Six clicks: encrypt your webmail


It shouldn’t have been a surprise at all, but Edward Snowden’s leak of NSA information has raised awareness that our data in public clouds, like Gmail, is not entirely private. The government can get a warrant for this and the cloud company can (make sure that “must”) give them access to all of your data. Or they can spy on the cloud provider’s internal communications and not care about the warrant.

So what can you do For a very long time, you could use PGP (Pretty Good Privacy) and similar software to perform end-to-end encryption, so that only you and the person with the correct encryption key can see the content. Everyone sees only the “cipher text” which can only be deciphered with inordinate time and computing resources.

Google yesterday announced a new development effort to make using strong, end-to-end encryption in Gmail easier to use. It’s called “End-To-End” and, for now, it’s only an alpha-phase programming project. It is written as a Chrome extension that uses OpenPGP.js, an open source OpenPGP implementation written in JavaScript, to perform the encryption / decryption on the local computer inside the browser.

PGP has always been the gold standard when it comes to email privacy, but it’s notorious for its poor usability. The idea of ​​End-To-End is that by implementing PGP in Chrome, it can be made easier to use.

One of the main obstacles to using PGP is that it relies on a trust model called a “trust network”, shown here. Everyone should trust people specifically and keep track of who they trust and what their keys are, although they can make the trust transitive by signing someone else’s key: if Alice signs the key. of Bob, anyone who trusts Alice will trust Bob.

If that sounds complicated, that’s because it is. Can Google make it easier for you? If not, maybe it doesn’t matter.

(Image courtesy of GnuTLS)

Previously on Six Clicks: