Private Webmail with FireGPG

There are plenty of benefits to webmail, but privacy isn’t one of them. Webmail providers like Google routinely data mine email contents to display relevant ads to its users. During the September OWASP San Antonio Chapter meeting, Jeremiah Grossman discussed his time at Yahoo! and shattered any illusions anyone may have had about Yahoo’s webmail system. If you prefer to be the only one who reads your email or prefer that the people you send email be its only recipients, FireGPG might be a good fit for you. FireGPG is a Firefox plugin that, once installed, makes sending encrypted email a one-click process.

FireGPG isn’t a key manager, so you’ll need to install GPG first and create a key pair. If you are using Microsoft Windows, download WinPT and GPG and install it at the default location. If you are using Mac OS, download and install GPG for Macs. Last (but not least) Linux and GNU users can install it with one’s favorite package manager or from the official website.

Once you’ve installed FireGPG and created key pairs, new buttons will appear in your GMail account when you go to compose your next email. Instead of clicking “Send”, simply click “Sign, Crypt, and Send” to send an email to anyone with whom you’ve exchanged public keys. When you receive an encrypted email in your Gmail account, simply click “Decrypt this mail”, and you will be shown the unencrypted version.


About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

One Response to “Private Webmail with FireGPG”

Leave a Reply

Your email address will not be published. Required fields are marked *