Posting’s been light because of real-life events keeping me busy (of which more later.) But it certainly would be timely to point out that if you’re not using the GNU Privacy Guard to encrypt your more sensitive e-mail securely, you probably should be. Yes, I know, it’s not the most user-friendly thing in the world. You need to get the public PGP key of the people you’re mailing, and those people need to get your public PGP key (here’s mine, recently updated), but it’s worth it. I’d be pushing it harder if some of the people I communicate with weren’t such fans of webmail services like GMail. So for now, I’m going to push freengima, a Firefox extension that adds PGP encryption to GMail. (Check out the very nice, very instructional Flash video here.)
I’m aware that the freengima extension isn’t perfect. And I have heard that better solutions are in the works. But for now, freengima looks like the best game in town for webmail users. I’ve requested an invite and as soon as I get it, I’ll be forwarding on requests to the people who need it.
It would be nice – very nice – if a forward-thinking company that offered webmail (*cough*) would allow the user to use PGP encryption as part of their services. Especially if that encryption kept the private key on the users’ own computer, perhaps in conjunction with a forward-thinking company that makes browsers (*cough*). I’m planning to also look at Kerry McKay’s GPGreasemonkey, a Summer of Code project that uses a Greasemonkey script to add GNU Privacy Guard functionality to GMail – but encryption’s important enough to bake right into the users’ browser and webmail services directly, without any need for a plugin.
{ 3 comments… read them below or add one }
This is a very good point. As an addicted Gmail user I do worry about the lack of security. But how would encryption affect Google’s adsense programme? They won’t be happy if they can’t scan the contents of each and every email. Maybe a plugin is the best way to go.
Definitely encrypting everything would be problematic for the AdSense ads displayed alongside the GMail. But Google is not dumb, and there are ways around this. Easiest way is to charge for the ability to send encrypted messages, now that Google has an infrastructure capable of accepting credit cards.
More complex – if the feature were part of the browser plugin that plugin could do the semantic analysis on decryption and transmit back a keyword to Google rather than the full text. Yes, less secure, and it doesn’t help people who’d rather not let Google know their e-mail’s about ‘crackpipes’ or ‘grenades’ – but better than nothing.
Check out FireGPG at firegpg.tuxfamily.org. It looks like this is what you are looking for.