https://tanguy.ortolo.eu/blog/article108/webpg en a blog about Debian and self-hosting Wed, 11 Dec 2013 23:21:00 +0000 PluXml https://tanguy.ortolo.eu/blog/article108/webpg/#c1386804095-1 https://tanguy.ortolo.eu/blog/article108/webpg/#c1386804095-1 While encryption and web browsers surely are a bad mix, the attacks mentioned on Lunar's reference appear to operate only during message composition and possibly decryption, and point to flaws in FireGPG implementation that may not be present in WebPG. In addition, they do not expose the plain text more (at worst) than not encrypting at all. More importantly, they do not appear to address any issues with the encrypted output which will be stored in gmail (for example). The transient risk of capture during encryption or decryption probably is much smaller than the risk that unencrypted mail will be captured either during composition, transfer, storage on a providers servers, or while being read by a recipient. Wed, 11 Dec 2013 23:21:00 +0000 Tom Dial https://tanguy.ortolo.eu/blog/article108/webpg/#c1378572172-1 https://tanguy.ortolo.eu/blog/article108/webpg/#c1378572172-1 FireGPG was discontinued because its other was eventually convinced that it was a very bad idea. There is no way to trust a website to not look at the cleartext before encryption/after decryption if that piece of information is accessible through the DOM. I strongly suggest you read Tails advisory before advertising it further: https://tails.boum.org/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks/ Sat, 07 Sep 2013 16:42:00 +0000 Lunar