Comments for freenigma: Encryption For Web-Based E-mail

freenigma: Encryption For Web-Based E-mail

2006-10-23T23:19:13Z

freenigma is a Firefox plug-in that offers e-mail encryption to a whole range of Web email systems - including Gmail, Yahoo!Mail and Hotmail/MSN. It is a product of Germany-based freiheit.com. freenigma came out of public beta at the end of September and is now open to all - but you still have to enter your name and email address to receive "an invitation" (which sounds quite 'beta' to me). Interestingly, freenigma has also just announced a Professional Edition for corporate customers as well as a Microsoft Outlook plug-in - both to be released by the end of the year. So looks like they're expanding beyond just web email and into the enterprise space.

It is a compelling product, as privacy and security are among the two biggest concerns related to using the Web as a platform. Although I am an avid user of Gmail, I wonder sometimes about sending private information across the ether on a web-based email service. I'm sure they're the usual slightly paranoid concerns of every single Web user, but a product like freenigma is positioned well to take advantage of those common concerns for privacy. See also my recent post on Web 2.0 security issues, from a report by Finjan.

]]> The freenigma homepage makes no bones about playing on the privacy fears of Web users:

"Today, all your e-mails are stored and sent around the planet in plain text. And today you have no control over what happens to your private or business e-mail conversations and you can't prevent others from reading them. Get your privacy back! Encrypt your private and business e-mails to protect your freedom, privacy and your business secrets."

How it works

freenigma was built using Ajax and developers are invited to use an open programming interface (Open API) to extend freenigma and integrate it into their own applications. It is browser-based (Firefox), so it runs on all the main OS platforms - GNU/Linux, Apple Macintosh or Microsoft Windows XP. It is also based on "one of the most famous and most widely used cryptographic software packages in the world: the GNU Privacy Guard (GnuPG)." Werner Koch, developer of GnuPG, is a founding member of freenigma along with Stefan Richter.

freenigma works by encrypting e-mails before they are saved and sent; they are then decrypted on the other end by the recipient. As noted in the FAQ, even if web-based email providers offer their own encryption services, freenigma is a service that works across all the web email systems.

As for their business plan, it is a free service "for private individuals". The fact they're releasing an Outlook and corporate version soon suggests that the enterprise market is where they'll make their money. Indeed this is confirmed in the FAQ:

"We believe that many companies will outsource their e-mail in the near future. To do so, they will utilise the services of Google Mail, Hotmail or Yahoo! Mail. However, we believe that this change will only take place if companies are able to encrypt their business secrets independently of the provider. That’s where freenigma comes in. :-)"

Interesting service and I am curious to see how much take-up they get from businesses for the paid service. There have been enough security lapses recently by Google in particular to make a service like freenigma very viable. What do you think?

Comment from Emre Sokullu on 2006-10-24

2006-10-24T20:53:36Z

Yes, this is a must for enterprise use of Gmail hosted service but Google-Yahoo can always offer their own PGP encryption/signature services, I think they just don't see a need for this in the market. So this may not be a viable product.

Comment from Stefan on 2006-10-28

2006-10-28T19:54:13Z

Yes, Google-Yahoo could offer a service like this themselves, but...

To make it secure, the content must be separated from the encryption. Or in other words: If Google-Yahoo encrypts your mail, they can also decrypt it. So this operation must be provided by an independent company/system!!!!

freenigma has no access to your data. And Google-Yahoo has no access to the encryption keys. In this way you can be sure, that Google-Yahoo can not decrypt your data on request. And freenigma provides interoperability over several webmail-systems and not only Google-Yahoo...

Comment from raj on 2006-10-29

2006-10-29T21:45:03Z

Sounds like a great application. But I have a hard time believing large corporations would outsource email. They need an IT department for other purposes, so I can't see them splintering off only email. Though they may buy the Professional edition of freenigma.

SMBs/ SMEs, on the other hand, might outsource their email.

Comment from Graeme Thickins on 2006-10-30

2006-10-30T13:22:35Z

To get a picture of outsourcing related to email, you could look at email archiving -- required by scads of regulations today, which collectively affect most companies. (No, archiving is not the same as backup, which is for system restore for disaster protection; this is about fast retrieval. Any company that's ever had to produce emails for legal discovery can tell you all about it.)

There are hundreds of firms now offering email archiving as an outsourced service. However, when you look at how expensive the service can be (even though there's little or no up-front investment), not to speak of the loss of control, one does wonder just how many companies will really want to go with an outsourced service for anything to do with email. It's a lot to fork out annually.