Google announces end-to-end encryption for Gmail (a big deal!)


#1

[Permalink]


#2

Yet, it's difficult to completely log off from Gmail and related Google sites on a public computer...


#3

The two big questions I see on this are (1) how does this work with Google's business model of data-mining emails to show targeted adverts and (2) what happens when non-technical people lose the keys that must be stored on their machine for this to work (e.g. HD failure).

If the keys are backed up to the cloud then the NSA just needs to go after that data and we're back to square one...


#4

I think this is good news. One reason is that in my experience getting someone to know about PGP, have a key, know how to encrypt a message and decrypt a message is really hard. Even the "easy" tools are confusing.

I've tried to talk to some journalist about stuff that should be encrypted they don't have a clue.
Wait until later this week when it has been revealed that the government has been spying on journalists all along.


#5

EDIT: Nevermind. This has extreme potential to be crap for the reasons others have suggested. In that case it would only be a mass pacifier.

There are a few things about this announcement that I like, and maybe one or two things to note.

This only works gmail to gmail, and the text will be decrypted at either end. If your computer is compromised, all the messages to and from you will be compromised as well.
Google has committed to making it available and easy, which is pretty cool, and they are releasing the code for study prior to release for use. That is very cool. I can only hope that the code is good, and that it will ALWAYS be open for inspection by anyone at any time.

"We recognize that this sort of encryption will probably only be used for
very sensitive messages or by those who need added protection. But we
hope that the End-to-End extension will make it quicker and easier for
people to get that extra layer of security should they need it."

Hopefully everyone will use it all the time for everything.

There are risks, and Google has helpfully pointed out some of the potential problems for us here.

Looking forward to see where this goes.


#6

From the project FAQ:

I forgot my keyring passphrase!

If you forget your keyring’s passphrase, there is no way to recover your local keys. Please delete the extension, reinstall the extension, and then import the keys from your backup.

So it looks like they're not storing keys in the cloud.


#7

No it's not. It's extremely simple.


#8

1) That's not their business model. Their business model is advertising. Showing contextual ads in email is a helpful benefit to the goal of engagement but if they can't show contextual ads they will still show ads. Ads are their business. Whether they're contextual or not is icing on the cake for them (and, arguably, for users).

2) This is the problem with encryption. You really need to remember your keys! The solution goes along the lines of xkcd's correcthorsebatterystaple.

If you really care about security of your email contents you never store the key anywhere in plaintext. LastPass is OK because it encrypts everything (just don't forget your LastPass credentials!)

@newliminted it appears the plugin will eventually be rolled out to work with other webmail providers.

While Google offers limited security for its webmail service Gmail – by forcing HTTPS connections for all communication to and from the web server – the search kingpin said its Chrome plugin will expand protections to other services and allow for message information to be secure from endpoint to endpoint (so long as you're running Chrome with the plugin installed).


#9

The context they'll use to show you ads will be your browsing history, location, and other data they hold on you. All they're removing is one part of the signal (the contents of email).


#10

So it's a sacrifice on their part, yes? I imagine they get a good bit of data from email contents.

Do you think the USG would (for example) order Google to remove end-to-end encryption plugins from the Chrome store?

I'm thinking of a future in which such encryption tools are considered illegal by an increasingly paranoid state.


#11

So... I guess the question now is: whose Javascript implementation do you trust? Or even: whose compilers do you trust not to recognise the compilation of a Javascript interpreter and insert some malicious code, even if the browser source code is clean?


#12

We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection.

If I were to suggest that it were better if everyone used it for everything, would that mean I was revealing a desire to make it harder to find 'bad secrets' among the consequently vast volume of mundane chat? I ask only because the well-intentioned secret holders are indistinguishable from the ill-intentioned ones as far as sensitivity and protection is concerned. And I would not wish to seem to be encouraging the latter.

So I guess I'd better not ask.


#13

I wonder how many people have made correcthorsebatterystaple their password since this comic has been published.


#14

Ted Dziuba raises a fairly glaring security hole:

What is the security bug?

If Chrome is configured to allow automatic updates, or if the user explicitly updates Chrome, Google can ship hostile binary code that will reveal the user's private key.

How would someone exploit it?

The government sends Google a National Security Letter or other such demand to send a hostile update to a user's computer, which will then send key material back to Google, who will then relay it back to the government.

https://code.google.com/p/end-to-end/issues/detail?id=9


#15

That's a good targeted attack, but it carries with it a risk of discovery, which makes it less desirable to the NSA.

If the NSA sends everyone a backdoored binary, it's likely someone will notice foul play*. If they target only an individual it becomes more stealthy, but also less effective for dragnet surveillance purposes. The NSA's current MO is to slurp everything at the data center, and never even have to touch the endpoints. Totally passive surveillance is their goal, so there's both no way to avoid it and no clue what they're looking at.

So that's not necessarily a reason to avoid this plugin, but I do think that as a general rule it's a bad idea to trust Google with anything, even encrypted email.

* heartbleed notwithstanding :)

#16

But Google still can decrypt!


#17

I think it's a good deal, not for the details, but for the spearpoint it represents. Google took a lot of flak (rightfully) for caving to Chinese censors. If they're willing to stick their necks out on encryption now, it may serve as a signal to other corporations that it's time to move or lose face with customers.

Really, though, it does little to solve the NSA problem, which is mostly about metadata. Reading the texts of emails is so very 20th century.


#18

Anyone know if they intend to release this for firefox , or will it be a chrome-only feature?


#19

Please forgive a question that some might find stupid (I am a toddler in terms of my computer knowledge). If I'm using an ad blocker, it is safe to assume that data is still being mined in order to direct ads at me and I'm just not seeing them on my end because of the block, correct? I know a few people who believe that an ad blocker stops the entire process because they don't see the annoying end result.


#20

I expect it to show up in the next dump of "liberated" plaintext passwords stuck_out_tongue