|
| Authored by: Anonymous on Thursday, July 18 2013 @ 08:14 PM EDT |
PJ, There is an extension called WebPG that should enable encryption even in
Google's web interface. It seems to be a bit rough around the edges. [ Reply to This | Parent | # ]
|
|
|
| Authored by: Anonymous on Friday, July 19 2013 @ 02:04 AM EDT |
Why not just use Thunderbird or the equivalent and send the message out through
tor?[ Reply to This | Parent | # ]
|
|
|
| Authored by: JamesK on Friday, July 19 2013 @ 08:25 AM EDT |
One other possibility. When you send an email from a client such as
Thunderbird, the headers include the public IP address, even if you're behind
NAT. The local address is not included and would be worthless, even if it was.
So, you get some measure of protection by using your computer somewhere, such as
a public hot spot, where NAT is used. This is also often the case if you
connect through the cell phone network. If you're worried about your MAC being
traced through logs, you can even spoof that.
---
The following program contains immature subject matter.
Viewer discretion is advised.[ Reply to This | Parent | # ]
|
|
|
| Authored by: feldegast on Friday, July 19 2013 @ 08:47 AM EDT |
Enlocked is another gmail plugin
i have not done an extensive trial but of the ones i have
tried, this one has a few minor display issues but it does
work without sending your encryption key to google (unless it
sends it without permission)
---
IANAL
My posts are ©2004-2013 and released under the Creative Commons License
Attribution-Noncommercial 2.0
P.J. has permission for commercial use.[ Reply to This | Parent | # ]
|
|
|
| Authored by: Anonymous on Saturday, July 20 2013 @ 07:58 AM EDT |
There is or used to be a Firefox extension variously called FireGPG and FirePGP
which was supposed to make using encrypted web mail easy. It had some issues
which I don't remember. But it prompted a wider discussion on the tor-talk
(previously or-talk) mailing list about the feasibility of doing such a thing
safely. I don't have a link handy (the mailing list archive is on the Web) but
the conclusion was that there is no safe way to have a user-friendly interface
for such functionality. (OTOH, it *can* be done with a local email client and
enigmail is just fine.) I can't reproduce the arguments here but the basic idea
is anything you do to make the interface user friendly will allow the website to
do something to compromise your encryption. And remember that a court could
order Google to do just that! (It is documented that a Canadian court ordered
Hushmail to compromise certain users' privacy even though that meant Hushmail
had to capture the users' private keys when they were in unencrypted form in
RAM.)
The conclusion was that if you want to deal with email encryption/decryption
through a web interface the only safe way is to manually do the
encryption/decryption yourself using an external (to your web browser)
application (such as a shell) and copy and paste the (ASCII armored) encrypted
data between your browser and the external application. This is decidedly *not*
user friendly! (But it would work.)
I probably should have mentioned this in my tor-birdy post but I'll mention it
here. A lot of people who post on tor-talk are of the opinion that if you're
concerned about privacy you shouldn't be dealing with Google anyway. Now I am
aware of Microsoft's largely baseless attacks on Google. I am certainly no
Microsoft fan and when it comes to corporate behavior I think you can do far
worse than Google. But I still have to agree with these people that if you are
concerned about privacy you might want to rethink your relationship with Google
... or, for that matter, any company whose business model involves targeted
advertising. But Google's size and omnipresence make it particularly worrisome
IMHO. (I think they run a fine search engine but I have always avoided GMail
for exactly this reason. I stopped using them as a search engine because there
were frequently problems using them via Tor. This has been well discussed on
tor-talk, even including some helpful input from Google empoyees.)[ Reply to This | Parent | # ]
|
- Careful!!! - Authored by: Anonymous on Monday, July 22 2013 @ 04:41 PM EDT
- Careful!!! - Authored by: Anonymous on Tuesday, July 23 2013 @ 02:36 AM EDT
|
