Security Documentation

These articles provide technically accurate, cryptographically grounded analysis of email security. We document what zero knowledge and zero trust actually mean, why no email provider can deliver these properties, and how to configure your setup for maximum security.

Core Security Documentation

The Truth About Zero Knowledge / Zero Trust

The definitive explanation of what zero knowledge and zero trust mean in cryptography - not marketing. Covers why these are properties of the client, not the provider, and why every email service that claims these properties is redefining the terms.

Why You Should Never Let a Provider Generate or Store Your Private Key

Technical analysis of key custody, provider-controlled code paths, entropy risks, and why true zero-access requires user-only key ownership.

End-to-End Encryption vs Zero Access Storage

Critical distinctions between true end-to-end encryption (zero trust) and zero access storage (trust required). Explains why these are fundamentally different security models.

The Myth of Jurisdictional Privacy

Comprehensive analysis of why geographical jurisdiction offers limited privacy protection. Documents global surveillance networks, MLATs, intelligence sharing agreements, and why technical safeguards matter more than server location.

Analyzing Zero Knowledge Claims: ProtonMail, Tutanota, and Others

Applying the cryptographic standards above to evaluate specific provider claims. Technical analysis of how major encrypted email providers' architectures compare to actual zero knowledge requirements.

How to Use CodaMail in the Most Secure Fashion Possible

The authoritative guide to configuring email for minimum trust: local key generation, public-key-only upload, automatic PGP encryption, and independent decryption software.