These 3 Chrome extensions make encryption easier for everyone
Thanks to the fallout from the revelations about the U.S. government's surveillance tactics, people are starting to take interest in using encryption tools for keeping email, files, and instant messaging private. Just recently, Yahoo said it would build encryption into Yahoo Mail and Google is doing something similar with Gmail.
The problem is that encryption is usually a task that only power users can handle. Email encryption, for example, has typically required a desktop email client. But who doesn't use webmail these days? That's a problem that Google and Yahoo aim to change.
But they aren't the only ones. Lately, some easy-to-use encryption tools have popped up that are very well designed and don't require you to dramatically change your usage habits.
Here's a look at three of them.
All the tools below are Chrome extensions and apps, but are also available for other platforms and browsers as noted.
Also, keep in mind we're not suggesting that these tools can be used under dangerous situations such as political oppression or revolution. Scenarios like that are way beyond the scope of this article. For the average North American hoping to keep their data private from passive government snoops, private companies, co-workers, and others, these tools should work just fine.
Cryptocat is probably the encryption tool that is easiest to use right now. This is an instant messaging program created by Montreal-based programmer Nadim Kobeissi.
You can use Cryptocat to chat with just one person or a group of people. To get started, install Cryptocat from the Chrome Web Store and then open it either from the all apps tab in Chrome or the taskbar launcher in Windows--if it's installed.
A new tab will open in Chrome. Fill out the form with a conversation name and nickname of your choosing and press connect. You now have your own encrypted chat room. To get others to join your chat just give them the conversation name and have them follow the same steps to join. Cryptocat also works with Facebook chat.
While Cryptocat is a popular piece of software for encrypted messaging, no piece of software is bullet proof. In July 2013, a programming issue potentially exposed Cryptocat conversations to decryption. The issue was promptly resolved, but it shows that you still have to be cautious when using programs like these.
Kobeissi warns that you should never trust your life with a piece of software, and Cryptocat can't mask your Internet protocol (IP) address, which could be used to reveal your location. It also can't save you if malicious software is already on your PC recording every keystroke you make.
Cryptocat is available for Chrome, Firefox, Opera, Safari, OS X, and iOS.
Mailvelope is an email encryption tool that is designed to work with webmail services such as Gmail, Outlook.com, and Yahoo Mail. In my experience, Mailvelope works really well with Gmail, is a little shaky with Outlook.com, and I haven't tested it at all with Yahoo Mail.
PGP mail encryption is famously hard to use and perhaps fittingly, Mailvelope is the hardest to use of these three tools. That said, it's not difficult to understand and still rates as an easy-to-use tool.
Once you've installed it from the Chrome Web Store click on the Mailvelope button to the right of the address bar and select Options. This opens a new tab, which is the central hub of Mailvelope. Here you can generate a new key pair or import an existing one if you have it, as well as import the public keys of the people you're going to correspond with.
If you're not familiar with PGP-style key-based encryption check our previous tutorial on Enigmail for Mozilla Thunderbird.
Once that's done, it's time to start writing encrypted email.
Open a mail composition window in your webmail service of choice and you'll see a small pop-up icon of a pencil and paper. Click that and you'll get Mailvelope's composition window. This is where you want to create your encrypted email since most webmail clients auto-save your messages in unencrypted form as you write them. That's a nice feature, but it defeats the entire purpose of using encryption for better privacy.
Once you're done writing you can click the lock icon to choose a contact to encrypt the message to and/or choose the writing icon to sign the message with your key.
Once that's done, click transfer and your encrypted and/or signed message will be copied to the regular composition window for your service. Then just send the message as you would any other.
Mailvelope is available for both Chrome and Firefox.
The newest encryption tool for Chrome, miniLock--also from Cryptocat maker Kobeissi--helps you encrypt single files. You can do this to keep them secure for yourself or to make sure they can only be opened by the people they're intended for. I recently took an in-depth look at miniLock where you can find out exactly how to use this tool.
But generally, the app uses what's known as your miniLock ID to encrypt files for you. It's generated like many other encryption keys based on your email address and a password. Share this ID with others and they can use miniLock to encrypt files that only you can open. It's as simple as that.
Encryption is a great way to keep your data private and thanks to these tools for Chrome and other platforms, it's getting a lot easier to use.