Google Releases End-to-End Encryption Extension

2014-06-04T07:44:09
ID THREATPOST:D02B492458B1C898C8B416BBEF29950E
Type threatpost
Reporter Dennis Fisher
Modified 2014-06-05T13:59:41

Description

Google has released an early version of a Chrome extension that provides end-to-end encryption for data leaving the browser. The extension will allow users to encrypt emails from their webmail accounts.

The move by Google is another step in the process of making Web communications more secure and resistant to surveillance. The End-to-End extension is in alpha form right now, but Google officials plan to make it available in the Chrome Web Store once the kinks are worked out. The new tool is based on OpenPGP and is meant to be a more user-friendly encryption option than programs such as PGP, which can be difficult to configure and use.

“While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools,” Stephan Somogyi, product manager, security and privacy at Google, wrote in a blog post.

The new extension may not be for everyone, as most Gmail users and users of other Webmail services may not need to encrypt all of the messages to and from their accounts. But it could be a key tool for users who may be targeted by surveillance or attackers.

“We recognize that this sort of encryption will probably only be used for very sensitive messages.”

“We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection. But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it,” Somogyi said.

Google also has released a cache of data on the volume of encrypted email that flows in and out of its Gmail service. The new report includes data on which providers encrypt email messages in transit across their networks. Google’s data shows that more than 99 percent of the email coming into Gmail from Amazon services is encrypted and 100 percent of the messages from facebookmail.com are encrypted. Twitter also scores above 99 percent on inbound encrypted mail, and Yahoo encrypts greater than 95 percent. Hotmail, meanwhile, shows that grater than 50 percent of the messages coming from its network are encrypted.

Across the entire data set, 69 percent of outbound email from Gmail is encrypted, and 48 percent of mail inbound to Gmail is encrypted.