These are important questions for activists.
Recurrently I am thinking about this topic. So far I could not get a good solution, so I will share my information and hope to get help.

Personally I use cone on our server to read and write encrypted mail, which is no solution for most of the people.
Another paranoid solution for remote gpg.

Es gibt auch eine gute gpp-Anleitung von Kai Bingen (ravenhorst).

Webmail

There are commercial freemail webmail services (gmail, ymail, hotmail, comparism), but let’s not use them.
If you use them though, freenigma (firefox-extension adding GPG-encryption to GMail, Yahoo! Mail and Hotmail.) could be interesting for you.

Besides this, there are more advisable possibilities:

  1. Use an mail service that you trust and convince everybody to use it (like mail.riseup.net)
  2. Find a webmail service that supports gpg encryption
  3. Find a webmail software that supports gpg and setup your own mail service.

The first way I am using already (to be accurate: I use multiple mailboxes where I communicate locally to have few mails that need to be transferred between servers.)
Another discussion could be to establish a net of servers, that transfer mails only encrypted – as long as you trust the admins involved, this could be a fallback solution.

Encrypted webmail

The following quotes are taken from a slashdot discussion about this topic.

“Encrypted webmail is a tricky issue. In the final analysis you basically have to use a passphrase that is so good that you don’t mind having your (encrypted) private key publicly available.
Consider that the webserver admin(s) will have access to the encrypted private key. Also consider that the webserver (process) has read access to the key. The upshot is that if anyone gets root access to the box, gets a shell under the webserver’s UID, or convinces the webserver to serve up a file that it is supposed to have read access to, the only thing between your private key and an attacker is your passphrase.”

“It’s worse than that. If they root the webmail server (or a little more difficult if they just get the webserver UID), they can read the SSL traffic, including your passphrase. In short the only way to have securely encrypted email is to store the private key on your own private local machine – a webmail service simply cannot gaurantee you jack.”

“Webmail is for roaming. If you’re roaming, then you don’t trust the client. PGP is useless if you don’t trust the client.
And don’t say signed java applets ‘cause (1) if you trust the provider’s signature then just use https (I’ll give you an account at inbox.org) and (2) if you don’t trust the computer then you can’t store your private key.”

gpg webmail software

I followed this list

thin clients

Some more thoughts on thin clients (machines that provide nothing else than a web browser) like in internet cafes usually.

open mobile architecture

unsorted resources

German: