Bizarre Fight Commences Over Who 'Won' Latest Net Neutrality Comment Round

Google Moves End-To-End Email Encryption Project To GitHub

from the good-to-see dept

Wed, Dec 17th 2014 4:03pm — Mike Masnick

Back in June we wrote about Google's "End-to-End" project to enable full (real) end-to-end encryption in email via a Chrome extension. For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails). This isn't going that far, but making it much easier for individuals to truly encrypt their own emails (without any backdoors for the email provider) is definitely a big step forward. So it's good to see that the company has now moved the project to GitHub, and that Yahoo's Chief Security Officer, Alex Stamos, has been contributing to the project as well. Having two of the biggest webmail providers working together on an open source system for better encrypting emails end-to-end is a huge win for privacy and security. The project is still in its early days, and Google warns that it's not yet ready to release the extension in the Chrome Web Store, but it's great that things are moving forward. Of course, for those of you who can't wait, there already some extensions like Mailvelope that are pretty easy to use (though, some worry are not quite as secure as other options).

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: email, encryption, end-to-end, open source
Companies: google, yahoo

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Michael, 17 Dec 2014 @ 5:23pm

There goes Google again - trying to prevent law enforcement from tracking down terrorists, pirates, and pedophiles.

Can't everyone agree that we need to stop all of this data encryption crap for the sake of the children?
[ link to this | view in chronology ]
- Josh (profile), 17 Dec 2014 @ 5:51pm
  
  Re:
  But, if we let them, then the FBI/CIA/NSA will be able to get millions of more dollars and say they are trying to save the kids while evil big companies like google just want them dead.
  
  Let them put up their firewalls and encryption, think of the money.. kids.
  [ link to this | view in chronology ]
- Josh (profile), 17 Dec 2014 @ 5:51pm
  
  Re:
  But, if we let them, then the FBI/CIA/NSA will be able to get millions of more dollars and say they are trying to save the kids while evil big companies like google just want them dead.
  
  Let them put up their firewalls and encryption, think of the money.. kids.
  [ link to this | view in chronology ]
Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).

True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.
[ link to this | view in chronology ]
- R.H. (profile), 18 Dec 2014 @ 9:28am
  
  Re:
  They'd still be able to do some spam filtering based on the header (which can't be encrypted if you want your mail delivered) but, other than that, they could do the full anti-spam filtering at the time of decryption.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 18 Dec 2014 @ 10:25am
    
    Re: Re:
    "they could do the full anti-spam filtering at the time of decryption"
    
    Not if it's truly end-to-end, since Google would never have access to the decrypted text.
    [ link to this | view in chronology ]
Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).

True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.
[ link to this | view in chronology ]
Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).

True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.
[ link to this | view in chronology ]
- Anonymous Coward, 17 Dec 2014 @ 7:34pm
  
  Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm
  deja vu
  [ link to this | view in chronology ]
  - Baruch Moskovits (profile), 17 Dec 2014 @ 7:47pm
    
    Re: Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm
    My bad. I hit submit three times. Techdirt doesn't provide a way to delete your own comments.
    [ link to this | view in chronology ]
    - Cereal Kipper, 17 Dec 2014 @ 10:22pm
      
      Re: Re: Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm
      Baruch Moskovits on Dec 17th, 2014 @ 7:06pm
      
      'My bad. I hit submit three times. Techdirt doesn't provide a way to delete your own comments.'
      
      Three strikes, you are now under close surveillance, SWAT on their way, you tried to flood Techdirt's servers, I bet you are North Korean?
      [ link to this | view in chronology ]
- Frok (profile), 19 Dec 2014 @ 12:34am
  
  Are you gods?
  Scan then 'encrypt'.
  
  Keymaster and Gatekeper... how could that end poorly?
  [ link to this | view in chronology ]
Anonymous Coward, 17 Dec 2014 @ 7:35pm

Sounds great, as long as none of GitHub's interns go political and delete the project...
[ link to this | view in chronology ]
Anonymous Coward, 18 Dec 2014 @ 7:01am

Lions and Tigers and Bears! Oh My!
Who will protect us without a Golden Key?
[ link to this | view in chronology ]
Goyo (profile), 18 Dec 2014 @ 10:01am

github instead of google code?
[ link to this | view in chronology ]
- John Fenderson (profile), 18 Dec 2014 @ 10:27am
  
  Re:
  Indeed. Apparently, Google wanted this to be available to the wider OSS community, so they made it available in a place that makes it available to more people than google code does.
  [ link to this | view in chronology ]
  - Goyo (profile), 18 Dec 2014 @ 11:16am
    
    Re: Re:
    The whole point of google code is to make code available to the wider OSS community.
    They can make the code available to the same people (that is, anyone interested) using google code or github or sourceforge or launchpad or bitbucket or...
    
    I'd have expected google to eat their own dog food.
    [ link to this | view in chronology ]
    - John Fenderson (profile), 18 Dec 2014 @ 12:32pm
      
      Re: Re: Re:
      "The whole point of google code is to make code available to the wider OSS community."
      
      Kinda. Google code is not the go-to place for OSS code (and probably never will be). I think they wanted to host this stuff because it's more convenient for them & their own projects.
      [ link to this | view in chronology ]
- Lawrence D’Oliveiro, 18 Dec 2014 @ 1:58pm
  
  Re: github instead of google code?
  Either way, people can clone the project easily enough.
  
  Whereas I think it’s easier to get an account on GitHub, which means people can publish their own changes more easily, send patches and pull requests upstream, etc.
  
  In other words, it becomes a true two-way community project on GitHub.
  [ link to this | view in chronology ]
  - Frok (profile), 19 Dec 2014 @ 12:33am
    
    git on outta here
    Much like AOSP
    [ link to this | view in chronology ]
Anonymous Coward, 18 Dec 2014 @ 10:34am

Extra! Extra! Google Code sucks so bad that Google puts their projects on Github. Oh the irony!
[ link to this | view in chronology ]
Anonymous Coward, 18 Dec 2014 @ 12:03pm

google cares about privacy, like dick chaney cares about not tourturing people. but people will probably love the new free google anal feedings.
[ link to this | view in chronology ]
Frok (profile), 19 Dec 2014 @ 12:32am

leg in the middle, all the better to secretly trascribe GV
End to End [to other end]

Google in the middle makes everything more rape profitably better.
[ link to this | view in chronology ]
Anonymous Coward, 19 Dec 2014 @ 5:54pm

Github is not that safe.
[ link to this | view in chronology ]
- Lawrence D’Oliveiro, 20 Dec 2014 @ 3:43pm
  
  Re: Github is not that safe.
  But Git is. It uses SHA-1 hashes to identify every important object in its database. If anybody tried to sneak an unauthorized change into a copy of a repo on GitHub (or anywhere else), alarm bells would ring as soon as anybody tried to pull from that.
  [ link to this | view in chronology ]
Anonymous Coward, 21 Dec 2014 @ 7:52pm

I hope it doesn't contain any backdoors.
[ link to this | view in chronology ]