Google is considering end-to-end encryption for Gmail

By Shawn Knight
Apr 21, 2014
Post New Reply
  1. Google is said to be looking into ways to make end-to-end encryption tools such as PGP (Pretty Good Privacy) easier to use with Gmail. The utility is already compatible with Gmail but its complex nature has kept it from reaching...

    Read more
  2. MilwaukeeMike

    MilwaukeeMike TechSpot Evangelist Posts: 2,009   +681

    I thought PGP was on the way out and GPG was what everyone was upgrading to. Why are they using the old method?
  3. Nobina

    Nobina TechSpot Booster Posts: 336   +66

    What's the point of encryption if they are willingly gonna give NSA information?
    treetops and JC713 like this.
  4. CJ100570

    CJ100570 Newcomer, in training

    Mailvelope makes using PGP dead simple with GMail. Surely Google can't be suggesting that their users are so stupid as to not be able to follow such simple instructions as clicking on a padlock to encrypt/decrypt a message?!
  5. FF222

    FF222 Newcomer, in training Posts: 23

    "The company would either have to make it crystal clear exactly how important keeping up with the password is or perhaps use a cryptographic technique called key stretching that makes a short password stronger so individuals wouldn’t have to remember a lengthy password."
    If they would implement it this way, it would be completely pointless, because the encryption would be as easy to break as breaking the password itself. Which is usually not so hard, considering how dumb passwords people use or how easy it is to trick them into giving said passwords away with social engineering and phishing.

    Also PGP does not work with long password, but with asymmetric encryption and public/private key pairs. Now unless those keys were owned by the user only, they would be also pointless, because Google could still be forced (by law) to give them away, without even letting the user know about this.

    The other problem is: if emails were travelling encrypted through Google's systems and not even Google would have the keys for them, they couldn't analyze the emails either and could not attach relevant ads to them. At any point they would still do, they'd defeat the purpose of the end to end encryption. And without the ability to attach ads, this would obviously a no-go for them. (Unless they limit this functionality for paying subscriber accounts only.)

    So this is most likely just a PR stunt - like most announcements and leaks from Google since the Snowden revelations - which will actually not provide an effective countermeasure against spying, and will not result in actual increase of security for the end-user, regardless of Google using the magic word "encryption" all over.
    MilwaukeeMike likes this.
  6. FF222

    FF222 Newcomer, in training Posts: 23

    PGP and GPG are not names of encryption methods, but software products/packages. Functionally they can be considered practically the same, with the only real difference the former being proprietary and the latter being an open source solution.
  7. wastedkill

    wastedkill TechSpot Maniac Posts: 1,039   +218

    Wernt they considering this like 3 times before?
  8. MilwaukeeMike

    MilwaukeeMike TechSpot Evangelist Posts: 2,009   +681

    Yeah, sounds like it... how will Google be able to filter out my spam if they can't access the email contents?
    FF222 likes this.
  9. Skidmarksdeluxe

    Skidmarksdeluxe TechSpot Evangelist Posts: 2,781   +700

    At least they're trying to make it safer, I can't argue with that.
  10. Relic

    Relic TechSpot Chancellor Posts: 1,392   +16

    Agreed, Mailvelope is pretty user-friendly to begin with. Sadly I imagine the majority of gmail users aren't aware of Mailvelope, so maybe they want to create something in-house or this is just a PR stunt as @FF222 raises.

    Advertisers/spammers wouldn't use encryption as it would require everyones public key. If Google does anything, they will likely mimic in some fashion Mailvelope.
  11. JC713

    JC713 TechSpot Evangelist Posts: 6,667   +868

    Eh, yeah. They want people to feel safe.
     
  12. The only words in the laypersons frustrum will be SAFE, ENCRYPTION, SECURE, GOOGLE.
    An easy lie to tell is that you're going to do something; It works.. against most people.. all of the time.

    Just a save-face tactic and to cull non-google solutions to a problem coconspired by google.
  13. Startmail.com, currently in beta, is going to offer exactly that: on-server PGP.

    Of course, it's not as secure as doing it locally but it's a start and good and easy enough for most folks.

    They also have an interesting feature of sending a semi-secure message to non-PGP users with mutually agreed upon password authentication. (send message from Startmail to non-pgp user, user gets SSL link, opens it, enters password, sees message. The reply, still over the same SSL link, will be encrypted with Startmail user's PGP key and sent to his inbox).


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.