topic Google introduces End to End Encryption on GMAIL in Tech Talk

Google introduces End to End Encryption on GMAIL

dcontesti — Mon, 19 Dec 2022 23:17:04 GMT

Google announced on Friday that it's adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.

https://www.bleepingcomputer.com/news/security/google-introduces-end-to-end-encryption-for-gmail-on-the-web/

Re: Google introduces End to End Encryption on GMAIL

JoePete — Tue, 20 Dec 2022 02:46:12 GMT

@dcontesti wrote:
Google announced on Friday that it's adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.

The "outside their domain" part would seem to require the footnote "provided that the domain uses Gmail" unless I am missing something. Basically, Gmail is managing keys for their users, allowing people to seamlessly encrypt (using public keys) and Gmail users to decrypt using private keys. I suppose they could have BYOK (bring your own keys) option. Overall, it is a great business strategy as now to "securely" email you will have to be part of the Google ecosystem. From a security standpoint, Gmail probably has the best chance at getting people to finally adopt encryption for email even though we have had options for a good 30 years now.

Re: Google introduces End to End Encryption on GMAIL

CraginS — Tue, 20 Dec 2022 04:36:43 GMT

But not for the general public individual GMail subscribers, only for enterprise managed accounts.

Re: Google introduces End to End Encryption on GMAIL

denbesten — Tue, 20 Dec 2022 15:05:41 GMT

@JoePete wrote:
The "outside their domain" part would seem to require the footnote "provided that the domain uses Gmail" unless I am missing something.

No clue how Gmail implements this, but one way I have seen is to email a link that the "outside the domain user" can click to retrieve the actual message (after authenticating to Google's satisfaction). My doctor's office does this. Horrendously bad UX and they can't quite understand how someone that is as techie as me does "not have an email address".

Re: Google introduces End to End Encryption on GMAIL

denbesten — Tue, 20 Dec 2022 15:07:44 GMT

"Security" features should not be optional extra-cost add-ons.