Rebecca MacKinnon <[email protected]> writes: > http://blog.kaspersky.com/send-gmails-that-not-even-google-can-read/ > > Interested in people's opinions of this. >
Having to communicate a password for each message for each recipient, out of band, seems way harder even than using GnuPG with an extension like Enigmail, and probably less secure because of the shortcuts people will take in order to minimize the inconvenience (having to verbally communicate the password over the phone for example is not a good way to encourage strong passwords). There's the normal issues with symmetric encryption like you only need a password to decrypt it, rather than a password + possession of a key. I think it also is going the wrong direction for encryption, because it's only really practical in a culture where you only encrypt "special" things, while GnuPG can be used behind the scenes in a system where encryption is the normal habit, even when communicating with people you have never communicated with before. I don't know what claims Streak makes, but the article massively oversells it, by pretending like any user is actually ever going to exchange passwords with anything approaching a majority of her GMail contacts. This is not a way to generally secure privacy of your GMail messages, unless it operates differently than described in the article. And it's webmail with JavaScript, so all of the plain text, unencrypted, keystrokes you enter are accessible to Google. And it's an extension for a proprietary browser (you could probably use it with the free version Chromium, but the article pushes it for Chrome), which means there is another possible keylogger. I do appreciate that the extension seems to be free software at least. :) -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <http://www.fsf.org/register_form?referrer=8096>. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
