Interview with Jumble Encrypted Email Provider, Freedom Hacker
·

Interview with Jumble Encrypted Email Provider

Brandon StoshByBrandon Stosh Hours
Comments 1 Comment

0) Please tell us, what is your role (in the email provider company, where do you stand, owner, marketer, advertiser etc)?
Founder

1) Does Jumble keep or enforce any logs, IP Addresses, Timestamps, Bandwidth caps, Traffic or other data on users?
We create web server access logs which record the user’s IP, timestamp and page requested. These are the default access logs created by the apache web server however these logs are purged once a week. No other logs or restrictions are enforced on our users.

2) What type of Encryption do you use to secure emails?
Jumble uses standard encryption algorithms that have been published and peer reviewed over many years. Specifically, we use 256-bit AES keys to encrypt the email data and then use a 2048-bit RSA public key to encrypt the AES key. All data is encrypted in the browser, which means nobody, including us, ever sees your data; Jumble provides real end-to-end secure email. Jumble uses 2 different sets of encryption keys for each email you send:

  1. A random single-use AES key is created for each email sent; this key is used to encrypt the actual email
  2. A set of RSA keys, called a key-pair, is uniquely associated with your email address and these keys secure the single-use AES key.
    Jumble generates a new RSA key-pair for a given email address when it’s not already available from our API but only releases the private section of the key-pair to someone who can prove they own the email address linked with the key-pair.

3) Where are your servers located and what jurisdiction do you operate under?
Jumble’s servers are located in Germany and it is an Irish company offering secure email worldwide.

4) When a user deletes an email or draft, is it actually deleted? (many mainstream providers keep users email even after deletion)
Jumble provides a secure email service that integrates with existing email providers so that you don’t need to change your email address or change how you interact with your emails.  All encryption and decryption is done within your browser so Jumble never sees your data.  As a result Jumble doesn’t store a user’s email.  However while the webmail client may not actually delete the email it would in any event be encrypted so they could not read the user’s deleted email.

5) How do you generally handle requests from law enforcement?
While Jumble generates the private key for the user it doesn’t have access to private keys as they’re encrypted with the user’s password. Furthermore as Jumble secure email is an end-to-end solution (i.e. your data doesn’t leave your computer until it’s encrypted) this means Jumble doesn’t have access to your data either.

6) Do you track users in any way with trackers, advertisements, or cookies ?
Jumble uses cookies to support website user sessions, without these cookies users would not be able to login or use the onsite email decryption facilities.

7) How much do your encrypted email services cost?
Jumble is free for individual users and a monthly fee of €5 per user for business customers.

Brandon Stosh

Brandon Stosh is the founder of www.freedomhacker.net. Stosh is a cyber security researcher who strives to provide reliable news on cyber-security based topics.

Similar Posts

Leave a Reply to Ciara McGrath Cancel reply

Your email address will not be published. Required fields are marked *

One Comment

  1. As someone who takes their email privacy seriously and has tried many different services I can say that Jumble is definitely the most user friendly, easy to use product that offers this service. It does exactly what it is supposed to! Nice one!

    Reply