i

kybermail.org

letterbox

view mail

compose

write a message

drafts

view drafts

address book

manage contacts

no drafts
mute site
auto-save drafts
privacy mode censors public key display
auto-logout
auto-logout in composer
no contacts found
inbox
outbox
saved
loading...
message music this music will play as the recipient reads your message, top to bottom. 10MB max per file.
0/3 tracks
no files attached
send delay
randomize adds up to 12 hours of extra delay
message expiry message auto-deletes after this time
burn after reading message is deleted after recipient reads it once
x

about

kybermail is a post-quantum end-to-end encrypted messaging system.

your private key is generated in your browser and never sent to the server. it is your identity and your login credential — the server cannot recover it if lost. your public key is what others use to reach you.

encryption uses ML-KEM-768 (FIPS 203), a post-quantum standard designed to resist attacks from both classical and quantum computers. all cryptographic operations run entirely in your browser. the server stores only encrypted ciphertext and cannot read message content, private keys, contacts, or drafts.

each message uses a fresh ephemeral keypair (forward secrecy), so compromising a long-term key does not expose past messages. messages are signed with ECDSA so recipients can verify the sender cryptographically. files are stripped of metadata before encryption. ciphertexts are padded to fixed-size buckets to prevent content-length inference.

key storage options: QR code, passphrase-encrypted .kybermail file, or device memory (IndexedDB, opt-in). a duress login opens a decoy mailbox — see settings for details and the accompanying legal disclaimer.

remember "harvest now, decrypt later". assume all traffic is logged indefinitely and may become decryptable. classical encryption will not protect you against a future quantum adversary — kybermail uses post-quantum cryptography specifically because of this.

view full threat model →

do not use this service for illegal activities.

made with love from dom <3

x

threat model

what kybermail protects against:

passive surveillance of message content (messages are end-to-end encrypted). future quantum computers breaking today's encryption (ML-KEM-768 is post-quantum). server compromise reading past messages (forward secrecy). message forgery (sender authentication via ECDSA). metadata leakage from file attachments (EXIF/PDF/DOCX stripping). content-length analysis (padded to fixed size buckets). timing analysis (response jitter). key coercion (duress login with decoy mailbox).

what kybermail does not protect against:

a compromised server serving malicious JavaScript (this is structurally impossible to prevent in a web app — verify script hashes if you need assurance). traffic analysis showing that you use kybermail (use Tor if this matters). compromised devices (keyloggers, screen capture, physical access). you losing or sharing your private key. legal compulsion in your jurisdiction (the duress feature is not legal advice). social engineering. browser zero-days.

structural limitations of web apps:

unlike native apps, the server delivers the code that runs in your browser on every page load. a compromised server can serve different code to targeted users. you can verify the integrity of crypto.js and mlkem.js by comparing SHA-256 hashes against published values. this is the fundamental trust tradeoff of web-based E2E encryption.

recommendation:

if you need to hide the fact that you use kybermail, access it over Tor. if your threat model includes a state-level adversary, consider whether a web application is appropriate for your needs.