Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday June 04 2014, @04:54PM   Printer-friendly
from the but-we-know-who-your-friends-are dept.

Today Google announced the alpha release of a Chrome plugin that works with their Gmail service to enable end-to-end encryption for email sent through their system. This will reduce Google's ability to data-mine the content of messages, but it won't stop anyone from tracking senders and recipients. Their plugin is based on OpenPGP and they are publishing the source code.

With a focus on ease-of-use lets hope that this plugin is enough to start a broader movement towards end-to-end encryption for all email, regardless of provider.

Editor's Note: This is an early release of the code and should not be relied upon just yet. Google invites the community to test and evaluate the extension; it is even eligible for their Vulnerability Reward Program.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by tynin on Wednesday June 04 2014, @05:42PM

    by tynin (2013) on Wednesday June 04 2014, @05:42PM (#51253) Journal

    I suspect they'll still be able to leverage their business model. Once you decrypt the message and it is in the open, their javascripts will read it over. At that point, as you are fetching those ads, they'll be able to track what ads they served you, and will be able to make strong guesses as to the contents of your message.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Interesting) by frojack on Wednesday June 04 2014, @06:05PM

    by frojack (1554) on Wednesday June 04 2014, @06:05PM (#51263) Journal

    I doubt they make much in the way of guesses today, and their javascripts probably would do less, other than having a list of key words to send (as code) upstream to fetch ads.

    I sent myself a bunch of Lorem ipsum, and inserted two or three real words for common OTC drugs. The ads that appeared in the web interface were pretty random, with the only rational (and somewhat funny) one being an ad for Dashline (a password manager)

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas consequat lorem at est congue, sed aliquam dolor ornare. In aliquam vestibulum felis vel semper. Sed commodo ut elit vitae tristique. In venenatis blandit purus. Proin tincidunt ac erat at ornare. Aliquam hendrerit aliquam est ac sagittis. Sed molestie feugiat massa, vel bibendum sem venenatis vel.

    In hac habitasse platea dictumst. Sed eu sapien blandit, varius tellus at, adipiscing enim. Nam ac rhoncus ante. Suspendisse nisl massa, iaculis eget ante luctus, accumsan auctor sem. Maecenas at placerat sem. Vestibulum justo augue, posuere vitae lacinia porttitor, mattis nec metus. Nunc faucibus tellus diam, ut consequat felis hendrerit ut. Nulla vel leo a augue dictum molestie. Etiam et vulputate lacus. Ut sit amet consectetur libero, nec porta enim. Mauris porta at ante ac aliquam. Pellentesque at massa in odio iaculis pretium nec a quam. Nam vitae dictum est. Phasellus sit amet tincidunt purus, eu malesuada enim.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 2) by DrMag on Wednesday June 04 2014, @06:12PM

      by DrMag (1860) on Wednesday June 04 2014, @06:12PM (#51270)

      That makes me wonder if an avenue of defense against the ad data mining is to attach a lengthy Lorem Ipsum on every message we send. It could easily be done in a way that is unobtrusive to the intended receiver of the actual message, but would obfuscate the real data in enough noise for some measure of protection. At least until they develop the code necessary to filter out the nonsense.