[liberationtech] SecureGmail Chrome extension

John Sullivan johns at fsf.org
Wed Jul 24 21:39:26 PDT 2013 

Rebecca MacKinnon <rebecca.mackinnon at gmail.com> writes:

> http://blog.kaspersky.com/send-gmails-that-not-even-google-can-read/
>
> Interested in people's opinions of this.
>

Having to communicate a password for each message for each recipient,
out of band, seems way harder even than using GnuPG with an extension
like Enigmail, and probably less secure because of the shortcuts people
will take in order to minimize the inconvenience (having to verbally
communicate the password over the phone for example is not a good way to
encourage strong passwords). There's the normal issues with symmetric
encryption like you only need a password to decrypt it, rather than a
password + possession of a key.

I think it also is going the wrong direction for encryption, because
it's only really practical in a culture where you only encrypt "special"
things, while GnuPG can be used behind the scenes in a system where
encryption is the normal habit, even when communicating with people you
have never communicated with before. I don't know what claims Streak
makes, but the article massively oversells it, by pretending like any
user is actually ever going to exchange passwords with anything
approaching a majority of her GMail contacts. This is not a way to
generally secure privacy of your GMail messages, unless it operates
differently than described in the article.

And it's webmail with JavaScript, so all of the plain text, unencrypted,
keystrokes you enter are accessible to Google. And it's an extension for
a proprietary browser (you could probably use it with the free version
Chromium, but the article pushes it for Chrome), which means there is
another possible keylogger.

I do appreciate that the extension seems to be free software at least. :)

-john

-- 
John Sullivan | Executive Director, Free Software Foundation
GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
<http://www.fsf.org/register_form?referrer=8096>.

More information about the liberationtech mailing list