Free encrypted OpenPGP webmail Scramble.io

Scramble.io is an end to end webmail encryption provider that works with the widely adopted security standard OpenPGP, compatible with GnuPG and PGP email encryption providers. Scramble.io encrypts messages in your browser with Javascript using OpenPGPjs, an OpenPGP library to sign, encrypt, decrypt and verify text.

When your email is uploaded to Scramble.io servers everything is already encrypted and the administrator has no way to read it. Your private key is backed up in the server but encrypted using your passphrase, the server never sees your unencrypted private key or passphrase, any NSA subpoena asking Scramble.io to provide a back-door, can not be enforced. To stop server tampering, the developers are working on a browser extension that will verify the Javascript code loaded from the server has not changed.

Encrypted OpenPGP webmail Scramble

Encrypted OpenPGP webmail Scramble

Creating an account in Scramble.io only requires you to choose a username and passphrase, your personal OpenPGP keys will be created in the browser during sign up, if you forget your passphrase it can’t be reset and your emails will be lost for ever. To distribute your public encryption key to friends you can copy and paste it by going to the Contacts tab in the interface, or upload it to a public keyserver, in the same tab you can access your private encryption key.

All email messages sent to other Scramble.io addresses are automatically encrypted and verified, if you email someone at Yahoo or Gmail  encryption will only be done automatically if you have previously uploaded their public encryption key to Scramble.io. If you haven’t got the encryption keys for the person you are emaling to, a warning window will pop up telling you that the message is being sent unencrypted. Scramble.io can’t do magic, you need to get your friends to create an PGP key for communications to be secure, either that or you both use the same secure email provider.

While Scramble email interface is really basic and not able to send attachments, it does the job and it has shortcuts. This not a webmail provider that can compete in features with others, but it has good security. I checked the email headers sending myself a test message and Scramble.io will not show your computer IP when sending email, it is replaced by an IP from a US data centre (Linode).

The datacenter , although not being able to read the emails, could monitor who is communicating with whom but this is not something the NSA needs. OpenPGP can not scrub metadata, the to and from fields are not encrypted and the wire-tapping that the NSA has on deep sea Internet cables will know who is emailing who, frequency and size of email, regardless of if the server is in the USA or China.

The best part of Scramble.io is that it is an open source project and anybody can set up their own Scramble encryption email server. Note that this is a prototype and work in progress.

Visit Scramble.io homepage

Comments (7)

  1. Dan 11 June, 2014
  2. random hero 11 June, 2014
  3. elchupacabra 2 May, 2015
  4. hacker10 2 May, 2015
  5. nobuddy 13 July, 2015
  6. Hacker10 13 July, 2015
  7. nobuddy 13 July, 2015

Leave a Reply