Slashdot Mirror


Encrypt and Sign Gmail messages with FireGPG

Linux.com (Same owners as Slashdot) has a story up about FireGPG and says "Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you...
Encrypt and sign Gmail messages with FireGPG

7 of 206 comments (clear)

  1. Re:And for the chat by stinerman · · Score: 4, Insightful

    Note that OTR is "better". From the OTR site:

    How is this different from the gaim-encryption plugin?
            The gaim-encryption plugin provides encryption and authentication, but not deniability or perfect forward secrecy. If an attacker or a virus gets access to your machine, all of your past gaim-encryption conversations are retroactively compromised. Further, since all of the messages are digitally signed, there is difficult-to-deny proof that you said what you did: not what we want for a supposedly private conversation!

  2. Re:Nerds with something to hide by fluch · · Score: 5, Insightful

    It is just that I don't want anybody to intrude my privacy. Do you close the envelope of a regular snail-mail letter? If so, do YOU have something to hide??

  3. Re:Nerds with something to hide by toleraen · · Score: 5, Insightful

    I generally close the envelope of snail mail so the mail doesn't fall out.

    I use security envelopes to obscure the contents of my mail. You probably would want to use that as an analogy instead.

  4. Re:I wouldn't think google would like this by CreatureComfort · · Score: 4, Insightful


    So... you are saying that the NSA has the ability and desire to break every ElGamel 2048-bit length encrypted message it captures with Echelon? I've seen too much of government from the inside to think that any agency operates as well as the NSA FUD would have us believe. Especially when you realize it is far easier and cheaper to make your enemies believe you have super powers than it is to actually develop those super powers, completely in-house with no outside knowledge or help.

    --
    "Unheard of means only it's undreamed of yet,
    Impossible means not yet done." ~~ Julia Ecklar
  5. Re:Point & Click Encryption? by Kadin2048 · · Score: 4, Insightful

    Where is the it-just-works email encrytion for dummies?

    AFAICT, it doesn't exist. At least not outside of corporate environments. There are lots of companies that have their encryption set up so that it's transparent to non-technical employees, but it's a lot of work for the people who actually make it run. Lotus Notes, for instance, will do public-key cryptography, using company-wide keyservers -- although it's a proprietary algorithm, or was last time I checked. Once you have the infrastructure in place, the users don't have to think much about it, besides clicking 'encrypt and sign' on the emails they want secured.

    I've also heard that within Apple, they use Apple Mail with S/MIME to great effect ... but if you're just a regular user, getting that feature working is a real PITA. (Though admittedly, most of the trouble is because of the certificate authorities.)

    I think the problem with the free encryption tools is that they're still very much a 'hacker's product,' being designed by fairly advanced users, for other advanced users -- or at least, for users who don't have a problem installing extra software in order to communicate securely. This, IMO, is a mistake; in order for an encryption system to be useful, it has to be widely used. And that means getting it into the hands of people who might not even think, in advance, that they want it. There are lots of people who aren't going to go out and download/install encryption software, but if the feature was there, and working, all the time, they'd probably find themselves clicking the 'Encrypt' button quite a bit.

    There's no real reason why encryption can't be built in. It's just that it tends to get viewed as a peripheral, rather than core, feature, in everything except some corporate packages. However, I think that if it was incorporated more widely, it would quickly become a core feature; but getting over that 'chicken and egg' hump is hard.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  6. Re:Nerds with something to hide by Anonymous Coward · · Score: 5, Insightful

    So if you "always" sign your messages, then you can tell off anyone you want as long as you don't sign it. Brilliant!

  7. Re:The Fascination with Encryption by MyOtherUIDis3digits · · Score: 5, Insightful

    Man, I miss the days when a post like that would have made me laugh and I would have called you a loon...

    --
    Ignore anything I said above, I actually agree with everything you believe - mod accordingly.