Google has today announced that it plans to support end-to-end encryption with Gmail via a Chrome extension, making it harder for others (such as intelligence agencies) to snoop on your emails.
End-to-end encryption sees the sender encrypting data (in this case, an email) before it is sent to its intended recipient. It stays encrypted until the receiving party decrypts it, meaning that no third party can intercept and read or tamper its contents. And while it sounds like a great idea, the only problem with end-to-end encryption is that they are very difficult to set up and use unless you have the required technical know-how.
It is this problem that Google wants to solve with its new plugin, aptly called ‘End-to-End’. The plugin will use the OpenPGP standard to encrypt, decrypt, digitally sign (i.e attach a signature that verifies that you sent the email) and verify other digitally signed emails.
However, you will not find the extension in the Chrome Web Store as Google believes its not ready just yet for everyone to use. Instead, it has released the source code so that its developer community can test and offer suggestions to make it secure enough. It is also offering financial incentives for developers to find bugs through its Vulnerability Reward Program.
“The End-To-End team takes its responsibility to provide solid crypto very seriously, and we don’t want at-risk groups that may not be technically sophisticated — journalists, human-rights workers, et al — to rely on End-To-End until we feel it’s ready. Prematurely making End-To-End available could have very serious real world ramifications,” the developers wrote on the extension’s Google Code project repository.
Padlock image via Shutterstock