Forgot your password?
typodupeerror
Chrome Encryption Communications Google

Google Announces 'End-To-End' Encryption Extension For Chrome 100

Posted by Soulskill
from the wouldn't-beginning-to-end-work-better dept.
Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.
This discussion has been archived. No new comments can be posted.

Google Announces 'End-To-End' Encryption Extension For Chrome

Comments Filter:
  • by Anonymous Coward on Tuesday June 03, 2014 @06:52PM (#47160581)

    Remember 'reflections on trusting trust'?

    That again? [schneier.com]

    With that said, this is just ridiculous. What if you're actually the only sentient being in existence, and everything is just part of your dream? What if we're all in the matrix? What if, what if, what if!

    Personally, I don't care about vastly unlikely possibilities. Something needn't be 100% safe for me to use it. Obviously. I don't see why people are obsessed with all these vastly unlikely possibilities.

  • by IamTheRealMike (537420) <mike@plan99.net> on Wednesday June 04, 2014 @09:16AM (#47163623) Homepage

    Why? Even if you disregard the reports that have described close cooperation, and exchange of employees, between Google and NSA and other TLA agencies.

    Which reports? Could you show me these reports describing close cooperation with respect to spying on people between Google and the NSA?

    And the head of Google publicly stating that "you have no privacy, get over it".

    I think you are grossly misquoting Eric Schmidt who said words to the effect of, people have to understand the PATRIOT Act, what powers it gives the US government and how little companies can do to fight it. They can't assume they can put stuff into Google and have it be inaccessible to the US Govt. And you know what? He was dead right, wasn't he? But he got crucified by idiots like you for unemotionally stating the facts of the law. A better example of shooting the messenger is hard to find.

    What about Google's actions or solutions are so different than the other players that they have earned that trust.

    Which other players do you mean? If you mean, big web companies, how about:

    Being the first big webmail provider to enable SSL for everyone, all the time. Being the first to develop and then open source TLS forward secrecy code (ephemeral EC Diffie Hellman), then being first to activate it. Developing the first SSL pinning implementation, and catching Iran when they tried to use a hacked CA to monitor everyone. Being first to encrypt all internal traffic, something Yahoo is planning to catch up on maybe by the end of this year. Being first to publish transparency reports. Being first to publish statistics on SMTP TLS to help shame companies into upgrading (looking at you Apple). Being first to add and activate new ciphersuites in TLS (ChaCha20 and Curve25519) to replace the horribly broken RC4. Being first to release a new, modern PGP implementation.

    If you put down the Google hate I think you'll find they've done a heck of a lot and routinely raised the bar over the past few years. No, they don't collectively march themselves to jail when served with a court order but that's a failure of our governments and indirectly the people who elect them.

    Ob. disclaimer: I used to work for Google, doing security related stuff. And I think my colleagues achieved the best that can be expected of them in this arena. Certainly they went well beyond what other companies were doing (nothing).

With all the fancy scientists in the world, why can't they just once build a nuclear balm?

Working...