Google putting PGP into Gmail?!

[bill]

Making end-to-end encryption easier to use

"End-to-end" encryption means data leaving your browser will be encrypted until the message's intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.

Google is really putting PGP into their mail (via a Chrome extension)? That would kill their ad business model, wouldn't it?

[Rooftop]

Gmail ads appear to work a lot like AdSense for Content.  A shrinking proportion of AFC ads are now contextually targetted. Between remarketing via a zillion ad networks plus demographic and interest targeting they usually have something interesting to show... particularly if you are logged into a Google account.

Also, presumably they can still read the screen anyway. It's been decrypted by then.

My take on end-to-end is that it is targetted more broadly at webmail services.  I think you can get this result in Gmail already. End to end means that you can force the same on other services (I might have that wrong - haven't yet read it in detail)

[rcjordan]

>end to end

I don't know much about this but I did see a headline yesterday saying that G was calling out MS and Y (I think it was Y) about not encrypting the other end.

[bill]

This looks a lot like the Mailvelope Addon that you can use in Chrome and FF to PGP your webmail. It's using Javascript OpenPGP to encrypt and decrypt, so it should be hiding the mail content from GG completely. There's still the header meta data like who you sent the mail to and what the subject was. They can always see that.

The end-to-end stuff was about other webmail providers not using TLS when connecting to Gmail. That would stop your e-mail from being like an open postcard, and put it into an envelope of sorts. (The webmail providers can still see it, but nobody in transit could.)