{"id":6802,"date":"2017-02-27T14:30:22","date_gmt":"2017-02-27T22:30:22","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/27\/news-593\/"},"modified":"2017-02-27T14:30:22","modified_gmt":"2017-02-27T22:30:22","slug":"news-593","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/02\/27\/news-593\/","title":{"rendered":"Google shifts on email encryption tool, leaving its fate unclear"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt1.staticworld.net\/images\/article\/2017\/02\/e2e-100710778-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Mon, 27 Feb 2017 13:34:00 -0800<\/strong><\/p>\n<p> Google is asking developers to take over its effort to make end-to-end email encryption more user-friendly, raising questions over whether it&#8217;ll ever become an official feature in the company\u2019s browser. <\/p>\n<p> On Friday, the search giant said its email encryption tool, originally announced in 2014, was no longer a Google product. Instead, it&#8217;s become a &#8220;full community-driven open source project,&#8221; the company said in a <a href=\"https:\/\/security.googleblog.com\/2017\/02\/e2email-research-project-has-left-nest_24.html\">blog post<\/a>. <\/p>\n<p> The tool is designed to work as an extension to Google&#8217;s Chrome browser that uses the OpenPGP standard to encrypt emails, ensuring that only the recipient can read them, and not the email provider or a government. \u00a0 <\/p>\n<p> The main goal of Google&#8217;s project was to make OpenPGP easier to use. It was announced amid growing scrutiny over U.S. surveillance efforts following disclosures from noted leaker Edward Snowden. <\/p>\n<p> However, the search giant hasn&#8217;t made the extension officially available on its Chrome Web Store. Instead, the project&#8217;s source code has only been <a href=\"https:\/\/github.com\/e2email-org\/e2email\">made available<\/a> on GitHub, a software collaboration site, making the extension harder to install, especially for non-technical users.\u00a0 <\/p>\n<p> The GitHub page also hasn&#8217;t been frequently updated, so it&#8217;s unclear how serious the search giant has been about the effort, or if others will take up the project. <\/p>\n<p> Google didn&#8217;t immediately respond to a request for comment. But the GitHub page is offering the source code to what&#8217;s called E2EMail, a Chrome extension that works with Gmail. &#8220;At this stage, we recommend you use it only for testing and UI feedback,&#8221; the page says. <\/p>\n<p> A screenshot of the E2EMail extension.\u00a0 <\/p>\n<p> In December 2014, Google also <a href=\"https:\/\/security.googleblog.com\/2014\/12\/an-update-to-end-to-end.html\">said<\/a> that its end-to-end encryption tool still wasn&#8217;t as &#8220;usable as it needs to be,&#8221; pointing to the problem of managing the public keys used in PGP encryption. Often, the keys necessary to exchange secure messages are held on a public server or sent via email, but the authenticity of the user providing them is never verified. <\/p>\n<p> Last month, Google announced a separate open-source project, called <a href=\"https:\/\/security.googleblog.com\/2017\/01\/security-through-transparency.html\">Key Transparency<\/a>, that tries to solve this problem. It essentially works as a lookup service for public keys. However, as a safeguard, all the logs can be audited to track for any suspicious activity. <\/p>\n<p> In Friday&#8217;s blog post, Google said the Key Transparency project was &#8220;crucial&#8221; to the development of its end-to-end email encryption efforts. <\/p>\n<p> &#8220;Key discovery and distribution lie at the heart of the usability challenges that OpenPGP implementations have faced,&#8221; it said. <\/p>\n<p> Although Google&#8217;s email encryption tool is no longer a company-led product, Google is still hoping to integrate it with its Key Transparency project, according to the blog post.\u00a0 <\/p>\n<p> In the midst of Google&#8217;s effort, others are also developing new email encryption protocols, too. Last month, the developer behind Lavabit, an email service that Snowden used, <a href=\"http:\/\/www.computerworld.com\/article\/3159663\/security\/lavabit-developer-has-a-new-encrypted-end-to-end-email-protocol.html\">released<\/a> its own open-source encrypted email standard for surveillance-proof messaging.\u00a0 <\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3175025\/data-privacy\/google-shifts-on-email-encryption-tool-leaving-its-fate-unclear.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt1.staticworld.net\/images\/article\/2017\/02\/e2e-100710778-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Mon, 27 Feb 2017 13:34:00 -0800<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p> Google is asking developers to take over its effort to make end-to-end email encryption more user-friendly, raising questions over whether it&#8217;ll ever become an official feature in the company\u2019s browser.<\/p>\n<p> On Friday, the search giant said its email encryption tool, originally announced in 2014, was no longer a Google product. Instead, it&#8217;s become a &#8220;full community-driven open source project,&#8221; the company said in a <a href=\"https:\/\/security.googleblog.com\/2017\/02\/e2email-research-project-has-left-nest_24.html\">blog post<\/a>.<\/p>\n<p> The tool is designed to work as an extension to Google&#8217;s Chrome browser that uses the OpenPGP standard to encrypt emails, ensuring that only the recipient can read them, and not the email provider or a government. \u00a0<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3175025\/data-privacy\/google-shifts-on-email-encryption-tool-leaving-its-fate-unclear.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11063,10439,4314,714],"class_list":["post-6802","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-data-privacy","tag-encryption","tag-internet","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6802","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6802"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6802\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6802"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}