Today I first heard about Opolis Secure Mail. I’ve you’ve read my previous posts, you know that I’m interested in email security (here and here). Unfortunately email encryption is a bit cumbersome today. That’s why I took a closer look at Opolis.
After browsing their website (which looks like a cheap copy of Apple’s website) I found it to be somewhat interesting. The closest thing I could think off is Hushmail combined with a branded email client. I was intrigued and had to give it a shot.
Installing Opolis was a bit cumbersome and not very streamlined. You need to first download an app, then the app will download another app within the app. You need to provide the installer with your email address, a username and password. When you’ve provided it all information required, a certificate (iTrust) is being generated. When done, the email client will launch.
Compared to the major email clients, like Thunderbird and Apple Mail, this email client is well 10 years behind as far as design and usability goes.
In addition to encryption, Opolis points out a few benefits with its service, such as the ability to get delivery result and revert sent messages. While these features are somewhat appealing, the simple fact that Opolis can only send and receive emails to other Opolis users makes the cooless of that close to zero. Moreover, until they release an email client that is at least at par with Thunderbird, I don’t see them gaining traction. Combine that with the fact that people or companies who are paranoid enough to encrypt every single email they send and receive already use GnuPG or PGP.
I don’t see myself using Opolis at all. I use email encryption from time to time, but then I use PGP/GPG. And quite frankly, Opolis does not add a whole lot of value that GnuPG already brings. When I need encryption I use Thunderbird with the Enigmail-plugin. The only pain-point with using GnuPG is the key generation, but that pain itself is hardly worth the trouble switching to Opolis. Perhaps more importantly, Opolis does not seem to be compatible with GnuPG/PGP at all, since it can only send and receive messages within its own system. That means you cannot tap into the huge key database that already exist.
The only good thing I can say about Opolis is that they’ve found an simple way to deal with the generation of certificates/keys. That said, I’m not sure where these are stored. Locally or on their servers? If I were to use a service like this for critical data, I would definitely want a copy of my certificates/keys on my local computer. Even if I were to get the certificate/key stored on my local computer, how can I get my (unencrypted) data out of the email client? Otherwise, what will happen with all my data if the company goes belly-up? It’s not Google or any other large enterprise we’re talking about — it’s just a start-up. These things happen.