Your email contains valuable information
Back in the days when we started using email, nobody cared about securing their communication flow. And one could say that regular, unsecured email is still an option for ordinary messages, for example, inquiring with your partner what the planning will be for tonight’s dinner. Other emails can contain more valuable information, for instance, the location of your next holiday or your intention to attend a political meeting. Once an email is sent out, it can be traced, seized, read, and even changed.
Installing a browser extension to secure emails
As many people rely on Google, let us explain about basic end-to-end encryption for Gmail. By installing an extension in your Firefox and Chrome browser, you can easily send more secure emails using Gmail. There is also an android app available, but at the time of writing, there is no iOS version yet. FlowCrypt offers an easy to use add-on to establish PGP encryption to your Google email and attachments. The installation just takes a few clicks, and afterward, you will be able to send and receive encrypted email messages by clicking a Secure Compose button in Gmail.
How to install FlowCrypt
On the FlowCrypt site, download the extension for your browser and then enable the add-on. After installing, you will need to authorize FlowCrypt to use with your Gmail account. Assuming that you do not have an encryption key, click the link to generate a New Encryption Key. And finally, choose a strong passphrase. You will use this passphrase will to unlock your encrypted message.
Basic end-to-end encryption for Gmail using public keys
If the receiver is also using FlowCrypt’s basic end-to-end encryption for Gmail, there is no need to load any public keys; the extension handles everything. FlowCrypt recognizes other users because the add-on communicates instantly with FlowCrypt’s key server when you open a secure reply or compose window. The key server then sends the recipient’s public keys to the client, and the PGP encryption occurs with those public keys.
Or use a one-time password
Even when the receiver is not using PGP encryption, you can still send secure emails to any email address. That is one of the advantages of using FlowCrypt’s basic end-to-end encryption for Gmail. The extension will first look for a public key of the receivers’ email address. And if that is not available, you can protect the message with a one-time-password. Of course, you will need to provide this password in person or via another secure channel. In such a scenario, the message is not sent to Gmail; instead, you will receive an email with a link to it on the FlowCrypt server, where you can access it within three days.
PGP does not offer the most reliable email protection
PGP – Pretty Good Privacy – enhances your email security, without a doubt, but on the other hand, using this basic end-to-end encryption for Gmail does not offer the most reliable protection from a privacy point of view. As Google keeps an eye on all of your emails for marketing purposes, using PGP obstructs this, but your metadata is still readable. All of the header information in your email remains unsecured; the email receiver, the subject line, and the time of sending the message.
The PGP program has its proponents and opponents
Without going too deep into the technicalities, PGP is an encryption program dating from 1991, and as such, it has its proponents and opponents. In essence, it generates a public and a private key using randomly generated numbers and characters. The public key gets shared so the receiver can redeem it and send you encrypted messages. You need to keep the private key to yourself; it is used to read the secured emails when it matches the public key.
Not so popular because somewhat technical
Though PGP and equivalent methods are widely used in securing communications related to digital certificates on computers, it never has become widespread among regular users. Part of the failure lies in the fact that it is all a bit too technical for people; a long, random string of characters that still needs storage in a file, and protected with a passphrase which you need to remember.
For a more in-depth analysis of the drawbacks in using PGP with email, read this article.
FlowCrypt offers basic end-to-end encryption for Gmail only
While FlowCrypt is one of the easiest ways to secure your emails, it provides just basic end-to-end encryption for Gmail only. There are other, more robust solutions to encrypt email, which we will discuss in other posts. But it remains a good alternative for those with moderate concerns about their digital privacy. There is a free and a paid version available; the latter offers some extra’s as larger attachment sizes and a customized email footer.