This has nothing to do with the news media’s over-reaction to Google’s lawyers’ unfortunate use of the phrase “no expectation of privacy”, although it does remind us to remind you that email is a very insecure form of communication. But if you encrypt email, someone has to decrypt it to read it.
Most encryption programs are arcane and encryption and decryption keys are rather long and random. But let’s say you have a friend with whom your communicate frequently and you want all contents of all your emails with that friend encrypted and therefore safe from prying eyes. The only one who can read your email is the person who knows the password that decrypts your mail. And the nice part about this add-on (extension) for Chrome is that you can use a password that’s easy to remember — each mail can have a different password or the same password as previous emails. You can use simple words like raspberries. If you choose raspberries as the key to decrypt your emails, all you have to do is let your recipient know that to read your email he or she will have to type in raspberries to read it. It’s best you give them the word before you send it, preferably by text message or telephone call. You could just send an unencrypted email with the password in it, but that kind of defeats the purpose, capiche?
What happens if someone who doesn’t know the password (or key) tries to read your email? They’ll see something that looks like this:
eyJpdiI6Ik1NK1Q1bGl3TmNqOHVHVTBFazExckE9PSIsInYiOjEsIml0ZXIiOjEwMD
AsImtzIjoxMjgsInRzIjo2NCwibW9kZSI6ImNjbSIsImFkYXRhIjoiIiwiY2lwaGVyIjoiYWV
zIiwic2FsdCI6IkZReFplSGRLeDVZPSIsImN0IjoiVTl6K2V1d2ozZ3FCWDVxSFBZ
WjgvdkIxa2FRemdnQUdnS0NiU2dHbGxuVVo5ZEZVQ3lIZUtFK1lGbFlNazNqQlV
OU1JSUEZoUjRWVWI4TndiQ09sbitDWWUxZUVhYmdiUGNQcUlJTS9iMExmL2
Z6S3BPaHNwYTZTV3pNZG52bmZaMDZqRkI0bG9FY09WbGxNenhKTWtaN2hm
MnE5WFRZcUd1WENqQ25HWHJkdUN5VzVEK0Y5T3NLR0d1bmJ6MlhMRW9C
c3VNR1pZcE40bFkvT28vM0V4TWF3NVdnd1hUMld3RGx0bjRwZ3RvbVdrMzg0M
GxNOTFINzRiMmFsejVvOHVlU015ZjdrYmxFVXE4d01TVlR3YVZOUUd0WjBWWF
QzV09XbEl4NWRJNmNCMkRoTXhXdDJqN0dSaUdxNCJ9
But if they know the password (key), they enter it in the form that comes with your email, and it it’s correct, they’ll your email as you wrote it. The above gibberish when decrypted says this:
Message successfully decrypted!
The woods are lovely, dark and deep
But I have promises to keep.
And miles to go before I sleep.
And miles to go before I sleep.
~Robert Frost, “Stopping By Woods on a Snowy Evening”
A couple of BIG caveats. This works only with Gmail (send / receive / encrypt / decrypt ) . This browser extension works only with Google’s Chrome browser and sending from your Gmail account to another Gmail account. There’s not a lot of documentation, but it’s pretty simple, here’s what you see:
Above: The compose button in Gmail has a new friend — a lock. If you click on the lock it opens up a secure compose Window:
No unencrypted copies of your email are stored anywhere on Google’s servers. Only the encrypted email is. So not even Uncle Google can read your encrypted missives. And you all know about Uncle Google. Watch CNN or Fox News 🙂
So if you’re a spy, a furtive lover, a desperate housewife from Dubuque, a digruntled employee of the NSA, Â a lonely sailor with a married lover, a lady or man whose recipes are so secret and great you don’t want to risk giving them away to hackers or misanthropes who’ve nothing better to do than to packet sniff your wireless connection, or your name is EB, then this might be a tool you can really use. If you’re like most of us, it’s something you can have fun with. It’s kind of like those old invisible ink notes we used to send as kids. Something fun about being covert, right?
Before we turn you loose to get Secure Gmail by Streak, we have to allow the developers a moment in the sun — it’s only fair, right? Here are the Streak brothers, Silver and Blue, to tell you about Secure Gmail:
“Description
An extension to send secure, encrypted messages through Gmail.
** Don’t want others snooping on your email? **
SecureGmail encrypts and decrypts emails you send in Gmail. This happens all on your machine, and the unencrypted text never reaches Google servers. This is useful if you don’t want anyone but the intended recipient to ever read your email (i.e. companies, governments, etc.)
** How To Use **
1) Install the extension
2) Refresh Gmail
3) Click on the lock icon next to the compose button
4) Compose your email and send
5) Enter a password, your recipient will need to enter the same password…
** How secure is it? **
SecureGmail uses symmetric encryption to encrypt and decrypt each message. The password is decided by the user and assumes the recipient already knows it. SecureGmail is only as good as your password, pick an easy to guess password and it will be easy to break. Shared knowledge can be a useful and convenient password. Remember to never email or IM your password for others to intercept.
SecureGmail uses an open source JS crypto library from Stanford available here (http://crypto.stanford.edu/sjcl/) and also on Github
( http://github.com/bitwiseshiftleft/sjcl ).
** Works With Google Apps **
SecureGmail is compatible with any of your Gmail accounts and you can use them across accounts simultaneously. SecureGmail works on personal Gmail accounts or accounts provided by your organization, school, or business.
Don’t you wish we were as succinct?
You can get Secure Gmail Chrome Extension from this link (Chrome Web Store).
Will attachments to gmail be encrypted also?
I wonder if this will also work with Comodo Dragon? It is a browser built on the Chrome engine. I am using an older version, as once again “upgrades” actually slowed it down. So I rolled back to an older version and regained my speed. Nothing ventured, nothing gained. I have Google Chrome also installed so it may not even give me the option to try to add it to Comodo Dragon.
I am not a fan of any Comodo software — our differences with Comodo go way back. There are dozens of browsers built on IE but just because a browser is using IE’s or Chrome’s engine, doesn’t mean that add-ons or extensions work with them. I can’t see any advantage to using Comodo Dragon except for a false-sense of privacy. No matter what browser you use everything you do is logged by your ISP and Comodo Dragon still broadcasts your IP address and other information to every web site you visit. It’s the same with any “private browsing” session or browser — the only thing they do is not store information on your computer — but information is stored on every computer (server) you visit and always by your ISP. So, Comodo Dragon only gives you the appearance of privacy — you really don’t have any.
If you want better privacy use a VPN client like Cyberghost or Kepard. Using a supposedly secure, private browser is just walking down the primrose path with Comodo.
Pingback: Thursday Miscellany