About Confidante

Overview

How does Confidante work?

Confidante is built on top of Gmail and Keybase. It uses your Gmail account to send and receive messages, and uses Keybase to store your private keys and look up public keys. When you log into your Confidante inbox, your browser gets your private key from Keybase, and your encrypted emails from Gmail. Then, it automatically decrypts all of the messages. When you send an email, you find the recipients on Keybase using their name, username, or any of their linked accounts (Twitter, Facebook, Github, etc). Then, Confidante looks up their public keys, encrypts the message in the browser, and sends it through Gmail.

Can I use Confidante for my sensitive communications?

Use only at your own risk. This is a beta version of Confidante, which we have released along with our source code for community evaluation and feedback. While we have designed Confidante to provide the security properties described in this FAQ, please be aware that Confidante has not received a formal security audit.

Using Confidante

Why do I have to log in twice?

To use Confidante, you need to log in to both your Gmail account (so Confidante can access your emails) and your Keybase account (so Confidante can access your keys).

Can Confidante only work with Gmail?

In theory, Confidante can work with any email provider that supports access by third-party applications, like Gmail does. In practice, this beta version of Confidante was only built to work with Gmail.

Where are all my emails?

Confidante only shows you the emails in your Gmail account that are encrypted. Any unencrypted messages (for example, messages that you sent or received through the regular Gmail website) will not appear in Confidante.

Can I send an unencrypted email?

Confidante only supports sending encrypted emails. If you’d like to send a regular, unencrypted email, you can do so from the regular Gmail website.

Why do I have to enter both an email address and a Keybase user name for the recipient of an email?

Keybase links Keybase accounts to social media accounts (Twitter, Facebook, etc.) by posting cryptographic proofs publicly to those accounts (see Keybase's website for more information). Because such a proof can’t be publicly posted to an email account, Keybase does not provide a verified link between Keybase accounts and email addresses. Thus, Confidante cannot look up a Keybase account given an email address, nor vice versa. For this reason, make sure that when you are 'Reply/Reply All' to a message, you are re-typing the Keybase usernames of all the recipients, since these will not be auto-filled for you. In the future Confidante may include a feature to remember such mappings, but this feature comes with tradeoffs.

Security and Threat Model

What security properties does Confidante provide?

What does Confidante NOT protect against?

What's the difference between the web preview and the desktop app?

The web preview is slightly less secure than the desktop version, because certain information from Google and Keybase must pass through our web server.

We do not store either of these authenticators on our server, but an if our server was compromised by an active attacker, they could view the authenticators of Confidante users that are currently online.

The desktop application does not have any of these vulnerabilities, because it can directly communicate with Keybase and Gmail, without going through our web server. We highly recommend using the desktop app for this reason.

Keybase

What is the difference between Confidante and Keybase?

Keybase is a cool new key directory service and was not developed by us. Confidante uses Keybase for private/public key storage and lookup. For more information on Keybase and its security properties, please visit the Keybase website.

Can I use Confidante without a Keybase account?

No. If you don’t already have a Keybase account, you can sign up for one at the Keybase website.

Can I use Confidante if I don’t have a private key stored on my Keybase account? (For example, can I upload my private key directly to Confidante?)

We understand that some users may not wish to store their (passphrase-protected) private keys on Keybase’s servers. In the future, Confidante may support local private keys; at the moment, you must use Confidante with a Keybase account that contains a private key.

Learn More

I want to learn more about Confidante’s design and security properties.

Please check out our research paper, which appeared at the IEEE European Symposium on Security and Privacy in April 2017.

I want to provide feedback to the Confidante team.

We’d love to hear your feedback! Please contact us at confidante@cs.washington.edu or on our GitHub repository.

I want to look at or contribute to the Confidante source code.

Great! Please see our GitHub repository.