« Slick | Main | Selective memory »

Enigmail

If you’ve been reading this for a while, you know I’m a (relatively) vocal advocate of the Mozilla Foundation and, in particular, its browsers Firefox and Camino.

You may also have noticed that I’m a booster of strong encryption, and the PGP/GPG model in particular. I haven’t made as much noise about it here, because while MacGPG and GPGMail make it very easy to use GPG with the Mail.app program on a Macintosh, I’ve had less luck finding easy-to-use encryption software for Windows without crippling license restrictions. (I was looking for an app to use at work, so the freeware PGP was out.) I didn’t want to nag everyone to use encryption and then have the Windows users hate me when the process was, well, less than simple.

Today I got a response to one of my grad-school networking messages which was encrypted with Enigmail, which turns out to be an extension for the email client of Netscape/Mozilla and for Mozilla’s excellent standalone mail client Thunderbird (the jargon is “MUA”, or Mail User Agent) which provides GPG functions.

By now you can guess where this is headed, right?

<?
include_once('/lib/evangelism/software.txt');
?>

With that out of the way, though, I have to ask: when will we see a webmail service that supports encryption? Never is my bet, for two reasons; one is practical and one is paranoid. First practical: in order to support encryption directly, the service would need a copy of the user’s private key, and (unless they were using a secure connection) the message plaintext, the key passphrase, or both would be transmitted in the clear over the ‘net. Both of those are security risks. Second, the paranoid: isn’t one of the big selling points of GMail (aside from the peer pressure aspect) that it indexes your mail, both to provide a search service to you and to target their revenue-producing advertisements? Widespread use of strong encryption breaks that. I can’t imagine Google encouraging that.

Will we need to remind Google not to be evil?

(I should add, for those wondering: my public key is here.)

Now playing: Brooklyn from The Fine Art Of Self Destruction by Jesse Malin

Posted by pjm on September 30, 2004 10:46 AM |

TrackBack

Listed below are links to weblogs that reference Enigmail:

» Free, encrypted email from Flashes of Panic
Last year I [wrote about encrypted email][1] and wondered when (or how) the free web-based email services would offer the ability to encrypt (and decrypt) email as a feature. [Read More]

Tracked on April 26, 2005 9:33 AM

Comments

Dude, I believe you meant to use the require() function.

Ha! :)

Ok, I thought it was funny….

Posted by: JM | September 30, 2004 12:19 PM

And here I am trying to be nice to the filesystem…

Posted by: pjm | September 30, 2004 2:57 PM

No no, the word not the function. Like, “why just include it once, P? Require it! All the time!” never mind. I should have kept it in my head. :)

Posted by: JM | September 30, 2004 4:18 PM

Well, the point of include_once() was that if the reader had already got the message, so to speak, they didn’t have to sit through it again.

Evangelize my five readers, yes. Annoy the living snot out of them, no. :-P

Posted by: pjm | September 30, 2004 4:28 PM

Oh, see, I always went with the whole “beat it into them” method, in my evangelizing days. Annoy, schmoy. :)

Posted by: JM | September 30, 2004 4:40 PM

Post a comment