SecureGmail is an open source Chrome browser extension to encrypt and decrypt Gmail messages with one click. After installation you will see a red padlock next to the compose button in Gmail, clicking on it will launch the compose window with a red bar that says “Secured“. Unlike other encryption extensions, SecureGmail does not allow Google servers to keep a draft of your message and encryption takes place in your browser, Google will be unable to read anything other than scrambled text, however, attachments are not encrypted, SecureGmail only works for text.
You will be asked to enter a password after you have written the email and, optionally, a password hint. You will have to either, transmit the password to the receiver by secure means, or enter a password hint that the receiver can easily guess. When the other end receives the message he will see scrambled text and a warning saying “This message is encrypted, decrypt message with password“.
The strength or SecureGmail is that Google is kept out of the equation by not giving the company any way to read plain text, SecureGmail open source code allows others to check for bugs and email encryption is extremely easy and quick, but there are also many SecureGmail downfalls, the first one is that both parts must have the same extension installed to be able to encrypt and decrypt data, the second problem is that sender and receiver must be both using the same browser, SecureGmail only works in Chrome, and a third obvious problem is that the password has be transmitted, this will encourage people to reuse passwords and it will reduce security.
SecureGmail can be useful for an organisation that has their email hosted by Gmail, but only for staff conversations as sending email to outsiders would be sure to slam against one of the problems highlighted above. If you need a way to encrypt email that can be delivered anywhere, consider learning about PGP and Enigmail or download the Mailvelope extension.
People concerned about privacy should not be using Gmail, but if you do, encrypting it will give the NSA some work to do in between reading clear text messages. Encryption can not protect you from the who is communicating with who server metadata, trying to fool the NSA using Gmail is like trying to win the lottery by praying to Allah, a total waste of time.
There are plenty of reasons not involving national security about why you will want to encrypt your email messages, like not wanting readable email messages stored in your inbox for ever and protecting yourself from embarrassment if a typo sends an email message to the wrong inbox. In scenarios where metadata collection is not an issue, an extension that encrypts email is adequate protection.
