Confidante is built on top of Gmail and Keybase. It uses your Gmail account to send and receive messages, and uses Keybase to store your private keys and look up public keys. When you log into your Confidante inbox, your browser gets your private key from Keybase, and your encrypted emails from Gmail. Then, it automatically decrypts all of the messages. When you send an email, you find the recipients on Keybase using their name, username, or any of their linked accounts (Twitter, Facebook, Github, etc). Then, Confidante looks up their public keys, encrypts the message in the browser, and sends it through Gmail.
Use only at your own risk. This is a beta version of Confidante, which we have released along with our source code for community evaluation and feedback. While we have designed Confidante to provide the security properties described in this FAQ, please be aware that Confidante has not received a formal security audit.
To use Confidante, you need to log in to both your Gmail account (so Confidante can access your emails) and your Keybase account (so Confidante can access your keys).
In theory, Confidante can work with any email provider that supports access by third-party applications, like Gmail does. In practice, this beta version of Confidante was only built to work with Gmail.
Confidante only shows you the emails in your Gmail account that are encrypted. Any unencrypted messages (for example, messages that you sent or received through the regular Gmail website) will not appear in Confidante.
Confidante only supports sending encrypted emails. If you’d like to send a regular, unencrypted email, you can do so from the regular Gmail website.
Keybase links Keybase accounts to social media accounts (Twitter, Facebook, etc.) by posting cryptographic proofs publicly to those accounts (see Keybase's website for more information). Because such a proof can’t be publicly posted to an email account, Keybase does not provide a verified link between Keybase accounts and email addresses. Thus, Confidante cannot look up a Keybase account given an email address, nor vice versa. For this reason, make sure that when you are 'Reply/Reply All' to a message, you are re-typing the Keybase usernames of all the recipients, since these will not be auto-filled for you. In the future Confidante may include a feature to remember such mappings, but this feature comes with tradeoffs.
The web preview is slightly less secure than the desktop version, because certain information from Google and Keybase must pass through our web server.
We do not store either of these authenticators on our server, but an if our server was compromised by an active attacker, they could view the authenticators of Confidante users that are currently online.
The desktop application does not have any of these vulnerabilities, because it can directly communicate with Keybase and Gmail, without going through our web server. We highly recommend using the desktop app for this reason.
Keybase is a cool new key directory service and was not developed by us. Confidante uses Keybase for private/public key storage and lookup. For more information on Keybase and its security properties, please visit the Keybase website.
No. If you don’t already have a Keybase account, you can sign up for one at the Keybase website.
We understand that some users may not wish to store their (passphrase-protected) private keys on Keybase’s servers. In the future, Confidante may support local private keys; at the moment, you must use Confidante with a Keybase account that contains a private key.
Please check out our research paper, which appeared at the IEEE European Symposium on Security and Privacy in April 2017.
We’d love to hear your feedback! Please contact us at confidante@cs.washington.edu or on our GitHub repository.
Great! Please see our GitHub repository.