Today I first heard about Opolis Secure Mail. I’ve you’ve read my previous posts, you know that I’m interested in email security (here and here). Unfortunately email encryption is a bit cumbersome today. That’s why I took a closer look at Opolis.
After browsing their website (which looks like a cheap copy of Apple’s website) I found it to be somewhat interesting. The closest thing I could think off is Hushmail combined with a branded email client. I was intrigued and had to give it a shot.
Installing Opolis was a bit cumbersome and not very streamlined. You need to first download an app, then the app will download another app within the app. You need to provide the installer with your email address, a username and password. When you’ve provided it all information required, a certificate (iTrust) is being generated. When done, the email client will launch.
Compared to the major email clients, like Thunderbird and Apple Mail, this email client is well 10 years behind as far as design and usability goes.
In addition to encryption, Opolis points out a few benefits with its service, such as the ability to get delivery result and revert sent messages. While these features are somewhat appealing, the simple fact that Opolis can only send and receive emails to other Opolis users makes the cooless of that close to zero. Moreover, until they release an email client that is at least at par with Thunderbird, I don’t see them gaining traction. Combine that with the fact that people or companies who are paranoid enough to encrypt every single email they send and receive already use GnuPG or PGP.
Screencast
Verdict
I don’t see myself using Opolis at all. I use email encryption from time to time, but then I use PGP/GPG. And quite frankly, Opolis does not add a whole lot of value that GnuPG already brings. When I need encryption I use Thunderbird with the Enigmail-plugin. The only pain-point with using GnuPG is the key generation, but that pain itself is hardly worth the trouble switching to Opolis. Perhaps more importantly, Opolis does not seem to be compatible with GnuPG/PGP at all, since it can only send and receive messages within its own system. That means you cannot tap into the huge key database that already exist.
The only good thing I can say about Opolis is that they’ve found an simple way to deal with the generation of certificates/keys. That said, I’m not sure where these are stored. Locally or on their servers? If I were to use a service like this for critical data, I would definitely want a copy of my certificates/keys on my local computer. Even if I were to get the certificate/key stored on my local computer, how can I get my (unencrypted) data out of the email client? Otherwise, what will happen with all my data if the company goes belly-up? It’s not Google or any other large enterprise we’re talking about — it’s just a start-up. These things happen.
[...] This post was mentioned on Twitter by Email Marketing and Viktor Petersson, Email Service Guide. Email Service Guide said: Opolis — Revolutionary or just another email client? http://bit.ly/990aWF #email #security [...]
dear viktor:
thank you for your interest in opolis and also thanks for the straightforward and honest feedback.
you are right in all aspects you mention in your article. one of the principle ideas of opolis was to integrate all – commonly cumbersome – steps in transmitting encrypted mails in one single service. and you are right that – from a security aspect – opolis merely combines technology which already exists. as we have only launched recently we are aiming to improve the service continuously and adding new features, any feedback like yours is extremely helpful for us. for example, we will be launching soon a feature with which you can store whole folders in encrypted mode by just a single step using the opolis mail client.
what may be useful, though, is, if you also may have a brief look at the various additional features opolis already offers: you as a sender decide whether the recipient is actually allowed to forward, print or copy a message or not. and you can constantly monitor what the recipient has actually done with a message.
best regards in the meantime & thanks again
your opolis team
Thanks for stopping by. I wish you guys the best of luck. As I mentioned in the beginning of the article, I’m interested in email encryption, and I definitely think there is a market in making email encryption easier. Please drop me a line at hello [at] emailserviceguide [dot] com when you want me to take a look down the road.
Good luck!