Gmail once promised that it will become end-to-end encrypted by default. Unfortunately, this is not going to happen. While it is possible to encrypt certain emails in Gmail with PGP, Google can still…
Article word count: 683
HN Discussion: https://news.ycombinator.com/item?id=19440336
Posted by wil_I_am_27
(karma: 311)Post stats: Points: 129 - Comments: 42 - 2019-03-20T09:23:14Z
Two years ago, Google has silently handed the project E2EMail which was started to enable easy end-to-end encryption in Gmail via a browser extension to "the open source community". Since then the GitHub project is literally dead.
Three years earlier, Google had announced that they are building an end-to-end encrypted Chrome plugin to automatically encrypt emails between Gmail users.
Promise to add email encryption tool to Gmail was marketing move
Five years later, we can conclude that promising easy email encryption in Gmail to millions of users was only a marketing move after the Snowden revelations in 2013. While the E2EMail project would have been a great tool for millions of people to automatically adapt end-to-end encryption, it has been buried by Google when they did not see its marketing benefits anymore.
"The real message is that they’re not actively developing this as a Google project anymore,” said cryptography expert Matthew Green to Wired. "It’s definitely a bit of a disappointment, given how much hype Google generated around this project at one point, to see that they’re not pursuing this as a core feature of Gmail," Green says.
Making email encryption easy is hard
Google officially said that they had not abandoned their move towards encryption. However, they explained that developing easy email encryption is much harder than one might think.
It is difficult to make encrypted emails interoperable with different clients as well as to design the key exchange in an easy-to-use fashion. Issues that are already known to any PGP user, and that didnʼt disappear when Google wanted to add a PGP-based plugin to Chrome.
Nevertheless, ending a project that would have brought end-to-end encrypted emails to Gmail users around the world shows where Googleʼs real interests are: Not in protecting their usersʼ private data, but in harvesting it for their own benefit.
No automatic email encryption in Gmail
Google leaves the question on how to encrypt an email to the user. However, adding an option for email encryption to Gmail remains as complicated as with any other email service: Users need to enable PGP support in their email clients, must generate and mange their own keys and make sure that these keys are kept safe on their devices. Even then, mobile email encryption is basically impossible.
Google wants to leave the final decision about whether or not to make use of encryption to the user, but cryptography expert Matthew Green criticizes this harshly via Twitter, calling it a "self-serving decision":
Google in 2007: HTTPS? That should be the userʼs choice.
Google in 2017: End-to-end encryption? Really ought to be the userʼs choice.
While easy email encryption is a must to make sure no-one can read your personal information, this option will never become available to Gmail users.
The more people use email encryption, the better
We at Tutanota are disappointed that E2EMail is dead. We believe in our right to privacy and fight for it with automatic email encryption ourselves. If Gmail had adopted automatic end-to-end encryption, this would have made a huge difference to todayʼs level of security online. It would have made the Internet so much more secure to millions of users and would have made illegal mass surveillance online impossible.
Unfortunately, Googleʼs move to abandon E2EMail shows us once again that we should not trust large organizations with our private information. Maybe it was illusional from the start to believe that a company so focused on mining user data and posting targeted ads would suddenly start protecting its usersʼ right to privacy with built-in end-to-end encryption in Gmail.
If we want to really protect our privacy, we have to take matters into our own hands. And this is exactly what we have been doing at Tutanota these past couple of years: Building easy-to-use end-to-end encrypted email, free for anyone. In Tutanota your entire mailbox is encrypted so that no-one - not even our developers - can read your personal emails.
Stop waiting for Google, start using encrypted mail now!
If you want to take back your privacy completely, read our recommendations on how to leave Google behind.
HackerNewsBot debug: Calculated post rank: 100 - Loop: 100 - Rank min: 100 - Author rank: 44
Gmail once promised that it will become end-to-end encrypted by default. Unfortunately, this is not going to happen. While it is possible to encrypt certain emails in Gmail with PGP, Google can still read all email meta-data such as email addresses and subject lines. Better use a Gmail alternative that encrypts your entire mailbox and contacts automatically.tutanota.com