[liberationtech] Mailvelope: OpenPGP Encryption for Webmail

Karel BĂ­lek kb at karelbilek.com
Tue Dec 11 17:01:47 PST 2012 

I wrote to the author, he is planning some kind of editor which opens
in its own frame and is "outside" of webmail as iframe.

(see http://www.reddit.com/r/netsec/comments/13xhh9/finally_a_way_to_use_pgpgnupg_in_the_office/c78j3jk
- it's the author)

If he did that, it would be great.

Because really I stopped using classic mails in favor of
browser/webmail long time ago and this seems promising.

k

On Wed, Dec 12, 2012 at 1:38 AM, Ulex Europae <europus at gmail.com> wrote:
> At 04:38 PM 12/11/2012, Karel Bmlek wrote:
>>
>> hm, we talked about this extension today
>>
>> how much is it REALLY safe to use webmail (particularly gmail) with this?
>>
>> the thing is... GMail is saving your mail while you type and this
>> extension is not stopping it in any way. so, google has the data about
>> your mails - and more importantly, if you  are tracked by
>> fbi/whatever, they can start actively track your keypresses by
>> javascript.
>>
>> to add the salt to the injury, this extension works with chrome
>> (closed source) only and has problems installing on chromium.
>
>
> That's kinda what I thought. Even if you install it as a plugin, it's
> still running on a foreign (their) server that can do other things in
> the background - undetectably by the user who wrongly presumes her
> email to be one-of and encrypted after sending.
>
> So snake oil, IOW.
>
>
>
>
>> k
>>
>>
>> On 12/11/12, Karel Bmlek <kb at karelbilek.com> wrote:
>> > OK, I just REALLY want to thank you right now.
>> >
>> > We will have a small talk when we will want to demonstrate how to
>> > easily use mail encryption with popular clients
>> >
>> > we found out that none of us lecturers even use thunderbird, let alone
>> > knows how to set up the encryption. all of use use webmails. we
>> > suppose our audience does, too.
>> >
>> > for this, mailvelope is AWESOME. It "just works".
>> >
>> > it has one big downside though.... it doesn't support UTF8 in either
>> > name of key owner OR in the message itself (it totally mangles all
>> > UTF8 input). if you speak with a language that has diacritics (we
>> > speak Czech), it sucks a bit.
>> >
>> > small downside - it doesn't encrypt attachment and doesn't (AFAIK)
>> > sign the messages.
>> >
>> > but if they catch all these issues, it will be great
>> >
>> > On Tue, Dec 11, 2012 at 9:16 AM, Eugen Leitl <eugen at leitl.org> wrote:
>> >> ----- Forwarded message from StealthMonger
>
> <StealthMonger at nym.mixmin.net>
>>
>> >> -----
>> >>
>> >> From: StealthMonger <StealthMonger at nym.mixmin.net>
>> >> Date: Mon, 10 Dec 2012 22:07:23 +0000 (GMT)
>> >> To: liberationtech <liberationtech at lists.stanford.edu>
>> >> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for
>> >> Webmail
>> >> Reply-To: liberationtech <liberationtech at lists.stanford.edu>
>> >>
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA1
>> >>
>> >> "Fabio Pietrosanti (naif)" <lists at infosecurity.ch> writes:
>> >>
>> >>> for whose who has still not see that project, i wanted to send a
>> >>> notice
>> >>> about MailVelope, OpenPGP encryption for webmail:
>> >>> http://www.mailvelope.com
>> >>
>> >>> It's a client-side, plug-in based (similar to CryptoCat), OpenPGP
>> >>> email
>> >>> encryption plugin available for Chrome and Firefox.
>> >>
>> >> To compare it with CryptoCat is unfair to MailVelope.  As I understand
>> >> things, CryptoCat has an ongoing reliance on server integrity.  On the
>> >> other hand, MailVelope is self-contained once securely installed, thus
>> >> providing true peer-to-peer confidentiality and authentication
>> >> (assuming that the correspondents have confirmed keys out-of-band).
>> >>
>> >> Please correct this if in error.
>> >>
>> >>
>> >> - --
>> >>
>> >>
>> >>  -- StealthMonger <StealthMonger at nym.mixmin.net>
>> >>     Long, random latency is part of the price of Internet anonymity.
>> >>
>> >>    anonget: Is this anonymous browsing, or what?
>> >>
>> >>
>>
>> http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?d
>
> m
>>
>> ode=source&output=gplain
>> >>
>> >>    stealthmail: Hide whether you're doing email, or when, or with whom.
>> >>    mailto:stealthsuite at nym.mixmin.net?subject=send%20index.html
>> >>
>> >>
>> >> Key:
>> >> mailto:stealthsuite at nym.mixmin.net?subject=send%20stealthmonger-key
>> >>
>> >> -----BEGIN PGP SIGNATURE-----
>> >> Version: GnuPG v1.4.10 (GNU/Linux)
>> >> Comment: Processed by Mailcrypt 3.5.9
>
> <http://mailcrypt.sourceforge.net/>
>>
>> >>
>> >> iEYEARECAAYFAlDGTA0ACgkQDkU5rhlDCl4oUgCdGJJIXDNS5c3yIeuKIMzbzHo+
>> >> F2gAoLzRcHoro25IaTbezc1fk8imYvyT
>> >> =PD9O
>> >> -----END PGP SIGNATURE-----
>> >>
>> >> --
>> >> Unsubscribe, change to digest, or change password at:
>> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >>
>> >> ----- End forwarded message -----
>> >> --
>> >> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
>> >> ______________________________________________________________
>> >> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
>> >> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list