Breaking news! It’s now raining cats and dogs! No . . . wait, Google is just planning to implement E2EE. I just thought the former occurrence was more likely than that latter. Yeah, so google is now implementing E2EE. That’s a surprising bonus for the privacy committee. What do you all think, you think this is actually a step forward or will it just be a repeat of apple’s “E2EE”
Seeing it’s only for paying enterprise accounts it makes way more sense. Average users will not have access to encryption, only business accounts. Google doesn’t want the liability of knowing their discussions so it’s all just marketing BS right now unfortunately.
Also I am guessing that they will have keys to get around it when the Feds ask. Or maybe even just have them made for the Feds. When big players like Google really start pushing E2EE (especially when or if they make it standard for the most basic accounts). I start questioning if or how they might be working with (or at least might have undercover agents as employees in the right places) any or all agencies/departments of any/all the intelligence complex. Nice to have E2EE for at least protecting against some non-state actors of course. But if they build methods for decryption “for legal law/government access”, then it is only time before non-state actors also get access. Which then effectively results in non-secure messaging (email or other), just with extra steps.
anyone who believes it’ll be truly “end to end encrypted” I got a bridge to sell ya…
Same. Back in the late 90s when including encryption in your software could land you in serious trouble, then was suddenly okay, the hairs on my neck stood up with the same suspicion.
Its another step in the direction of “email” by name only. Microsoft is doing the same with their outlook/office365 “email” accounts for business customers that are hardly recognizable as normal standardized email any more.
“End to end encryption” who owns the keys?
I wonder if the encryption will work between different encrypted services - so protonmail <-> gmail encryption will work automatically. Or if they will only enable the encryption for gmail <-> gmail correspondence.
We have GNUPG since 1987 you can use it in gmail or another mail server. It is Libre Software.
Tbh email sucks from a security/privacy point of view. The protocol is stone age old and has not aged well. PGP is a security joke (compared to decent protocols).
This might be a bit hyperbolic, but you get the idea. I think that the email spec should be redone from the ground up. I know it’s not going to happen tho.
I definitely agree. From what I understand about email security it’s more of a safety net of security right below the tight-rope. What needs to be done is we just need to build a bridge instead of making everyone use the tight-rope.
@SrEstegosaurio @dodo
Only the biggest email provider can determine the course of the email protocol. As once one big provider adopts a new protocol it creates a domino’s effect on all the others for many reasons (compatibility, privacy, security)