Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail
----- Forwarded message from StealthMonger <StealthMonger@nym.mixmin.net> -----
OK, I just REALLY want to thank you right now. We will have a small talk when we will want to demonstrate how to easily use mail encryption with popular clients we found out that none of us lecturers even use thunderbird, let alone knows how to set up the encryption. all of use use webmails. we suppose our audience does, too. for this, mailvelope is AWESOME. It "just works". it has one big downside though.... it doesn't support UTF8 in either name of key owner OR in the message itself (it totally mangles all UTF8 input). if you speak with a language that has diacritics (we speak Czech), it sucks a bit. small downside - it doesn't encrypt attachment and doesn't (AFAIK) sign the messages. but if they catch all these issues, it will be great On Tue, Dec 11, 2012 at 9:16 AM, Eugen Leitl <eugen@leitl.org> wrote:
----- Forwarded message from StealthMonger <StealthMonger@nym.mixmin.net> -----
From: StealthMonger <StealthMonger@nym.mixmin.net> Date: Mon, 10 Dec 2012 22:07:23 +0000 (GMT) To: liberationtech <liberationtech@lists.stanford.edu> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail Reply-To: liberationtech <liberationtech@lists.stanford.edu>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> writes:
for whose who has still not see that project, i wanted to send a notice about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
It's a client-side, plug-in based (similar to CryptoCat), OpenPGP email encryption plugin available for Chrome and Firefox.
To compare it with CryptoCat is unfair to MailVelope. As I understand things, CryptoCat has an ongoing reliance on server integrity. On the other hand, MailVelope is self-contained once securely installed, thus providing true peer-to-peer confidentiality and authentication (assuming that the correspondents have confirmed keys out-of-band).
Please correct this if in error.
- --
-- StealthMonger <StealthMonger@nym.mixmin.net> Long, random latency is part of the price of Internet anonymity.
anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain
stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net?subject=send%20index.html
Key: mailto:stealthsuite@nym.mixmin.net?subject=send%20stealthmonger-key
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>
iEYEARECAAYFAlDGTA0ACgkQDkU5rhlDCl4oUgCdGJJIXDNS5c3yIeuKIMzbzHo+ F2gAoLzRcHoro25IaTbezc1fk8imYvyT =PD9O -----END PGP SIGNATURE-----
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
hm, we talked about this extension today how much is it REALLY safe to use webmail (particularly gmail) with this? the thing is... GMail is saving your mail while you type and this extension is not stopping it in any way. so, google has the data about your mails - and more importantly, if you are tracked by fbi/whatever, they can start actively track your keypresses by javascript. to add the salt to the injury, this extension works with chrome (closed source) only and has problems installing on chromium. k On 12/11/12, Karel Bmlek <kb@karelbilek.com> wrote:
OK, I just REALLY want to thank you right now.
We will have a small talk when we will want to demonstrate how to easily use mail encryption with popular clients
we found out that none of us lecturers even use thunderbird, let alone knows how to set up the encryption. all of use use webmails. we suppose our audience does, too.
for this, mailvelope is AWESOME. It "just works".
it has one big downside though.... it doesn't support UTF8 in either name of key owner OR in the message itself (it totally mangles all UTF8 input). if you speak with a language that has diacritics (we speak Czech), it sucks a bit.
small downside - it doesn't encrypt attachment and doesn't (AFAIK) sign the messages.
but if they catch all these issues, it will be great
On Tue, Dec 11, 2012 at 9:16 AM, Eugen Leitl <eugen@leitl.org> wrote:
----- Forwarded message from StealthMonger <StealthMonger@nym.mixmin.net> -----
From: StealthMonger <StealthMonger@nym.mixmin.net> Date: Mon, 10 Dec 2012 22:07:23 +0000 (GMT) To: liberationtech <liberationtech@lists.stanford.edu> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail Reply-To: liberationtech <liberationtech@lists.stanford.edu>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> writes:
for whose who has still not see that project, i wanted to send a notice about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
It's a client-side, plug-in based (similar to CryptoCat), OpenPGP email encryption plugin available for Chrome and Firefox.
To compare it with CryptoCat is unfair to MailVelope. As I understand things, CryptoCat has an ongoing reliance on server integrity. On the other hand, MailVelope is self-contained once securely installed, thus providing true peer-to-peer confidentiality and authentication (assuming that the correspondents have confirmed keys out-of-band).
Please correct this if in error.
- --
-- StealthMonger <StealthMonger@nym.mixmin.net> Long, random latency is part of the price of Internet anonymity.
anonget: Is this anonymous browsing, or what?
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?d... ode=source&output=gplain
stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net?subject=send%20index.html
Key: mailto:stealthsuite@nym.mixmin.net?subject=send%20stealthmonger-key
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>
iEYEARECAAYFAlDGTA0ACgkQDkU5rhlDCl4oUgCdGJJIXDNS5c3yIeuKIMzbzHo+ F2gAoLzRcHoro25IaTbezc1fk8imYvyT =PD9O -----END PGP SIGNATURE-----
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
hm, I just tried it GMail really sends everything to their own servers, even with the extension installed. Well, it sucks. On Tue, Dec 11, 2012 at 10:38 PM, Karel Bmlek <kb@karelbilek.com> wrote:
hm, we talked about this extension today
how much is it REALLY safe to use webmail (particularly gmail) with this?
the thing is... GMail is saving your mail while you type and this extension is not stopping it in any way. so, google has the data about your mails - and more importantly, if you are tracked by fbi/whatever, they can start actively track your keypresses by javascript.
to add the salt to the injury, this extension works with chrome (closed source) only and has problems installing on chromium.
k
On 12/11/12, Karel Bmlek <kb@karelbilek.com> wrote:
OK, I just REALLY want to thank you right now.
We will have a small talk when we will want to demonstrate how to easily use mail encryption with popular clients
we found out that none of us lecturers even use thunderbird, let alone knows how to set up the encryption. all of use use webmails. we suppose our audience does, too.
for this, mailvelope is AWESOME. It "just works".
it has one big downside though.... it doesn't support UTF8 in either name of key owner OR in the message itself (it totally mangles all UTF8 input). if you speak with a language that has diacritics (we speak Czech), it sucks a bit.
small downside - it doesn't encrypt attachment and doesn't (AFAIK) sign the messages.
but if they catch all these issues, it will be great
On Tue, Dec 11, 2012 at 9:16 AM, Eugen Leitl <eugen@leitl.org> wrote:
----- Forwarded message from StealthMonger <StealthMonger@nym.mixmin.net> -----
From: StealthMonger <StealthMonger@nym.mixmin.net> Date: Mon, 10 Dec 2012 22:07:23 +0000 (GMT) To: liberationtech <liberationtech@lists.stanford.edu> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail Reply-To: liberationtech <liberationtech@lists.stanford.edu>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> writes:
for whose who has still not see that project, i wanted to send a notice about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
It's a client-side, plug-in based (similar to CryptoCat), OpenPGP email encryption plugin available for Chrome and Firefox.
To compare it with CryptoCat is unfair to MailVelope. As I understand things, CryptoCat has an ongoing reliance on server integrity. On the other hand, MailVelope is self-contained once securely installed, thus providing true peer-to-peer confidentiality and authentication (assuming that the correspondents have confirmed keys out-of-band).
Please correct this if in error.
- --
-- StealthMonger <StealthMonger@nym.mixmin.net> Long, random latency is part of the price of Internet anonymity.
anonget: Is this anonymous browsing, or what?
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?d... ode=source&output=gplain
stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net?subject=send%20index.html
Key: mailto:stealthsuite@nym.mixmin.net?subject=send%20stealthmonger-key
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>
iEYEARECAAYFAlDGTA0ACgkQDkU5rhlDCl4oUgCdGJJIXDNS5c3yIeuKIMzbzHo+ F2gAoLzRcHoro25IaTbezc1fk8imYvyT =PD9O -----END PGP SIGNATURE-----
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
participants (2)
-
Eugen Leitl
-
Karel Bílek