There are plenty of benefits to webmail, but privacy isn't one of them. Webmail providers like Google routinely data mine email contents to display relevant ads to its users. During the September OWASP San Antonio Chapter meeting, Jeremiah Grossman discussed his time at Yahoo! and shattered any illusions anyone may have had about Yahoo's webmail system. If you prefer to be the only one who reads your email or prefer that the people you send email be its only recipients, FireGPG might be a good fit for you. FireGPG is a Firefox plugin that, once installed, makes sending encrypted email a one-click process.
FireGPG isn't a key manager, so you'll need to install GPG first and create a key pair. If you are using Microsoft Windows, download WinPT and GPG and install it at the default location. If you are using Mac OS, download and install GPG for Macs. Last (but not least) Linux and GNU users can install it with one's favorite package manager or from the official website.
Once you've installed FireGPG and created key pairs, new buttons will appear in your GMail account when you go to compose your next email. Instead of clicking "Send", simply click "Sign, Crypt, and Send" to send an email to anyone with whom you've exchanged public keys. When you receive an encrypted email in your Gmail account, simply click "Decrypt this mail", and you will be shown the unencrypted version.
—Erhan
I think you should check out our recent blog post on FireGPG:
http://blog.watchfire.com/wfblog/2007/12/firegpg-046-gma.html
Posted by: Ory Segal | December 27, 2007 at 10:01 AM