[liberationtech] Mailvelope: OpenPGP Encryption for Webmail

Tue Dec 11 13:38:48 PST 2012

hm, we talked about this extension today

how much is it REALLY safe to use webmail (particularly gmail) with this?

the thing is... GMail is saving your mail while you type and this
extension is not stopping it in any way. so, google has the data about
your mails - and more importantly, if you  are tracked by
fbi/whatever, they can start actively track your keypresses by
javascript.

to add the salt to the injury, this extension works with chrome
(closed source) only and has problems installing on chromium.

k

On 12/11/12, Karel Bmlek <kb at karelbilek.com> wrote:
> OK, I just REALLY want to thank you right now.
>
> We will have a small talk when we will want to demonstrate how to
> easily use mail encryption with popular clients
>
> we found out that none of us lecturers even use thunderbird, let alone
> knows how to set up the encryption. all of use use webmails. we
> suppose our audience does, too.
>
> for this, mailvelope is AWESOME. It "just works".
>
> it has one big downside though.... it doesn't support UTF8 in either
> name of key owner OR in the message itself (it totally mangles all
> UTF8 input). if you speak with a language that has diacritics (we
> speak Czech), it sucks a bit.
>
> small downside - it doesn't encrypt attachment and doesn't (AFAIK)
> sign the messages.
>
> but if they catch all these issues, it will be great
>
> On Tue, Dec 11, 2012 at 9:16 AM, Eugen Leitl <eugen at leitl.org> wrote:
>> ----- Forwarded message from StealthMonger <StealthMonger at nym.mixmin.net>
>> -----
>>
>> From: StealthMonger <StealthMonger at nym.mixmin.net>
>> Date: Mon, 10 Dec 2012 22:07:23 +0000 (GMT)
>> To: liberationtech <liberationtech at lists.stanford.edu>
>> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail
>> Reply-To: liberationtech <liberationtech at lists.stanford.edu>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> "Fabio Pietrosanti (naif)" <lists at infosecurity.ch> writes:
>>
>>> for whose who has still not see that project, i wanted to send a notice
>>> about MailVelope, OpenPGP encryption for webmail:
>>> http://www.mailvelope.com
>>
>>> It's a client-side, plug-in based (similar to CryptoCat), OpenPGP email
>>> encryption plugin available for Chrome and Firefox.
>>
>> To compare it with CryptoCat is unfair to MailVelope.  As I understand
>> things, CryptoCat has an ongoing reliance on server integrity.  On the
>> other hand, MailVelope is self-contained once securely installed, thus
>> providing true peer-to-peer confidentiality and authentication
>> (assuming that the correspondents have confirmed keys out-of-band).
>>
>> Please correct this if in error.
>>
>>
>> - --
>>
>>
>>  -- StealthMonger <StealthMonger at nym.mixmin.net>
>>     Long, random latency is part of the price of Internet anonymity.
>>
>>    anonget: Is this anonymous browsing, or what?
>>
>>
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dm
ode=source&output=gplain
>>
>>    stealthmail: Hide whether you're doing email, or when, or with whom.
>>    mailto:stealthsuite at nym.mixmin.net?subject=send%20index.html
>>
>>
>> Key: mailto:stealthsuite at nym.mixmin.net?subject=send%20stealthmonger-key
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>> Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>
>>
>> iEYEARECAAYFAlDGTA0ACgkQDkU5rhlDCl4oUgCdGJJIXDNS5c3yIeuKIMzbzHo+
>> F2gAoLzRcHoro25IaTbezc1fk8imYvyT
>> =PD9O
>> -----END PGP SIGNATURE-----
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> ----- End forwarded message -----
>> --
>> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
>> ______________________________________________________________
>> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
>> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE