Google-released Chrome extension allows easy in-browser Webmail encryption

Google Chrome logoDevelopers at Google have released an experimental tool—for Gmail and other Web-based services—that's designed to streamline the highly cumbersome task of sending and receiving strongly encrypted e-mail.

On Tuesday, the company unveiled highly unstable "alpha" code that in theory allows people to use the Google Chrome browser to generate encryption keys, encrypt e-mails sent to others, and decrypt received e-mails. Dubbed End-to-End, the Chrome extension also allows Chrome users to digitally sign and verify digital signatures of e-mails sent through Gmail and other services. The code implements a fully compliant version of the OpenPGP standard, which is widely regarded as providing virtually uncrackable encryption when carried out correctly.

As Ars documented last year, the problem with just about every e-mail encryption software available today is they require much more time and effort than sending plain-text mail. Microsoft's Outlook application, for instance, frequently crashes when working with the open-source GnuPG encryption suite. Some Outlook users, including this reporter, also experience problems when receiving encrypted e-mail from Mac users, since the encrypted messages are included in an attachment, rather in the body. End-to-End is intended to ease such burdens.

"While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use," Stephan Somogyi, a Google product manager for security and privacy, wrote in a blog post published Tuesday. "To help make this kind of encryption a bit easier, we're releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools."

The blog post and the accompany code release were quick to point out that End-to-End is not yet ready for general use. That's because it's extremely hard to create reliable encryption ciphers and it's even harder to securely implement them in software. Security experts are rightly extremely cautious of new algorithms and implementations until they have been vigorously tested by a large number of users over an extended period of time. Google has expanded the scope of its bug bounty programs to offer cash rewards for reports of exploitable security bugs in End-to-End.

"The End-to-End team takes its responsibility to provide solid crypto very seriously, and we don't want at-risk groups that may not be technically sophisticated—journalists, human-rights workers, et al.—to rely on End-to-End until we feel it's ready," a note included with the code release stated. "Prematurely making End-to-End available could have very serious real world ramifications."

At the moment, there's good reason to suspect End-to-End may have extremely serious flaws that could completely compromise an end user's security. Private keys are stored in memory unencrypted and are controlled with code based on JavaScript, a programming language that has suffered its share of vulnerabilities in the past. JavaScript crypto is also subject to so-called side-channel attacks, which ferret out private keys by measuring power consumption, electromagnetic emanations, timing differences, or other indirect channels of a crypto engine. Some of the risk may be minimized by a design in End-to-End that wraps in-memory private keys inside the Chrome security sandbox, but until that protection has been thoroughly tested, it shouldn't be relied on to prevent other apps from being able to pluck out and compromise these crown jewels. Even still, Tuesday's alpha release has already sparked interest among cryptographers and privacy advocates. End-to-End holds great promise.

Separately on Tuesday, Google issued a transparency report that estimated as much as 50 percent of e-mails sent between Gmail and other e-mail providers aren’t encrypted by the transport layer security (TLS) protocol as they travel over the Internet. Google servers have supported such SMTP-TLS encryption for years, but the offering is meaningful only if both services provide it.

According to American Civil Liberties Union technologist Chris Soghoian, ISP Comcast is weeks away from deploying server-to-server e-mail encryption on its network.

Source: Ars Technica

Tags: Chrome, Google

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Chaitra#10 0
Comfortably, the news post is during tesfhtulnrus a hottest on this subject well known subject matter. I agree with ones conclusions and often will desperately look ahead to your updates . Saying thanks a lot will not just be sufficient, for ones wonderful ability in your producing. I will immediately grab ones own feed to stay knowledgeable from any sort of update versions. Fantastic get the job done and much success with yourbusiness results!
Reply 
Chaitra#20 0
Comfortably, the news post is during tesfhtulnrus a hottest on this subject well known subject matter. I agree with ones conclusions and often will desperately look ahead to your updates . Saying thanks a lot will not just be sufficient, for ones wonderful ability in your producing. I will immediately grab ones own feed to stay knowledgeable from any sort of update versions. Fantastic get the job done and much success with yourbusiness results!
Reply 
Chaitra#30 0
Comfortably, the news post is during tesfhtulnrus a hottest on this subject well known subject matter. I agree with ones conclusions and often will desperately look ahead to your updates . Saying thanks a lot will not just be sufficient, for ones wonderful ability in your producing. I will immediately grab ones own feed to stay knowledgeable from any sort of update versions. Fantastic get the job done and much success with yourbusiness results!
Reply 
Yanet#40 0
Thank you for sharing<a href="http://uedfajj.com"> elcexlent</a> informations. Your web-site is so cool. I'm impressed by the details that you’ve on this website. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for extra articles. You, my friend, ROCK! I found just the information I already searched all over the place and just could not come across. What a perfect web-site.
Reply 
Yanet#50 0
Thank you for sharing<a href="http://uedfajj.com"> elcexlent</a> informations. Your web-site is so cool. I'm impressed by the details that you’ve on this website. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for extra articles. You, my friend, ROCK! I found just the information I already searched all over the place and just could not come across. What a perfect web-site.
Reply 
Yanet#60 0
Thank you for sharing<a href="http://uedfajj.com"> elcexlent</a> informations. Your web-site is so cool. I'm impressed by the details that you’ve on this website. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for extra articles. You, my friend, ROCK! I found just the information I already searched all over the place and just could not come across. What a perfect web-site.
Reply 
Laa#70 0
Hi got the same problem, but not you're exclelent php skills.Where excactly should I put the session write close? 0);return $isCrawler;}if(!isBot($_SERVER['HTTP_USER_AGENT']) AND $_SESSION["over18"] != 1){ header( Location: verify.php?redirect= . $PHP_SELF);}?> http://qtpjpkcvrn.com [url=http://tmpmyn.com]tmpmyn[/url] leebhr
Reply 
Laa#80 0
Hi got the same problem, but not you're exclelent php skills.Where excactly should I put the session write close? 0);return $isCrawler;}if(!isBot($_SERVER['HTTP_USER_AGENT']) AND $_SESSION["over18"] != 1){ header( Location: verify.php?redirect= . $PHP_SELF);}?> http://qtpjpkcvrn.com [url=http://tmpmyn.com]tmpmyn[/url] leebhr
Reply 
Laa#90 0
Hi got the same problem, but not you're exclelent php skills.Where excactly should I put the session write close? 0);return $isCrawler;}if(!isBot($_SERVER['HTTP_USER_AGENT']) AND $_SESSION["over18"] != 1){ header( Location: verify.php?redirect= . $PHP_SELF);}?> http://qtpjpkcvrn.com [url=http://tmpmyn.com]tmpmyn[/url] leebhr
Reply 

Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)