Rootshell: A new E2EE email service hosted in Iceland
- Security
- Privacy
- Infrastructure
- Startups
Rootshell is a newly launched email service hosted in Iceland that presents itself as end-to-end encrypted. That claim was the first thing people attacked. One commenter says a quick test showed messages coming back from the server in plaintext, which would mean decryption happens server-side rather than on the client. Several others made the broader point that ordinary email only becomes true end-to-end encryption when both sides use something like PGP or GPG. Otherwise the provider still sees plaintext for mail arriving from Gmail or any other normal service. The result is that “E2EE email” reads less like a technical property and more like a marketing shortcut unless the service clearly limits the claim to encrypted messages between compatible users.
Treat any new “secure email” product as guilty until it explains its threat model, client-side crypto path, and operational basics. If you are building one, the hard part is not the landing page claim but the protocol edges, account policy, and day-one trust posture.
-
rootshell.is
- Discuss on HN