Here at Gwebs, the makers of the world’s easiest encryption software, we’ve been hard at work on a new, completely re-written and altogether better version of WebmailSafety. So much about this product has changed that we’re even changing the name!

Gwebs WebmailSafety, which offers email encryption for Webmail and desktop clients, is now called MailCloak, and with version 3.0 on the way webmail users are in for some great surprises.

Like what?

The world’s easiest encryption software just got even easier!

Here are the basic features:

• Free!
• Automatic protection for emails and attachments.
• Supports Internet Explorer、Firefox and Outlook.
• Supports Gmail, Hotmail, Live mail, AOL Mail, Yahoo mail, 126 mail, QQ mail and 163 mail.
• Auto-update keeps you secure with the latest features and bug-fixes installed as soon as they are available.
• Simplified backup.
• Automatic Key Management.
• No Adware, Spyware, or Malware.
• Easy invitations.
• Automatic draft encryption.
• Enable/Disable with a single click.
• Supports English, Simplified Chinese, Traditional Chinese and French.

Firefox (versions 2.0 and 3.0 supported!), IE and Outlook versions for Windows will be released all at the same time, with OS X and Linux versions coming soon there-after.

The most significant change is that we have completely changed our encryption algorithm.

We have now adopted the Gnu Privacy Guard (a.k.a. GPG, a.k.a. GnuPG) for public key encryption, so now our users can email anyone who uses PGP or GPG. Users can also store their keys on PGP and GPG key servers, and they can use other GPG compatible programs with their GPG keys – like GnuPG Shell, for key management.

Also: MailCloak 3.0 features a new, completely rewritten GUI (user interface) which no longer relies on flash. FF and IE Configuration and key generation are now handled completely within the browser. Outlook has its own configuration utility.

Note: You can click on the green Gwebs icon (above) to disable MailCloak encryption.

Some more features:

• GnuPG public key encryption, the default algorithm is El Gamal 2048
• Timed Logins: leave your GPG logged in for as long as you like, or get asked for your passphrase every time it’s needed.
• Symmetrical encryption: Don’t have someone’s public key? Now you can encrypt files with a password.
• Digital Signatures: Use your private key to encrypt your digital signature. Anyone who has your public key can decrypt it.

The WebmailSafety Tour!

WebmailSafety is Gwebs new encryption product for Gmail, Hotmail, Yahoo! Mail and AOL Mail and with WebmailSafety’s new 2.0 release out yesterday, it’s high time for a walkthrough!

But first, be sure to download WebmailSafety 2.0 at www.gwebs.com!

1. The First Time You Run Gwebs WebmailSafety
2. Logging into Webmail With A Secure Browser
3. Receiving Normal Email
4. Receiving Encrypted Email
5. Sending Normal Email
6. Sending Encrypted Email
7. The Invitation Process

1. The First Time You Run Gwebs WebmailSafety.
   1. Follow the wizard to create a WebmailSafety account and bind one or more email addresses to it.
   2. When you create an account, WebmailSafety automatically generates a key pair
      (a public key and a private key,)
      and binds it to your new account.
2. Logging into Webmail With A Secure Browser.
   1. Run WebmailSafety and click on a bound email address.

   

   2. WebmailSafety launches a safe version of Microsoft Internet Explorer (The plug-in is only installed when you
      launch MSIE from within WebmailSafety) and directs it to the correct domain.

   

   3. Manually login.
3. Receiving Normal Email: It Just Works!
4. Receiving Encrypted Email: It Just Works!
5. Sending Normal Email.
   1. Go to the Gwebs icon in the Windows Task Bar and select “Disable Temporarily” so that it becomes checked.*
   2. Send email as usual.

*The WebmailSafety Tray Icon should appear inside a circle with a line through it. (like this: )

6. Sending Encrypted Email.
   1. If WebmailSafety is disabled, go to the Gwebs icon in the Windows Task Bar and select “Disable Temporarily” so that it becomes unchecked.*
   2. If attaching files be sure to enter your recipient before selecting the files, so that WebmailSafety
      knows who’s key to use when encrypting the attachments.
   3. Send email as usual.**

*The WebmailSafety Tray Icon should appear normal. (like this: )

7. The Invitation Process: If you don’t have a person’s public key.
   1. WebmailSafety will notify you that you don’t have their public key.
   2. Enter a Passphrase.

   

   3. WebmailSafety uses AES-256 Symmetrical Encryption to encrypt your email with this passphrase.
   4. WebmailSafety automatically attaches your public key and a WebmailSafety download link to this email so the recipient can easily install WebmailSafety, read, and reply to this email.
   5. Call, SMS, IM, or use some other method to tell your contact this passphrase.
   6. When the recipient replies to this email, their public key will be attached to their reply
   7. Now that you have their public key, simply send them email from the safe browser and it will be encrypted.

Well, that’s it for the walk through! Hope you enjoyed it, and don’t forget to check out www.gwebs.com for more info and new downloads!

Facebook, if you didn’t know already, asks you for your email address and password when you create an account, or even if you don’t. It’s a highly visible link on their homepage. The stated reason is so that you can send invite letters to your contact list. And you can’t blame the peeps for trying, right? We all gots our hustle. It’s just that Facebook’s particular hustle leaves a lot of room for doubt. It could be Facebook doing exactly what they claim to do and nothing else, or it could be that the largest data mining company in the world is applying to email what Nigerian scammers have been doing with bank accounts for years.

But it’s also a royal pain in the tuches to have to invite every one of your friends to your social networking site manually, and with the importance of social networking sites to many businesses, people in fields that require a little publicity, and people who really like attention, this is a useful feature.

Which is why this article from blogger Dragon’s Flag caught our eye. It’s not just a plug for our product (although an independent testimonial to how awesome we are it certainly is), it’s also a fantastic little piece of know-how that makes you kick yourself for not thinking of it. And so here it is, translated for your edification:

On National Day (October 1st), 2007, I created a Facebook profile, and as part of the registration process, Facebook asked for my email account and password. To test if Facebook poses a threat to social networks by doing this, I gave them my password. I can hand out my password to pretty much anyone who asks for it, but can you?

My email address is dragonflag@gmail.com, and there are over 3000 emails inside. (Facebook supports most of the major services, including gmail, hotmail, live, yahoo, aol, etc.) Before uploading my password, I changed it to 123456.

I’m a longtime user of the notable Gwebs WebmailSafety software. I have more than 50 people in my address list there, and all the email we’ve sent back and forth is stored on Google’s servers is encrypted using a RSA+AES mixed cipher. I’m definitely not worried about Facebook searching or selling my email, because they can’t understand a word of it.

So after I gave my password to Facebook, those 50-odd received their invitation letters, and after 30 minutes I changed it back. Everything was alright, and now Facebook and don’t owe each other anything, nor do we have to be concerned about one another.

I also used the same method to register at the domestic (mainland Chinese) social networking site XING.com, without any apparent danger to my privacy or data. My advice when dealing with commercial web service companies like this is not to trust them lightly. Their promises to you don’t mean a thing, and it’s never a bad idea to have some basic self-protection in place.

So take my advice, especially if you’re one of those people who haven’t invited their email contacts because you’re afraid of your email being searched or revealed.

Italicized text added by translator.

Encrypting his email, we approve of, and using our product to do it, we approve of even more. But another important step he’s taken is:

Before uploading my password, I changed it to 123456…and after 30 minutes I changed it back

This is very important, because people are often predictable when they create passwords, and even if you use “rules” to create less breakable passwords and change them regularly, if someone gets a sample or two of your work, they can figure out your formula, and you’re right back where you started. Change your password to a no-brainer before giving it to someone, and change it back as soon as possible.

The best advice here, though, is not to let a company that makes its living by selling highly specialized user data to advertisers rummage through your inbox. Using Gwebs WebmailSafety; which is free, remember; or any of the other programs on the market means that your email is safe from advertisers as well as hackers.

One of the reasons we (yes, it’s a we now) at the Cryptographer are in this business is because we get to laugh at the messes we ourselves will never get into. Take, for example, Guo Li, a Hangzhou lawyer whose email was inadvertently “hung out to dry” online by Baidu (China’s search giant) and WanWang (one of China’s largest hosting providers). He sued for 1,000,000RMB (around $120,000), and the results speak for themselves.

I have translated the following article specifically for this blog.

Private Emails “Hung Out to Dry” for a Month, Victim Sues Baidu for
Violation of Privacy.
8-12-2007 3:35 A.M., Beijing Morning Post
After his private emails hosted in a Baidu (百度) account were posted online for more than a month, Hangzhou lawyer Guo Li (郭力) decided to sue Baidu Inc. and email services provider WanWang (万网) for 1,000,000 yuan in damages, claiming his communication privacy rights were violated. A judgment will be issued tomorrow at the Haidian District Court on this so-called “national precedent-setting email privacy case.” Guo Li stated at the conclusion of the trial, “It’s entirely possible to look into other people’s inboxes online, I’ve searched the information myself. This won’t be the last trial of this type.”

(more…)

I Just came across this article on why you should encrypt all your Google activities. The author notes that Google, like most other sites, doesn’t encrypt your connection data…

Google, like most other similar services, encrypts login traffic but not your content. So the moment you’re signed in they switch to plain-text communications and send everything to you in the open.

This means your mail, the news sources you read, your calendar events — are all able to be read by someone with access to any part of the network between you and Google. This could be your employer at work, the wireless network at your local coffee shop, whatever. This isn’t good.

And his commentors note a few things you can do about it:

1) log in to https://mail.google.com/mail (note the httpS://, the s stands for SSL)

2) Install the “Customize Google” Firefox Add-On to force the use of https for all google services. Also check out “Better gCal,”  and “Better GMail 2”

3) One user suggested  Google Secure Pro.

Here is an article on law.com titled Think Before You Send that all my readers should take a look at.

From the article

“Don’t put this in writing, but … ” Those are the opening words of an e-mail that got the writer’s company in legal hot water. And there are plenty more where that came from.”

I mean, you must be kidding me. If you don’t want something in writing, don’t write it. And if you write it, encrypt it! Common sense, kiddies!

Yesterday’s news of Hushmail.com passing information to the US Government is alarming to most people who consider privacy important. We use encryption to protect our privacy against industrial spies, nosy intruders, and hackers; but most importantly, we use encryption to protect ourselves against governments, which are becoming more and more nosey.

(more…)