Subscribe
Sign in
Helm Personal Server — A personal server for owning your email and more
Helm is a secure personal server that makes it incredibly easy to own your online identity - starting with email. In 3 minutes, you can set up Helm in your home with a custom domain and have email, calendars and contacts services that work with all of your devices and is accessible from anywhere in the world.
55
Replies
@rrhoover Thanks Ryan! Lots of different types of demographics are interested in data ownership and control. Initially, early adopters that have taken steps to protect themselves online or have experienced an online breach are the focus for us. The product is definitely easy enough to set up that your parents could use it.
I’d be more likely to lease server hardware than buy. Multiple domain functionality is critical too.
This is one of the most important products for personal privacy and security because it lets you replace free services online that just harvest your data. They started with Email but this will be for a lot more than that before long.
I have been using my Helm for email for a few months and it really gives me peace of mind around my data security.
If you get a Helm too, our devices will actually speak securely to each other, giving us encrypted device to device email without switching apps. If you believe email should be secure by default and immune to government or corporate intervention, this is the way it happens.
@garrytan curious if the team is interested in integrating solutions like orchid for more secure/anonymous internet (one step further than VPN or tor). I can sync the two teams together for a discussion, just let me know.
@garrytan ultimately I'd like to see the helm give me the ability to control and host all my IOT device data/services directly from it, rather than through 20+ different externally hosted services like we currently do. (eg. option to host nest web server and my personal video footage directly on my helm, or helm 2.0 device). this will be very lucrative to me and many others out there
Initialized was the first investor in this team (@GarryTan loved their vision for consumer privacy tech years ago) and have worked closely with them to build something we're very excited about.
Helm has developed a beautiful, user-friendly personal server that makes it incredibly easy for people to own their online identity—starting with email.
People can select a custom domain through Helm or bring their own and have their own email on this server, in their home, in just a few minutes.
The founders have a lot of experience in the security space, having previously started and sold a security company and it shows in how secure the product is. For the first time, people have an easy way to own the core of their online identity and not rely on the cloud for their email.
Great design! I noticed that you said it will only run on one domain per device. Would be a game changer if I could point multiple domains to a single point like this. I run multiple business and have a ton of gsuite accounts. Something like this with multiple domain support would save me a lot of money.
@rdbrdd Thanks for the feedback - multi-domain support is on our list of things to look at based on comments from people like you.
I'm really confused about how this server thing works. I already own my own domain and hosting through NameCheap. Registration for that domain costs me $99/year. Would I be able to move that domain over to Helm? Would I be able to keep all my existing settings and configuration when I move? What does the Helm interface look like? What does it look like when I access my Helm server? I'm left with so many questions after looking through the Helm website.
@magnuson To use your own domain you need to change the nameserver records at your registrar to point to our DNS servers. Once you've done that we provide DNS management tools so that you can replicate your current DNS setup. Configuration of the Helm is done through a mobile application and access to email is through standard email clients.
You can do most of this with a synology nas... form factor is much smaller. Also depending on the processor, ram, and internet connection from the home to the outside world maybe a problem. Home internet is spotty at best. The design is nice if you want to showcase it, but most people would probably prefer to hide it. In a design sense it serves to other purpose. The only thing drawing me is the HSM key, of which there are not many possbile solutions out there, specially ones that are easy to use.
Would highly suggest that they make a version of the server that can be put in a rack, closet, hidden, simple clean compact form factor. Servers for the most part are boxes and ugly, its great if they look pretty and or nice, but its not like a pc or something there you maybe plugging in headphones, cameras etc, and you have to make it visible at times.
This is really interesting and capitalizes on the increasing privacy concerns of the general public.
I worry about two things:
1) price - $500 is a lot for the hardware; it's more than a Synology and as much as a Mac Mini. I understand it's a carefully created hardware box, but this is a pretty high entry point and will be a barrier for most people who refuse to even pay $5/mo for something like Fastmail.
2) longevity - if the product doesn't take off for any number of reasons and Helm ends up shuttering its service, I'm left with a server I have to maintain, at best, and an unusable piece of hardware, at worst.
I do, though, appreciate the vision for the future here . An all-in-one device that can function as a home email server, VPN, messaging system, password manager, file sync seems much more worthy of the $500 price point than something that can only function as an email server.
@chrisdolle @david_rothmann1 Giri and I as founders of the company are committed to supporting Helm purchasers for the long term. If for some reason the service has to be shut down, we will provide a way for customers to migrate off the service and on to something else (i.e. your own AWS account).
Is this dependent on a reliable home internet connection? I ask because I have a NAS with some videos and photos on it and it’s great but far from dependable, which is okay for that stuff but not for email. Curious how you overcome that bottleneck.
Any info here would be awesome @new_user_417c623f9f - this is something I’ve always wanted but previous solutions haven’t been reliable
@kartikcooks To ensure that we can't read your email, email is delivered directly to your Helm and isn't stored in the cloud (except via encrypted backups). This means that it is somewhat dependent on you having a stable and reliable internet connection. The good thing about email is that it was designed a long time ago when the reliability of servers and networks wasn't nearly what it is today. Email servers have built in retry capabilities and you should get your email even if your internet connection is periodically down.
@dsigurds got it. Thanks. Love that you’re tackling email first. It really is the modern keys to your house. I’ll definitely be following your progress!
Is the device hackable? Meaning: can i, as the owner, see what's going on internally, extend the software, run custom software on it? In other words: Can i really OWN the device?
Quote from your website: "When you use an email provider like Google, Microsoft, or Yahoo!, your personal emails are stored on their servers, making them a target for hackers and phishing." – assuming that you have remote access to my Helm, how are your servers different from Google's in not being a target for hackers?
@jsphpl correct. These updates are signed by keys that are securely managed by us. Each Helm server will verify the signatures before applying an update.
@new_user_417c623f9f … and those keys are airgapped and/or otherwise secured, so this is not an interesting approach for hackers, right? What about your DNS and routing services? I think by providing centralised infrastructure, you're just as big a target for hackers as any other provider like google? Well, by taking over your routing and DNS services, a hacker could not read the mail stored on my helm, but at least they could impersonate me. The approach you've taken is probably a pretty good tradeoff between privacy/control and maintainability of a mail server, especially regarding its spam reputation.
@jsphpl Yes, they are air gapped with a signing ceremony that requires the coordination of more than 1 designated employee.
Hardest part about hosting your own mail server, in my experience, is staying off spam filters and getting my mail to actually reach the recipients inbox. Setting up the server is the easy part. Do you have any mechanisms in place to support the user staying off blacklists? I think this can be especially tricky with home internet connections, and even more when you don't have a static IP address.
For me, hardest part is delivering to gmail. There is no way for you to know whether your mails get delivered unless your intended recipient tells you they didn't receive anything. Gmail's postmaster tools won't show you any data, unless you're sending tons of mails per day. Setting up DKIM, SPF, DMARC properly gives no guarantee. Sometimes they might just dislike your IP address or network.
So, how do you support your customers to get their outbound email into inboxes rather than spam folders?
@jsphpl Each Helm gets its own static IP address and your email is routed through it. We make sure that the IP address is clean before we assign it. We don't rely on the reputation of your home IP address. Even though email is routed through this static IP, TLS sessions terminate on the Helm, so we aren't able to see any of the email data.
@dsigurds Oh i see. Does the service subscription include you taking me off blacklists, or handling that google issue – or is that all up to your customers? That implies the next question: How do you distinguish actual spammers abusing your service from "good" users, considering TLS is terminated at the Helm?
A pity though that the system relies on central infrastructure provided by you. So its not contributing anything to decentralisation. Only advantage over other approaches is that the data (when in rest) lies at my home. Apart from that, you can definitely see some metadata. How's your data privacy policy about that? Where can we find those *additional terms and conditions* mentioned under 6) in your "Terms and Conditions of Sale"?
(edit)
I was assuming that decentralisation was part of your value proposition. But apparently it's not. Your goal rather is to improve privacy. So no criticism here. This was just me mixing up things… ;)
@dsigurds @jsphpl Yes - we will be monitoring blacklists for IP addresses used by Helm customers. Spammers can spam much more cheaply and cost effectively than buying a Helm. That said, we are planning a rate limiting feature that will be high enough to not bother consumers/SMBs but low enough to make it entirely uninteresting to spammers.
We can't see metadata for email coming in and out over TLS which is the vast majority of all email today. Our privacy policy is on our website - https://thehelm.com/pages/legal. The clause you pointed to just indicates that if we make any updates to the terms, we will make them available to the buyer.
I would also argue that this is furthering decentralization in a meaningful way. The applications and data live with the user. The infrastructure that you mention isn't all that different from infrastructure you get from your ISP. I suppose this is a matter of opinion, but that's what we believe.
@dsigurds @new_user_417c623f9f Yeah, i think it's a good approach to take away the painful part of operating a mail server from the user. I agree with your ISP comparison.
TLS usually runs on top of TCP, so you are seeing metadata, namely IP addresses.
Back to my initial question, which hasn't been answered directly: If i buy a helm, send mail over it, and the mail doesn't reach gmail recipients – can i call you and you call google, or do i have to take care of it myself?
MX Toolbox does blacklist monitoring for free, the painful part is to react when something doesn't work as expected – 100$ a year would be an absolutely fair price for not having to worry about all that communication with other mail operators. I'd even say it's cheap and i'm not sure if you can sustainably operate with that little money. But 100$ a year for setting up a VPN and a blacklist monitor and have me do the hard work myself – not sure if i would buy that…
Looks like an interesting idea, but what about spam control? Part of the reason I am paying google for a gsuite account for my personal email is the fact that I very, very rarely see spam.
@andreasduess Hosting my own mailserver and getting tons of spam mail straight to their own folder. ;) So the available open source software for spam detection is really reliable. Therefore, it shouldn't be too hard for the helm guys to implement proper filtering.
@markus_schuette Well, first we are shipping soon. We have private betas out in the field. And as Nicolo mentioned it, we do email/calendar/contacts.
This is cool guys. As an email geek and crypto nerd, I'm a huge fan! I had a few quick questions though...
1) Wasn't the whole point of email moving to the cloud, to enable access on any device anywhere? If I move my email to Helm can I still reliably access it on the go?
2) Assuming I can access it on the go. What upload speeds would I need? I live in Australia, and our internet is god awful.
@josh_reyes Yes, you can access it from any device from anywhere. Your home internet upload speed isn't super critical for email. If you download a large attachment you may see some performance impacts if you have very slow upload speeds. For me personally I've been testing with 3-5 Mbit up and it works great.
How many domains and email addresses can it support and is this suitable for business email? Thanks
@rmagrino Helm supports a single domain with an unlimited number of users. Small businesses that are uncomfortable having all their email in the cloud and who probably don't have their own IT team to manage their email servers could definitely benefit from the ease of use and security of Helm.
@tostartafire Offsite encrypted backups are provided as part of the Helm service. The key that is used to perform the encryption is only accessible to the Helm owner. Having the hardware local give you the ability to leverage something we call proximity based security. The administration functions of the Helm are protected by your password + a proximity based token. The token can only be obtained if you have been in physical proximity to the Helm.
I think it's important to list hardware in a product placement. e.g. 4 cores, 4 TB Ram and such. So what are the specs? Can I run my Debian-Nginx-Varnish-PHP webserver on it?
@sam_tyurenkov sorry for not including the tech specs. You can find details here: https://thehelm.com/pages/techno...
Product Hunt