from the but-we-know-who-your-friends-are dept.
Today Google announced the alpha release of a Chrome plugin that works with their Gmail service to enable end-to-end encryption for email sent through their system. This will reduce Google's ability to data-mine the content of messages, but it won't stop anyone from tracking senders and recipients. Their plugin is based on OpenPGP and they are publishing the source code.
With a focus on ease-of-use lets hope that this plugin is enough to start a broader movement towards end-to-end encryption for all email, regardless of provider.
Editor's Note: This is an early release of the code and should not be relied upon just yet. Google invites the community to test and evaluate the extension; it is even eligible for their Vulnerability Reward Program.
Related Stories
Furthermore, since we don't log IP addresses in access.log, and IP's run through Slash are turned into IPIDs, its hard to get an idea of where our userbase is (the general feeling is the vast majority of us are based in the United States, but even then, that's more because our peak hours of traffic are between 4 and 10 PM EST). We've wanted to get a better idea of what our traffic and userbase are, so we're asking permission from the community to install piWik, and embed its javascript tag in the footer of each page, which will give us a wide berth of solid information to work from.
(Score: 3, Informative) by DrMag on Wednesday June 04 2014, @05:07PM
I wonder if their system will address any of the issues with PGP [secushare.org]?
In particular, will it also encrypt sender/receiver/subject information? Metadata is a big thing too, and PGP encryption of email doesn't protect that at all.
(Score: 0) by Anonymous Coward on Wednesday June 04 2014, @05:11PM
Don't use the subject line.
I don't usually. But then again, that is because I rely on gmail showing the first line of my text
(Score: 4, Insightful) by frojack on Wednesday June 04 2014, @05:19PM
There is no reason the subject couldn't be encrypted.
But sender/receiver pretty much has to remain unencrypted because you can never know how many mail handlers the mail has to go through.
I don't see this as a huge problem, because even the post office and face to face whispered conversations in a dark alley on a rainy night leave meta data breadcrumbs.
I don't believe there is any real solution to this issue other than mass message dumps where all mail gets deposited and your mail client fetches all of them and only shows you the ones it can decrypt.
No, you are mistaken. I've always had this sig.
(Score: 3, Funny) by buswolley on Wednesday June 04 2014, @05:24PM
Download the entire internet
subicular junctures
(Score: 2) by frojack on Wednesday June 04 2014, @05:51PM
Not necessary.
Your message is assigned to a random collection of messages and put in a common mailbox that contains your mail as well as a random sample of other encrypted mail. The MTA would know which public keys have their messages stored in which random mailbox. This isn't going to work with IMAP very well.
You really can't eliminate ALL metadata from every part of delivery system. The system has to know, at some point, who a message is TO. As long as you are willing to forego bounces, the FROM could be encrypted.
No, you are mistaken. I've always had this sig.
(Score: 5, Interesting) by emg on Wednesday June 04 2014, @06:33PM
Wasn't there a Usenet group which used to be used for precisely that; people would post PGP-encrypted messages into the group and the recipient would extract them?
(Score: 0) by Anonymous Coward on Thursday June 05 2014, @10:01AM
A bad idea. Unless I know exactly the source of the email, I won't ever open an email with no subject line.
So you refuse to communicate with people not using gmail?
(Score: 4, Interesting) by frojack on Wednesday June 04 2014, @05:13PM
My Thunderbird is set up to sign/encrypt by default when ever the recipient's public key is known.
The problem is it doesn't fetch keys by default (which may be a good thing). The more mail moved quietly to encrypted by default the better.
As long as this plugin can't harvest private keys while decryption messages, and the source remains open, this can't be anything but a good. Google needs to allow end user choice of encryption/decryption engines so that people do not need to trust a browser with their private keys.
And its got to be as simple as falling off a log, because even as easy as it was to get the Enigmail plugin installed in Tbird, most people just won't do it.
There will be those, including some here on SN, who will immediately attack this, and seek to create a digital "caste" of people who will never be allowed to encrypt any mail at all, and who's every communication must remain public. Probably some people will receive sentences forbidding them from using encrypted email.
But the move to encrypted mail is long overdue.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday June 04 2014, @09:16PM
Perhaps the plugin is safe, clean, and open, but remember that Google also makes the browser that runs the plugin, and you don't have all the Chrome source and can't verify the build. They don't have to mess with the plugin when they own the silently self-updating engine.
(Score: 3) by Tork on Wednesday June 04 2014, @05:18PM
If this actually were implemented and everybody started using it, I'd just be a teeny bit less upset than I will be when Google inevitably rams Google+ down my throat. I really do I wish I could get them to understand that I want a big thick wall between my email address and any social networking services I use, I do NOT want them blended together.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by frojack on Wednesday June 04 2014, @05:32PM
Remember that this is a browser plug-in.
The decrypted content will be displayed in clear text by your browser.
There will be plenty of time for the browser to pick keywords out of your email and send them back upstream for fetching advertising.
I've noticed that when using Gmail via the web interface, as soon as I select a message from the inbox, the message content shows up, followed a half a second later by the advertising on the right hand side of the screen. It almost seems like the code in the web interface is acting this way already.
This, of course raises some serious security issues, even though gmail is set to always use ssl. Its part of the bargain you make with Google when you use the web interface.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday June 05 2014, @10:04AM
There's an easy way to get this: Don't use gmail. It's not as if they were the only email provider in the world.
(Score: 5, Informative) by emg on Wednesday June 04 2014, @05:20PM
Is that I had full PGP integration in my email client in the 90s. The shift to web-mail is one of the big reasons that kind of functionality disappeared.
(Score: 1, Interesting) by Anonymous Coward on Wednesday June 04 2014, @09:24PM
No one requires you to use web mail. Gmail still provides POP and IMAP (more or less) interfaces. I have alpine set up to read my gmail account, so any program ought to be able to do so $mdash; and almost all support S/MIME for end to end public key encryption. Even Apple's mail app seamlessly handles S/MIME: add your certs to the local keychain (drag-and-drop, seriously) and the buttons for signing and encrypting just show up when composing new mail. Plus, incoming signed mail adds public keys to the Contact Book. It's the simplest solution I've seen, and it works with Gmail perfectly.
(Score: 3, Insightful) by hoochiecoochieman on Wednesday June 04 2014, @05:21PM
This doesn't make sense. It disables GMail's business model: To extract information from the messages.
I think Google is paying lip service to privacy, hoping that nobody uses this add-on.
(Score: 2) by buswolley on Wednesday June 04 2014, @05:28PM
They are betting it is something people will use for seriously private information, but that they will have plenty of other information to profile you
subicular junctures
(Score: 2) by tynin on Wednesday June 04 2014, @05:42PM
I suspect they'll still be able to leverage their business model. Once you decrypt the message and it is in the open, their javascripts will read it over. At that point, as you are fetching those ads, they'll be able to track what ads they served you, and will be able to make strong guesses as to the contents of your message.
(Score: 3, Interesting) by frojack on Wednesday June 04 2014, @06:05PM
I doubt they make much in the way of guesses today, and their javascripts probably would do less, other than having a list of key words to send (as code) upstream to fetch ads.
I sent myself a bunch of Lorem ipsum, and inserted two or three real words for common OTC drugs. The ads that appeared in the web interface were pretty random, with the only rational (and somewhat funny) one being an ad for Dashline (a password manager)
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas consequat lorem at est congue, sed aliquam dolor ornare. In aliquam vestibulum felis vel semper. Sed commodo ut elit vitae tristique. In venenatis blandit purus. Proin tincidunt ac erat at ornare. Aliquam hendrerit aliquam est ac sagittis. Sed molestie feugiat massa, vel bibendum sem venenatis vel.
In hac habitasse platea dictumst. Sed eu sapien blandit, varius tellus at, adipiscing enim. Nam ac rhoncus ante. Suspendisse nisl massa, iaculis eget ante luctus, accumsan auctor sem. Maecenas at placerat sem. Vestibulum justo augue, posuere vitae lacinia porttitor, mattis nec metus. Nunc faucibus tellus diam, ut consequat felis hendrerit ut. Nulla vel leo a augue dictum molestie. Etiam et vulputate lacus. Ut sit amet consectetur libero, nec porta enim. Mauris porta at ante ac aliquam. Pellentesque at massa in odio iaculis pretium nec a quam. Nam vitae dictum est. Phasellus sit amet tincidunt purus, eu malesuada enim.
No, you are mistaken. I've always had this sig.
(Score: 2) by DrMag on Wednesday June 04 2014, @06:12PM
That makes me wonder if an avenue of defense against the ad data mining is to attach a lengthy Lorem Ipsum on every message we send. It could easily be done in a way that is unobtrusive to the intended receiver of the actual message, but would obfuscate the real data in enough noise for some measure of protection. At least until they develop the code necessary to filter out the nonsense.
(Score: 5, Interesting) by Silentknyght on Wednesday June 04 2014, @06:08PM
Google could be treating gmail as a "loss leader," something to keep their users within the Google ecosystem, and making-up for it elsewhere (e.g., Google App store sales, music sales, etc.). I'd bet that if people got comfortable moving away from Gmail, they'd be comfortable moving away from all of Google's products & services. So... maybe smart to "give up" on email, adopt strong encryption, gain consumer good-will in doing so, and keep the users using other Google products.
(Score: 2) by meisterister on Wednesday June 04 2014, @08:02PM
It also helps that this is a plugin for Google's browser to send messages over Google's webmail service...
(May or may not have been) Posted from my K6-2, Athlon XP, or Pentium I/II/III.
(Score: 3, Interesting) by VLM on Wednesday June 04 2014, @07:35PM
This would be based on the assumption emails contain information.
Most of my emails are now just commercial traffic. Receipts, shipment confirmations, etc. If those are already owned and shared... Perhaps the most useful feature is mining, so I've done business with "the broken token" company (a gamer dude with a laser cutter and some good ideas, pretty much) and once XYZ number of people do business with them, then lean on them to pool share all the data.
So there's little point in email beyond gross metadata if amazon is already selling them a list of everything I buy anyway.
(Score: 2) by urza9814 on Friday June 06 2014, @01:58AM
Yeah, 99% of my email these days are mass lists or corporate messages. Those just aren't going to be encrypted. Amazon isn't going to encrypt their mail, and it'd be pretty difficult to encrypt an entire mailing list. What does Google care if they were to lose the ability to target ads based on the emails I send to my brother? The emails I get from Amazon are probably a lot more lucrative for that anyway, and Amazon sure as hell isn't going to be adopting PGP emails any time soon.
(Score: 2) by KingofBLASH on Thursday June 05 2014, @04:11AM
It makes sense. If Google sees the writing on the wall, and KNOWS full email encryption is coming down the line, they're better off implementing it and controlling it.
And they can still monetize users via ads -- they just have to sniff out their marketing some other way.
(Score: 1, Interesting) by Anonymous Coward on Wednesday June 04 2014, @06:53PM
Will just encrypt their messages with an external encryption program like PGP or GPG and attach it to a blank email (or one using single characters in it for the subject and body like a . or ? and ! for fun [omgfacts.com]) and email that. Absolutely NOTHING available to datamine unless Google can break the encryption on the attached file or hand it off to the NSA via a court order or National Security Letter. At this level of security, a keyfile/password/passphrase [xkcd.com] with 256 bits or more of entropy in it should assure 'perfect security' [stackexchange.com] unless Google/NSA has got non-trivial quantum computing up and running properly. Otherwise, the NSA will just go for the weak spots in the implementation/protocol as revealed by Edward Snowden [wikipedia.org] in June, 2013 [wikipedia.org] (1-yr anniversary) or just use 'rubber hose cryptanalysis' [xkcd.com].
(Score: 0) by Anonymous Coward on Wednesday June 04 2014, @07:59PM
Most systems read all text as encrypted, and serve the ads.