Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Google

Google: Gmail Client-Side Encryption Now Publicly Available (bleepingcomputer.com) 50

Gmail client-side encryption (CSE) is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. BleepingComputer reports: The feature was first introduced in Gmail on the web as a beta test in December 2022, after being available in Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (in beta) since last year. Once enabled, Gmail CSE ensures that any sensitive data sent as part of the email's body and attachments (including inline images) will be unreadable and encrypted before reaching Google's servers. It's also important to note that the email header (including subject, timestamps, and recipients lists) will not be encrypted. "Client-side encryption takes this encryption capability to the next level by ensuring that customers have sole control over their encryption keys -- and thus complete control over all access to their data," Googled explained.

"Starting today, users can send and receive emails or create meeting events with internal colleagues and external parties, knowing that their sensitive data (including inline images and attachments) has been encrypted before it reaches Google servers. As customers retain control over the encryption keys and the identity management service to access those keys, sensitive data is indecipherable to Google and other external entities."
This discussion has been archived. No new comments can be posted.

Google: Gmail Client-Side Encryption Now Publicly Available

Comments Filter:
  • by Anonymous Coward on Wednesday March 01, 2023 @02:17AM (#63332057)

    Like the other offerings of the same ilk (Drive, Docs, Calendar), this is not as secure as it makes out to be. The private key is managed by Google controlled code and thus within their reach, if they were compelled to decrypt.

    • ... private key is managed by Google ...

      To use Google Workspace Client-side encryption (CSE), you first need to set up one or more external key services. You can do either of the following:

      • Use one of Google's key service partners.
      • Build your own key service—Create a standalone service or embed it into your product using the Google Workspace Client-side Encryption API.
    • For these kinds of systems, most of the time the EULA explicitly tells you the keys are stored on the cloud. Why anybody thinks a product pitched as "client-side" is actually under user control is beyond me.

  • Is this PGP with more or less steps?

  • Could someone describe how or why would your organization use this?

    I cannot figure out a real use case. My companies have used Google as identity provider, email / office / comms tool and so on. In all those cases, you will and must trust Google fully. You will list it as your data sub-processor, you will trust it with tour passwords (in Chrome storage or wherever) and 2FA and so on.

    Having an encryption layer on top of this... changes nothing.
    I understand the tech, but I don't understand the need.

    Does anyon

    • Re: (Score:3, Interesting)

      you clearly don't understand the tech https://developers.google.com/... [google.com] you don't have to trust it with your passwords. you set up your own encryption server (or use a 3rd party). Gmail (the browser or app) send the message to your encryption server, your server encrypts it and ends back an encrypted blob, google stores the blob which it can't decrypt since it doesn't have and never sees the keys.
      • by lsllll ( 830002 )
        So Google can't see the content of the message, but the encryption server can see it. And most people will set up their own encryption server which they fully control. Got it.
        • Encryption server (or provider) only provides the key for use in decrypting the contents of the email in the browser. It cannot see the contents of the email.

          • by unrtst ( 777550 )

            Encryption server (or provider) only provides the key for use in decrypting the contents of the email in the browser. It cannot see the contents of the email.

            Though correct that the external encryption key service only provides the key, they also clearly state in their FAQ:
            How is CSE different from end-to-end (e2e) encryption?
            With client-side encryption (CSE), encryption and decryption also always occur on the source and destination devices, which in this case are the clients' browsers. However, with CSE, clients use encryption keys that are generated and stored in a cloud-based key management service, so you can control the keys and who has access to them. For

          • by lsllll ( 830002 )
            I get that, but certificates are never kept confidential and are easy to get a hold of in various way. It's always the "key" that is guarded. This whole thing stinks of giving an "illusion" of full encryption that nobody would be able to get to.
      • by gweihir ( 88907 ) on Wednesday March 01, 2023 @04:42AM (#63332277)

        And Google is entirely free to have backdoors in their software, leak keys, etc. As long as they control the gmail client, Google has access if they want to. Believing anything else is just utterly naive.

        • by AmiMoJo ( 196126 ) on Wednesday March 01, 2023 @07:55AM (#63332481) Homepage Journal

          Don't let perfect be the enemy of good. Most email is unencrypted and every attempt to get people to use encryption has failed.

          This gives organizations a very easy and transparent way to enable encryption for their staff. While yes in theory Google might have backdoored it, risking massive reputational damage and probably some criminal charges too, even if they have it's still vastly better than the alternative: nothing.

          • Don't let perfect be the enemy of good.

            Don't let stupid bullshit be the enemy of good, either. Getting your encryption software from a member of PRISM is like buying your condoms from the Vatican.

            • by gweihir ( 88907 )

              Don't let perfect be the enemy of good.

              Don't let stupid bullshit be the enemy of good, either. Getting your encryption software from a member of PRISM is like buying your condoms from the Vatican.

              Actually, buying condoms from Companies with (partial or full) Vatican ownership is probably safe, as "backdoors" in these would become publicly known without a year or so.

              • I searched out of curiosity, it turns out the Vatican pharmacy does not sell contraceptives https://en.wikipedia.org/wiki/... [wikipedia.org] They would not sell backdoored condoms, because in their view it's the intent of using condoms that is a sin, even is the execution is ineffective. The intent of Vatican is that there is no sin, not to increase the number of children at all costs. The same way I intended to kill the President (or the Pope) and the police knew, they would arrest me as soon as they could, not provide m

            • by AmiMoJo ( 196126 )

              Okay, you don't trust it. What is your alternative?

              Forget GPG, tried that, doesn't work. Forget Signal, you need email for documentation/archival.

              What are you going to use instead?

              • Forget GPG, tried that, doesn't work.

                Yes, it does work. There are multiple browser addons to implement gpg with gmail for example. I used to install them but nobody else was using encryption so I gave up. If you can't figure out how to use GPG with Gmail, then I really, really don't know what else to say to you.

                • by AmiMoJo ( 196126 )

                  Nobody else uses them because they are unsupported at best. Besides, you are just trusting some random extension maker with access to your Gmail account. You could try to look at the source, but most IT departments are not qualified to safe if it is safe or not.

                  If there was another solution then businesses would be using it. Google is offering them a way to tick that box on their security and compliance audit, and realistically those businesses are probably more at risk from their own employees than from so

            • by ei4anb ( 625481 )
              Actually, the Vatican used to have shares in The London Rubber Company, the makers of Durex
          • by gweihir ( 88907 )

            The one thing that is worse than bad security is fake "good" security, because then people start to rely on it and become _less_ secure.
            You are wrong, sorry.

    • by gweihir ( 88907 )

      The "use case" is often called "feel-good security" which is not a form of security, fake-security intended to make those without a clue feel good about themselves. Works really well on a lot of people, because the vast majority of the human race has no clue as to how things actually work. Obviously the primary attacker here is Google itself and they will have no trouble obtaining your key or messages if they want to. It does not even need to be as blatant as grabbing your secret key. It would be perfectly

    • Could someone describe how or why would your organization use this?

      It's for people smart enough to know they need encryption, but too stupid to get encryption from someone other than the people running the server. IoW, it's for nobody.

  • by zenlessyank ( 748553 ) on Wednesday March 01, 2023 @03:39AM (#63332161)

    Just curious.

  • by Anonymous Coward

    At least some people can be taught to save attachment, right click on it, select decrypt, then treat the result like a normal archive. Yet we like to assume nobody can. So encryption must be cookie-cutter and "user-friendly". I don't think that's sustainable.

    It also doesn't mesh well with throwing highfalutin' crap in there that only a crypt-utopia-nerd (pgp's web of trust) or a bureaucrat (the hassle with certificates) would love. I don't think trying to paper over all that with yet another layer of in-th

  • By not encrypting the email headers, you are making all of those communications vulnerable to discovery motions and FISA warrants against Google. If not only yourself, but anyone you have ever emailed is scooped up in a FISA warrant, all of your communications can become part of the evidence.

    • By not encrypting the email headers, you are making all of those communications vulnerable to discovery motions and FISA warrants against Google.

      The whole purpose of this feature... well, it's to sucker the suckers, really. But the idea is that the content of the mail is encrypted in a way that google can't read it. If you encrypt the headers as well, they cannot deliver the mail. Conversely, even if the headers were encrypted somehow, in a way that google could read them, guess what? They have to decrypt them to read them, and they are a member of PRISM, so the only safe assumption is that they will forward the headers on to the DHS anyway.

      Maybe le

      • by brunes69 ( 86786 )

        Er.. I know how email works, thanks.

        What I am trying to highlight is there is no way to securely send email from a personal or work account like this. It is a false flag, and I don't want people to fall for this.

        • If the mail is expected to pass through even one server outside of your control, there is no header security. That's why nobody expects there to be any.

          • by brunes69 ( 86786 )

            Exactly - so don't do it. Use an anonymous account with something like Protonmail or use a totally different communications mechanism.

            Email should never be relied on for secure communications. It is insecure by design, and can not be made secure.

            • OK, but you cannot solve this problem with any system where the message has to go to another system. At some point, some server outside of your control has to decode the headers so they can be used for routing. You can already choose to put nothing meaningful into any of the headers except the destination*, so that really doesn't differentiate email from anything else.

              * And of course you also have to use a valid from domain these days, if you expect your mail to be delivered, so anti-spam measures have made

              • by brunes69 ( 86786 )

                The point is, if I send email from Protonmail, it can not be tied to me due to how Protonmail works. So even if it gets scooped up in a FISA warrant or other discovery, it does not matter.

                If your Gmail gets scooped up in a FISA warrant or discover process, it can certainly be tied to you - which now brings *ALL OTHER ACTIVITY* into scope as well.

                • The point is, if I send email from Protonmail, it can not be tied to me due to how Protonmail works.

                  hahaha no [privacyaffairs.com]

                • If you do something on a computer, it CAN be tied to you. It's just a matter of getting the right access and logs. It may be extremely difficult and MAY not be possible at some point in time. But, it's never a good idea to think there is some bulletproof system that allows you to send messages 100% safely without being traceable.

  • I'm not sure in what situations this would be useful to me considering I'm a student and use their Education Plus version. I would be much more comfortable if they made their plagiarism checker like https://fixgerald.com/ [fixgerald.com] which I would use a lot more often for studying. As it is, it's just another piece of news that looks interesting but isn't particularly useful.

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...