July 23, 2013

Send Gmails That Not Even Google Can Read


Google provides some pretty strong security controls like two-factor authentication in order to prevent hackers from hijacking your account and other controls that allow you to recover your account in the event that it’s compromised. Unfortunately, Google monitors messages on its freely available email service in order to serve specifically tailored ads, and if the National Security Agency comes knocking on Google’s Mountain View, California doors with warrant issued by the Federal Intelligence Surveillance court, then Google has no choice but to hand data from your various Google accounts.


A San Francisco-based email management company called Streak somewhat recently developed SecureGmail, an excellent, open-source Chrome-extension the gives users the power to encrypt their messages locally, so that Google never has access to the unencrypted contents of a given message. That’s right, the only thing that ends up on Google’s servers is the completely and incomprehensibly encrypted text. And if Google can’t read your emails, then it’s a safe bet that no one else can either.

I once broached the subject of whether or not Gmail was safe for work. SecureGmail is definitely safe for work.

It works like this: you go to the Chrome Web Store and install the SecureGmail extension for free. When you want to send a secure message, you’ll notice a small box next to the compose button with a nearly invisible padlock on it. If you click it, a red, compose message box saying “New Message – Secured” will pop-up.

Screen Shot 2013-07-23 at 9.20.13 AM

After you pick a recipient and compose your email, you will be prompted to create a password. When your recipient receives the email he or she will be prompted to enter the password. If a user has not yet installed SecureGmail, he or she will be prompted to do this as well. After your recipient enters the password, he or she can read the message. Just like that: free privacy.

SecureGmail is only as strong as the password you create and the password you create is only as strong as the method you choose to deliver it.


The obvious question becomes, how do you securely relay that password? The best choice is in person, but that may not be possible. SecureGmail will also let you create a hint for the password. This could be a secure way to relay the message without ever even telling the recipient what the password is, but you’d need to be pretty clever to play it this way.

Remember, SecureGmail is only as strong as the password you create and the password you create is only as strong as the method you choose to deliver it. It’s not a terrible idea to write down a completely random, alpha-numeric password mixing in capital and lower case letters and symbols and just mail it to your recipient. You could tell your recipient the password in a phone conversation or over the internet too, but this is less secure. DO NOT send the password via Gmail or any other Google service. That would completely undercut the purpose of SecureGmail. This bears repeating though, the very best way to transmit the password is by whispering it in the recipient’s ear. Get creative about sending it; think cloak and dagger.

Your password is also no good if someone has already installed a keylogger or compromised your machine in some other way. So make sure you keep everything up-to-date and run a solid anti-virus product.

Encryption is really the backbone of Internet security. This extension is particularly great – among the best in fact – because it brings strong encryption to Gmail in such a simple, intuitive way that almost anyone can figure it out and improve the security of sensitive messages. And better yet, it’s security that you get to control!