Google announced on Friday that it’s adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.
Pretty much, Google is allowing encrypted emails for companies and possibly personal users in the future.
This would make a big privacy improvement for many people, especially if it is on by default (it’s not currently).
It may also force some people in the privacy community to reconsider their current email provider - is it worth using a privacy-respecting company (Proton, Tutanota, etc) or is it better to use Gmail to send encrypted emails to more people
Ha. I doubt that. Gmail is a Google product. As long as Google relies on ads for their revenue, I wouldnt trust anything they say. Especially since we cant even see the code for all this encryption they’re talking about. You can’t be a company for privacy and the public good while exploiting people’s data for money. Gotta pick one.
GMail is primarily dismissed as an option by the privacy community due to the fact that Google can snoop on your emails whenever convenient. But if it starts rolling out E2EE it essentially solves that issue.
I doubt this. Google has had encryption on Drive, for awhile now, on Enterprise. I’ve yet to hear about this on the consumer plans. Also, I think the business tools and consumer tools, despite being called the same, are not quite the same on the backend. With different teams dedicated to each version.
The company says that the feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers
The way this is worded suggests it will come in the future, although it is the writers wording and not Google’s.
It probably won’t come to personal plans, but fe can always hope
Yeah, it’ll be great to see this rolled into the general public, especially as a default. Though, I’d bet against it happening. Google loves security, but not privacy.
Google is perfectly happy not having access to your personal e-mail, they only care about what you are buying online.
Most of the e-mail that tells them about your purchase history and purchase intent isn’t going to be encrypted, and that is really all they care about. They just want to be able to target you with ads, that is how they make their money.
I disagree. I would presume it to get the same look as WhatsApp. WhatsApp has encrypted messaging, but a lot of metadata gets collected. Sure: WhatsApp is miles better than something unencrypted like SMS, Snapchat or Discord, but it is still not privacy friendly. It is interesting though since privacy friendlier e-mail providers will be less secure in most cases quite possibly.
Email metadata can’t be encrypted by design. Whatsapp chooses to log the metadata by modifying the Signal Protocol. Why even draw a comparison between the two?
Proton and Tutanota have a good track record of keeping things secure.
Doing the key lookup works across different providers, Proton and Tutanota can send E2EE to each other, that technology is already there.
Even if both Gmail and Office365 had the option to use E2EE, I still don’t think most companies would use it when sending emails to customers, it makes sending email a lot more resource heavy. I could see this being similar to letsencrypt, even if the service is available it’s still going to take 10 years before it is fully implemented everywhere and becomes the norm.
Keep in mind that even if everything was E2EE, Google would still get all the encapsulation data from the Gmail users, maybe that is enough for them.
I will never ever trust Google. They built their business on mass surveillance. Just another one of their tricks to lure some fools. Always an angle.
I want to reward companies that have made the right choices from the start or shortly after they started. There is no redeeming for Google, especially considering how they now fully invested in social re-engineering.
While it is a welcome development, the main thing that makes me keep a pair of binoculars instead of doing anything is Google has a pretty messy stance/policies over enterprise VS customer. It is well-known that enterprise customers do enjoy better privacy policies than consumers. However, the finer details, along with how consumers can upgrade if they wish, remain quite vague to this day.
IMO: If Google rolls out E2EE in their consumer services, this would be a massive hit to the major selling point of Proton and other ‘private’ email providers & services. They will always serve the niche privacy audience like ourselves, but I have a hard time believing the average email user will be able to justify migrating away from a free service they’ve been using for possibly a decade or more.
Two weeks ago I would’ve said I don’t think Google will ever roll out E2EE to average consumers, but after Apple’s recent moves, perhaps we may actually see Google step it up.
Google won’t change the other data they collect. They will still keep that data and use it to advertise.
Proton does collect metadata but don’t use that data for advertising and they don’t share it to third-parties.
Overall, Google most likely will still collect as much data as they can and store it. Proton tries to minimise the amount of data collected and will better respect your privacy in all areas they can.
While this is all true, it might be beneficial to use Gmail (if they roll out E2EE to everyone) as it would allow you to send encrypted emails to friends, family, colleagues, etc.
Proton & Tutanota are great, but due to their smaller audience, there aren’t many people that you can send encrypted emails to. I only know 1 person (other than me) with ProtonMail and I have never emailed them for anything (we use Signal to communicate). I know many people with Gmail though, being able to send E2EE emails to them would be great, even if Google collects other data that Proton and others do not.
Why would the people switching to Proton suddenly start trusting Google?
People are leaving Google because they don’t trust them to handle their data, not because they are unhappy with their service.
I have Proton, and most of the e-mail I send or receive can’t be encrypted because the other end doesn’t use encryption.
Even in a perfect world where everything is encrypted, they would still be able to collect the metadata from every email you send or receive. Being able to cross-reference cookie tracking, search history, and Google Analytics with positive confirmation from email invoice titles is probably enough for them, and there is no way to stop this using E2EE.
People don’t switch to Proton because of the E2EE, most people probably wouldn’t even use it if they could turn it off, they leave Google because they don’t trust Google and that isn’t going to change.
