Google Moves End-To-End Email Encryption Project To GitHub

from the good-to-see dept

Back in June we wrote about Google's "End-to-End" project to enable full (real) end-to-end encryption in email via a Chrome extension. For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails). This isn't going that far, but making it much easier for individuals to truly encrypt their own emails (without any backdoors for the email provider) is definitely a big step forward. So it's good to see that the company has now moved the project to GitHub, and that Yahoo's Chief Security Officer, Alex Stamos, has been contributing to the project as well. Having two of the biggest webmail providers working together on an open source system for better encrypting emails end-to-end is a huge win for privacy and security. The project is still in its early days, and Google warns that it's not yet ready to release the extension in the Chrome Web Store, but it's great that things are moving forward. Of course, for those of you who can't wait, there already some extensions like Mailvelope that are pretty easy to use (though, some worry are not quite as secure as other options).
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: email, encryption, end-to-end, open source
Companies: google, yahoo


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Michael, 17 Dec 2014 @ 5:23pm

    There goes Google again - trying to prevent law enforcement from tracking down terrorists, pirates, and pedophiles.

    Can't everyone agree that we need to stop all of this data encryption crap for the sake of the children?

    link to this | view in chronology ]

    • icon
      Josh (profile), 17 Dec 2014 @ 5:51pm

      Re:

      But, if we let them, then the FBI/CIA/NSA will be able to get millions of more dollars and say they are trying to save the kids while evil big companies like google just want them dead.

      Let them put up their firewalls and encryption, think of the money.. kids.

      link to this | view in chronology ]

    • icon
      Josh (profile), 17 Dec 2014 @ 5:51pm

      Re:

      But, if we let them, then the FBI/CIA/NSA will be able to get millions of more dollars and say they are trying to save the kids while evil big companies like google just want them dead.

      Let them put up their firewalls and encryption, think of the money.. kids.

      link to this | view in chronology ]

  • icon
    Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

    For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).


    True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.

    link to this | view in chronology ]

    • icon
      R.H. (profile), 18 Dec 2014 @ 9:28am

      Re:

      They'd still be able to do some spam filtering based on the header (which can't be encrypted if you want your mail delivered) but, other than that, they could do the full anti-spam filtering at the time of decryption.

      link to this | view in chronology ]

      • icon
        John Fenderson (profile), 18 Dec 2014 @ 10:25am

        Re: Re:

        "they could do the full anti-spam filtering at the time of decryption"

        Not if it's truly end-to-end, since Google would never have access to the decrypted text.

        link to this | view in chronology ]

  • icon
    Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

    For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).


    True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.

    link to this | view in chronology ]

  • icon
    Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

    For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).


    True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Dec 2014 @ 7:34pm

      Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm

      deja vu

      link to this | view in chronology ]

      • icon
        Baruch Moskovits (profile), 17 Dec 2014 @ 7:47pm

        Re: Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm

        My bad. I hit submit three times. Techdirt doesn't provide a way to delete your own comments.

        link to this | view in chronology ]

        • identicon
          Cereal Kipper, 17 Dec 2014 @ 10:22pm

          Re: Re: Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm

          Baruch Moskovits on Dec 17th, 2014 @ 7:06pm

          'My bad. I hit submit three times. Techdirt doesn't provide a way to delete your own comments.'

          Three strikes, you are now under close surveillance, SWAT on their way, you tried to flood Techdirt's servers, I bet you are North Korean?

          link to this | view in chronology ]

    • icon
      Frok (profile), 19 Dec 2014 @ 12:34am

      Are you gods?

      Scan then 'encrypt'.

      Keymaster and Gatekeper... how could that end poorly?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Dec 2014 @ 7:35pm

    Sounds great, as long as none of GitHub's interns go political and delete the project...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Dec 2014 @ 7:01am

    Lions and Tigers and Bears! Oh My!

    Who will protect us without a Golden Key?

    link to this | view in chronology ]

  • icon
    Goyo (profile), 18 Dec 2014 @ 10:01am

    github instead of google code?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 18 Dec 2014 @ 10:27am

      Re:

      Indeed. Apparently, Google wanted this to be available to the wider OSS community, so they made it available in a place that makes it available to more people than google code does.

      link to this | view in chronology ]

      • icon
        Goyo (profile), 18 Dec 2014 @ 11:16am

        Re: Re:

        The whole point of google code is to make code available to the wider OSS community.
        They can make the code available to the same people (that is, anyone interested) using google code or github or sourceforge or launchpad or bitbucket or...

        I'd have expected google to eat their own dog food.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 18 Dec 2014 @ 12:32pm

          Re: Re: Re:

          "The whole point of google code is to make code available to the wider OSS community."

          Kinda. Google code is not the go-to place for OSS code (and probably never will be). I think they wanted to host this stuff because it's more convenient for them & their own projects.

          link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 18 Dec 2014 @ 1:58pm

      Re: github instead of google code?

      Either way, people can clone the project easily enough.

      Whereas I think it’s easier to get an account on GitHub, which means people can publish their own changes more easily, send patches and pull requests upstream, etc.

      In other words, it becomes a true two-way community project on GitHub.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Dec 2014 @ 10:34am

    Extra! Extra! Google Code sucks so bad that Google puts their projects on Github. Oh the irony!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Dec 2014 @ 12:03pm

    google cares about privacy, like dick chaney cares about not tourturing people. but people will probably love the new free google anal feedings.

    link to this | view in chronology ]

  • icon
    Frok (profile), 19 Dec 2014 @ 12:32am

    leg in the middle, all the better to secretly trascribe GV

    End to End [to other end]

    Google in the middle makes everything more rape profitably better.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Dec 2014 @ 5:54pm

    Github is not that safe.

    link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 20 Dec 2014 @ 3:43pm

      Re: Github is not that safe.

      But Git is. It uses SHA-1 hashes to identify every important object in its database. If anybody tried to sneak an unauthorized change into a copy of a repo on GitHub (or anywhere else), alarm bells would ring as soon as anybody tried to pull from that.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2014 @ 7:52pm

    I hope it doesn't contain any backdoors.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.