Forgot your password?
typodupeerror
Chrome Encryption Communications Google

Google Announces 'End-To-End' Encryption Extension For Chrome 100

Posted by Soulskill
from the wouldn't-beginning-to-end-work-better dept.
Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.
This discussion has been archived. No new comments can be posted.

Google Announces 'End-To-End' Encryption Extension For Chrome

Comments Filter:
  • by sinnergy (4787) on Tuesday June 03, 2014 @05:32PM (#47159997) Homepage

    From joe scriptkiddy sure, but not from the people you actually don't want reading your mail.

    • by ZeroPly (881915) on Tuesday June 03, 2014 @05:44PM (#47160091)
      Yes, of course you can trust it. It offers +12 resistance against National Security Letters.
      • Re: (Score:3, Insightful)

        by LordLimecat (1103839)

        Google has earned a heck of a lot more trust in terms of security than any of the other big internet players.

        • by Anonymous Coward

          Google has earned a heck of a lot more trust in terms of security than any of the other big internet players.

          Why? Even if you disregard the reports that have described close cooperation, and exchange of employees, between Google and NSA and other TLA agencies. And the head of Google publicly stating that "you have no privacy, get over it". What about Google's actions or solutions are so different than the other players that they have earned that trust. If anything, it seems that Yahoo and Microsoft have gone to greater lengths in fighting NSA letters and similar.

          • by easyTree (1042254)

            What about Google's actions or solutions are so different than the other players that they have earned that trust.

            If anything, it seems that Yahoo and Microsoft have gone to greater lengths in fighting NSA letters and similar

            Same question to you... "Any what way?"

          • by IamTheRealMike (537420) <mike@plan99.net> on Wednesday June 04, 2014 @09:16AM (#47163623) Homepage

            Why? Even if you disregard the reports that have described close cooperation, and exchange of employees, between Google and NSA and other TLA agencies.

            Which reports? Could you show me these reports describing close cooperation with respect to spying on people between Google and the NSA?

            And the head of Google publicly stating that "you have no privacy, get over it".

            I think you are grossly misquoting Eric Schmidt who said words to the effect of, people have to understand the PATRIOT Act, what powers it gives the US government and how little companies can do to fight it. They can't assume they can put stuff into Google and have it be inaccessible to the US Govt. And you know what? He was dead right, wasn't he? But he got crucified by idiots like you for unemotionally stating the facts of the law. A better example of shooting the messenger is hard to find.

            What about Google's actions or solutions are so different than the other players that they have earned that trust.

            Which other players do you mean? If you mean, big web companies, how about:

            Being the first big webmail provider to enable SSL for everyone, all the time. Being the first to develop and then open source TLS forward secrecy code (ephemeral EC Diffie Hellman), then being first to activate it. Developing the first SSL pinning implementation, and catching Iran when they tried to use a hacked CA to monitor everyone. Being first to encrypt all internal traffic, something Yahoo is planning to catch up on maybe by the end of this year. Being first to publish transparency reports. Being first to publish statistics on SMTP TLS to help shame companies into upgrading (looking at you Apple). Being first to add and activate new ciphersuites in TLS (ChaCha20 and Curve25519) to replace the horribly broken RC4. Being first to release a new, modern PGP implementation.

            If you put down the Google hate I think you'll find they've done a heck of a lot and routinely raised the bar over the past few years. No, they don't collectively march themselves to jail when served with a court order but that's a failure of our governments and indirectly the people who elect them.

            Ob. disclaimer: I used to work for Google, doing security related stuff. And I think my colleagues achieved the best that can be expected of them in this arena. Certainly they went well beyond what other companies were doing (nothing).

            • How about:

              Putting their money where their mouth is and pulling out of China, rather than continue to play along like the other Good Old Boys and divulge dissident info and participate in China's censorship game?

              That to me says more than any of the rest of it; all of the technical stuff is just icing. Giving up a market like China is no minor thing; anyone who wants to criticize their "do no evil" mantra is gonna have to explain that.

          • Because...
            * Unlike most of the other big internet companies, Google gave a big old finger to the Chinese Communist Party when they requested cooperation in censoring / blocking / spying through google. Microsoft and Yahoo have been happy to provide info (even on dissident bloggers) to them since ~2005/2006. Google DID cooperate for a few years but ceased all cooperation around 2010, and have generally been fighting for enduser privacy there since. Notably, Microsoft explicitly cooperates in the b

          • Boy, are you full of crap. When has Google cooperated with the NSA, any more than the law requires? What reports? Post credible links or GTFO.

    • by Bradmont (513167) on Tuesday June 03, 2014 @05:47PM (#47160111)
      If it's an implementation of OpenPGP, then the algorithms are very trustworthy and have been vetted repeteatedly over the long term. Since it's a Chrome extension, it will be written in Javascript, so the source should be available to verify. It will also be intercompatible with every other OpenPGP implementation, and if those are backdoored, we're all doomed anyway. The only reasonable attack vector an entity like the NSA would have (assuming the extension audits clean) would be to force google to update it to a corrupted version, which they presumably could have the power to do en masse or for individual users. I doubt that would go unnoticed for long though. And if it leads to a dramatic uptick in the adoption of secure email, IMO it's worth the risk.
      • by MtHuurne (602934) on Tuesday June 03, 2014 @06:12PM (#47160325) Homepage

        If you're worried about Google itself being forced to compromise this extension, you shouldn't be using Chrome at all.

        In any case, the current state of webmail is typically messages stored as plain text, transmitted over secure sockets. Encrypting the message itself is a big step forward.

        • by cbhacking (979169)

          Chrome extensions are tied to your Google account, and Google has pretty much complete control over them. Chrome, as a browser, does not need to be tied to a Google account (although it will suggest that you do so) and its automatic updating can be disabled.

          More to the point, though, I can securely send messages even though a compromised browser, if I encrypt the messages externally. As soon as you put your PGP private key into this extension, though, it can read all your mail (even if it's encrypted) and a

          • by MtHuurne (602934)

            Chrome extensions are tied to your Google account, and Google has pretty much complete control over them. Chrome, as a browser, does not need to be tied to a Google account (although it will suggest that you do so) and its automatic updating can be disabled.

            Not updating your browser will also leave you vulnerable. You could download updated Chrome installs from a generic download page, using a different browser and an IP address that is not associated with you, instead of accepting (possibly customized) automatic updates. That would be safe under the assumption that the generic Chrome build is not trojaned.

            More to the point, though, I can securely send messages even though a compromised browser, if I encrypt the messages externally.

            True, but then it would be more convenient to send messages from an external mail application and not use web mail at all.

        • I'll go further and say that if the NSA has forced Google to compromise the extension, you shouldn't be using Google or Gmail at all. If the NSA has already coerced Google, obviously, then there's no reason to compromise the extension or PGP; the NSA will just get the mail straight from Google.

  • This just help google.

    Google will still have your internet/search/click usage information and will profit from it. It just makes harder for the goverment or another evesdroper to see what you are doing. But a every goverment is a subpoena away from it.

    If you want anonimity, don't use google or their software/services. period.

    Sorry about the sour post, but I don't see how this will change anything.
    • The advantage is that Google does not have to give them anything that will decrypt your messages if they get subpoena, they have to get the key from the message receiver. Which means the person who got the message either gets tipped off, or they have to hack your computer.
      • by kodomo (1100141)
        The encription is end to end. That's not the same as "keep encripted record of your interaccion with google services".

        This way you are safe of NSA or some other 3 party who is sniffing your data, but not from goverment requesting legally this information to google.
      • by Bradmont (513167)
        They could also theoretically be required to update the extension to a backdoored version; on a mass scale it would probably be noticed, but if done in an individual, targeted basis, it could probably pass unseen. Even that is a step in the right direction though; the problem with mass surveilence is that it is just that, en masse; if it's forced down to individual persons of interest, well, then that's definitely a good thing.
      • by cbhacking (979169)

        I don't know if a subpoena has enough teeth to compel this level of cooperation, why use one of those anyhow? I'm quite certain the NSA could require that Google silently update your copy of the E2E extension to include a backdoor that steals your secret key, at which point they can decrypt all messages sent to you and put your signature on any outgoing message they want to.

        • by hairyfeet (841228)

          They wouldn't need to bother Google, after all as we saw thanks to the AT&T whistleblower they have backbone access at the ISPs. This means they 1.- Know what OS you are running and 2.- Can perform a MITM on said OS. Lets say you use Linux? All they do is intercept the update mechanism for whatever flavor you are running and one of the dozens of packages you get during an update has a backdoor, with Windows or OSX it would work the same, intercept the update mechanism and force in a backdoor. Hell depen

          • by voltorb (2668983)

            They wouldn't need to bother Google, after all as we saw thanks to the AT&T whistleblower they hsigned.kbone access at the ISPs. This means they 1.- Know what OS you are running and 2.- Can perform a MITM on said OS. Lets say you use Linux? All they do is intercept the update mechanism for whatever flavor you are running and one of the dozens of packages you get during an update has a backdoor, with Windows or OSX it would work the same, intercept the update mechanism and force in a backdoor. Hell depen

            • by hairyfeet (841228)
              Riiight, that is why the kernel.org repo was infected by malware [techrepublic.com]. Oh and just FYI it was either the Debian or ubuntu repo that was serving a rootkitted Quake 3 install for THREE YEARS, don't have time to look it up ATM, feel free to google it.
      • by 0ld_d0g (923931)

        You're claiming that Google is purposely breaking their own ability to data mine your email? I somehow highly doubt that. I'm happy to be proven wrong on this.

    • by mspohr (589790)

      This is for email, not your browser.

  • by mlts (1038732) on Tuesday June 03, 2014 @05:36PM (#47160029)

    1: Compatible with OpenPGP (except for some reasonable caveats. Not bad.)

    2: Some thought in building it, not just slinging a beta for download, wise.

    3: Keys stored away from where the bad code can compromise a browser... smart.

    So far, this seems to be something that can be useful for one who does use PGP or gpg often.

    • Re: (Score:3, Insightful)

      by vux984 (928602)

      So... if google doesn't have the keys, then

      a) you can't log into gmail from a different computer unless you brought your keys with you, because they don't have them; if you lose your keys, your hosed.

      b) you can't search your gmail, because for them to index your mail box, they'd need to be able to decrypt it.

      c) they can't data-mine your gmail, because, again, they can't read it.

      I'm having hard time believing that they've actually done this?

      And if they have done it, I have a hard time believing it will do an

      • by mlts (1038732)

        In theory, Google can be forced to push out an add-on that slurps up private keys and uploads them. However, no solution is 100%, and anything is better than nothing.

        The best solution is to have a MUA, (not a Web browser... a dedicated MUA that isn't a general purpose renderer) handle all E-mail, with separate modules that don't autoupdate that handle PGP/gpg and other encryption. However, anything is better than nothing, and this will do a decent job at protecting against intrusion internally.

        • by vux984 (928602)

          In theory, Google can be forced to push out an add-on that slurps up private keys and uploads them. However, no solution is 100%, and anything is better than nothing.

          The best solution is to have a MUA, (not a Web browser... a dedicated MUA that isn't a general purpose renderer) handle all E-mail, with separate modules that don't autoupdate that handle PGP/gpg and other encryption

          Precisely.

          The fundamental basis of end-to-end encryption is that the endpoints are trustworthy.

          Autoupdating chrome, autoupdating c

          • by Sloppy (14984)

            However, anything is better than nothing,

            The only thing worse than knowledge that you are insecure enabling you to behave accordingly, is a false sense of security so that you don't.

            That one is easy: don't assume a false sense of security. There, problem solved. I don't know how anyone would ever get into that position, but I agree that if they do, we should give them a common-sense reality check.

            you can't trust google to provide the endpoints if you want to be secure FROM google.

            I think everybody gets tha

      • a) you can't log into gmail from a different computer unless you brought your keys with you, because they don't have them; if you lose your keys, you're hosed.

        Can have secure encryption at all without the "if you lose your keys, you're hosed" part? I have never seen a solution to this fundamental problem.

        • by piripiri (1476949)
          That wouldn't be secure encryption then...
        • Can have secure encryption at all without the "if you lose your keys, you're hosed" part? I have never seen a solution to this fundamental problem.

          In general you can't open any lock if you lose the keys. It's a feature, not a fundamental problem. All encryption schemes require that you provide some way of authenticating that you are the intended recipient. Protip: securely back up your keys.

  • by NotInHere (3654617) on Tuesday June 03, 2014 @05:37PM (#47160043)

    End-To-End doesn’t trust any website's DOM or context with unencrypted data.

    I think this is the most important sentence in TFA, as it shows this is a real user-side-DRM (enforcing pivacy rights) in browsers.

  • Storing information in such a way that Google cannot hand the data over to 3rd parties will break many features that users like, searching emails being on the top of that list. Fully homorphic encryption is just not there yet.

    So besides the fact that it's not in Google's interest to give you privacy, you can either put effort into it yourself to get some privacy or sit back and choose convenience. Choose one of the two but don't believe that technology like end-to-end encryption with a service provider wil

  • Not directly related to the subject matter, but I thought it was interesting that Gmail traffic spikes on Saturdays.
  • good (Score:5, Insightful)

    by Sloppy (14984) on Tuesday June 03, 2014 @06:46PM (#47160541) Homepage Journal

    At first glance, this looks like a good idea which should be encouraged and nurtured. Even if they fuck up something.

    The downside is that it's pretty crazy to be doing stuff like this in a scripting language inside of a machine that downloads new versions from somewhere, at the drop of a hat, and where the machine itself (Chrome) is remotely-coercible. (In other words, point a gun at Google's head, and they will extract your key the next time you enter your passphrase.) But really I think this is a minor point! (bear with me; I know that sounds like a bombshell.)

    It's good to for people to start using OpenPGP, even if they do some things wrong, and for it to get more mainstreamed. It'll get 'em familiar with the concepts (and they need to learn them all; take anything out and you have a broken system), and then some day they will graduate to the real thing (actual PGP or GnuPG, outside the vulnerable context of today's web browsers) and do things more carefully on their own time while remaining interoperable with their associates.

    I know I am a dead-horse beater on this, but OpenPGP, after all these years, really is still the very best, top-notch, number one PK system we have. It's not merely good; it's right. And the applications for the WoT go far beyond merely securing communications from snooping, though it happens to be excellent that that. Three cheers for Google not inventing something gratuitously nonstandard (and therefore, probably deficient)!

    • by Anonymous Coward

      This is similar to what mega.co.nz does, correct? (kim dotcom site)

    • Computers are complicated. (most) Users are not. With computing, you basically have a trio of secure, easy, affordable - pick any two.

      OpenPGP was right in all ways except one: you can't even explain what it does to your grandma, let alone get her to use it. Because of that, you can't get anybody to pay for it. So you really only have the choice of easy/affordable.

      This is a good system if only because it gives you a bit of the secure leg without compromising the other two legs. It sucks, and propeller heads

      • by JanneM (7445)

        OpenPGP was right in all ways except one: you can't even explain what it does to your grandma, let alone get her to use it.

        Never mind grandma, I can't use it. Decided I'd try it this spring. Spent an afternoon reading manuals, blog posts and howto's, until I realized this is complicated and brittle enough that I'm likely to mess things up and compromise any security as a result. Better to avoid it, and behave under the assumption that people are bulk scanning and analyzing everything i send or receive.

    • (In other words, point a gun at Google's head, and they will extract your key the next time you enter your passphrase.)

      If someone points a gun to my head, I'll hand them my PGP keys, passphrases for encrypted media, PIN and online banking credentials, mother's maiden name, car keys, and add on the end "Would you like a receipt with that?"

      This isn't to protect against government coersion of the business. It's to protect unauthorised monitoring and tapping of communications. The TLA's are certainly authorised to make these demands; It's their job. The legality of those demands are another question.

      • by Sloppy (14984)

        If someone points a gun to my head...

        IMHO once people are pointing guns at you, you have serious problems. And yet even then, if the attacker happens to be your government, or someone within reach of your government, you still have recourse. Unless they pull the trigger, then you know that it happened, so you can challenge it in court, or call the cops on the assailant after he leaves, or whatever.

        But that isn't really the kind of situation that people are talking about much, in 2014.

        The TLA's are certai

  • by bitt3n (941736)
    this sucks. now I'm going to have to CC all my email to the NSA just so I don't risk getting drone striked "just in case"
  • The report showing how much email is encrypted in transit is about SMTP/TLS usage. But as I understand, this is security theater since certificate validation is not done. Most SMTP implementation work without a CA root repository, and therefore cannot assess the peer identity.
  • FCC CIO David Bray noted last night that the system is more than 10 years old and pointed to an article on how the FCC is trying to modernize infrastructure badly in need of upgrades.

    So the FCC, the folks who are supposed to regulate our communications activities is in the technical stone age? Maybe they just need more of Ted Stevens' pipes?

    • by geekoid (135745)

      Money. It's due to money;' although 10 years ago is meaningless. I know system that are 40 years old and still work great at what they where designed to do.

  • It's not in Google's best interest not to be able to read our e-mails anymore. So why do they do this?

"Oh dear, I think you'll find reality's on the blink again." -- Marvin The Paranoid Android

Working...