Google Releases End-to-End Encryption Extension

Google has released an early version of a Chrome extension that provides end-to-end encryption for data leaving the browser. The extension will allow users to encrypt emails from their webmail accounts.

Google has released an early version of a Chrome extension that provides end-to-end encryption for data leaving the browser. The extension will allow users to encrypt emails from their webmail accounts.

The move by Google is another step in the process of making Web communications more secure and resistant to surveillance. The End-to-End extension is in alpha form right now, but Google officials plan to make it available in the Chrome Web Store once the kinks are worked out. The new tool is based on OpenPGP and is meant to be a more user-friendly encryption option than programs such as PGP, which can be difficult to configure and use.

“While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools,” Stephan Somogyi, product manager, security and privacy at Google, wrote in a blog post.

The new extension may not be for everyone, as most Gmail users and users of other Webmail services may not need to encrypt all of the messages to and from their accounts. But it could be a key tool for users who may be targeted by surveillance or attackers.

“We recognize that this sort of encryption will probably only be used for very sensitive messages.”

“We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection. But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it,” Somogyi said.

Google also has released a cache of data on the volume of encrypted email that flows in and out of its Gmail service. The new report includes data on which providers encrypt email messages in transit across their networks. Google’s data shows that more than 99 percent of the email coming into Gmail from Amazon services is encrypted and 100 percent of the messages from facebookmail.com are encrypted. Twitter also scores above 99 percent on inbound encrypted mail, and Yahoo encrypts greater than 95 percent. Hotmail, meanwhile, shows that grater than 50 percent of the messages coming from its network are encrypted.

Across the entire data set, 69 percent of outbound email from Gmail is encrypted, and 48 percent of mail inbound to Gmail is encrypted.

 

Suggested articles

Discussion

  • Joe on

    And users will trust the encryption from Google, a company whose revenues derive in part from scanning emails?
    • Ryan on

      I don't disagree with your concern, but at the same time, Google has more of an interest in keeping people using their products than they do in scanning every single email you send. The fact of the matter is that for End-to-end encryption to work, both parties must use it. I think Google is savvy enough to know that most people won't use it, so the decrease in the amount of mail they can scan will be negligable compared to the number of security conscious users they can retain with a feature like this. At least that's what I'd suspect.
  • Tom Siu on

    Dennis, as I reviewed the link to the Google data being encrypted (https://www.google.com/transparencyreport/saferemail/#region=001), I believe the "encrypted" requires some clarification. This report from Google only describes "encryption in transit" and not encrypted in storage. This makes sense that "99%" of email between Amazon and Google is encrypted in transit, which means the mail servers are negotiating an encrypted email transfer, namely using SSL or TLS. Your readers need to understand that encrypted transfer is common. What is (finally) possible, should this tool work, is that with a user will be able to encrypt the entire content of the message, send it to the recipient, who can then decrypt the content of the message, all within the browser interface. If they login to their Google mail from any other browser (such as an attacker would do with stolen ID's and passwords), they will only see the encrypted email. Additionally, searching the inbox for keywords will be interrupted, since the content of encrypted email will not be visible to the search engine. Key distinctions, but definitely long awaited.
  • Tyler Durden on

    Honestly... it does not make any sense - Google's business is data indexation. By encrypting the data they'd cut their business. Potentially. Which is insane. Which means... there's a deeper plan behind it. Any ideas?
    • Brian Donohue on

      Hard to say without speculating (which is exactly what I am about to do). For a while, I've been curious about whether or not other companies are scanning the contents of online communications that are not encrypted in transit and passing through their own systems. This move could potentially protect Google against competitors siphoning off data that they (Google) see as their own.
  • lotan on

    They're using javascript to run the crypto. It will probably not survive the field trials.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.