A few months ago no-one had heard of Edward Snowden, PRISM, Bullrun or Cheesy Name (yes, that is a real project name). Since these revelations many people, including average computer users, have become a lot more security conscious. I’m frequently asked questions about how one can increase his/her security and try to keep their data as private as possible. Most of the time I suggest using something like using SSL where implemented, ProXPN, or the Tor Browser Bundle for their everyday web surfing. These are helpful for disguising web traffic but these do very little to guard against snooping on your email.
“But I connect to my Gmail via SSL.” I hear you say. Yes, you are correct. If you use a web interface for sending email your session between your computer and the service provider is encrypted. This ensures no prying eyes can intercept your messages between you and Gmail but once your email reaches Google it is no longer encrypted. What’s more that email message is then sent on to the recipient in plain text. This means that the NSA or anyone with the right skills and equipment can still intercept that email message in plain text.
So what do you do?
Email is old. In tech terms it is Jurassic. Email is 20 years old and has all of the same restrictions and quirks that it had when it was first used in 1993. Things were simpler back then. Computer Security was at the back of everyone’s mind. A fraction of a point of a percent of normal people had an internet connection and few people had computers in their home. I remember it well. Did you know that children even used to go outside to play at one point? Staggering.
The protocols that govern email do not allow for encryption. Sending encrypted messages between two endpoints means employing encryption yourself and the most effective method for doing this is PGP.
The humbly named PGP (Pretty Good Privacy) is strong and effective. It comes in several flavors. You can purchase the commercial software or you can download the open-source version that uses the OpenPGP protocol such as GPG (Gnu Privacy Guard). While these are relatively simple to set up for us geeks it is unlikely to see huge adoption throughout the world because the average computer user simply doesn’t care to know. Trust me when I say I know this. I tried to discuss PGP email encryption with my 3 year old and she quickly changed the subject to Curious George and Barney.
PGP works the same way regardless of the implementation. If you want to send an encrypted message to someone you must first obtain their public key. Once you have their key you can encrypt your message and send it to the recipient. That message can only be decrypted using both their private key and the associated passphrase. If the recipient wants to reply they would use your public encryption key. You would then decrypt the message with your own private key and passphrase.
Many PGP implementations will have plugins for various Mail clients such as Outlook on Windows or Apple Mail on Mac computers. This, however, can be troublesome. If you have an update to your client it can we weeks or months before the developers release a compatible version. For example I’m running the beta of OSX Mavericks and GPG does not work with the newer version of Apple Mail. You may also be restricted in being able to use PGP at your place of business. This leads many people to look for an alternative.
Mailvelope is a Chrome plugin that is receiving notoriety. The theory is simple; you download and install the plugin, you generate a key pair, you publish your public key, and then you install public keys for your contacts. The next time to you open Gmail, Yahoo Mail, or your webmail account of choice, you will notice a lock icon in the text area. When you have finished writing your email message you click on the lock icon, select the recipient, and Mailvelope will encrypt the message with the recipient’s public key. Receiving encrypted messages is even simpler. An encrypted email message appears in your inbox, you click to open it and then click on the message to show the decrypted message. Mailvelope makes the whole process very simple to use. I was using this, myself, until I started to think about how Google stores email.
A couple of months back I posted an article about Gmail retention (see here) in which I showed that Google not only saves copies of your unsent messages, but virtually every iteration of any message you type is potentially saved by Google. This means that it is available by subpoena to Google from whichever entity sees fit.
Think about this for a moment. You type your entire message in Gmail and then you click on the Mailvelope lock icon. Yes, your email message is encrypted. Yes, anyone attempting to intercept the message won’t be able to read it while either in transit or looking in your sent folder. Yes, this makes you feel warm and fuzzy because you’re using encryption until you understand that, yes, Google still has the pre-encrypted message sitting on their servers. Not only this, but they saved multiple copies while you were typing your message.
When you consider that the NSA has been shown to take special interest in  encrypted communications, how much effort do they really need to expend in order to read that email message? Very little. A simple FISA request to Google is all it takes for your supposed encrypted message to be handed over in clear text.
If you are happy with Mailvelope then, by all means, continue. If you are serious about ensuring your long-term privacy I would recommend using a text editor to write your email message, encrypting the message outside of the web browser before cutting and pasting into your webmail interface. This will guarantee that only the recipient will be able to read your email.

11 responses to “Gmail and Mailvelope Leakage”
Since March 7th Mailvelope has security features to prevent exactly this kind of behaviour
Compose your Email in a separate window.
View decrypted text in a separate window
Kevin, thanks for that. I had missed that previously. Something to keep in mind, however, is that this is not obvious when someone is typing the message. I’d be interested to see how many people type first and then click on the icon overlay as opposed to writing the email after clicking the icon. The distance in privacy between the two is quite large.
Agreed, another weakness i was pointed to is how the keys are stored locally in clear.
Rob Fuller and Darren Kitchen show a metasploit module here
http://www.youtube.com/watch?v=NnHOYSRrqS4
Thanks for posting. That is pretty scary however if someone gets unfettered access to your computer you’re going to be screwed anyway and, assuming your private key is stored on your local machine, they may not need to go digging in your browser extensions to find it.
Awesome Kevin. Thanks.
Keys can be protected with a password
Vic, I completely agree. My point really being that if someone gets physical access to your computer they pretty much have free reign. That may also include being able to find the passwords to encrypted keys.
A little late to this game, but I gave up on Mailvelope, and am using another Chrome/Gmail-only app called Secure Mail for Gmail by Streak. When I’m composing a message within Gmail, instead of the usual “saving…saved” prompt you get, it says “save failed” so I’m assuming Google doesn’t have access to it or any iteration of the message?
Cheers. (:
“you are happy with Mailvelope then, by all means, continue. If you are serious about ensuring your long-term privacy I would recommend using a text editor to write your email message, encrypting the message outside of the web browser before cutting and pasting into your webmail interface. This will guarantee that only the recipient will be able to read your email.”
How do I encrypt my message outside of the web browser!?
I will be thankful for any one responding to me.
even if it comes late: PGP / GPG encryption is the thing you’re looking for.
https://en.wikipedia.org/wiki/Public-key_cryptography should explain the main concept, a search for tutorials for the corresponding tool – dependend on which OS you’re on – should do the rest.
I use mailvelope. I create the message in the mailvelope new window an then click transfer to move the encrypted message into gmail. This way gmail won’t have any unencrypted drafts.
When I initially tried Secure Streak, one could only use it if you were gmail user. Has this changed? Because Mailvelope is “universal” it is a more practical app. Besides, I am more concerned about credit card info theft, ID theft, etc., not the NSA.