[Chrome] Webmail encryption - Mailvelope

Discussion in 'privacy technology' started by m00nbl00d, Jun 1, 2013.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Sometime ago I came across this extension, but never tried it. I totally forgot about its existence. Today, while checking something else, I came across it again :D, and it seems to be evolving well.

    Has anyone been using it?

    -http://www.mailvelope.com/help


    P.S: I searched the forum for mailvelope, but got no results, so if it has been discussed before, I'd appreciate if someone could point me such thread. Thanks. :)
     
  2. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Thanks for the info, I am gonna take a look.
     
  3. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    I tried this extension few months ago.
    I remember that I didn't like the fact that my private keys are stored in/by this app since I don't really know if they are not shared with someone else over the Internet connection.

    I prefer GPA for PGP/GPG keys management (store, sign, auth, encrypt/decrypt) with blocked in LnS Internet connection for:
    gpg.png
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    By shared, do you mean sent to someone without your consent, such as Mailvelope developer/team?

    This being (in this case) a Chromium/Chrome extension, one can use Chromium's built-in flag --host-rules to restrict communications only to the webmail servers. Unless one fears the extension may send an e-mail containing the keys? :blink:
     
  5. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    I doubt it send email which contains both keys. My only one worry is about that you don't really know what information are send to the vendor by using this app.
    If you will use mentioned flag it should be ok, but I can't be 100% sure since I haven't tested it.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    By the way, it's an open source project. Code is available here: -https://github.com/toberndo/mailvelope

    It's always a matter of auditing the code. :)
     
  7. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Installed and generated my keys.

    Now the only problem is that almost nobody encrypts emails...:D
     
  8. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    That's a reality see our internal results regards email encryption at Wilders Encryption Poll
    And this is specific community full of privacy and security related people.
     
  9. NotRight

    NotRight Registered Member

    Joined:
    Jun 12, 2013
    Posts:
    37
    Location:
    Here
    is this a good program to use?
     
  10. x942

    x942 Guest

    While it is a good tool the private keys are (were?) stored insecurely. You could pull them out of the extensions folder if you have access to the computer (remote shell or other means). It was shown on this episode of hak5:

    -http://hak5.org/episodes/hak5-1417-
     
    Last edited by a moderator: Jul 15, 2013
  11. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    True, but Enigmail does the same thing...EVEN WITH A PORTABLE TB INSTALL IN A TC CONTAINER. You can find all your keys in:

    C:\Users\'User Name'\AppData\Roaming\gnupg

    And this is with Enigmail using a gpg.exe that *also* resides in the TC container. I just cut and paste the key rings in there every time I open TB...otherwise, I cut and paste them back to the TC container for storage. Maybe the same will work for Mailvelope?

    Even then, the pass phrase still protects the secret key - make it good!

    PD
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That would be how I'd use it as well - using TC container. I still haven't done it, because I've been a bit lazy, and so far haven't met anyone using e-mail encryption. But, I have some contacts now that are using, so it's a great reason to finally use the extension.

    Hopefully the TC container approach will work just fine. :D
     
  13. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Now I am waiting for the Firefox add-on, which is under development.

    Then I will be waiting for a single person using Email encryption...it looks a long way...:D :D
     
  14. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Then probably you should convince more people to visiting wilderssecurity :D
     
  15. x942

    x942 Guest

    Mailvelope was storing private keys in plain text if i'm not mistaken. So no password needed.
     
Loading...
Thread Status:
Not open for further replies.