Skiff is privacy-first, end-to-end encrypted email powered by your wallet. Skiff is a completely new take on the consumer application stack for communication and collaboration: One that is private, intuitive, and built to empower people to own their own data. In this piece, we’ll walk through how Skiff’s application stack works, linking to our open source code repositories, whitepaper, and blog entries along the way to give more context on how our products work.
In this blog, we’ll walk through how Skiff functions as a privacy-respecting, end-to-end encrypted, and fully transparent email solution, collaboration product, and more. For a more technical audience, the article alludes to a new stack for writing software built on new storage models, identity solutions, and simple collaboration methods.
On Skiff, all of your data is end-to-end encrypted and accessible only by you. End-to-end encryption ensures only the communicating parties can read messages, access your data, and decrypt your files. No one in between, not even the service provider (including Skiff), can read any of your content. This is done by each Skiff user generating unique keypairs for encryption and decryption, and then exchanging keys with each other. Messages, files, emails, or other data can be encrypted using the recipient’s public key, and can only be decrypted with their private key, which is kept completely secret. This ensures that even if someone intercepted a message, file, or other content, the malicious actor would not be able to read it.
Working with Protocol Labs, Skiff integrated storage on IPFS - the InterPlanetary File System - to enable a more transparent, distributed, and portable model for people store data and files on the web, all fully privately. The InterPlanetary File System (IPFS) is a protocol and peer-to-peer network designed to create a distributed file system that can be used to store and share data across a network of computers. IPFS is a decentralized alternative to the traditional centralized file systems that are used by most computer systems. IPFS is based on a content-addressable file system, which means that each file is given a unique identifier based on its content, rather than its location. This makes it possible to store and share data across a network of computers without the need for a central server.
IPFS is designed to be scalable and efficient, and it can be used to store and share data of any size; IPFS uses the blockchain-based currency Filecoin to reward storage network participants. IPFS is also designed to be secure, and to provide a high degree of privacy for its users. IPFS is also censorship resistant, wherein a single entity cannot limit or control the content that is stored on the network. Given a content ID (CID) of data stored on IPFS, it can also be easily transferred to other platforms or used by other accounts, significantly increasing data portability in comparison to traditional cloud storage providers (such as Dropbox, Google Drive, etc.).
Signing up for a Skiff account requires absolutely no personally identifiable information (PII). Skiff does not store your email address, phone number, or any additional metadata (location, IP address, device information) on signup, keeping your personal information private to you.
All Skiff user accounts are associated with a distinct cryptographic identity - a set of keypairs for encryption and signing where users (and not Skiff) have access to the private key. Unlike other traditional email services - Gmail, Outlook, Hotmail, and Yahoo - you alone own your identity with the private key and recovery phrase provided to you, or using a distributed naming service (see more below), or with the wallet and on-chain identity that you already own on sign up. Using a cryptocurrency wallet to sign up also enables wallet-to-wallet communication for the first time. This yields increased trust via user-owned, verifiable, and end-to-end encrypted communications with an on-chain identity. Currently, users can sign up with MetaMask, Coinbase Wallet, Brave Wallet, Keplr, and Phantom, or simply create a new email address and password.
Almost a half-century ago, Pretty Good Privacy (PGP) was proposed as a new standard in email encryption. PGP uses public-key cryptography system to protect the confidentiality of email messages. PGP email encryption can be used to secure the contents of email messages as well as the email headers, which contain the sender's and recipient's email addresses. Today, PGP is widely considered dead, largely due to decreasing usage, difficult user experience, and the rise of more simple and intuitive end-to-end encrypted messaging apps, like Signal, that build encryption directly into the product without a worse user experience. For example, it is estimated only 50,000 people (at most) use PGP today, while over 100 million people use Signal every month to communicate. Furthermore, PGP required sharing public keys on a personal site, business card, or through other mechanisms. Using a naming service (like ENS) allows trustworthy, on-chain identity to replace this cumbersome process.
Now, this decentralized consensus algorithm maintains a link between an address (like “skiff.eth”) and the wallet address associated with it, and a wallet address is deterministically created from a public key. In Ethereum's case, the secp256k1 algorithm is used to generate keys, signatures, and secure communications on the Ethereum network. Secp256k1 is used to generate a public/private key pair that can be used to sign transactions and contracts on the Ethereum blockchain. The secp256k1 algorithm is also used by other cryptocurrencies, such as Bitcoin and Litecoin. In contrast, Solana has chosen Curve25519 for its speed and simplicity - another popular elliptic curve choice for many cryptographic purposes also used by Stellar, Algorand, Monero, and others.
Collaborating on Skiff can be done using an email identity, a Skiff account, a crypto wallet, or a naming service, like the Ethereum Naming Service or Solana Naming Service. This is designed to clearly associate user identities and accounts with immutable crypto identities - where wallets and naming services can yield significant benefits.
The Ethereum Naming Service (ENS) is a decentralized service that allows users to register and resolve names using the Ethereum blockchain. The service is similar to DNS, but instead of using domain names, ENS uses ETH addresses. ENS is designed to be censorship-resistant and to provide a more user-friendly experience than using raw, 42-character hexadecimal Ethereum addresses.
The Solana Naming Service operates similarly, where users can purchase .SOL names that make it much simpler to collaborate, own digital assets, purchase NFTs, and use your wallet address without having to remember a long, random string of base58 characters.
This model for web3 communication is much simpler, more verifiable, and more transparent than tools used today (generally Telegram or Discord), as all communication is private and to or from an identity determined via private keys or distributed consensus (such as a naming service).
Good design is straightforward. It doesn’t burden the user with complicated setup or didactic instruction. While the power of Skiff lies in our privacy, end-to-end encryption, and web3-integrations, the technical complexity underpinning our platform doesn’t get in the way of the experience. Instead, Skiff’s suite of products are simple-to-use, well-crafted, and intentional in their design. We make it easy to collaborate, communicate, and create across our Skiff Mail, Pages, and Drive.
Our approach is rooted in first-principles. Mail products, for example, have proliferated for years. But the UX has stagnated so much that “the future of email” now sounds like an oxymoron. Skiff Mail is different – we’ve designed it from the ground up to fit the needs of our digital and crypto-native user-base. From our command palette to one-click import features and ENS support, communicating across the blockchain has never been more delightful.
Today, the Skiff Pages product enables end-to-end encrypted realtime collaboration, writing notes, and sharing wikis. The Drive product enables file upload, storage, and sharing - and can also be integrated with IPFS. Finally, Skiff Mail supports private, E2EE communication, both among Skiff users and to external email addresses or email providers, such as Gmail and Outlook.
For the first time, users can contact other email addresses, send messages to wallet addresses, use naming services as their identity around the web, and more. Beyond simply using private products on the Skiff platform, this also enables every user to use a more private identity around the web - signing into other services, receiving newsletters with a wallet email, sending personal communications, and storing critical personal and professional attachments over years.
Taken together, these technologies represent a new stack for building user-facing applications on the internet. Identity is no longer controlled by a single entity and instead owned by users, naming services, and private keys. Storage is end-to-end encrypted, portable across devices, and censorship resistant from a single entity. Interfaces are simple, easy-to-use, and straightforward for users to understand. To experiment with this tech, we highly encourage reading developer docs, experimenting with new encryption libraries, and getting involved with new, privacy-respecting communities.