How to Encrypt Your Gmail Message and Protect Your Privacy

In the wake of the PRISM event and the statement that Google make “Gmail users have no reasonable expectation that their communications are confidential“, perhaps it is really time for us to wake up and start to take the privacy issue more seriously. We have discussed plenty of privacy precautions and measures that you can take, but we never really discuss about securing your email, particularly Gmail privacy.

Google doesn’t encrypt your message by default. In fact, it will even scan your mail content so as to serve you related ads. If you are planning to fix things up on your own, there is a Chrome extension – Secure Gmail, that allows you to encrypt your email.

Note: Secure Gmail is only available for Google Chrome.

1. In Google Chrome, install the Secure Gmail extension.

2. If you are already logged in to Gmail, refresh the browser. If not, login to Gmail. You should see a “Lock” icon beside the Compose button. Click on it.

secure-gmail-lock-button-beside-compose

3. A new secured Compose window will pop up. You can now compose your message like you usually do. Notice that at the bottom, it shows a “Save failed” icon when Gmail attempts to save a draft of your message. This shows that your draft message is not saved in Google server.

secure-gmail-compose-window

4. When you are done composing your message, click the “Send Encrypted” button. A dialog box will pop up to prompt you to enter the password for this message. The recipients will have to enter this password to decrypt the message.

secure-gmail-encryption-password

5. This is what the recipient will see when they open the encrypted message.

secure-gmail-recipient-encrypted-mail

6. To view the message, the recipient have to click the “Decrypt message with password” link and enter the password. If they did not have the Secure Gmail installed, there will also be a prompt for them to install the extension.

secure-gmail-message-decrypted

At the moment, using Secure Gmail can be rather cumbersome as it is available only for Google Chrome and both you and the recipients need to have the extension installed. However, for encrypting Gmail message, this is currently the best solution you can get.

4 comments

  1. Since this is only available as a GMail extension for Chroma, what makes you think there isn’t a “back-door” decryption key embedded in the process? The US government has long been pressuring email client/hosting products to include a backdoor so that, if there is a reason to believe that the DEA, NSA, orother regulatory agencies may need access to the text of the encrypted documents, they can gain that access without requiring your private key. (Of course, there is also a provisioon for requiring you to _provide_ your private key
    on demand or given a court order.)

    Perhaps a better solution might be to use GPG. ;-)

  2. Don’t forget that you can access GMail via POP/IMAP and can send via SMTP. You can get a free email certificate from COMODO and use it to encrypt messages using S/MIME format which is supported by most major email clients. Or you can use TBird+Enigmail+GPG if you prefer OpenPGP. After setting it up and generating a key pair, it’s rather easy to use afterwards.

    I’ve tried Mailvelope but the web interface is just too clunky. And this “Secure GMail” seems to have key management issues.

    I still prefer dedicated email client.s

  3. Yep, I have to agree with both Ralph and Dan. I only use webmail clients on the fly, preferring to have them pass e-mail to one of my local clients. GPG4Win’s Klaws client is a possible alternative folks might consider…

Comments are closed.

Sponsored Stories