What is Digg?51 Comments
- DeusMachinae, on 10/12/2007, -4/+25How would this affect Gmail's text ads?
- moila, on 10/12/2007, -1/+17Hosting a public key database isn't so bad but it sure sounds like they also store the private key. That's just wrong!
- emFi, on 10/12/2007, -2/+15When I sent a GPG-encrypted message with Gmail, I just got text ads for encryption tools.
- bootyfarm, on 10/12/2007, -1/+12It's worse than wrong, it totally defeats the purpose of the encryption in the first place. If we can't trust google we also can't trust FreeEnigma. The source to the plugin is free to read, I might have to d/l it and see where the private key is held. That said, I don't think I want it stored in FF either. How am I to use this in a internet cafe withot exposing my privates, err private key, to the public?
- n3r0, on 10/12/2007, -3/+12i can't try this out at work, uncle sam won't let me. but it looks cool. i'm assuming encrypted emails won't be search-able though, that's a bummer.
- tizz66, on 10/12/2007, -1/+9One of the main benefits of webmail is that you can access it from anywhere... doesn't this kinda defeat the point in requiring any computer you use needing this plugin?
The way I see it, if you are sending correspondence that is important enough to need this kind of encryption, webmail probably isn't the best of ideas anyway. - animecrazy9, on 10/12/2007, -3/+10*It'd* be *a waste* to have a version for IE users.
Fixed that for ya :) - cajunman4life, on 10/12/2007, -3/+10I'm assuming you're wrong.
The message is not only encrypted in transit, but also as long as it sits on the mail server. It is decrypted during "read time". - EmileVictor, on 10/12/2007, -3/+9Get the Nightly Tester Tools extension. It'll make all your extensions compatable with Firefox 2.0b and 3.0a.
- sardaukar, on 10/12/2007, -2/+8It's not a matter of "leaking CIA secrets". Do you send all your snail mail on postcards? No, because one values one's privacy. I don't care if I only mail normal stuff or personal stuff or source code for my trademarked app, it's MY messages, not those of anyone who can spy on them. "I'm OK with the government spying on me because I have nothing to hide." I don't have anything to hide too, but between that and inviting someone into my life goes a long long way. If you don't value your privacy, you're clueless.
- lost84001, on 10/12/2007, -2/+7http://www.freenigma.com
- afrazkhan, on 10/12/2007, -1/+6
Yup, it's pointless. When I first read the article I thought "Yays! I can forward all my mail to Gmail now and just use that", but then I read how it worked.
It wouldn't be difficult to create a FF extension that reads your typed in e-mail, uses your local GPG binary with your local secret key, encrypts, and passes the output back to Gmail (replacing the text it encrypted). As long as the password wasn't stored, this would be safe. Essentially it's the same as typing a message in a text editor, running "gpg -sear" on it, and then e-mailing the output.
For people like me who are so damn paranoid that they use GPG in the first place, the idea of having my secret key on someone elses server ... well, it's pretty funny. - raada, on 10/12/2007, -2/+6I assume you are all assuming too much
- danraydotorg, on 10/12/2007, -3/+7Good god, what an ugly URL!
- inactive, on 10/12/2007, -1/+5Do you not understand what the term "beta" means?
- inactive, on 10/12/2007, -0/+4Use winpt for webmail clients
http://www.winpt.org - kilbasar, on 10/12/2007, -2/+6who?
- bhooot, on 10/12/2007, -0/+4As much as I would like to use it because they use GPG, one has to add friends to their list before sending them an encrypted email. I better use my Thunderbird with Enigmail as it works fine without having to give out personal information to FreeEnigma!!
- klepto, on 10/12/2007, -7/+11why would they spend $$$$ to support a beta?
don't be picky and be happy with the fact that they support a stable version of firefox, I am.
I'm sure they'll support 2.0 when it's stable. - h1tm4n, on 10/12/2007, -1/+4there has already been such a thing: http://jjj.ynatraubira.pbz.n3.n3.4p.dr.ag/code/emailencrypt/gmailencrypt.php
- paleck, on 10/12/2007, -0/+3Looks like the beat the Shmoo Group working on there Google Summer of Code. http://www.shmoo.com/soc/gpgreasemonkey.html
- grumpyrain, on 10/12/2007, -0/+3From a security perspective, it is pointless to use your private key on an untrusted computer (read Internet Cafe / Public / Work computer). Once your private key is known, it is game over. One can argue that it is marginally better to have your private key managed by a company different to the company managing the email.
@sardaukar, the postcard analogy is not good, because envelopes are hardly secure. Usually the best they can do is to make it obvious when someone has opened it. Emails are only in transit for a series of brief intervals, whereas physical envelopes often sit in out trays, then sorting facilities, delivery trucks, and finally in a mail box with in many cases no lock (and even the ones that lock can be opened with minimal effort).
What I think we are talking about here is whether there is any point putting a plain text letter in an envelope, or putting an encrypted letter in an envelope. Lets call this envelope an email. The header is conceptually similar to the address information on the front. The body is conceptually similar to the contents of the envelope. (Yeah, ok it is much easier to passively intercept email without the recipient knowing than snail mail).
There is nothing stopping you now from using any encryption algorithm on your computer and send the encrypted data as an attachment. With the advent of USB keys, having a strong key that your recipients can have on hand is pretty simple, I mean even a zip file with a strong password is probably sufficient for most communications. - MikeCerm, on 10/12/2007, -0/+3Use a TrueCrypt hidden volume on a USB drive. Have Torpark and Portable Thunderbird + Enigmail in your encrypted volume. That's about as secure as you can hope to be.
- gd007, on 10/12/2007, -13/+16google is smart enough to parse encrypted message.
- rabidwalrus, on 10/12/2007, -0/+2It looks like you have to sign up for an invitation, oh well.
I don't see how a company could be giving this away and still be making money? Are they planning to charge for it? Is it always going to be free?
Oh well, I prefer to use KGPG's option to "encrypt" clipboard, and then paste it into the window. Then I can use it with whatever mailing service, website, or chat program I want. - abdim, on 10/12/2007, -0/+2you could also try this service, not bad
http://www.stealthmessage.com/ - MikeCerm, on 10/12/2007, -0/+2I've thought about it some more, and I've decided that this isn't so bad. The majority of people don't send encrypted e-mail now. If this gets more people to use GPG, then it's a net-positive. I understand that it wouldn't be up to military-grade security standards, but something's better than the nothing that people currently employ.
The more people that use email encryption, the better. Let's assume that Big Brother is monitoring every piece of email that's sent. If they only see one encrypted message in 10 million, flags probably go up, and they can focus all their efforts on cracking that one message. If every message is encrypted, that's like looking for a needle in a stack of needles, and that's assuming they even know what they're looking for! - webcrumb, on 10/12/2007, -0/+1Direct link: http://www.freenigma.com/
(I know it's not really a reply, just plopping it at the top) - inactive, on 10/12/2007, -2/+3Finally, the last reason I would ever use Outlook has been broken.
- mchung, on 10/12/2007, -0/+1Good timing. I just reviewed the product, but had some rather negative things to say about it. It looks like some of the comments already echo my general feeling towards private/public key management done by an external source. This breaks existing conventions and practices for folks who already have existing X.509/public key certs and have software (MS Outlook, Key Chain) that manage our private keys. In a sense, this breaks backwards compatibility, and that sucks.
The issue that no one has really mentioned yet is the call home nature of the plugin. It looks like under two circumstances the plugin calls home. Honestly, I feel that there is absolutely no reason this needs to happen, but I'm not a Firefox plugin expert, though I'm looking to change that in the near future.
Instance A) look in C:Documents and SettingsApplication DataMozillaFirefoxProfiles.defaultextensionsfreenigma_extension@freenigma.comchromecontent
at the file called FreenigmaCryptManager.js.
It looks like the plugin will try and update itself, rather than require the user to actively install a newer version. I'm not against self-updating code, but for sensitive/personal content, I think this might be a bad thing. I'd prefer not to take any chances with self-updating code that might update itself with buggy/evil code. Remember, the Freenigma keeps your private key too.
Instance B) There's no reason why they should have to call home to do the public encryption, if it's a Firefox extension, they can use the Certificate Manager. That's what it's there for. (For instance, Allpeers uses it). I don't want to manage two sets of contact lists, one in Gmail, and one by some company I've never heard of.
The ideal S/MIME or GNUPG Firefox plugin for Gmail would tap into the Certificate Manager that Firefox already manages. Sure, I'd have to install all youse guys public keys, but what the hey, sure beats self-updating home calling software. The plugin that (IMO) comes closest to doing it right, is the Gmail S/MIME plugin. It's very close to being perfect, though there are a few improvements that could be made, and I hope to have an opportunity to fix/enhance them in the near future.
I'll keep you folks posted if there's interest. - marioluigi123, on 10/12/2007, -0/+1He meant, who would a company make their product supported for a beta version of another program. That's like saying that the VLC player guy should make a player for the Vista beta right now.
- sardaukar, on 10/12/2007, -3/+4Cool! Only works on Firefox! Take that, Firefox bashers!
- norz, on 10/12/2007, -0/+1enigmail, an extension for Thunderbird, supports the OpenPGP standard:
http://enigmail.mozdev.org/ - iSEPIC, on 10/12/2007, -1/+2quote
why would they spend $$$$ to support a beta?
/quote
Gee, I wonder why ANY company spends $$$ to support a beta, are you ***** 12 years old or what? Get a clue. - norz, on 10/12/2007, -0/+1Another option: Gmail S/MIME, which is based on the s/mime standard.
http://richard.jones.name/google-hacks/gmail-smime/gmail-smime.html
(It's from the same guy that develops gmail FS)
Info on s/mime:
http://en.wikipedia.org/wiki/S/MIME
On the freenigma faq they say that they use the OpenPGP standard, I don't which of those 2 standard is the better option... - mgadalsky, on 10/12/2007, -0/+0Amazing. But what for?
- donolsen1155, on 10/12/2007, -1/+1Doesn't seem to work with Firefox Bon Echo Beta 1. :( Won't install the plugin.
- johnkimble, on 10/12/2007, -4/+3What are we all emailing here that can make us so paranoid about what we're transmitting? Leaking CIA secrets or something? This probably isn't practical for emails to your family just to let them know your dog is still alive. If we all installed all of the addons and extensions and other crap that surfaces on digg daily we'd be doing exactly the opposite of maintaining efficiency and flexibility by complicating our most astonishingly simple daily activities such as sending an email.
Count me in for a digg to encourage the development of security software, but I'll be passing on installing this one. - inactive, on 10/12/2007, -3/+2Just link to the original source.
- MrOrange, on 10/12/2007, -2/+1http://digg.com/software/Gmail_-_safeguard_the_privacy_of_your_email_messages
- ting, on 10/12/2007, -2/+1Too bad it isn't compatible with other PGP clients. I can't just force anyone to stop using his PGP program and install Firefox only to write with me.
- Crepsley, on 10/12/2007, -3/+1Well, it would look cool.
Maybe more people would like them more that way.
Well, Google is very succeful and smart, so they know what they're doing. - infonography, on 10/12/2007, -2/+0on the spam mail page you would get;
RECIPES FOR 3432MF3R3243 - To serve, cut each roll in half - spankybumbum, on 10/12/2007, -5/+2I just use Hushmail http://www.hushmail.com/, that way I can use both IE (work) and FF (home) lol ;) Totally secure
- bhooot, on 10/12/2007, -6/+2@Asshate -- winpt is Windoze only. It won't be of any help for me on my Debian box, where I can find more elegant ways to do the same thing.
- iSEPIC, on 10/12/2007, -11/+5I hope they get a FF 2.0 (beta) plugin working soon so I can test it.
Currently they are only supporting FF 1.5 - Burmask, on 10/12/2007, -9/+2I'd be nice to have a version for IE users.
- cheapskate, on 10/12/2007, -14/+7Uhhh dude - what would be the point of cryptography then?
- Ajzzz, on 10/12/2007, -8/+1I'm assuming that the message is only encrypted in transit.
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is