Revelations from NSA whistleblower Edward Snowden have elevated the public’s concern regarding privacy and security to new heights, precipitating a response from major technology companies like Google.
The search giant recently published the results of a multi-year study conducted in partnership with the University of Illinois and the University of Michigan tasked with determining just how far e-mail security has come over the last couple of years.
The trio discovered regions of the Internet that actively prevent encryption by tampering with requests to initiate SSL connections. By working closely with industry association M3AAWG, Google said they’re strengthening “opportunistic TLS” using some of the same technology pioneered in Chrome.
What’s more, they uncovered malicious DNS servers that publish phony routing information to e-mail servers seeking Gmail. Google said the DNS attack is rare although very concerning as it could allow nefarious attackers to censor or otherwise alter messages before they reach the intended recipient.
The good news is that these threats don’t affect Gmail to Gmail communication. Naturally, there are tons of messages that originate from – or are sent to – non-Gmail providers. To help warn Gmail users of potential danger, the search giant is developing a warning system that’ll notify a Gmail recipient when a message arrives via a non-encrypted connection.
In addition to the obvious violation of privacy, keeping prying eyes out of e-mail communications can help thwart phishing attempts and reduce the risk of identity theft. Google expects its added layer of security to be ready in the coming months.