Darlene Storm

Easily encrypt Gmail

November 19, 2012 5:14 PM EST

In light of the General Petraeus scandal, and the ease with which the feds can access your email and drafts stored in the cloud, then you may be looking for "keep it simple, stupid" solutions specifically to encrypt Gmail. Here are several Firefox add-ons and Chrome extensions that are free, yet so easy to use that even your technically-challenged friends or family could use them.

Encrypted Communications

Firefox encrypt Gmail:

Encrypted Communications: Add the Encrypted Communications extension to your Firefox browser and then restart the browser. Go to Gmail, compose your email, then right-click to see “Encrypt Communication.” Enter a password and click OK. Your message is then encrypted and ready to be sent. The recipient will also need the add-on in order to right-click, select “Decrypt Communication” and enter the password.

Encrypted Communications password

Yes, it really is that simple.

Firefox Encipher.it:

Encipher.it

Go to the Encipher.it page and simply drag the icon to the bookmark bar. Go to Gmail, write your email, then click the “Encipher It” bookmark button.Encipher.it encrypt your Gmail

It will ask you to enter the password and then click “encrypt.” Or if you are the one receiving the email, then click the bookmark, enter the password and decrypt the email.

Chrome: SafeGmail

For Chrome, my favorite was SafeGmail . . . or so I thought until the very end. Here's the video.

Simply add the SafeGmail extension to Chrome, restart the browser, and then go to Gmail. Like the others, you can tell the recipient, who also must have the extension installed, what the password will be. But I like an alternate option. You may have a James Bond feeling if you instead utilize the secret question/answer so that only the person to whom you send the email will know the correct answer. Click on the checkmark by "Encrypt" and the question/answer box will open. After filling it in, then hit the "Encrypt + Send" button.

SafeGmail question, answer, encrypt, send

The recipient will get an email with a link that takes him or her to a page displaying the question and asking for the answer. When answered correctly, a new SafeGmail page opens to decrypt the message which states, “Please copy-paste the encrypted message content from Gmail below.” The last step is to click the “Show My Mail” button.

It was all great and I loved it until I got a reply back to try out the decrypting process. It was here that I was bitterly disappointed because the mail decryption page is not SSL secured. Notice the URL: http://www.safegmail.com:8080/SafeMail/MessageController?action=receive Yes, anyone intercepting it would need to know the correct answer to get to the page below, but for all the greatness that this extension could have, your privacy and security are basically, potentially ruined by the last step.

SafeGmail decryption unsecured

The Chrome web store states, “This extension can access your data on www.safegmail.com and mail.google.com.”

Enlocked Anywhere:

If adding an extension is too much work, then there are services such as Enlocked which use Pretty Good Privacy (PGP). It comes as a plugin for Firefox, Chrome, Internet Explorer, Safari and even Outlook. It even is available as an app for iPhone and Android. However, I tested “Enlocked Anywhere” as an Internet application.

Enlocked for encryption without a browser extension

“All communication between your client, your email system, and the Enlocked service is done via an SSL connection using https,” stated the “why” to use Enlocked page. “And the Enlocked servers do not store copies of any messages. When you hit the 'Send Encrypted' button, we get your message securely from your email system (using the same methods your email client does to download messages), we encrypt it, and put it back on your email server which then sends the message. Our temporary copy is immediately deleted.”

It worked fine, but it also uses OpenID so you can use the service without logging in or registering. This of course means you are not "anonymous." It also uses OAuth to grant Enlocked authorization to use your email on your behalf. Regarding that access, Enlocked states, “Don't worry - we never have access to your actual email password, and if you decide to disable Enlocked at some point in the future, we can't ever get that access back. A side benefit of this approach, is that if your device is ever lost or stolen, by simply changing your email password, the encrypted messages are no longer readable on your system. Only once you've re-authenticated from that device will decryption work again.”

The Chrome web store states, “This extension can access your data on google.com, mail.yahoo.com, and 5 other websites.” Those details include: “Enlocked has access to these websites: google.com, mail.yahoo.com, mail.yahoo.net, mail.live.com, www.enlocked.com, mail.google.com, mail.aol.com.” It can also access “your tabs and browsing activity.”

For something a bit different, you might like to try PrivateSky Personal where you email is stored encrypted on that site. You can register fast by using “Social Login” or you can register via your name and email address. Taking the latter option, you will receive an email to activate your PrivateSky account.

"Thank you for verifying your identity, now you just need to set up your brand new SkyPin to start using your PrivateSky account."

PrivateSky SkyPin

You are to enter four numbers to setup your pin, so you might want to review the least secure or quirky pin trends. Then input your new pin number to be taken to the PrivateSky Six Portal where you then “need to set a strong secret phrase that will be used to arm your Personal Key Generator.”

PrivateSky passphrase to encrypt email

You can’t set it until the password reaches "100" on the Strength Meter. Don’t forget your password phrase or else PrivateSky has to reset your account and you will lose all your old messages.

While this service looks good, the more steps involved in setting up encryption to protect your security and privacy, the fewer people will try it. Yet encryption and being "anti-forensic friendly" is the wise thing to do. Some of these programs do not show the email within Gmail, meaning Google's servers can't read it to inject ads. Whether you are an individual who values your privacy, or a business sending sensitive information that is meant only for the eyes of the recipient, figure out what "easy" encryption solution you like and then get your friends or business associates to install it too.