Inky Reviews

inky

about Inky · ·

excellent work done. so far the best I triedçeasy to use.smart GUI.however enhancement of run-time and adding e-mail notifications/pop-ups.should be considered by the developers. anyway, highly recommended to every e-mail user. Congrats and Grazie...............

Reply

Secure account my @$$

about Inky · · -1 Helpful

If I knew Inky stores my password on their server I wouldn't download it in the first place. They call their account secure but the whole scheme is utterly ridiculous. At least one of my accounts is used to reset passwords to a lot of other services, why on Earth would I trust it to a third party, even encrypted?

Reply
about Inky · · -1 Helpful

Email password is saved in their server, their website says. "Encrypted" but still saved. No-go for me.

Are my email passwords stored on Inky's servers? Inky connects to your email providers and processes your mail on your machine. Your email data never passes through our servers. Inky stores your email passwords encrypted on our servers, but the decryption key is your Inky password. This means that no one -- not even Inky employees -- can access your data without knowing your password. This also means that you can have one Inky account for multiple computers because your information is transfered encrypted through the cloud.

You are right to be concerned about the general issue of where and how your email credentials are stored. However, there's a lot of confusion about how we and why Inky does this. Here's a summary that should hopefully clear things up.

First, the why: doing so means that when you set up Inky on a new device -- e.g., you have it on your desktop but then install it on your laptop -- you don't need to enter all your server details again. This is a huge time saver for all but the most tech-savvy users. It also means that when, say, you tell Inky a message is or isn't relevant to you, that feedback applies to all your Inky instances, not just that one.

Now, the how: the full, technical explanation is in our FAQ, here: http://inky.com/faqs/securely storinginformation/

The short story is that we encrypt your credentials using a strengthened key derived from your Inky login password. Importantly, Inky authenticates you to our servers in such a way that no information about your password -- and therefore about your encryption key -- are transmitted to us.

This means we store encrypted data on your behalf with no way to decrypt it ourselves short of a brute force attack. The same applies to any third parties (hackers, etc.) that might somehow get into our servers. This is also the reason we can't reset your password if you forget it -- we simply don't know it.

We take security incredibly seriously and devote significant resources to it. For example,Inky simply won't connect to servers where the user's password must be transmitted in plaintext. (There are still some out there!) And we've put a great deal of effort into our TLS stack, to ensure that certificate validation is done properly. As you can see from this paper (https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf ), many messaging clients don't do the right thing at all on encrypted communications.

Finally, the trend among email systems has been to move all the mail into the cloud; virtually every new mail app processes your mail in the cloud rather than on your local machine. This compromises your privacy, which is the reason Inky does NOT do this.

-- The Inky Team

Sorry, the FAQ link got mangled. Here's the correct one:

http://inky.com/faqs/securely storinginformation/

-- The Inky Team

@Inky you can add option to save passwords to server or save locally

Reply