Showing posts with label gnupg. Show all posts
Showing posts with label gnupg. Show all posts

30 August 2006

Inside a Freenigma

Freenigma is something that I have sought for ages: a way to send encrypted email from my webmail accounts - without having to do all the hard crypto-stuff, or indeed anything, really. Freenigma promises to do all this and more - see the FAQ for details. It's based on GnuPG, only works with Firefox:

In the initial step, we support only the Firefox browser. However, we are already working on an implementation for the Internet Explorer, which we will only release if we receive enough requests for it. To be honest, we would prefer all our users to use Firefox because, due to the open source code, it is more trustworthy than proprietary products. Furthermore, the browser is available for all platforms (Linux, Mac, Windows).

It is, of course, completely free (premium services are in the offing, apparently.)

I've only just signed up, so I can't report on how well it works, but once I've used it in anger, I'll provide an update. As unnecessary government surveillance becomes more common, programs like Freenigma will sadly become more necessary.

17 March 2006

Google's Grief, Open Source's Gain?

The news that a judge has ordered Google to turn over all emails from a Gmail account, including deleted messages, has predictably sent a shiver of fear down the collective spine of the wired community, all of whom by now have Gmail accounts. Everybody can imagine themselves in a similar situation, with all their most private online thoughts suddenly revealed in this way.

The really surprising thing about this development is not that it's happened, but that anyone considers it surprising. Lawyers were bound to be tempted by the all unguarded comments lying in emails, and judges were bound to be convinced that since they existed it was legitimate to look at them for evidence of wrong-doing. And Google, ultimately, is bound to comply: after all, it's in the business of making money, not of martyrdom.

So the question is not so much What can we do to stop such court orders being made and executed? but What can we do to mitigate them?

Moving to another email provider like Yahoo or Hotmail certainly won't help. And even setting up your own SMTP server to send email won't do much good, since your ISP probably has copies of bits of your data lying around on its own servers that sooner or later will be demanded by somebody with a court order.

The only real solution seems to be to use strong encryption to make each email message unreadable except by the intended recipient (and even this is an obvious weakness).

It would, presumably, be relatively simple for Google to add this to Gmail. But even if it won't, there is also a fine open source project called Enigmail, which is an extension to the Mozilla family of email readers - Thunderbird et al. - currently nearing version 1.0. The problem is that installation is fairly involved, since you must first set up GnuPG, which provides the cryptographic engine. If the free software world could make this process easier - a click, a passphrase and you're done - Google's present grief could easily be turned into open source's opportunity.