Championing Privacy Online: A Deep Dive with Skiff

The value and significance of privacy in today’s world cannot be overstated. The amount of personal data we generate on a daily basis is staggering, anywhere from social interactions, to workspace applications, to financial transactions. Every action we take on a product that neglects or undermines our privacy can reveal intimate details about our habits, behaviors, preferences and personal lives - information that can be easily weaponized against us.

This is where the significance of tools and platforms that prioritize user privacy comes into play. Skiff is amongst the companies building a suite of products with a privacy-first approach, offering email, calendar, secure file storage, and more features that give you the power to interact and store data privately. These efforts and products are essential in shaping a new landscape where users can communicate and collaborate without fear of surveillance or data collection tactics that impede on our rights. Many companies today treat our data as a commodity, rather than the most valuable asset that belongs to us. It underlines the need for a world where the pursuit of privacy isn't a constant battle, but rather an intrinsic part of our daily web usage and experiences.

Skiff uses end-to-end encryption, a critical feature for secure communication, across its products. This encryption method ensures our communication and data remain private, even from the very companies that provide these services. Moreover, if governments request this data or if hackers try to obtain and sell or misuse it, they'll come up empty-handed. This places companies in an ideal position; they can't share or leak information because they don't possess that data to start with. It's the ultimate measure of prioritizing user privacy.

A Deep Dive with Skiff CEO

We had a chat with Andrew Milich, the CEO of Skiff, about the company’s journey and goals:

Q: What inspired you to launch Skiff?

I’ve been an engineer my whole life and love building safety and security products, from the Dragon 2 capsule software at SpaceX to operating systems. After spending time in Asia and Russia as a graduate student, I used more and more end-to-end encrypted products and started to build my own. I began to fixate on the infinite engineering and product design problems involved in building an end-to-end encrypted suite, and I ultimately started working on Skiff full-time with our CTO Jason Ginsberg.

Q: Why should users trust Skiff as a workspace suite over established platforms?

Over the three years Skiff has existed, we’ve been working every day to build user trust. This starts at a company level - privacy policies that protect user data, founders and team members that vocally promote privacy, and numerous technical practices to build a product that prioritizes privacy above all.

Open-sourcing our cryptography and more and more of our codebase, along with reputable security audits and company advisors, has gone a long way in building community trust. Most of all, it takes years to build trust, particularly for products people use to store their most precious work. So, we have many more years ahead of us on this trust-building journey.

Q: Can you explain the significance of end-to-end encryption in Skiff's offerings and suite of products?

End-to-end encryption is a prerequisite for any product storing sensitive user data. It means that the company building the product doesn’t have access to the user data they store - messages, files, photos, etc. At Skiff, end-to-end encryption is one necessary condition of building a product that protects user privacy. It means taking more time and care to build products, but E2EE is the only way to build something privacy-first.

Q: What are some of Skiff's major milestones to date?

For us, three major milestones stick out: The Skiff Pages public launch and IPFS integration in November 2021, the Skiff Mail launch in May 2022, and the Skiff Mail mobile app relaunch in April 2023. All of these events represent major stepping stones in building a product that increasingly reflects user needs. The first includes an alignment with decentralized tech that increases user autonomy; the second milestone (Skiff Mail launch) accelerated our growth as users looked for a private mail product; and the third has brought the quality and speed of our products to a new, mobile-first direction.

Q: What is the value in open sourcing Skiff?

Like end-to-end encryption, open-sourcing is another critical part of building trust in a privacy product. Letting people review, test, or edit product code helps people build confidence in using Skiff. More and more, we also find open-source to be a big part of our product development process. In particular, our Windows app has greatly benefited from community contributions, as lots of new features - unread count badges, open on startup, and notification actions - have been completely community driven.

Q: Are there any collaborations or partnerships that played a significant role in shaping Skiff's journey?

The two biggest changes in the Skiff journey to date are 1) Launching an email product, and 2) Building our login with MetaMask feature. The first was more user-driven, and the second was more of a collaboration or partnership. Launching our login with MetaMask feature changed how we think about using Skiff. Before, Skiff’s security model felt more like a walled garden with keys and a technical design similar to a password manager or crypto wallet itself.

Connecting MetaMask’s new encryption and decryption functionality to Skiff expanded our horizons of what’s possible. We could now connect directly to a wallet and, instead of requiring a password to generate encryption keys, use existing public key infrastructure to add private email and collaboration. This feature makes us very optimistic for the endless possibilities as more people around the world have access to keypairs in their devices.

Q: Based on your experience, what advice would you give to startups aiming to prioritize user privacy?

Most of all, I would encourage being open-minded and receptive to feedback. Privacy-first products are rare and difficult to build, and it’s tough to get everything right on the first launch. This includes privacy policies, open-sourcing, company information, security audits, and lots more. So, showing a commitment to constantly improving in this respect goes a long way.

Shared Mission

At XMTP Labs, we love to collaborate, work with and learn from developers, companies, communities, users and privacy advocates who share our vision for a privacy-centric future.

We’re cheering on companies and products like Skiff with demonstrated impact towards a future where our communication is private by default without sacrificing accessibility and user experience.