[liberationtech] Mailvelope: OpenPGP Encryption for Webmail

Ulex Europae europus at gmail.com
Tue Dec 11 16:38:04 PST 2012 

At 04:38 PM 12/11/2012, Karel Bmlek wrote:
>hm, we talked about this extension today
>
>how much is it REALLY safe to use webmail (particularly gmail) with this?
>
>the thing is... GMail is saving your mail while you type and this
>extension is not stopping it in any way. so, google has the data about
>your mails - and more importantly, if you  are tracked by
>fbi/whatever, they can start actively track your keypresses by
>javascript.
>
>to add the salt to the injury, this extension works with chrome
>(closed source) only and has problems installing on chromium.

That's kinda what I thought. Even if you install it as a plugin, it's
still running on a foreign (their) server that can do other things in
the background - undetectably by the user who wrongly presumes her
email to be one-of and encrypted after sending.

So snake oil, IOW.




>k
>
>On 12/11/12, Karel Bmlek <kb at karelbilek.com> wrote:
> > OK, I just REALLY want to thank you right now.
> >
> > We will have a small talk when we will want to demonstrate how to
> > easily use mail encryption with popular clients
> >
> > we found out that none of us lecturers even use thunderbird, let alone
> > knows how to set up the encryption. all of use use webmails. we
> > suppose our audience does, too.
> >
> > for this, mailvelope is AWESOME. It "just works".
> >
> > it has one big downside though.... it doesn't support UTF8 in either
> > name of key owner OR in the message itself (it totally mangles all
> > UTF8 input). if you speak with a language that has diacritics (we
> > speak Czech), it sucks a bit.
> >
> > small downside - it doesn't encrypt attachment and doesn't (AFAIK)
> > sign the messages.
> >
> > but if they catch all these issues, it will be great
> >
> > On Tue, Dec 11, 2012 at 9:16 AM, Eugen Leitl <eugen at leitl.org> wrote:
> >> ----- Forwarded message from StealthMonger
<StealthMonger at nym.mixmin.net>
> >> -----
> >>
> >> From: StealthMonger <StealthMonger at nym.mixmin.net>
> >> Date: Mon, 10 Dec 2012 22:07:23 +0000 (GMT)
> >> To: liberationtech <liberationtech at lists.stanford.edu>
> >> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail
> >> Reply-To: liberationtech <liberationtech at lists.stanford.edu>
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> "Fabio Pietrosanti (naif)" <lists at infosecurity.ch> writes:
> >>
> >>> for whose who has still not see that project, i wanted to send a notice
> >>> about MailVelope, OpenPGP encryption for webmail:
> >>> http://www.mailvelope.com
> >>
> >>> It's a client-side, plug-in based (similar to CryptoCat), OpenPGP email
> >>> encryption plugin available for Chrome and Firefox.
> >>
> >> To compare it with CryptoCat is unfair to MailVelope.  As I understand
> >> things, CryptoCat has an ongoing reliance on server integrity.  On the
> >> other hand, MailVelope is self-contained once securely installed, thus
> >> providing true peer-to-peer confidentiality and authentication
> >> (assuming that the correspondents have confirmed keys out-of-band).
> >>
> >> Please correct this if in error.
> >>
> >>
> >> - --
> >>
> >>
> >>  -- StealthMonger <StealthMonger at nym.mixmin.net>
> >>     Long, random latency is part of the price of Internet anonymity.
> >>
> >>    anonget: Is this anonymous browsing, or what?
> >>
> >>
>http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?d
m
>ode=source&output=gplain
> >>
> >>    stealthmail: Hide whether you're doing email, or when, or with whom.
> >>    mailto:stealthsuite at nym.mixmin.net?subject=send%20index.html
> >>
> >>
> >> Key: mailto:stealthsuite at nym.mixmin.net?subject=send%20stealthmonger-key
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.10 (GNU/Linux)
> >> Comment: Processed by Mailcrypt 3.5.9
<http://mailcrypt.sourceforge.net/>
> >>
> >> iEYEARECAAYFAlDGTA0ACgkQDkU5rhlDCl4oUgCdGJJIXDNS5c3yIeuKIMzbzHo+
> >> F2gAoLzRcHoro25IaTbezc1fk8imYvyT
> >> =PD9O
> >> -----END PGP SIGNATURE-----
> >>
> >> --
> >> Unsubscribe, change to digest, or change password at:
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>
> >> ----- End forwarded message -----
> >> --
> >> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> >> ______________________________________________________________
> >> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> >> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list