Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday June 04 2014, @04:54PM   Printer-friendly
from the but-we-know-who-your-friends-are dept.

Today Google announced the alpha release of a Chrome plugin that works with their Gmail service to enable end-to-end encryption for email sent through their system. This will reduce Google's ability to data-mine the content of messages, but it won't stop anyone from tracking senders and recipients. Their plugin is based on OpenPGP and they are publishing the source code.

With a focus on ease-of-use lets hope that this plugin is enough to start a broader movement towards end-to-end encryption for all email, regardless of provider.

Editor's Note: This is an early release of the code and should not be relied upon just yet. Google invites the community to test and evaluate the extension; it is even eligible for their Vulnerability Reward Program.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by hoochiecoochieman on Wednesday June 04 2014, @05:21PM

    by hoochiecoochieman (4158) on Wednesday June 04 2014, @05:21PM (#51241)

    This doesn't make sense. It disables GMail's business model: To extract information from the messages.

    I think Google is paying lip service to privacy, hoping that nobody uses this add-on.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by buswolley on Wednesday June 04 2014, @05:28PM

    by buswolley (848) on Wednesday June 04 2014, @05:28PM (#51248)

    They are betting it is something people will use for seriously private information, but that they will have plenty of other information to profile you

    --
    subicular junctures
  • (Score: 2) by tynin on Wednesday June 04 2014, @05:42PM

    by tynin (2013) on Wednesday June 04 2014, @05:42PM (#51253) Journal

    I suspect they'll still be able to leverage their business model. Once you decrypt the message and it is in the open, their javascripts will read it over. At that point, as you are fetching those ads, they'll be able to track what ads they served you, and will be able to make strong guesses as to the contents of your message.

    • (Score: 3, Interesting) by frojack on Wednesday June 04 2014, @06:05PM

      by frojack (1554) on Wednesday June 04 2014, @06:05PM (#51263) Journal

      I doubt they make much in the way of guesses today, and their javascripts probably would do less, other than having a list of key words to send (as code) upstream to fetch ads.

      I sent myself a bunch of Lorem ipsum, and inserted two or three real words for common OTC drugs. The ads that appeared in the web interface were pretty random, with the only rational (and somewhat funny) one being an ad for Dashline (a password manager)

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas consequat lorem at est congue, sed aliquam dolor ornare. In aliquam vestibulum felis vel semper. Sed commodo ut elit vitae tristique. In venenatis blandit purus. Proin tincidunt ac erat at ornare. Aliquam hendrerit aliquam est ac sagittis. Sed molestie feugiat massa, vel bibendum sem venenatis vel.

      In hac habitasse platea dictumst. Sed eu sapien blandit, varius tellus at, adipiscing enim. Nam ac rhoncus ante. Suspendisse nisl massa, iaculis eget ante luctus, accumsan auctor sem. Maecenas at placerat sem. Vestibulum justo augue, posuere vitae lacinia porttitor, mattis nec metus. Nunc faucibus tellus diam, ut consequat felis hendrerit ut. Nulla vel leo a augue dictum molestie. Etiam et vulputate lacus. Ut sit amet consectetur libero, nec porta enim. Mauris porta at ante ac aliquam. Pellentesque at massa in odio iaculis pretium nec a quam. Nam vitae dictum est. Phasellus sit amet tincidunt purus, eu malesuada enim.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by DrMag on Wednesday June 04 2014, @06:12PM

        by DrMag (1860) on Wednesday June 04 2014, @06:12PM (#51270)

        That makes me wonder if an avenue of defense against the ad data mining is to attach a lengthy Lorem Ipsum on every message we send. It could easily be done in a way that is unobtrusive to the intended receiver of the actual message, but would obfuscate the real data in enough noise for some measure of protection. At least until they develop the code necessary to filter out the nonsense.

  • (Score: 5, Interesting) by Silentknyght on Wednesday June 04 2014, @06:08PM

    by Silentknyght (1905) on Wednesday June 04 2014, @06:08PM (#51267)

    This doesn't make sense. It disables GMail's business model: To extract information from the messages.
    I think Google is paying lip service to privacy, hoping that nobody uses this add-on.

    Google could be treating gmail as a "loss leader," something to keep their users within the Google ecosystem, and making-up for it elsewhere (e.g., Google App store sales, music sales, etc.). I'd bet that if people got comfortable moving away from Gmail, they'd be comfortable moving away from all of Google's products & services. So... maybe smart to "give up" on email, adopt strong encryption, gain consumer good-will in doing so, and keep the users using other Google products.

    • (Score: 2) by meisterister on Wednesday June 04 2014, @08:02PM

      by meisterister (949) on Wednesday June 04 2014, @08:02PM (#51332) Journal

      It also helps that this is a plugin for Google's browser to send messages over Google's webmail service...

      --
      (May or may not have been) Posted from my K6-2, Athlon XP, or Pentium I/II/III.
  • (Score: 3, Interesting) by VLM on Wednesday June 04 2014, @07:35PM

    by VLM (445) on Wednesday June 04 2014, @07:35PM (#51314)

    This would be based on the assumption emails contain information.

    Most of my emails are now just commercial traffic. Receipts, shipment confirmations, etc. If those are already owned and shared... Perhaps the most useful feature is mining, so I've done business with "the broken token" company (a gamer dude with a laser cutter and some good ideas, pretty much) and once XYZ number of people do business with them, then lean on them to pool share all the data.

    So there's little point in email beyond gross metadata if amazon is already selling them a list of everything I buy anyway.

    • (Score: 2) by urza9814 on Friday June 06 2014, @01:58AM

      by urza9814 (3954) on Friday June 06 2014, @01:58AM (#52010) Journal

      Yeah, 99% of my email these days are mass lists or corporate messages. Those just aren't going to be encrypted. Amazon isn't going to encrypt their mail, and it'd be pretty difficult to encrypt an entire mailing list. What does Google care if they were to lose the ability to target ads based on the emails I send to my brother? The emails I get from Amazon are probably a lot more lucrative for that anyway, and Amazon sure as hell isn't going to be adopting PGP emails any time soon.

  • (Score: 2) by KingofBLASH on Thursday June 05 2014, @04:11AM

    by KingofBLASH (3716) on Thursday June 05 2014, @04:11AM (#51477)

    It makes sense. If Google sees the writing on the wall, and KNOWS full email encryption is coming down the line, they're better off implementing it and controlling it.

    And they can still monetize users via ads -- they just have to sniff out their marketing some other way.