7 comments

[ 0.28 ms ] story [ 28.3 ms ] thread
Does anybody use an extension like this for their email? I have always been turned off by horror stories of Chrome extensions being bought out and injected with malware[1]. I would love to have my email encrypted easily, but not at the cost of opening a new attack vector that could bypass that encryption. What open source extensions are there that can be installed locally?

[1] https://arstechnica.com/information-technology/2014/01/malwa...

What do you mean by "extensions are there that can be installed locally"? Depends on what mail client you are using. Thunderbird can do this. I use mu with emacs mu4e and it just works. You need gpg installed, that's all.
FlowCrypt operates as a Chrome extension, so I assumed that the email client in question was the Gmail web client (or Inbox by Gmail). One can install extensions from the local filesystem rather than the Chrome store, which removes the threat of autoupdating into adware or malware. However, I don't know of any open source crypto extensions built to be installed that way. FlowCrypt might work, but the licensing terms don't seem amenable to that approach.
All chrome extensions can be copied and installed locally...Assuming the source code doesn't protect against something like this. You could take this extension, copy the obfuscated source, then load it locally to avoid auto updating in the future.

Chrome generally doesn't like apps that load their bg page scripts via web requests to help increase security. So it's likely that they aren't doing this.

Encryption is a joke. It's easier just to be a humane person, to treat others well... nope, they instead have to be total fucktards. Not like you all weren't warned already.

Imagine what you use for encryption. Now imagine a stick of butter and a hot butter knife melting through that butter. That's how easy it is to break your encryption.