Google Apparently Trying To Make Encrypted Email Easier
from the and-it-should dept
About six months before Ed Snowden leaked his documents, we had written a post about why Google should encrypt our email, based on a bit of back-and-forth between Julian Sanchez, arguing why Google should encrypt all email, and Ed Felten, who noted it's not as easy as it sounds (though Julian highlighted how none of the problems Felten raises are insurmountable). There are, of course, already ways that you can add PGP encryption to Gmail, with tools like Mailvelope, but it can be a little kludgy, and not exactly foolproof. Still, many have insisted that Google would never go this route, since it would limit the company's ability to target ads based on the contents of email.However, VentureBeat is reporting that, partly inspired by all of the Snowden revelations, researchers at Google are looking at ways to make encryption much easier within Gmail. While the report suggests that Gmail won't go site-wide end-to-end encryption, anything it does to bring real encryption more into the mainstream would be a good thing -- though it might make the NSA and DOJ freak out. But, as we've seen, well-done crypto does work. The problem is that so much crypto is not particularly well implemented, leading to all sorts of leaks. Still, it's encouraging to hear that Google is working on something, and hopefully it releases something that is both user-friendly and open to some sort of audit to ensure that it's safe.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: email, encryption, gmail, pgp
Companies: google
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Secure E-communications is a gold mine
There is a huge market needing product right now. Why not pay $200 a year for secure, seamless email, truly private browsing, encrypted chat and video? When I say seamless, I mean integrated with calendars, contacts, etc. Imagine "Secure Google" where you are the customer, not the product. Easily worth $200 a year.
Folks will be ashamed and shamed into using this type service by friends who do not want their data mined with every communication. It is coming. Who will make this fortune?
[ link to this | view in chronology ]
Re: Secure E-communications is a gold mine
[ link to this | view in chronology ]
Re: Re: Secure E-communications is a gold mine
You're aware they do this, right?
[ link to this | view in chronology ]
Re: Secure E-communications is a gold mine
I'm skeptical. You're still relying on third party servers, and if we've learned anything over the past few years, it's that you can't trust third party servers. You still have to take their word for it that it's actually secure. $200 a year for a promise? I don't think that would be worth it to me.
[ link to this | view in chronology ]
Security of encryption requires users to create manage and collect other peoples keys in a secure and verifiable manner, along with safe practices for handling decrypted messages. Any programs used for encryption and decryption should be separate programs, both for auditing purposes, and to allow for the possibility to encrypt and decrypt messages on an isolated machine. Manual work flow with separate programs for editing, cryptography and communications is the foundation of communication security. While this is inconvenient for most people, making use of cryptography more convenient also makes it less secure.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
As soon as you start integrating software, even in a modular fashion, other than by bash or similar scripting languages/shells, security is dependent on all the integrated software being secure. Webmail is the worse option for security, because of the use of JS to implement the interface. So long as ONLY the data seen on the network passes through the browser it has no impact on security, other than exploits which open up the whole system.
While a free software mail application is probably safe enough, it only takes an exploit that allows the plain text to be exfiltrated to defeat the use of integrated encryption.
[ link to this | view in chronology ]
Re: Re: Re:
While it is true that convenience and security are mutually exclusive, the truth is also that perfect security is unobtainable, and no matter what you do, someone may come along and undo everything you have done. The goal is to manage risks, not avoid them entirely.
There are protections against modules being replaced. Its called cryptographic hashing, and its existed for at least 30 years. While the browser will have to be modified to include this hashing capability, it wouldn't be terribly difficult.
Browser security will need to be hardened some, but it would be far easier to trust that nobody is listening on your computer versus nobody listening on Google's servers.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Java, and even JavaScript/ActiveX (which are entirely different languages) are not necessary for a browser. And things like sandboxing, when implemented properly (i.e. not the way Sun/Oracle has done it,) can keep one module from interfering with another.
Canvas access can be blocked and/or protected. In some cases browsers currently protect canvas access between security domains, blocking all access to an encrypted page from an unencrypted frame. It would take some work, but it is not impossible. Throwing the baby out with the bathwater seems tragic, especially when the water is still warm. For paranoid people, the only real way to fix this is to generate locked down, single purpose virtual machines that run a specialized OS and email app, but for the rest of us, the browser is fine so long as the producer of the browser is transparent about what they are doing and smart about security. The biggest problem isn't the browser, but all the malware/spyware installed on the OS anyway.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
I kinda assumed that anyone worried about security is not running a proprietary OS, or stock Android.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Anyone worried about security is not using a webmail system run by a third party in the first place.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
Thanks John... Took the words right out of my mouth.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
I'm sorry, but this isn't true, and never has been true.
An "email applet" might need scripting, but web-mail does not. People have been able to send and receive email from a website without using client-side scripting for a very long time. GMail could provide email capability on their server without providing any javascript, java, or any other client scripting. (Theoretically, they could do the same without server scripting, but it would be a little harder.) The website would look straight out of the 90's, there wouldn't be much in the way of validation, and you wouldn't have much in bells and whistles, but you wouldn't have to worry about client-side scripting security either. Popping up a form to receive text with a submit button would work fine. And you could have a separate third-party application, like GPG, handle the encryption of your email for you.
But all of this is an aside to your argument. Most people use web-mail because they don't want to/can't install third party software on their computer in order to access email. Putting encryption into the web-mail software fixes part of the problem. Would you rather fix part of the problem, or fix none of the problem?
[ link to this | view in chronology ]
Gmail should still add OpenPGP support despite all this. At least then government snooping will hopefully be a little more targeted. Forcing law enforcement to file backdoor requests for specific Google users, instead of just scooping up everything as it passes over the wire unencrypted.
Hopefully https://www.mailpile.is will offer us an easy to setup and use, secure FOSS email client. It's currently in alpha stage. It appears the MailPile team will make cross-platform builds available for Windows, Linux, Android, iOS, OS X, and BSD. According to their FAQ page.
[ link to this | view in chronology ]
Or they could scan all the mail that everyone gets that is not encrypted. Like from Newegg, Amazon and news letters etc. That would be more valuable to them for advertising purposes I think.
[ link to this | view in chronology ]
Are there any adults there; anyone mentally capable of taking responsibility for their actions?
[ link to this | view in chronology ]
This is PR posturing by Google -- don't fall for it
Google can't solve this problem because the only encryption you can trust is that which you do yourself: doing it inside their client has no value, not just because you can't trust any third party, but because if this actually goes anywhere, they'll be presented with an NSL which demands they place a back door in for the NSA. That backdoor will specifically target users utilizing encryption because of course the early adopters will be considered suspicious, e.g., "What have you got to hide?"
And that's just one intelligence agency from one country. Don't you think that the Brits and the Chinese and the Russians and everyone else has made an effort to subvert these operations? Freemail providers are huge targets and particularly tempting ones because they're so poorly run: there's no way, NO WAY, that they haven't been thoroughly infiltrated by now. (Even spammers have no trouble at all getting into them, and they don't have nearly the resources and intelligence of spy agencies.)
Want privacy? Don't use freemail providers. Get your friends and colleagues and everyone else to stop using them. If your school/business was stupid enough to outsource to one of them, take the email operation back.
[ link to this | view in chronology ]
Re: This is PR posturing by Google -- don't fall for it
Really? I take it you are a genius?
Gmail is run by very competent people (that can still err at times). They know there's a trade off between privacy and security and they also know they need to make money with their product. Finding a balance here is a delicate thing. If they can move any inch towards security without sacrificing usability then why not? Sure it will not be perfect security but if you do need perfect security then you know you shouldn't be using free mail providers as you just said.
Gratuitously attacking Google doesn't help.
[ link to this | view in chronology ]
Re: Re: This is PR posturing by Google -- don't fall for it
No. Of course not. However, I've been doing this a LOT longer than the noobs at Gmail, who have made and continue to make rookie-grade mistakes that everyone knows are mistakes. I'm not faulting them for getting the difficult edge cases wrong: we ALL get those wrong from time to time. I'm faulting them for getting the fundamentals wrong, the things that you're supposed to learn in the first hour of the first day of Mail System Operation 101.
That's part of the problem. Here's the other part: their mission is not to run an email service. Their mission is to capture eyeballs and data in order to make money for Google. So if, at any point in the design and implementation process, there is a decision that needs to made, and of the options maximizes revenue -- that's the one that is chosen. This isn't the fault of the Gmail team, per se; they're merely following orders. But it does mean that they've done a lot of things that range from questionable to dubious to wrong to stupid, because those things all help Gmail to fulfill its fundamental purpose: eyeballs and data.
Expecting that to change is ridiculously naive. Of course it won't. Google didn't built Gmail out of the goodness of its heart because they wanted to do something nice for the Internet: they built it to make money. And there's nothing wrong with making money, BUT let's not pretend for a moment that it's otherwise, that there is some noble and grand purpose behind Gmail. It's just another steaming pile of crap like Yahoo's mail operation and MSN's mail operation and AOL's mail operation (which has degraded terribly since they fired their entire senior postmaster team). And sprinkling gold dust on it with faux encryption doesn't change that. This isn't a serious technical effort to increase privacy and security: if Gmail wanted to do that, there are a whole BUNCH of things they could have done a long time ago. This is just PR happytalk bullshit.
[ link to this | view in chronology ]
Re: Re: Re: This is PR posturing by Google -- don't fall for it
[ link to this | view in chronology ]
Re: Re: Re: Re: This is PR posturing by Google -- don't fall for it
I personally dislike gmail, but to say that it's a clueless service designed by idiots is simply incorrect.
[ link to this | view in chronology ]
Re: Re: This is PR posturing by Google -- don't fall for it
[ link to this | view in chronology ]
Re: Re: Re: This is PR posturing by Google -- don't fall for it
[ link to this | view in chronology ]
Re: This is PR posturing by Google -- don't fall for it
Almost none of that is true, but ok.
Google can't solve this problem because the only encryption you can trust is that which you do yourself: doing it inside their client has no value, not just because you can't trust any third party, but because if this actually goes anywhere, they'll be presented with an NSL which demands they place a back door in for the NSA.
You assume that Google's solution will be inside their client. It need not be. It is possible to build encryption for webmail in which the keys stay locally and everything is done locally before moving the encrypted results back into the web client.
[ link to this | view in chronology ]
Re: Re: This is PR posturing by Google -- don't fall for it
PGG/GPG does that already, along with the safe requirement for users to manage their own keys. Apart from user interface details, this is as convenient as it gets without introducing weaknesses into key management or plaintext management which potentially render the cryptography useless. Assuming that the OS is sensibly secure, you do not want the plaintext or keys being used by a web enabled application, and especially a web browser, as they may be subverted, or give access to the displayed text to third party software.
Note relying on a third party to carry out key management always introduces the risk of the recipient not being who you think they are, or there being a man in the middle reading the traffic. The latter is much more easily achieved if hosted email is being used, as the hosting company is in the middle, and can be coerced into cooperating with governments.
[ link to this | view in chronology ]
Re: Re: This is PR posturing by Google -- don't fall for it
http://bit.ly/12dS7Vf
[ link to this | view in chronology ]
Re: Re: Re: This is PR posturing by Google -- don't fall for it
[ link to this | view in chronology ]
Re: Re: Re: Re: This is PR posturing by Google -- don't fall for it
[ link to this | view in chronology ]
Any decent e-mail client makes PGP-encrypted mail totally transparent and a breeze to use. Encrypted e-mail is not hard, but people just can't be arsed enough to even do the simple things.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Google encryption
In the U.S. Google must obey court orders (including secret courts), but the courts have firmly supported the idea that the government must pay for the effort!
Ergo, Google encryption is about profits.
[ link to this | view in chronology ]
Re: Google encryption
If Google has access to decrypted copies at all, then the service isn't secure anyway.
[ link to this | view in chronology ]
Maybe there is more to this story?
[ link to this | view in chronology ]
Re:
Only so long as he was not forced to divulge his keys, and when the keys were he shut the service down and is now in legal trouble. Note he was capable of decoding emails, which is why the government came calling with subpoenas for his keys.
[ link to this | view in chronology ]
Encrypted Email
[ link to this | view in chronology ]
Blah Google is so great Blah
Otherwise, it is a pretty useless article because a- where will the keys be stored (at Google I assume) b- Google still would want to know the decrypted content in order to advertise, making this entire thing just a PR move to gain more trust from the plebs. And making techdirt again a google chill.
Furthermore, the problem with centralized keys has been clearly shown in the lavabit case. If Google can't even tell how many legal requests they get, how will they be able to keep your keys secret ?
[ link to this | view in chronology ]