It seems that Helm has no obligation or business need to log any metadata if they are providing each customer with a dedicated relay. Any abuse will come from that relay IP and can trivially be attributed to the correct customer.
> Helm has no obligation or business need to log any metadata
The point of Helm is to provide privacy (and end-user control) through technical means, if I understand correctly. If it's just a matter of trusting motives, I don't need a home server.
The feds know that Apple (for example) are fully lawyered up, and that they need all their legally required paperwork with it's "i"s dotted and "t"s crossed before Apple will even look at their request for your data. While we know they _will_ hand over legally required data when they can and the paperwork is OKed by their legal department, they also very publicly go head to head with law enforcement when those requests are legally questionable or technically impossible.
I suspect an overly broad probable cause warrant to seize all the electronic devices in your house is gonna be much easier to slip past an leo friendly judge and whatever legal representation you can muster up when they dawn-raid you - than "slipping one past" Apple's legal team.
Having said that, if you've got the feds interested in your digital comms, you probably want to be getting your security advice from a much more private and trustworthy source than randoms on Hackernews...
nope. it's only fractionally more difficult as "the man" has to physically come to your house.
additionally, email is more usefully between 2+ parties. For normal people, the other parties are very likely to be using a cloud email provider. I would not be surprised to learn that it is common to issue a warrant not for a specific recipient, but for anyone that has corresponded with a specific person, ie for the sender instead of the receiver -> google, give me all emails sent by user@foo to any user on your server.
this is actually a big problem of SMTP and a big weakness of helm. i didn't study the product but it seems that it would be difficult for a user to know (and prove) that another user is a helm'er. if data seizure is the issue you care about, protonmail and other such services are a better solution.
Not really. If you are under investigation, seizing your server is as simple as a search warrant. The challenge is accessing the data - if you've encrypted it well, it's impossible to access. However, on your own server, you may get complacent and allow some data leakage.
Major providers like Gmail and ICloud will have a longer and more convoluted process to provide your data to state actors, but analysing that data is going to be far easier since it will come in a standard format.
If your goal is to make your data difficult to seize, a better option is probably to self-host on either a cheap VPS or a corporate-grade cloud service. That keeps the data out of reach of a warrant on your home, and keeps it unreadable after they've actually jumped through the hoops to seize it from your provider.
Not to mention having to wake up in the middle of the night when the VPS provider decides to reboot your VM so you can decrypt the volume on boot. Been there, done that for years.
It seems that Helm has no obligation or business need to log any metadata if they are providing each customer with a dedicated relay. Any abuse will come from that relay IP and can trivially be attributed to the correct customer.