Sunday, 15 March 2015

Secure PGP for Webmail – Making your communications private

What people don't realise is that all email communication is public. It is all sent via the SMTP protocol and is always in plain text. Everything is readable just by picking the message out of the wire(s). It is never private by default. These days all email is scanned by email servers and, in the case of Google, scanned to provide you with advertisements to pay for your 'free' email.

The impact on revelations by Edward Snowden, The Guardian and other newspapers has been to make people think about how they use online services. Many people have also been looking how they can have a degree of privacy in communication. Whether privacy is desirable, wanted or required is a different political and social question.

If you decide to start using PGP (Pretty Good Privacy) to encrypt your mail and provide yourself with more privacy you will find there are a number of programs out there to help you. In addition the official release of the open source pgp includes a plugin to add capabilities to Microsoft Outlook. However right now many people have found the functionality of Gmail, outlook.com (formerly Hotmail), Yahoo etc comes under the category of 'good enough'. Addins can also be a bit fiddly to setup and use within an email program.

To deal with that you can use a Chrome browser extension called Mailvelope. Mailvelope offers encryption within a webmail program like Gmail. You can create a private/public key pair and then publish the public key to a key server such as the MIT keyserver or use a Onename account.

As a quick reminder the private key is always secret and provides security. For this reason private keys need to be kept securely.The public key can always be shared to people who want to send you encrypted communications.

No comments:

Post a Comment