|
freenigma: convenience vs. security
freenigma is a new service from g10 Code and freiheit.com, two German companies i'd never heard of before yesterday. it works as a server-client combination: a central server that handles all the encryption keys and a Firefox extension (support for Internet Explorer and Safari is forthcoming) that does all the encrypting and decrypting. once installed, freenigma makes it possible to encrypt one's webmail by adding new "encrypt" and "send enrypted" buttons in the compose screen to Gmail, Hotmail and Yahoo Mail.
i signed up in case I ever decide to use it (or a friend or client using Gmail, Hotmail, etc. wants to encrypt something before sending it to me). it looks like this might just be crypto that's easy enough for non-geeks to use. does it really matter if keys are public or private, or if encryption is symmetric or asymmetric? yes, of course it does1, but freenigma solves all the usability problems many users have by simply adding "encrypt" and "decrypt" buttons and then doing all the tough stuff behind the scenes. brilliant! this makes me feel all happy and bubbly and i'll definitely be keeping my eyes and ears focused on freenigma. however...
am i the only person concerned about a centralized third party organization you've probably never heard of ~ in a country with a history of backdooring crypto 2
~ having exclusive access to the private keys of its users? public keys are another story (my public key, for example, is available right here and i'd love for you to have a copy), but the first rule in PKI (public key infrastructure) is to never give out your private key.
the freenigma questions and answers (FAQ) page mentions "private data," and i think they mean the contents of your emails. to the crypto community, though, private keys are also considered "private data." you see, anyone with your private key can decrypt your data or, even worse, give your private key to another party.
this is a case of convenience vs. security. freenigma is light years ahead of everything else i've seen when it comes to leveraging strong encryption with issues of ease-of-use, but why do they go out of their way to avoid talking about private keys? freenigma's FAQ currently asks, "why should I trust the webmail providers?" but i wonder, "why should we trust freenigma?"
i hope that these questions about private keys and ownership are addressed by the folks at g10 Code and freiheit.com (either "yes, we have your private keys" or "no, Christefano is a dimwit" would be fine). i'm also looking forward to seeing interoperability with freenigma and other PGP / GnuPG / OpenPGP software.
until then, i'll be using other crypto software (Mac GnuPG and Enigmail) with the assurance that i'm the only person with access to my private keys. the freenigma extension is installed but disabled for now.
- although i play one on TV, i'm not an expert on public key encryption.
- fortunately, this backdoor was later closed.
28 August 2006 update: Ben Laurie, who know more about internet security than i do, takes a hard look at freenigma in his post, Big Brother Comes to Firefox.
one of the things he says is, "freenigma can decrypt my mails (and anyone else they care to give the session key to). What’s more, it looks like they have your private key, too, so they can impersonate you." ending on a positive note, he adds, "now we need a Firefox extension that does this properly, more than ever. If someone wants to do it, I’d be more than happy to help."
~ Christefano, 26 August 2006
| 
Ivanoats wrote...
Interesting, but it looks like I'll be sticking with GPG for Mac Mail. There is a great video about how to install it here:
http://www.twit.tv/mb6