I always keep an eye on information security tools. As you may know, sending an unencrypted email through the internet is like sending a postcard. It exposes your message to the world. Freenigma aims to solve that.
Freenigma uses many of the established rules of security: one, it uses an established cryptographic standard (PGP) and two, it is open-source. So far it supports Gmail, Yahoo mail, and Hotmail. And it only works in Firefox, which is another reason to ditch IE.
There is one concern though. As I understand the FAQ, while encryption/decryption happens in the browser, the encryption keys are stored/generated in Freenigma’s server:
All mail is encrypted or decrypted directly in the webmail client (i.e. directly in the browser). But how does that work?! For the experts: when making an encryption request, the freenigma extension sends nothing more than the list of recipient addresses to the freenigma server. In response, it receives a random session key for symmetric encryption within the client as well as an asymmetrically encrypted session key for all the recipients. AES encryption is then performed within the client using the unencrypted session key. Then, the user script in the client combines the symmetrically encrypted mail text and the asymmetrically encrypted session key to create the OpenPGP binary format.
I am wondering why Freenigma doesn’t encrypt using the standard private/public key process, wherein the private key is known and generated only by the sender.
If you are interested to avail of this service, you can register at Freenigma’s site.