Horizon users know that we strive to give our users a private experience across our products. In order to do so, we provide end-to-end encryption where applicable. For example, Horizon Pics has optionally end-to-end encrypted photo storage and pastes.
For email, it's not that simple. There are many inherent limitations in how the IMAP and SMTP protocols work.
IMAP and SMTP were only designed to be encrypted in transit, not at rest. They are not meant for privacy and anonymity.
For us, this wasn't enough. During Horizon Mail's beta phase, we experimented with user-based server-side encryption to secure emails from us and potential breaches.
Unfortunately, this didn't work out as the open-source technologies we were attempting to use were severely under-developed and under-documented, leading to poor user experiences for everybody. Later on, we found out that these features were actually not meant for production.
Since Horizon Mail's launch, we kept emails unencrypted on our servers (but still encrypted in transit) and transparently announced this in our official launch announcement and FAQ.
That brings us to today.
While the user-based server-side encryption isn't polished for production use, we found out that master-key server-side encryption is.
As of December 6, 2021, all new emails are server-side encrypted with master-key server-side encryption.
Master-key what what?
Master-key server-side encryption is when all emails are encrypted at rest on our servers with one asymmetric keypair.
This means that all emails are encrypted at rest, but we have the key to decrypt them.
This is not our ideal situation, but it's the best we can do for now.
We have expressed in the past that we would not read emails or sell user information and this still holds today.
While we do hold the decryption keys to the emails on our servers, we will still preserve user privacy, and we will not pry into their inboxes.
This new server-side encryption method we've implemented is a step in the right direction and prevents the leakage of plain-text emails if an attacker were to exploit a vulnerability in our software to gain access to the storage backend.
For our server-side encryption, we're using an asymmetric prime256v1 Elliptic Curve Cryptography (ECC) keypair that encrypts all emails on our servers with the secp521r1 curve.