Comments on: GPG for Gmail, Yahoo! Mail, Hotmail and more http://ben.dechrau.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more Programmer, Property Tycoon, Media Mogul Mon, 30 Aug 2010 16:18:52 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Ben Balbo http://ben.dechrau.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more/comment-page-1#comment-30313 Ben Balbo Mon, 02 Jun 2008 00:23:18 +0000 http://benbalbo.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more/#comment-30313 Hi DyTu - thanks for dropping by! I'm not sure why you believe this is utterly useless. I've never tried it, as I don't use web-based email providers, but I believe it's useful for those that do. Take travelers, for example. Most that I've met don't carry a laptop with them. They stop off at Internet cafes and use web-based email. They probably don't want to spend a few minutes creating a new mail account on the email client running on the computer they're using, only to have to make sure they clean up all the personal data before walking away. I dispute your opinion that you cannot use webmail if you want security. So long as you connect over SSL, you're more secure than the desktop email client users that connect over insecure IMAP or POP which, to be honest, is the majority of them. As for dangerous, please explain. It's early and I'm still waking up, but I can't see the danger... Cheers! Hi DyTu – thanks for dropping by! I’m not sure why you believe this is utterly useless. I’ve never tried it, as I don’t use web-based email providers, but I believe it’s useful for those that do.

Take travelers, for example. Most that I’ve met don’t carry a laptop with them. They stop off at Internet cafes and use web-based email. They probably don’t want to spend a few minutes creating a new mail account on the email client running on the computer they’re using, only to have to make sure they clean up all the personal data before walking away.

I dispute your opinion that you cannot use webmail if you want security. So long as you connect over SSL, you’re more secure than the desktop email client users that connect over insecure IMAP or POP which, to be honest, is the majority of them.

As for dangerous, please explain. It’s early and I’m still waking up, but I can’t see the danger…

Cheers!

]]> By: Do you Trust us? http://ben.dechrau.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more/comment-page-1#comment-30130 Do you Trust us? Fri, 30 May 2008 15:35:55 +0000 http://benbalbo.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more/#comment-30130 Bwhahahaha! This is utterly and completely useless, perhaps even bordering on dangerous for the uninformed. Today's PC's are more than sufficient to provide the computing power and entropy necessary to encrypt using asymmetric encryption. Get a true email client.Get a GPG plugin for that client, and kiss web-mail goodbye forever. If you want security, you can't use webmail. Bwhahahaha! This is utterly and completely useless, perhaps even bordering on dangerous for the uninformed. Today’s PC’s are more than sufficient to provide the computing power and entropy necessary to encrypt using asymmetric encryption. Get a true email client.Get a GPG plugin for that client, and kiss web-mail goodbye forever.

If you want security, you can’t use webmail.

]]> By: Ben Balbo http://ben.dechrau.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more/comment-page-1#comment-1414 Ben Balbo Wed, 07 Feb 2007 20:47:17 +0000 http://benbalbo.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more/#comment-1414 From http://www.freenigma.com/frequentlyaskedquestions/ <blockquote cite="http://www.freenigma.com/frequentlyaskedquestions/">Does freenigma send my mails to the freenigma server for encryption? No. All mail is encrypted or decrypted directly in the webmail client (i.e. directly in the browser). But how does that work?! For the experts: when making an encryption request, the freenigma extension sends nothing more than the list of recipient addresses to the freenigma server. In response, it receives a random session key for symmetric encryption within the client as well as an asymmetric encrypted session key for all the recipients. AES encryption is then performed within the client using the unencrypted session key. Then, the user script in the client combines the symmetric encrypted mail text and the asymmetric encrypted session key to create the OpenPGP binary format. </blockquote> From http://www.freenigma.com/frequentlyaskedquestions/

Does freenigma send my mails to the freenigma server for encryption?

No. All mail is encrypted or decrypted directly in the webmail client (i.e. directly in the browser). But how does that work?! For the experts: when making an encryption request, the freenigma extension sends nothing more than the list of recipient addresses to the freenigma server. In response, it receives a random session key for symmetric encryption within the client as well as an asymmetric encrypted session key for all the recipients. AES encryption is then performed within the client using the unencrypted session key. Then, the user script in the client combines the symmetric encrypted mail text and the asymmetric encrypted session key to create the OpenPGP binary format.

]]> By: Andrew Hammond http://ben.dechrau.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more/comment-page-1#comment-1408 Andrew Hammond Wed, 07 Feb 2007 17:11:53 +0000 http://benbalbo.com/2006/08/25/gpg-for-gmail-yahoo-mail-hotmail-and-more/#comment-1408 Unfortunately this looks like it sends my message to their server to be encrypted / signed. That means that they need to have my private key to sign stuff, and that they know the symmetric key for messages I'm sending. In other words, I have to trust them a whole lot more than I'm willing to trust anyone. Bummer. Unfortunately this looks like it sends my message to their server to be encrypted / signed. That means that they need to have my private key to sign stuff, and that they know the symmetric key for messages I’m sending. In other words, I have to trust them a whole lot more than I’m willing to trust anyone.

Bummer.

]]>