
there's a big red line across the top right corner pointing to github (and licencing info there). there's another link to github near the end. apologies for a previous post that used strong language, but you really can't have looked very hard.
(you know, i just read chapter 2 of 'how to win friends and influence people' which tells me that criticising people never works because they simply work harder to justify themselves. it's the most depressing thing i have read in a long time, but it seems to be horribly, universally true. and it's so frustrating when the world seems to be populated by incompetent idiots. how do you convince someone 'nicely' that they complained about something without even reading it?)
I scanned the body copy for the words open source, GPL etc and missed the github ribbon at the top. It just may be beneficial to put this in text somewhere so it's more obvious, and not everyone searching for a private email server may be aware of the Fork on Github means.
There's another aspect to criticism: I posted because I care about this topic, and care deeply. If I didn't care I wouldn't upvote or post.
Regarding your addendum, if you really view the people as incompetent idiots, I'd argue you're not all that interested in winning them as friends.
In any case, just give the person the information they need without attacking them -- they won't feel defensive and they'll probably feel pretty stupid on their own.
For bonus points, try to empathize and think about something stupid you once did -- surely you've done some idiotic things in the past.
what depresses me is that people don't admit it, learn, and move on. instead we get "well, i am showing how important it is to make this information more explicit because everyone else is as dumb as i am". no. we are not.
ps and no, i am not interested in winning you as a friend. what makes you think i would be? i am interested in influencing people. i want people to be smarter. it's frustrating that this can't be done by simply pointing out the correct answer. instead, people need to be molly-coddled into changing their minds without noticing. by pretending to be friends. an enormous amount of effort is needed to effect the smallest change.
i don't deny it. i think i need to read and learn from that depressing little book. but god i wish people would think a little more.
When you view the world as being filled with incompetent idiots, you're seeing the world through your own filter...not anybody elses. Realize that everybody on the face of the planet has their own filter. Human relationships are built upon being able to empathize with others and perhaps glimpse life through their filter.
Not seeing the fork ribbon in the upper-right isn't about someone being "dumb" anymore than you not knowing how to change your own oil, fix a leaky faucet, put in a new electrical outlet or build a fucking house, makes you dumb.
You didn't just "simply point" out the correct answer. You added, "you really can't have looked very hard." which is an assumption on your part; a conclusion you reached based on your filter of the "world seems to be populated by incompetent idiots".
Very much this. As someone with a strong interest in everything neurology/psychology/intelligence/learning/teaching/etc, this is the most accurate description of what is going on.
"Incompetence" isn't toxic, viewpoint and attitude are. There will always be someone "dumber" than you, and there will always be someone "smarter" than you. Once you realize this and internalize it into your world view, you will come to the same conclusion that book teaches, and that is one of cooperation.
Like my parent here alluded to, you didn't just point out an answer, you projected your thought process onto another person. Why do some people get depressed at what seem like tiny insignificant details, while others live happily in the worst of global conditions? The answer is Perspective. The pain/difficulty anyone feels is very much real to them, it is not an objective measurement -- so when you project the idea that a person just couldn't have tried very hard, you make the assumption that you know what it's like for that person to 'try' anything in that context.
If you look at my own comment history, you'll see that I have dealt with the difficulty of explaining myself to others quite a bit, but also that I try to turn it into a productive thought-provoking discussion with a neutral tone and strong points. For example, what I am saying right now is very similar to a direct attack on your ego (and I wouldn't blame you if you took it as such), but I try to present my words in such a way that will invoke action from your rational 'executive brain' long before it hits your emotional 'reptilian brain', if that makes any sense?
The only real course of action that makes sense is cooperation; any other interpretation would basically implicate that either the world revolves around you, or that everyone is like you, and those ideas should be clearly false to everyone.
The Github thing is a very minor issue, but it seems to have instigated a more general discussion. I think you will gain a lot from reading Carnegie. I empathize with your struggle; I used to think the same way as you, but now I have come to appreciate that influence is a dance of psychology, anthropology, economics, politics, and specific field knowledge. Correcting even the most blatantly wrong things in anything requires that you get right all the social forces around it. This has always been the case, but for whatever reason, some of us get the wrong mental model growing up - that pointing out the answer could affect change.
The more you care that the other side gives up their own facts to accept yours, the less effective your stance will be, no matter how nondisputable the facts. It is much better to act amnesiac and give people wiggle room so they don't feel bad about adopting a new point of view and fear being inconsistent with their past point of view. Correcting someone always implies they were wrong, not something to be reminded of.
what i understood from reading the book making friends and influencing people, i thought that the "friends" he refers to are Customers/Business contacts.
which is often a lot off from our definition of friends (or at least mine...)
Yup, the book clearly has a business slant, but the thesis is that you gain business influence by being a decent human being, cultivating your sense of empathy, and developing genuine relationships with people.
I missed it too. The red ribbon in the top right corner is very easy to miss on wide screens.
If I do Ctrl+F for "open source", the only result I get is that your designer enjoys contributing to open source projects.
You should consider explicitly mentioning open source somewhere in the main content, how about in the Self Hosted section? Congratulations on the awesome project by the way.
The problem might be you: are you trying to convince random unknown people on the Internet to change their minds? Absent knowledge of their true motivations, beliefs or biases? Don't bother with "nicely" but don't be critical either; just be factual - people always hear what they want to hear, and that's not actually your problem.
It is an order of magnitude more efficient to simply move on to the next person, because there are always more people.
I also missed the fact that it was open source, and was about to post a comment about it, when I found this thread. "Open Source" or "Open" should be one of the big features in bold. I'd also like to know more about privacy and security features - for example, is PGP built in?
If we accept, and we should, that there are no "incompetent idiots", then what's happening is poor communication.
Working to fix that results in better usability for a website and better readability for text - and that benefits everyone.
In my case, I saw the Github reference, and got the open source bit, but had no idea how to contribute. Where was the hulking big green "contribute now" button that allowed me to enter a credit card number and hit go?
Going back I see that this was through a black button on the top of the page. But for me it's now too late as the site has made me feel stupid and I, and I suspect others, am significantly less likely to play.
Perhaps that's a timely reminder to re-read Krug's "Don't make me Think".
I've been very unclear about what I mean by subscription: set up a recurring payment monthly or whatever, and I'll let them keep taking money from my account while the source is maintained.
Right now, every single email I receive is encrypted. I have my public GPG key on my mail server, and every incoming email that's not already encrypted is encrypted using that public key. That way if the anyone compels my VPS provider for access, they just get a bunch of encrypted email.
So my problem isn't receiving or encrypting email, it's reading it. The only real option I have right now is Thunderbird, which isn't great, and is no longer under development. Mailpile doesn't look like a mail service to me, it looks like a browser-based but locally-hosted MUA, which might be the remedy to Thunderbird that we need.
I just switched back to Zimbra (also open source) after years with Google Apps. It's been a spectacular experience so far, and it's nice to have email fell like email again (not to mention being in full control).. It has everything I need: a rich web client, good smartphone phone support, good spam filtering, and a good community.
Seriously, it's not that hard to install and setup.
Once you have it all going the capabilities are immense. It also lives on your machine, using your SSL certs, and using as much in-place HDD encryption as you want.
This is how you take your privacy back. You care enough about it to do it yourself.
It's also how you give yourself a headache having to sysadmin a machine. I myself used to run Zimbra and switched to Google Apps. Too much irritation with backups, monitoring, security, et al.
+1 for Zimbra as well, is a very nice Exchange replacement!
Having said that, Zimbra was just acquired recently (yes, AGAIN) and this fact makes me nervous, not sure whether to despair or rejoice.[1]
Mailpipe, if it ever happens, should help a lot getting some of that mail from the claws of Gmail and the likes.
They can have my money.
They talk about privacy, but MTAs like Postfix can already encrypt mail via TLS when moving it to another host¹. GPG gives us a better guarantee, but more user overhead, and unreadable by many recipients.
Additionally SPF gives us a way to check if the sender address has been forged. GPG signing is more robust, but again, more user overhead.
Not to mention, I already have S/MIME support in my mail application and can get GPG support via a plug-in, but I use neither, because few recipients can handle it.
So what is new with Mailpile? What is it supposed to change?
In my opinion, if the goal is to make email more secure, we should look into ensuring that all MTAs is setup to support TLS and use it when delivering mail to other hosts (AFAIK Exim4 only announces STARTTLS when connecting to its submission port).
Getting SPF records setup would also be a plus.
This would go a long way in making email more secure, and only requires action from administrators of mail domains.
I'm super-happy that someone is at last trying to build a self-hosted competitor to Gmail.
Sure, I can set up my own mailserver already, but the amount of effort it takes is too much compared to just setting up a Gmail account. If they can get set-up and spam-protection right, then this could be huge!
Thumbnails shouldn't be high-res pictures that actually are scaled to stamp proportions. It's slow to appear on poor connection and for a moment I thought there were no screenshots and just words like "compose". And it slows down my poor 2nd gen asus notebook.
"Mailpile is a modern web-mail you run on your own computer."
I think this sentence should be the first thing anyone sees when they go to the page. The text at the moment assumes everyone already knows roughly what Mailpile is, so I didn't figure it out until I read HN comments.
I think that this sentence needs to be gotten rid of completely.
- Webmail is fundamentally not something that can run on your own computer. The word is "web" mail, not desktop mail, it's just going to confuse users.
In addition to it being confusing, because of dynamic IPs and residential port blocking you may be able to run it on your computer, you just won't be able to do anything with it due to other internet infrastructure...
- Sending mail from home is almost guaranteed to fail sometimes/often, due to dynamic ip ranges which are frequently blocked.
- Port 25 and port 80 are blocked by most major american ISPs these days for residential services. Making this unusable from a home server. Not to mention it's against many ISPs terms of service to run a server from home without paying for a business package. (That's right, it's not just google fibre)
- SPF records and other forms of email authentication? You would also need a third party DDNS service if using a dynamic IP.
So with all of that said, I like the interface pictures. It could be a good competitor to webmail clients like roundcube and friends.
> Sending mail from home is almost guaranteed to fail...
It's an MUA - it can sent mail just as well as any other MUA. Use your ISP's smarthost if you are using it from home.
> Webmail is fundamentally not something that can run on your own computer.
This statement is plain wrong, even if by "your own computer" you really mean "your desktop box". I can run any server I like on my desktop box. If it has a well designed installer, then it would be as easy to set up as a "normal" app - the end user might not ever know the technical details.
> The word is "web" mail, not desktop mail, it's just going to confuse users.
Now I do agree with you. The product seems to be a little bit of both, so there is some potential for confusion. "Web-mail you run on your own computer" does seem to explain it pretty well though.
Are there any plans to help make setting up your own mailserver easier? That seems to be the main challenge for anyone who wants to self-host right now.
That is one of our main long-term goals. It's too early to say exactly how we would do that, but odds are there would be some sort of helper service in the cloud which relays and handles DNS and such. We need to get the client built first though.
And what would be your approach to spam-filtering? One of Google Mail's strengths is that it can use data from millions of accounts' emails to train its spam-filter.
Do you see Mailpile offering some way to do the same thing in the future, with clients flagging spam and the result being used to train a 'community' filter?
This is still largely an open question. But there are some interesting possibilities for those who actually make their Mailpile visible on the public web - Mailpiles could talk to each other and exchange data of this sort. But ideally things like this would be a community effort shared between projects and we would join, not necessarily lead.
If encrypted & signed mail becomes common enough, then I suspect the spam problem goes away. I suspect spammers won't want to sign their mail, and if they do, it would be trivial to distrust new public keys and maintain a global blacklist of bad established ones. Then almost all encrypted mail can be simply trusted, and spam filtering only has to pick out the occasional real message from the unencrypted dross.
I applaud your efforts! I did not see mobile mentioned. Will there be a mobile-friendly version of the web client? Will there be IMAP access from (e.g.) mobile devices? (Under 'Current Features' you mention IMAP, but I did not understand if this refers to you acting as an IMAP client or server.)
By the way, there seems to be a copy-paste typo in the description for 'Spam Detection'; it reads 'PGP encryption and verification of emails and recipients'.
Yes, making the web mobile friendly is definitely on the list of things to do. Native apps may come later, once the APIs have stabalized a bit. The current IMAP support is functioning as an IMAP client, we haven't started work on the server side yet. And thanks for the typo report :)
so if i understand you comment right: it will be a MUA that accessed through a webbrowser, and one still needs to have an IMAP capable email-account somewhere else?
sigh … I already have email clients that do PGP on my email that is hosted on Someone Else's Computer. It doesn't seem like Mailpile moves me a single step away from the dragnet.
When I saw the "pagekite" username on github, I immediately hoped for plug-and-play self-hosted IMAP/SMTP. Here is what I envisioned in the blissfully ignorant moments until I read what the project was actually about:
The user gets to download/buy a USB stick image / raspberry pi SD image. After plugging it into a pi or other box and turning that on, user types in the URL "mailpile" on their laptop web browser and on first run, user gets asked by web app to plug in a big harddrive for storing email on[1]. The box runs some IMAP server (dovecot?), connected to some MTA that does TLS (postfix?). The user has paid for an already setup domain name, kept in sync with the IP address of that box (which runs a dyndns-like daemon), user also gets access to some server that relays SMTP without breaking TLS (since most mail servers will not accept SMTP from just any dynamic IP). So on first run, the user also has to enter the credentials for the service they paid for, these credentials are used to let the box get its SSL key signed by the CA, tell the dyndns service that this box gets to update this domain name etc.
Now if two users run this, they don't even need PGP to communicate in an encrypted way, it looks just like any other sent email. Nor can anyone requisition their mail without breaking into their house.
So the paid service would be to get a dyndns-updatable domain name with SSL, and access to some server that relays SMTP. The service would have to dole out domain names and either be a CA itself, or be able to intermediate in the SSL key signing process.
[1] For bonus points, dejadup runs there and user gets to say "send encrypted backups to dropbox/some ssh account/some other USB drive"
This is one of the directions the project could go in, and I personally would like it if that happened. But first we have to build the software, right? :-)
but then I'm not really seeing what the advantagess over running thunderbird + engimail locally or using roundcube (which also has openpgp support built in) would be?
Your introductory text and video mention the NSA and PGP. The PGP system has been around for a long time without getting any mainstream traction. There are numerous reasons for this failure, but the general complexity of public key crypto has to be one of them.
On the project page you write
> An intuitive, modern user interface makes strong security accessible to everyone.
Can you share a bit more about the way you envision this?
Why AGPL rather than a more liberal license like BSD or MIT?
Edit: Just to clarify why I'm asking this, the project looks very interesting and I suppose the choice of AGPL wasn't made lightly, as it might slow down adoption by commercial organizations, so I'm interested in the reasoning behind this choice.
In an ideal world BSD/MIT would be the best choice.
But in the current startup world several aynrandian douchebags would take it and make web services or paid apps. Put a lot of money on viral marketing. Pester them with feature requests. And never, ever contribute back to the community or acknowledge it helped their business.
I know a famous BSD developer who switched to *GPL because of this. Also, search for tptacek's explanation. It's counter-intuitive but this is the best license at the moment, mostly for reasons Stallman didn't forsee.
>> Also, search for tptacek's explanation. It's counter-intuitive but this is the best license at the moment, mostly for reasons Stallman didn't forsee.
I was referring to tptaceck's reasons in the previous sentence you missed to quote.
Sociopaths rationalizing themselves as titans of some kind. Economic superheros who shouldn't be bound to basic tit-for-tat rules. Rules even the most primitive cultures follow.
This is something we have debated extensively. Our main goal is to improve privacy and security on-line - giving cloud providers yet another free tool with which to build proprietary services and lock in more users and their data feels like it would be counterproductive.
However, we are open to discussing, and if a significant fraction of our backers would prefer a more liberal license we will probably switch.
Regarding Pull Requests, this is quite important if and when you want to change licenses, or dual license.
Make sure you have on file release forms for every copyright holder who submits code that grant you permission to relicense later on. For one line bug fixes it can be a pain, but it's worth it.
One problem with this though is that it places an unfair advantage with the current maintainer. A fork of the project wouldn't inherit the relicensing permissions from all the contributors.
Ugh, why? You're just discouraging people from contributing by forcing them to accept that their code might be used in a matter they don't approve of in the future.
Because it prevents a choice of more liberal licensing later.
Ogre3D was able to successfully transition from LGPL to MID/BSD because of contributor agreements.
The Apache Software Foundation, Free Software Foundation, and others all require contributor agreements for very good reasons.
If your projects starts out with very liberal licensing, it's not necessary strictly speaking (unless you're concerned about patents). But that's the tradeoff.
It might also discourage contributors who don't want a transition to a different license. After all, contributor agreements also give the power to go closed source later on.
Like I said, tradeoffs. LLVM for example doesn't require copyright assignment, but does require a contributor agreement for patent purposes for significant contributions.
Contributor agreements are a necessary mechanism to protect the project and ensure its future when dealing with patents or preparing for the potential of relicensing.
Yeah, but the Apache Foundation already has a permissive license, and nobody expects the FSF to re-license a project, except maybe to a new version of the same.
By choosing the (A)GPL but forcing contributors to grant relicensing rights, you've excluded both those who consider copyleft licenses non-free, and those who consider copyleft licensing an important requirement.
Did you miss the part where I mentioned patent agreements which is another good reason why Contributor Agreements are important?
And while the Apache Foundation already has a "permissive license" it's not quite as permissive as BSD / etc.
And if the Apache Foundation wants to relicense, to say, a future version of their license, they're still going to potentially need that contributor agreement.
Sounds like those are out of scope, that's just down to correctly configuring the SSL server. But yeah, I hope we correctly configure our SSL servers. ;-)
how does the search work? is there a separate database? i use mairix (which does construct a separate database) and it's pretty damn awesome. have you looked at that? are re-inventing something worse? sometimes it is useful to search just the body. and mairix works fine with a huge volume of mail.
also, getmail is python and does pop and imap downloads, so could be used there.
[otherwise, this seems awesome and if i run out of my own dumb ideas i will seriously consider contributing]
It is a custom search engine, written in Python. It works surprisingly well, most queries are answered under 200ms and tens of milliseconds are common once caches are warm.
Hundreds of milliseconds across how large an index?
My email corpus is on the order of ten million messages. Needless to say, seeing the words "can index roughly four messages per second" made me cringe rather hard.
any plans for a solr support? there's a lot of knowledge out there on how to scale solr for large webmail deployments like i.e. inside a large company or for forensic mail analysis.
I was wondering about that as well. Why not go with an existing search engine? Having checked out the code it seems that the project it still in its infancy. A lot of effort has probably gone into building the search engine though, which kind of seem like re-inventing the wheel but I'm sure you have reasons that I don't see. By the way, as test-infected coder, my first move was to launch the test suite, and it was a bit surprising that it wanted to run sudo :) I didn't go further for now because I don't have time to setup fetchmail, will do later. You guys seem to have a lot of potential and good intentions :) In my end of the world I'm also dreaming of "taking back email" and I happen to write Python for a living, so I'll be watching you guys very closely. Quite frankly though, I won't consider contributing until you have a proper test suite :) Keep it up!
Contributing increases the odds we'll be able to make the test suite. ;-) But yes, the code is very immature, right now it is basically a proof-of-concept in the middle of being refactored into its first sensible iteration (as mentioned at the top of the README).
I built the search engine from scratch initially because it was just an interesting problem I wanted to experiment with. However, now that I have one that works, I see massive benefits to not having too many external dependencies. It makes integration and packaging ever so much more pleasant.
Is Java really that much more effort to set up than Python? Solr's problem isn't Java, it's the bloaty mess of XML configuration files it insists on having - something like elasticsearch pretty much Just Works.
'Course it's months away. :) I've noticed that some applications don't offer their own repositories. So I've been left with either relying on the distributions out of date packages, or installing the application manually. That's why I asked. I'd rather use your repos so that I can keep it up to date.
I don't get it, how is it better than RoundCube[0], Horde[1] or any other webmail clients? Out of the six "reasons", three of them are already there in the wild (privacy, self-host and no ads), I'm pretty sure two more can be found/coded (search & encryption) and the last one (speed) is completely subjective to one's usage.
I mean seriously, what's the appeal to paying for Mailpile when I could just use an open-source webmail client on my server? (Which I will by the way, thanks for the idea)
It is very good you are attacking this problem, but is this the right way to attack the email problem?
According to Paul Graham frightening startup ideas http://www.paulgraham.com/ambitious.html, email is a bad ToDo list, How are you going to implement a better Todo list?
I have created a alpha prototype which attacks these problems conceptually, namely, Message Classification, Message Sharing, Bidirectional Messaging, Pull Messaging, Sender Revocation, Message Expiry, Centralized Attachment etc as a Mobile App but approached this as a separate todo protocol using the Push Messaging Infrastructure.
You can download the working app from Google Play https://play.google.com/store/apps/details?id=priya.pullgrid... and can see a website created http://www.pullworld.com (Undocumented - You can download the Frontend App Html Source - Have not even shared in HN as Show HN because it is incomplete in documentation). The purpose of the Prototype is just as a proof of concept and not really to solve the email problem.
I would love to share my knowledge/architecture if you are interested, so that you can really attack this problem as envisaged by pg and since you are planning to do it open source and with email, would love to contribute if you are thinking of mobile in the future using Html/OpenGL based client.
I think mailbox solves the to-do list problem well enough that it's hard to catch them on that dimension. On the other hnad, there are plenty of new thorny security issues that can generate popular interest. Running a crowd-funder is a good way of proving a market.
This project has roots at least some years back, so it’s not starting from scratch with lofty ideas that are unlikely to come to fruition. Solid team with a great ideology!
Urrgh, if you're going to ask for money, at least ensure you use 'its' correctly on the fundraising button (i.e. it should be 'reach its fundraising goal'.
I really wish everyone would read the Oatmeal piece on apostrophes http://theoatmeal.com/comics/apostrophe
I like the concept - but it's missing a discussion of how they handle what I consider to be (by a pretty large factor) one of the most important feature in email - Anti-Spam.
Gmail (which I'm not suggesting is an ideal, just what I happen to use) doesn't even bother to show me my spam folder - and, in the last week, it's redirected 1178 messages there.
Absolutely. I'm the lead developer - I spent almost 6 years working on anti-virus and anti-spam, so rest assured we know this is a big deal. :-) There is alot of quality stuff in the open source world already which we will be able to build on.
Update: To clarify why we left it out of the pitch - we just took it for granted that you can't have a functional e-mail client without dealing with spam.
Nothing I tried ever handled spam as well as Gmail, I was drowning in it, it's the number one reason I use Gmail. I see so little spam now I think if everyone used Gmail the spammers would have to give up.
There are plenty of nice-enough webmail UIs around, and people complain about the speed of Gmail but I find it perfectly fine. Spam's the thing.
I get what you're saying, but what's to stop them from monitoring the transmission and how can you be sure the receiver of your sent email is running a secure email as well?
It doesn't guarantee that any specific e-mail is snooping-proof, but it makes it hard for someone to trivially look through all your e-mails from the last five years.
if you need free site hosting PM me. i run an infrastructure company and are looking to support open source projects (we rely heavily upon open source).
Two things:
1. IMO sup (http://supmua.org/) is more mature and does about the same. However it's interface is a curses based one which is a plus and a minus.
2. Why not use an existing search products (like xapian)?
Mostly, the reason we do things the way we do, is because one of our primary goals is to make an end-user desktop app. Packaging is therefore a significant task and minimizing dependencies will help a lot.
We still have quite a bit of work to do on our website and message.
One of the reasons I started lumail (http://lumail.org/) was because none of the existing console clients worked for me. Specifically sup will die importing my 2013-1994 = 19 year mail archive.
Back in 2001 or 2002, I was following the progress of Zoe, what I thought to be a very promising new approach to email archives. It kept your email in mbox or eml files, used Lucene for indexing and search and then provided a web interface on an embedded web server.
The Zoe project is no longer active (the homepage is dead and the files are gone), but this MailPile sounds very much like it. Almost exactly like it. I hope it does better.
Mailpile stores in RAM about 180 bytes of metadata per message (actual size depends largely on the size of various headers), but Python overhead brings that to about 250B. This means handling a million messages should consume about 250MB of RAM - not too bad if you consider how much memory your browser (or desktop e-mail client) eats up.
Totally killed my interest, I want to run this on a small server (e.g. NAS), for everyone in my family
Should they succeed, let us hope that the mobile version of the webmail client will function better than the mobile version of your static site. Pretty unusable in MobileSafari.
Hey topherwhite I'm the UI/UX designer of Mailpile- totally aware of the poor rendering on mobile at present. Working on fixing that- was swamped with other aspects of the campaign launch. Thanks for your feedback :)
It‘s still decidedly aimed at techies though. I guess it'll be another few years before the benefits of a Free Software Gmail competitor will be accessible to the layman.
Hi there. I'm the UI/UX designer on the Mailpile team. Making every aspect of MP easy for non-techies is my primary concern. We aim to be easier than Wordpress with our Alpha release in Jan 2014. Please give me any feedback concerns with out to achieve this goal :)
Feedback: IMAP and POP3 would let everyone continue to use the native apps that they know and love for their UX. The web sucks for apps. It just does. Making robust dedicated native apps for each major platform would be a real differentiator.
Am I understanding this correctly that this is basically a selfhosted imap/pop/smtp frontend?
I am curious how you guys would use it, i.e. where would you actually host your emails? Running your own mailserver on a vserver sounds fun and not to expensive but I don't know if I want to maintain something like that in the long run. If something breaks this just sounds like a lot of work.
You guys pay for mail hosting? Use the one that comes with your website domain?
This is a desktop mail client. It is also a web-mail you can run on a server somewhere if you so choose. It depends on how it is deployed.
Contrasting Mailpile with other tools, one difference is that the basic design is that of a search engine, not a tool for reading mail from folders. Most current desktop mail clients are built on top of a bad paradigm, in my opinion.
Another exciting thing about this model, is that since the UI is a website (of sorts), we can leverage the collective experience and creativity of the web design community. That is a much, much larger pool of talent than UI designers who know C++ or Objective C, or whatever.
Finally, making the app a web server means you get an API to interact with your e-mail almost for free.
To clarify, Notmuch is a mail indexing and search system with a command-line/library API. It's very easy to integrate with mail frontends because of good design decisions (eg. it does very little, everything can spit out JSON for easy parsing, ...). As a result, many excellent frontend clients were written on top of it (an emacs mode that I use, a Mutt/Sup-like curses client, a GTK one, ...)
Notmuch does two things:
- Indexes a Maildir and places messages into a Xapian fulltext database.
- Provides an API for tagging, threading, retrieving, searching, creating template replies, etc. for the messages in its index.
Getting mail into the folder is the burden of another program (say offlineimap or getmail), and sending mail is also handled by other tools (say MSMTP or sendmail).
I think Notmuch would have made an absolutely killer framework to base Mailpile off of.
Ok then go research how many companies in silicon valley give their employees Gmail. All the companies I've been worked provided Gmail only because there is really not a good open source option. And Google accounts is a huge monopoly that obviously sounds bad enough to hurt your feelings. But this is the reality. Google is a valley of shit and most of us want to move on from it.
Criticizing Google doesn't "hurt my feeling". I've moved away from Gmail and other Google services (not all) a few years ago because I disagreed with their options. But that doesn't mean I have to agree with nonsensical claims such as Google having a monopoly on email.
Maybe they do on Silicon Valley, but I'm sure you realize that's a pretty insignificant subset of email users.
Firstly, the centralized cloud webmail companies (Gmail, Hotmail, Yahoo) by giving people the ability to self host their email with an awesome webmail solution! ~Mailpile Designer
What happened to building something and selling it?
According to the campaign page, the need is so great because:
"We're asking for a lot of money, so of course you should know why. $100.000 means paying two people $4166 a month for a year, including all taxes, insurance and other fees."
I suppose people get what they pay for, but I find it insulting to ask me to pay your salary for a year so that you can avoid risk.
If you were truly concerned about online privacy, you'd build it anyway. So is privacy the mission, or the pitch?