When using Gmail it is important to understand how the email service protects your privacy and information.
This is done through encryption.
Encryption is a process that takes the readable text and alters it into a ciphertext. The ciphertext appears random and can only be read by someone with the right decryption key.
We already explained what it means to encrypt an email, so feel free to read that article if you need to refresh your memory.
The standard encryption, available to all Gmail users is TLS or Transport Layer Security.
TLS is an Internet security protocol designed to simplify data security and privacy over Internet communications. It can encrypt different types of communications over the Internet such as:
- VoIP (Voice over Internet Protocol)
- Communication between web applications and servers
In other words, TLS protects from point A to point B, meaning in "transit."
That does not mean the message is safe from prying eyes once it reaches its destination, or "at rest."
Once at the destination mail server, there's no guarantee that the message will stay private. If anything, TLS protocol has shown time and again that it is not without vulnerabilities. Although the latest version(TLS 1.3) is more secure from most vulnerabilities that plagued the older versions, it's still prone to force downgrade.
Here are just a few vulnerabilities and attacks that you should keep an eye on with TLS (especially older versions):
- POODLE (Padding Oracle ON Downgraded Legacy Encryption)
- CRIME (Compression Ratio Info-leak Made Easy)
- BEAST (Browser Exploit Against SSL/TLS)
Again, these are just the best-known exploits and most of them work with older TLS (TLS 1.1 and 1.2), but it's still something to be wary of.
Upgrading Gmail Encryption
If anything, Gmail encryption is "token" at best and won't do much to keep your conversations private or secure from bad actors.
First, let's define who these "bad actors" might be.
That's pretty much anyone who is looking to get information about you that they can then use for something.
This can be your ISP selling your browser information, a web service, or the government collecting your metadata and online information and more.
Google itself is often one of these bad actors and that's because they are very interested in your emails and what's inside them.
That's not just because they want to help you fight malware (although there's that as well), but primarily so they could see what your interests are and then sell that information to advertisers.
Well, let's say you don't want that, so what you need is to upgrade your Gmail encryption from TLS to OpenPGP mail and we'll show you how.
What is OpenPGP Mail and How to Encrypt Your Gmail With it?
You might have heard of PGP. That's short for "pretty good privacy.
PGP is a hybrid cryptosystem and it uses a combination of symmetric and public key cryptography.
In other words, PGP encrypts plaintext data and compresses it. Then, a one-time session key is created, which converts the now compressed plaintext into a ciphertext. Finally, the session key is encrypted to the public key that goes to the recipient together with the ciphertext.
To decrypt data, the recipient needs a private key (that only he should have). This first decrypts the session key, which is then used to decrypt the ciphertext.
Now, you're probably wondering, "okay what's the difference between PGP and OpenPGP?"
Well, PGP itself is a trademarked term Symantec Corp uses, while OpenPGP is a standard for defining encryption keys and message formats.
In other words, PGP is a proprietary software, while Open PGP is its open-source version.
You can learn more about OpenPGP here
Okay, so how do you encrypt your Gmail with OpenPGP?
There are a couple of ways to do this.
One way is to install an offline email client like Mozilla Thunderbird (for Windows users) or Apple Mail (for those looking to encrypt their mail on a Mac using OpenPGP).
The problem with this method is that you need to install an offline mail client and that might not be the most elegant solution. Instead what you can do is use a browser-based webmail.
You can also use Mailvelope add-on for Chrome or Firefox.
Download and install the right add-on for your browser:
Once you download and install the add-on it will appear on your extensions list and now you need to configure it to use your keys.
If you don't have the keypair already, you can generate one by selecting the Mailvelope in the Add-ons toolbar > Mailvelope Options > Generate Keys > Filling in the information > Submit.
In case you already have the keypair, you can go to Mailvelope in the Add-ons toolbar > Mailvelope Options > Display Keys > Import Keys > Paste keypair text > Submit.
With either method, you'll be able to see the imported keypair in the Display Keys.
Once you've done that, you can encrypt your message in Gmail. To do this:
- Select "Compose" as you would to normally create a new email message.
- Select the Mailvelope icon in the body of your email.
- Type your message and select the lock icon.
- From the list of contacts select the ones you want to send an encrypted message to and click OK.
- Finally, click Transfer and you can now send your encrypted message.
The best option here is to use Liverado, which is an email encryption service available for desktop and mobile (see here wh Liverado is the best anonymous email provider for Android).
Liverado uses ECC encryption to keep your email conversations, contacts and attachments secure.
Keep in mind that by default, only email content will be encrypted, so if you want to enable other encryptions, go to Settings > Security and then select Enabled for that category.
For example, to encrypt contacts in Liverado:
- Go to Settings > Security.
- Select Contact Encryption: Enabled.
- Read the pop-in and click Confirm.
Looking to make your emails secure? Start encrypting them with Liverado's help.