Google Moves End-To-End Email Encryption Project To GitHub

from the good-to-see dept

Back in June we wrote about Google's "End-to-End" project to enable full (real) end-to-end encryption in email via a Chrome extension. For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails). This isn't going that far, but making it much easier for individuals to truly encrypt their own emails (without any backdoors for the email provider) is definitely a big step forward. So it's good to see that the company has now moved the project to GitHub, and that Yahoo's Chief Security Officer, Alex Stamos, has been contributing to the project as well. Having two of the biggest webmail providers working together on an open source system for better encrypting emails end-to-end is a huge win for privacy and security. The project is still in its early days, and Google warns that it's not yet ready to release the extension in the Chrome Web Store, but it's great that things are moving forward. Of course, for those of you who can't wait, there already some extensions like Mailvelope that are pretty easy to use (though, some worry are not quite as secure as other options).

Filed Under: email, encryption, end-to-end, open source
Companies: google, yahoo


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Michael, 17 Dec 2014 @ 5:23pm

    There goes Google again - trying to prevent law enforcement from tracking down terrorists, pirates, and pedophiles.

    Can't everyone agree that we need to stop all of this data encryption crap for the sake of the children?

    reply to this | link to this | view in chronology ]

    • icon
      Josh (profile), 17 Dec 2014 @ 5:51pm

      Re:

      But, if we let them, then the FBI/CIA/NSA will be able to get millions of more dollars and say they are trying to save the kids while evil big companies like google just want them dead.

      Let them put up their firewalls and encryption, think of the money.. kids.

      reply to this | link to this | view in chronology ]

    • icon
      Josh (profile), 17 Dec 2014 @ 5:51pm

      Re:

      But, if we let them, then the FBI/CIA/NSA will be able to get millions of more dollars and say they are trying to save the kids while evil big companies like google just want them dead.

      Let them put up their firewalls and encryption, think of the money.. kids.

      reply to this | link to this | view in chronology ]

  • icon
    Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

    For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).


    True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.

    reply to this | link to this | view in chronology ]

    • icon
      R.H. (profile), 18 Dec 2014 @ 9:28am

      Re:

      They'd still be able to do some spam filtering based on the header (which can't be encrypted if you want your mail delivered) but, other than that, they could do the full anti-spam filtering at the time of decryption.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 18 Dec 2014 @ 10:25am

        Re: Re:

        "they could do the full anti-spam filtering at the time of decryption"

        Not if it's truly end-to-end, since Google would never have access to the decrypted text.

        reply to this | link to this | view in chronology ]

  • icon
    Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

    For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).


    True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.

    reply to this | link to this | view in chronology ]

  • icon
    Baruch Moskovits (profile), 17 Dec 2014 @ 7:06pm

    For years now, we've been among those arguing that Google should actually offer end-to-end encryption by default (which would make the company unable to read your emails).


    True end-to-end encryption would prevent some value added feature from working...like the ability for Google to scan for viruses or offer any sort of spam filtering.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Dec 2014 @ 7:34pm

      Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm

      deja vu

      reply to this | link to this | view in chronology ]

      • icon
        Baruch Moskovits (profile), 17 Dec 2014 @ 7:47pm

        Re: Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm

        My bad. I hit submit three times. Techdirt doesn't provide a way to delete your own comments.

        reply to this | link to this | view in chronology ]

        • identicon
          Cereal Kipper, 17 Dec 2014 @ 10:22pm

          Re: Re: Response to: Baruch Moskovits on Dec 17th, 2014 @ 7:06pm

          Baruch Moskovits on Dec 17th, 2014 @ 7:06pm

          'My bad. I hit submit three times. Techdirt doesn't provide a way to delete your own comments.'

          Three strikes, you are now under close surveillance, SWAT on their way, you tried to flood Techdirt's servers, I bet you are North Korean?

          reply to this | link to this | view in chronology ]

    • icon
      Frok (profile), 19 Dec 2014 @ 12:34am

      Are you gods?

      Scan then 'encrypt'.

      Keymaster and Gatekeper... how could that end poorly?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Dec 2014 @ 7:35pm

    Sounds great, as long as none of GitHub's interns go political and delete the project...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Dec 2014 @ 7:01am

    Lions and Tigers and Bears! Oh My!

    Who will protect us without a Golden Key?

    reply to this | link to this | view in chronology ]

  • icon
    Goyo (profile), 18 Dec 2014 @ 10:01am

    github instead of google code?

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 18 Dec 2014 @ 10:27am

      Re:

      Indeed. Apparently, Google wanted this to be available to the wider OSS community, so they made it available in a place that makes it available to more people than google code does.

      reply to this | link to this | view in chronology ]

      • icon
        Goyo (profile), 18 Dec 2014 @ 11:16am

        Re: Re:

        The whole point of google code is to make code available to the wider OSS community.
        They can make the code available to the same people (that is, anyone interested) using google code or github or sourceforge or launchpad or bitbucket or...

        I'd have expected google to eat their own dog food.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 18 Dec 2014 @ 12:32pm

          Re: Re: Re:

          "The whole point of google code is to make code available to the wider OSS community."

          Kinda. Google code is not the go-to place for OSS code (and probably never will be). I think they wanted to host this stuff because it's more convenient for them & their own projects.

          reply to this | link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 18 Dec 2014 @ 1:58pm

      Re: github instead of google code?

      Either way, people can clone the project easily enough.

      Whereas I think it’s easier to get an account on GitHub, which means people can publish their own changes more easily, send patches and pull requests upstream, etc.

      In other words, it becomes a true two-way community project on GitHub.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Dec 2014 @ 10:34am

    Extra! Extra! Google Code sucks so bad that Google puts their projects on Github. Oh the irony!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Dec 2014 @ 12:03pm

    google cares about privacy, like dick chaney cares about not tourturing people. but people will probably love the new free google anal feedings.

    reply to this | link to this | view in chronology ]

  • icon
    Frok (profile), 19 Dec 2014 @ 12:32am

    leg in the middle, all the better to secretly trascribe GV

    End to End [to other end]

    Google in the middle makes everything more rape profitably better.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Dec 2014 @ 5:54pm

    Github is not that safe.

    reply to this | link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 20 Dec 2014 @ 3:43pm

      Re: Github is not that safe.

      But Git is. It uses SHA-1 hashes to identify every important object in its database. If anybody tried to sneak an unauthorized change into a copy of a repo on GitHub (or anywhere else), alarm bells would ring as soon as anybody tried to pull from that.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2014 @ 7:52pm

    I hope it doesn't contain any backdoors.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.