Google Rolls Out Gmail End-To-End Encryption On Mobile Devices (bleepingcomputer.com)
- Reference: 0181531912
- News link: https://it.slashdot.org/story/26/04/10/1620217/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices
- Source link: https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/
> Starting this week, encrypted messages will be delivered as regular emails to Gmail recipients' inboxes if they use the Gmail app. Recipients who don't have the Gmail mobile app and use other email services can read them in a web browser, regardless of the device and service they're using.
>
> [...] This feature is now available for all client-side encryption (CSE) users with Enterprise Plus licenses and the Assured Controls or Assured Controls Plus add-on after admins enable the Android and iOS clients in the CSE admin interface [3]via the Admin Console . Gmail's end-to-end encryption (E2EE) feature is powered by the client-side encryption (CSE) technical control, which allows Google Workspace organizations to use encryption keys they control and are stored outside Google's servers to protect sensitive documents and emails.
[1] https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/
[2] https://workspaceupdates.googleblog.com/2026/04/gmail-end-to-end-encryption-now-available-on-mobile-devices.html
[3] https://knowledge.workspace.google.com/admin/security/client-side-encryption-setup-overview
Let me guess: new standard? (Score:1)
Did they use OpenPGP or x.509-baed S/MIME? Let me guess: something new.
How are keys introduced? Let me guess: Google is fully trusted to do it for the users.
Re: (Score:3)
Google learned to embrace, extend and extinguish right out of Microsoft's playbook. They were excellent students and you can see the results in how email and web "standards" work today.
The difference is that when Microsoft did it the authorities eventually started getting in their way to promote more openness and competition again. So far there is little sign that anyone intends to challenge the way a few tech giants have recently been capturing long-established standards that we rely on for what have becom
What I want for Christmas from the google (Score:2)
Is NOT this encryption. Why don't I want this encryption? Can't possibly be because I don't trust the google anymore, so I am sure that it includes back doors of their convenience.
Can't imagine how today's google could convince me that they have changed their business model in a way that they aren't selling me as the product. Funny related reading is Disrupted by Dan Lyons. Actually a couple of years old, but still funny.
What do I actually want from the google? Right now the #1 priority would be a way to
Re: (Score:2)
*sigh*
s/on my time/on my time/
And probably other mistakes.
Re: (Score:2)
*sigh* !
s/on my time/on my dime/
My fingers and eyes are borken [sic].
Re: (Score:2)
I completely sympathize with you. As I also hate it when one of my snark filled grammar Nazi posts backfires and embarrasses the fuck out of me.
Your ears must be hot from the humiliation and you can't edit nor delete it. LOL!
Re: (Score:2)
> What do I actually want from the google? Right now the #1 priority would be a way to delete the garbage in my google account.
What I actually want from the google is for them to just fuck off and die. Seriously, at this point the world would be a better place without them, even given all the disruption that nuking them would cause. Short-term pain for long-term gain, etc.
Client (Score:5, Insightful)
E2E doesn't matter very much if you also control the client.
Re: (Score:2)
Indeed. And there is a second problem: Since this seems to be gmail-only, it does not solve any issues with email sent over the open Internet. Unless gmail uses non-encrypted protocols for the client connections?
I am a bit confused as to what advantage this supposedly has?
Re: (Score:2)
> what advantage this supposedly has?
The data stored in their cloud is stored encrypted with your key, which is undoubtedly better. So a government request for data on their servers would return nothing.
But just like the recent [1]"Antifa" Signal Group Chat [slashdot.org] showed again that the most vulnerable piece of the equation is the end device. And is also true for non-government threat actors.
But Google making their infra able to be used more privately is still a good thing.
[1] https://mobile.slashdot.org/story/26/04/10/1656218/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-data
"End to End" (Score:4, Informative)
Except Google can still read, index and process your email messages as they are delivered to them. In reality, this is just taking competition away from reading from the wire. Everything else continues to be managed by Google.
So, Only Google Can Spy on You? (Score:2)
Google putting end-to-end encryption is like putting a pillow on top of the hand-grenade you're sitting on.
"User friendly", you say (Score:2)
At this time that still means reduced security. That will eventually change, but not anytime soon. That said, for most uses, this should be fine, even if one goal is obviously creating a google-only email system.
Non enterprise? (Score:2)
I see nothing in tfs about how non enterprise users can have the illusion of privacy as well.
Re: (Score:2)
Because if you aren't paying with money, then your data and your eyeballs on targeted ads are the payment.
Google and Privacy (Score:2)
are words that do not go together. I await the news that Google has the keys to this and use it for...whatever nefarious purposes...very soon now.
Re: (Score:3)
I await the news that Google has the keys to this and use it for.
You're unlikely to hear this news without either another Snowden level leak, or a very long, drawn out legal battle.
Re: (Score:1)
RTFS
> Gmail's end-to-end encryption (E2EE) feature is powered by the client-side encryption (CSE) technical control, which allows Google Workspace organizations to use encryption keys they control and are stored outside Google's servers to protect sensitive documents and emails.