Today Google announced the alpha release of a Chrome plugin that works with their Gmail service to enable end-to-end encryption for email sent through their system. This will reduce Google's ability to data-mine the content of messages, but it won't stop anyone from tracking senders and recipients. Their plugin is based on OpenPGP and they are publishing the source code.
With a focus on ease-of-use lets hope that this plugin is enough to start a broader movement towards end-to-end encryption for all email, regardless of provider.
Editor's Note: This is an early release of the code and should not be relied upon just yet. Google invites the community to test and evaluate the extension; it is even eligible for their Vulnerability Reward Program.
(Score: 3, Insightful) by hoochiecoochieman on Wednesday June 04 2014, @05:21PM
This doesn't make sense. It disables GMail's business model: To extract information from the messages.
I think Google is paying lip service to privacy, hoping that nobody uses this add-on.
(Score: 2) by buswolley on Wednesday June 04 2014, @05:28PM
They are betting it is something people will use for seriously private information, but that they will have plenty of other information to profile you
subicular junctures
(Score: 2) by tynin on Wednesday June 04 2014, @05:42PM
I suspect they'll still be able to leverage their business model. Once you decrypt the message and it is in the open, their javascripts will read it over. At that point, as you are fetching those ads, they'll be able to track what ads they served you, and will be able to make strong guesses as to the contents of your message.
(Score: 3, Interesting) by frojack on Wednesday June 04 2014, @06:05PM
I doubt they make much in the way of guesses today, and their javascripts probably would do less, other than having a list of key words to send (as code) upstream to fetch ads.
I sent myself a bunch of Lorem ipsum, and inserted two or three real words for common OTC drugs. The ads that appeared in the web interface were pretty random, with the only rational (and somewhat funny) one being an ad for Dashline (a password manager)
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas consequat lorem at est congue, sed aliquam dolor ornare. In aliquam vestibulum felis vel semper. Sed commodo ut elit vitae tristique. In venenatis blandit purus. Proin tincidunt ac erat at ornare. Aliquam hendrerit aliquam est ac sagittis. Sed molestie feugiat massa, vel bibendum sem venenatis vel.
In hac habitasse platea dictumst. Sed eu sapien blandit, varius tellus at, adipiscing enim. Nam ac rhoncus ante. Suspendisse nisl massa, iaculis eget ante luctus, accumsan auctor sem. Maecenas at placerat sem. Vestibulum justo augue, posuere vitae lacinia porttitor, mattis nec metus. Nunc faucibus tellus diam, ut consequat felis hendrerit ut. Nulla vel leo a augue dictum molestie. Etiam et vulputate lacus. Ut sit amet consectetur libero, nec porta enim. Mauris porta at ante ac aliquam. Pellentesque at massa in odio iaculis pretium nec a quam. Nam vitae dictum est. Phasellus sit amet tincidunt purus, eu malesuada enim.
No, you are mistaken. I've always had this sig.
(Score: 2) by DrMag on Wednesday June 04 2014, @06:12PM
That makes me wonder if an avenue of defense against the ad data mining is to attach a lengthy Lorem Ipsum on every message we send. It could easily be done in a way that is unobtrusive to the intended receiver of the actual message, but would obfuscate the real data in enough noise for some measure of protection. At least until they develop the code necessary to filter out the nonsense.
(Score: 5, Interesting) by Silentknyght on Wednesday June 04 2014, @06:08PM
Google could be treating gmail as a "loss leader," something to keep their users within the Google ecosystem, and making-up for it elsewhere (e.g., Google App store sales, music sales, etc.). I'd bet that if people got comfortable moving away from Gmail, they'd be comfortable moving away from all of Google's products & services. So... maybe smart to "give up" on email, adopt strong encryption, gain consumer good-will in doing so, and keep the users using other Google products.
(Score: 2) by meisterister on Wednesday June 04 2014, @08:02PM
It also helps that this is a plugin for Google's browser to send messages over Google's webmail service...
(May or may not have been) Posted from my K6-2, Athlon XP, or Pentium I/II/III.
(Score: 3, Interesting) by VLM on Wednesday June 04 2014, @07:35PM
This would be based on the assumption emails contain information.
Most of my emails are now just commercial traffic. Receipts, shipment confirmations, etc. If those are already owned and shared... Perhaps the most useful feature is mining, so I've done business with "the broken token" company (a gamer dude with a laser cutter and some good ideas, pretty much) and once XYZ number of people do business with them, then lean on them to pool share all the data.
So there's little point in email beyond gross metadata if amazon is already selling them a list of everything I buy anyway.
(Score: 2) by urza9814 on Friday June 06 2014, @01:58AM
Yeah, 99% of my email these days are mass lists or corporate messages. Those just aren't going to be encrypted. Amazon isn't going to encrypt their mail, and it'd be pretty difficult to encrypt an entire mailing list. What does Google care if they were to lose the ability to target ads based on the emails I send to my brother? The emails I get from Amazon are probably a lot more lucrative for that anyway, and Amazon sure as hell isn't going to be adopting PGP emails any time soon.
(Score: 2) by KingofBLASH on Thursday June 05 2014, @04:11AM
It makes sense. If Google sees the writing on the wall, and KNOWS full email encryption is coming down the line, they're better off implementing it and controlling it.
And they can still monetize users via ads -- they just have to sniff out their marketing some other way.