You probably already knew that Google’s Gmail supports encryption. But did you know that when a Gmail user e-mails somebody using an unencrypted service, the message isn’t protected? In fact up to half of all e-mails sent to, and from Gmail are not encrypted because of this. To fix the situation Google intends to start naming and shaming unencrypted e-mail services as part of its periodic transparency report. The company also announced a Google Chrome extension that essentially forces e-mail recipients to use encryption. The shaming seems to be already working given than Comcast is suddenly very interested in e-mail encryption.
The company is implementing what’s called TLS (Transport Layer Security) support. That’s basically a protocol by which a lot of these e-mails actually get protected by encryption. What Comcast is saying is that in the coming weeks they’re going to be unrolling the support for e-mail encryption so that e-mails travelling from them to Gmail will be protected. Google actually has a database of about 6.000 sites, which lists their level of encryption. Some of them are pretty good at this. Others like Hotmail will encrypt only about half of their e-mails. Presumably the reason for that is because a lot of servers must be configured to support encryption on a case by case basis. It could be that some of the companies like Comcast intended to rely on encyption eventually, but they just haven’t gotten around to it yet.
Google is turning the screws not only on the e-mail providers, but also on the users. They announced something called End-to-End. This is a set of code that will eventually going to be turned into a Chrome extension. It’s not ready for public release yet. The company simply released the code so that people can actually read it and make sure that it’s structurally sound before any development actually happens. When ready, it will create a little extension for your browser that will automatically encrypt your e-mails as they’re travelling to the recipient. Google certainly has an interest in this because people could blame them for e-mail that is insecure. But they also seem to be doing it in order to help people that are asking for more security when it comes to sending and receiving e-mails.
The downside is that they seem to be forcing this encryption when maybe you don’t actually want it. It’s never a good thing to take away options from people, but at the end of the day the company is only doing what they think is best.