Gmail is Making It Easier For Businesses To Send Encrypted Emails To Anyone (theverge.com)
- Reference: 0176893465
- News link: https://it.slashdot.org/story/25/04/01/1440224/gmail-is-making-it-easier-for-businesses-to-send-encrypted-emails-to-anyone
- Source link: https://www.theverge.com/news/640422/google-gmail-email-encryption-enterprise-beta
Unlike Gmail's current S/MIME-based encryption, the new system lets users simply toggle "additional encryption" in the email draft window. Non-Gmail recipients will receive a link to access messages through a guest Google Workspace account, while Gmail users will see automatically decrypted emails in their inbox.
[1] https://www.theverge.com/news/640422/google-gmail-email-encryption-enterprise-beta
Uh huh... (Score:5, Informative)
> Non-Gmail recipients will receive a link to access messages through a guest Google Workspace account
Sounds like an opportunity to have your users market your services for you in the so-called name of "security".
Re: (Score:3)
Yeah this seems actually horrific for privacy, not good. Google encouraging people to store private messages on their own servers, which they have the keys for, and training people to click on links to see "encrypted emails", which is a common phishing vector.
What we need are protocols that make it easy to exchange validated keys, and have encryption as much as possible be client side. Webmail is already problematic, and Google seems to have taken everything one step further and actively encouraged insecuri
Who controls the keys? (Score:4, Insightful)
Sure it's "encrypted" but who is controlling the keys and who can and can't read the message? Google is, obviously.
Re: (Score:1)
Indeed. This has already happened before. We should never forget the Hushmail scandal [1]https://www.wired.com/2007/11/... [wired.com]
[1] https://www.wired.com/2007/11/encrypted-e-mai/
More Google f*ckery (Score:4, Insightful)
Yet another attempt to make standard protocols proprietary.
Google needs to be broken apart.
Re: (Score:2)
Let's see if it works seamlessly with Proton Mail.
Phishers rub their hands with glee... (Score:3)
"Oh, Google is training people to click links to view encrypted messages? Yum!"
What could possibly go wrong?
Security theatre (Score:2)
Real encryption is what protects email content after the attackers have stolen your credentials or an access token that allowed them read your mailbox.
Encrypting email is a fool's errand (Score:2)
I didn't read the featured article because The Verge happens not to be included in my current news subscription package. I'm relying on [1]"Google makes end-to-end encrypted Gmail easy for all – even Outlook users" by Connor Jones [msn.com] and [2]"Google Rolling Out End-to-End Encryption for Gmail Workspace Accounts" by Michael Kan [msn.com].
That said, I've read takes elsewhere that encrypting email in the first place is a fool's errand for several reasons. (Source: [3]"The PGP Problem" (July 16, 2019) [latacora.com])
- First, the subject, reci
[1] https://www.msn.com/en-us/news/technology/google-makes-end-to-end-encrypted-gmail-easy-for-all-even-outlook-users/ar-AA1C4Alj
[2] https://www.msn.com/en-us/technology/tech-companies/google-rolling-out-end-to-end-encryption-for-gmail-workspace-accounts/ar-AA1C4Pe7
[3] https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#encrypting-email
This will destroy heuristic spam filters (Score:2)
...for everyone but Google.
PGP (Score:2, Interesting)
You have to be very lazy or brain-dead to not take the 5 minutes required to set this up in Thunderbird.