[Cryptography] any reviews of flowcrypt PGP for gmail?

Sid Spry sid at aeam.us
Thu Aug 20 19:51:02 EDT 2020

On Thu, Aug 20, 2020, at 5:47 PM, John Denker via cryptography wrote:
> Has anybody vetted flowcrypt?  It purports to provide PGP for gmail.
> https://chrome.google.com/webstore/detail/flowcrypt-encrypt-gmail-w/bnjglocicdkmhmoohhfkfkbbkejdhdgc
> It claims to provide "end to end" crypto, but as we've seen lately,
> that doesn't always mean what we might want it to mean.

Well, I see a few problems, most of them unrelated to the actual implementation:
1. Updates pushed from Chrome app store. Updates that compromise the encryption
could be pushed to targeted users.
2. The plugin runs in the browser and could likely side channel message info via
analytics/tracking APIs, etc.

> It also claims to be easy to set up and use.

As I'm sure you know this good for getting people to actually use it. I think Telegram
or Signal fare better, but are not suitable for all conversations perhaps.

More information about the cryptography mailing list