Google Announces 'End-To-End' Encryption Extension For Chrome

Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.

But can you actually trust it?

[sinnergy]

From joe scriptkiddy sure, but not from the people you actually don't want reading your mail.

Re:But can you actually trust it?

[ZeroPly]

Yes, of course you can trust it. It offers +12 resistance against National Security Letters.

Re:But can you actually trust it?

[Bradmont]

If it's an implementation of OpenPGP, then the algorithms are very trustworthy and have been vetted repeteatedly over the long term. Since it's a Chrome extension, it will be written in Javascript, so the source should be available to verify. It will also be intercompatible with every other OpenPGP implementation, and if those are backdoored, we're all doomed anyway. The only reasonable attack vector an entity like the NSA would have (assuming the extension audits clean) would be to force google to update it to a corrupted version, which they presumably could have the power to do en masse or for individual users. I doubt that would go unnoticed for long though. And if it leads to a dramatic uptick in the adoption of secure email, IMO it's worth the risk.

Re:But can you actually trust it?

[MtHuurne]

If you're worried about Google itself being forced to compromise this extension, you shouldn't be using Chrome at all.

In any case, the current state of webmail is typically messages stored as plain text, transmitted over secure sockets. Encrypting the message itself is a big step forward.

Re:But can you actually trust it?

NSA doesn't need to force google. All they need to do is MITM the Google update server and send you their version of the addon.

Chrome probably updates over https, but NSA getting a cert that is valid for any domain is trivial due to the trust model as it currently exists.

Re:But can you actually trust it?

[cbhacking]

Chrome extensions are tied to your Google account, and Google has pretty much complete control over them. Chrome, as a browser, does not need to be tied to a Google account (although it will suggest that you do so) and its automatic updating can be disabled.

More to the point, though, I can securely send messages even though a compromised browser, if I encrypt the messages externally. As soon as you put your PGP private key into this extension, though, it can read all your mail (even if it's encrypted) and add your signature to anything it wants (where "it" means Google operating under compulsion of an NSL).

The concern isn't so much "The NSA will compromise all Chrome installations and use them as a Trojan to find and compromise secure messages!". It's more like "OK, the NSA says we need to tap MtHuurne@gmail.com; next time his E2E extension checks for updates make sure he gets the backdoored version and let me know when we have his private key, and by the way keep silent about this or your family will never know what happened to you."

Re:But can you actually trust it?

[AHuxley]

Re 'but NSA getting a cert that is valid for any domain is trivial due to the trust model as it currently exists."
Just as plain text for advertizing has to be done at some point in the internal network, the NSA, GCHQ, 5++ other nations, their staff, ex staff, former staff - a lot of people will still enjoy.

Re:But can you actually trust it?

[LordLimecat]

Google has earned a heck of a lot more trust in terms of security than any of the other big internet players.

Re:But can you actually trust it?

Google has earned a heck of a lot more trust in terms of security than any of the other big internet players.

Why? Even if you disregard the reports that have described close cooperation, and exchange of employees, between Google and NSA and other TLA agencies. And the head of Google publicly stating that "you have no privacy, get over it". What about Google's actions or solutions are so different than the other players that they have earned that trust. If anything, it seems that Yahoo and Microsoft have gone to greater lengths in fighting NSA letters and similar.

Re:But can you actually trust it?

[easyTree]

What about Google's actions or solutions are so different than the other players that they have earned that trust.

If anything, it seems that Yahoo and Microsoft have gone to greater lengths in fighting NSA letters and similar

Same question to you... "Any what way?"

Re:But can you actually trust it?

[easyTree]

*In* what way :S

Re:But can you actually trust it?

[IamTheRealMike]

Why? Even if you disregard the reports that have described close cooperation, and exchange of employees, between Google and NSA and other TLA agencies.

Which reports? Could you show me these reports describing close cooperation with respect to spying on people between Google and the NSA?

And the head of Google publicly stating that "you have no privacy, get over it".

I think you are grossly misquoting Eric Schmidt who said words to the effect of, people have to understand the PATRIOT Act, what powers it gives the US government and how little companies can do to fight it. They can't assume they can put stuff into Google and have it be inaccessible to the US Govt. And you know what? He was dead right, wasn't he? But he got crucified by idiots like you for unemotionally stating the facts of the law. A better example of shooting the messenger is hard to find.

What about Google's actions or solutions are so different than the other players that they have earned that trust.

Which other players do you mean? If you mean, big web companies, how about:

Being the first big webmail provider to enable SSL for everyone, all the time. Being the first to develop and then open source TLS forward secrecy code (ephemeral EC Diffie Hellman), then being first to activate it. Developing the first SSL pinning implementation, and catching Iran when they tried to use a hacked CA to monitor everyone. Being first to encrypt all internal traffic, something Yahoo is planning to catch up on maybe by the end of this year. Being first to publish transparency reports. Being first to publish statistics on SMTP TLS to help shame companies into upgrading (looking at you Apple). Being first to add and activate new ciphersuites in TLS (ChaCha20 and Curve25519) to replace the horribly broken RC4. Being first to release a new, modern PGP implementation.

If you put down the Google hate I think you'll find they've done a heck of a lot and routinely raised the bar over the past few years. No, they don't collectively march themselves to jail when served with a court order but that's a failure of our governments and indirectly the people who elect them.

Ob. disclaimer: I used to work for Google, doing security related stuff. And I think my colleagues achieved the best that can be expected of them in this arena. Certainly they went well beyond what other companies were doing (nothing).

Re:But can you actually trust it?

[MtHuurne]

Chrome extensions are tied to your Google account, and Google has pretty much complete control over them. Chrome, as a browser, does not need to be tied to a Google account (although it will suggest that you do so) and its automatic updating can be disabled.

Not updating your browser will also leave you vulnerable. You could download updated Chrome installs from a generic download page, using a different browser and an IP address that is not associated with you, instead of accepting (possibly customized) automatic updates. That would be safe under the assumption that the generic Chrome build is not trojaned.

More to the point, though, I can securely send messages even though a compromised browser, if I encrypt the messages externally.

True, but then it would be more convenient to send messages from an external mail application and not use web mail at all.

Re:But can you actually trust it?

Why? Even if you disregard the reports that have described close cooperation, and exchange of employees, between Google and NSA and other TLA agencies.

Which reports? Could you show me these reports describing close cooperation with respect to spying on people between Google and the NSA?

And the head of Google publicly stating that "you have no privacy, get over it".

I think you are grossly misquoting Eric Schmidt who said words to the effect of, people have to understand the PATRIOT Act, what powers it gives the US government and how little companies can do to fight it. They can't assume they can put stuff into Google and have it be inaccessible to the US Govt. And you know what? He was dead right, wasn't he? But he got crucified by idiots like you for unemotionally stating the facts of the law. A better example of shooting the messenger is hard to find.

Oh for shit's sake, he's not the messenger, he's the hero of the story and he just capitulates and allows the bad ending to occur. What a crappy story.

Re:But can you actually trust it?

[LordLimecat]

Because...
  * Unlike most of the other big internet companies, Google gave a big old finger to the Chinese Communist Party when they requested cooperation in censoring / blocking / spying through google. Microsoft and Yahoo have been happy to provide info (even on dissident bloggers) to them since ~2005/2006. Google DID cooperate for a few years but ceased all cooperation around 2010, and have generally been fighting for enduser privacy there since. Notably, Microsoft explicitly cooperates in the backdooring of Chinese Skype (its called TOM, and it reports everything to Big Brother)

  * Google was one of the first to do SSL-by-default, and has been quite fast in responding to threats; they rapidly switched from AES-CBC to RC4 in response to the BEAST attack, while others had a mediocre response. They have generally put security ahead of "security theatre" and PR, such as their rejection of OCSP/CRL softfail and token gestures at securing the Chrome password vault (rely on OS security rather than false security).

  * Google is very open about any DMCA / takedown requests they get. They cooperate with the EFF on relevant cases, and post any takedowns to ChillingEffects.org. They tend to be very antagonistic towards law enforcement without a court order or warrant; if there is any company that I would believe would tell the NSA to get lost, it would be Google (though that is perhaps a bit optimistic, as they ARE a US company).

Re:But can you actually trust it?

[LordLimecat]

How about:

Putting their money where their mouth is and pulling out of China, rather than continue to play along like the other Good Old Boys and divulge dissident info and participate in China's censorship game?

That to me says more than any of the rest of it; all of the technical stuff is just icing. Giving up a market like China is no minor thing; anyone who wants to criticize their "do no evil" mantra is gonna have to explain that.

Re:But can you actually trust it?

[darkmeridian]

I'll go further and say that if the NSA has forced Google to compromise the extension, you shouldn't be using Google or Gmail at all. If the NSA has already coerced Google, obviously, then there's no reason to compromise the extension or PGP; the NSA will just get the mail straight from Google.

Re:But can you actually trust it?

[Branciforte]

Boy, are you full of crap. When has Google cooperated with the NSA, any more than the law requires? What reports? Post credible links or GTFO.

Email should not just be encrypted in transit

It should be encrypted at all times.

Re:Email should not just be encrypted in transit

[Bradmont]

That's kind of the point of this extension...

Re:Email should not just be encrypted in transit

[dcollins117]

It should be encrypted at all times.

Great idea. Perhaps they should call it "End-to-End" encryption and release it as a Chrome browser extension like they are talking about in this article: http://slashdot.org/story/14/06/03/2059220/google-announces-end-to-end-encryption-extension-for-chrome/

Re:Email should not just be encrypted in transit

That's weird that article has the exact same comment on it linked here: http://slashdot.org/comments.p...

Re:Email should not just be encrypted in transit

[0ld_d0g]

Its certainly not encrypted when Google receives it. Encrypted data is useless to Google.

Re:Email should not just be encrypted in transit

[OneAhead]

Sure, but encrypting the connection from the user to the provider is usually not a big deal for the modestly tech-savvy; most SMTP and IMAP daemons make it easy to enable encryption, and as a consequence, most providers do support it; it's simply up to the user to tick the box in their e-mail client. Inter-provider transit is much more problematic in that sense because it's out of the user's hand and can readily be sniffed by the NSA and the likes without anyone getting the wiser. I've always been wondering about the state of e-mail encryption in transit; this report confirms my suspicion it's pretty poor, and user-side public key encryption is still a must for really sensitive information; one can safely assume that everything else WILL end up in the NSA's data centers. Unfortunately, user-side public key encryption is a bit of a pain in a lot of settings; encrypting the SMTP connections between the providers would still be desirable, even though it doesn't protect the user against the providers themselves becoming compromised.

Re:Email should not just be encrypted in transit

[geekoid]

It is with this encryption.

" Encrypted data is useless to Google."
arguable, but so what? Why does that mean they wouldn't do it? Your hate boner is getting in the way for your thinking.
stop it.

So they are begginig the monopoly

[kodomo]

This just help google.

Google will still have your internet/search/click usage information and will profit from it. It just makes harder for the goverment or another evesdroper to see what you are doing. But a every goverment is a subpoena away from it.

If you want anonimity, don't use google or their software/services. period.

Sorry about the sour post, but I don't see how this will change anything.

Re:So they are begginig the monopoly

[stewsters]

The advantage is that Google does not have to give them anything that will decrypt your messages if they get subpoena, they have to get the key from the message receiver. Which means the person who got the message either gets tipped off, or they have to hack your computer.

Re:So they are begginig the monopoly

[kodomo]

The encription is end to end. That's not the same as "keep encripted record of your interaccion with google services".

This way you are safe of NSA or some other 3 party who is sniffing your data, but not from goverment requesting legally this information to google.

Re:So they are begginig the monopoly

[Bradmont]

They could also theoretically be required to update the extension to a backdoored version; on a mass scale it would probably be noticed, but if done in an individual, targeted basis, it could probably pass unseen. Even that is a step in the right direction though; the problem with mass surveilence is that it is just that, en masse; if it's forced down to individual persons of interest, well, then that's definitely a good thing.

Re:So they are begginig the monopoly

Assuming there is no backdoor in OpenPGP

Re:So they are begginig the monopoly

[lister+king+of+smeg]

Seeings as the FBI fought Phil Zimmermenn a former political activist and the writter of PGP tooth and nail in court over it I would guess that they don't have a backdoor.

Re:So they are begginig the monopoly

[mspohr]

This is for email, not your browser.

Re:So they are begginig the monopoly

[viperidaenz]

That just means the FBI wants people think there is no backdoor.

Re:So they are begginig the monopoly

That was 20 years ago. Yes, 20 years ago.
OpenPGP isn't even the same algorithms as the US government got their panties in a twist over.
I'm not saying OpenPGP isn't trustworthy, it is probably waaaay better than the original PGP.
But the fact that the government had a shit fit about something with a similar name 20 years ago doesn't mean much today.

Re:So they are begginig the monopoly

Notice that it's not being distributed via the Chrome Web Store, so there is actually no way to mass update with a malicious version.

Re:So they are begginig the monopoly

[cbhacking]

I don't know if a subpoena has enough teeth to compel this level of cooperation, why use one of those anyhow? I'm quite certain the NSA could require that Google silently update your copy of the E2E extension to include a backdoor that steals your secret key, at which point they can decrypt all messages sent to you and put your signature on any outgoing message they want to.

Re:So they are begginig the monopoly

[hairyfeet]

They wouldn't need to bother Google, after all as we saw thanks to the AT&T whistleblower they have backbone access at the ISPs. This means they 1.- Know what OS you are running and 2.- Can perform a MITM on said OS. Lets say you use Linux? All they do is intercept the update mechanism for whatever flavor you are running and one of the dozens of packages you get during an update has a backdoor, with Windows or OSX it would work the same, intercept the update mechanism and force in a backdoor. Hell depending on what video player you are running they might not even do that as I'm sure they have a couple of Flash zero days lying around, simply wait until you request a video and replace it with a zero day infected vid.

Remember folks when they have access to the backbone ALL bets are off, with a MITM everything becomes MUCH easier.

Re:So they are begginig the monopoly

[LordLimecat]

I believe you can pin extension versions and prevent them from updating.

Re:So they are begginig the monopoly

[voltorb]

They wouldn't need to bother Google, after all as we saw thanks to the AT&T whistleblower they hsigned.kbone access at the ISPs. This means they 1.- Know what OS you are running and 2.- Can perform a MITM on said OS. Lets say you use Linux? All they do is intercept the update mechanism for whatever flavor you are running and one of the dozens of packages you get during an update has a backdoor, with Windows or OSX it would work the same, intercept the update mechanism and force in a backdoor. Hell depending on what video player you are running they might not even do that as I'm sure they have a couple of Flash zero days lying around, simply wait until you request a video and replace it with a zero day infected vid.

Remember folks when they have access to the backbone ALL bets are off, with a MITM everything becomes MUCH easier.

Sorry to bust your bubble, but then can't do MITM on any decent Linux distro. The package in repositories are signed.

Re:So they are begginig the monopoly

[0ld_d0g]

You're claiming that Google is purposely breaking their own ability to data mine your email? I somehow highly doubt that. I'm happy to be proven wrong on this.

Re:So they are begginig the monopoly

[geekoid]

If only there was an article some place that talked about it.

https://code.google.com/p/end-...

sheeesh.

Re:So they are begginig the monopoly

[hairyfeet]

Riiight, that is why the kernel.org repo was infected by malware. Oh and just FYI it was either the Debian or ubuntu repo that was serving a rootkitted Quake 3 install for THREE YEARS, don't have time to look it up ATM, feel free to google it.

Thumbs up so far...

[mlts]

1: Compatible with OpenPGP (except for some reasonable caveats. Not bad.)

2: Some thought in building it, not just slinging a beta for download, wise.

3: Keys stored away from where the bad code can compromise a browser... smart.

So far, this seems to be something that can be useful for one who does use PGP or gpg often.

Re:Thumbs up so far...

[vux984]

So... if google doesn't have the keys, then

a) you can't log into gmail from a different computer unless you brought your keys with you, because they don't have them; if you lose your keys, your hosed.

b) you can't search your gmail, because for them to index your mail box, they'd need to be able to decrypt it.

c) they can't data-mine your gmail, because, again, they can't read it.

I'm having hard time believing that they've actually done this?

And if they have done it, I have a hard time believing it will do anything to increase the use of end-to-end encrypted mail because of the loss of b) above.

And as others have pointed out; it still requires you to trust Google as they provide you both Chrome and the extension.

I can't advise trusting a program that pushes out a new version of itself every few weeks; or an extension that expects to be able to autoupdate on its own schedule. Its at least open source which is good, but if you are demanding end to end encryption and willing to forgo being able to search your mailbox to get it then you probably want better control over the binaries you are using for these mail transactions than 'whatever google update sends down the pipe'

Re:Thumbs up so far...

[mlts]

In theory, Google can be forced to push out an add-on that slurps up private keys and uploads them. However, no solution is 100%, and anything is better than nothing.

The best solution is to have a MUA, (not a Web browser... a dedicated MUA that isn't a general purpose renderer) handle all E-mail, with separate modules that don't autoupdate that handle PGP/gpg and other encryption. However, anything is better than nothing, and this will do a decent job at protecting against intrusion internally.

Re:Thumbs up so far...

[vux984]

In theory, Google can be forced to push out an add-on that slurps up private keys and uploads them. However, no solution is 100%, and anything is better than nothing.

The best solution is to have a MUA, (not a Web browser... a dedicated MUA that isn't a general purpose renderer) handle all E-mail, with separate modules that don't autoupdate that handle PGP/gpg and other encryption

Precisely.

The fundamental basis of end-to-end encryption is that the endpoints are trustworthy.

Autoupdating chrome, autoupdating chrome extensions, and web applications (where updates can be streamed to you in real time as you use them) are all inherently not trustworthy.

However, anything is better than nothing,

The only thing worse than knowledge that you are insecure enabling you to behave accordingly, is a false sense of security so that you don't.

and this will do a decent job at protecting against intrusion internally.

End to end encryption is about protecting against intrusion between the end-points. The idea is that the contents are secure from anything that touches the data between the endpoints. But anything that touches the end points is a threat. I don't know what you mean by "protecting against intrusion internally" but it sounds like protection from, say, your employer or spouse or something. As these parties have access to the endpoint and can install software to capture the content before encryption / after decryption you are not safe from them.

This is also PRECISELY why you can't trust google to provide the endpoints if you want to be secure FROM google.

Re:Thumbs up so far...

[fph+il+quozientatore]

a) you can't log into gmail from a different computer unless you brought your keys with you, because they don't have them; if you lose your keys, you're hosed.

Can have secure encryption at all without the "if you lose your keys, you're hosed" part? I have never seen a solution to this fundamental problem.

Re:Thumbs up so far...

[piripiri]

That wouldn't be secure encryption then...

Re:Thumbs up so far...

[dcollins117]

Can have secure encryption at all without the "if you lose your keys, you're hosed" part? I have never seen a solution to this fundamental problem.

In general you can't open any lock if you lose the keys. It's a feature, not a fundamental problem. All encryption schemes require that you provide some way of authenticating that you are the intended recipient. Protip: securely back up your keys.

Re:Thumbs up so far...

Comparing physical security to information security is inaccurate. Physical locks are light-years behind established and peer-reviewed crypto in quality implementations (sadly few in number). They're vulnerable to all sorts of problems--like the fact that you can just go around it, melt through it, smash it, drill it, pick it, bump it, etc.. Crypto done right? You're not getting that message back if you lose the keys.

</quibble>

Re:Thumbs up so far...

Assume you're talking in the clear, but use encryption to make it just a little harder to the nefarious authorities to watch you?

As everyone has different keys, assuming there's not one master key that decrypts anything, then it means the spooks have to have lots of specialised decryptions running to scoop up your data and everyone else's at the same time. This naturally reduces their available capacity (or increases their costs). They may be watching you, but that means they're not watching your neighbour.

I agree it's not much of a step up - it would be rather better not to have such organisation snooping at all (or to be 100% unable to do so). However, some sort of frustration to them is better than not trying.

Re:Thumbs up so far...

[Sloppy]

However, anything is better than nothing,

The only thing worse than knowledge that you are insecure enabling you to behave accordingly, is a false sense of security so that you don't.

That one is easy: don't assume a false sense of security. There, problem solved. I don't know how anyone would ever get into that position, but I agree that if they do, we should give them a common-sense reality check.

you can't trust google to provide the endpoints if you want to be secure FROM google.

I think everybody gets that. It's irrelevant to the problem at hand (that a quarter century after PGP, people are still sending plaintext) though, and all implementations of OpenPGP fall outside the scope of addressing the "is my computer running the software that I think it's running?" question. Don't get me wrong, it's a good question for people to be asking. But it doesn't necessarily mean it's stupid to run Google's code; running Google's code merely comes with a convenience/security tradeoff that most people here won't want to pay, or won't want to pay in certain situations. Please, see beyond that point.

You face that same issue every time you use https in your web browser. That doesn't mean you have stopped using https, does it? Do you really get a sense of security (which you know is always going to be false) when you use https? Of course not. You get a sense of securER. The same thing will apply to users of this extension.

We really have to stop bringing up the "false sense of security" bugbear every time someone tries to make things better. Think about what users are going to do, after they have been using Google's version for a few years, have absorbed some of the concepts and habits, and then a story eventually gets out that Google (or a middle) got caught sending a compromised version to someone. That will be a good day, not a bad one.

Most important sentence in TFA

[NotInHere]

End-To-End doesn’t trust any website's DOM or context with unencrypted data.

I think this is the most important sentence in TFA, as it shows this is a real user-side-DRM (enforcing pivacy rights) in browsers.

Re:Most important sentence in TFA

Mod up. If this thing works in Chromium, I might finally stop using Konqueror as my primary browser.

Re:Most important sentence in TFA

I find it interesting how many mainstream browsers use WebKit, which started as KHTML, which was first deployed in Konqueror.

Privacy or convenience, choose one of the two

Storing information in such a way that Google cannot hand the data over to 3rd parties will break many features that users like, searching emails being on the top of that list. Fully homorphic encryption is just not there yet.

So besides the fact that it's not in Google's interest to give you privacy, you can either put effort into it yourself to get some privacy or sit back and choose convenience. Choose one of the two but don't believe that technology like end-to-end encryption with a service provider will give you privacy as long as the service provider is not under your control.

Re:Privacy or convenience, choose one of the two

[lister+king+of+smeg]

a password protected encrypted version of the key could be synced.

This should be interesting...

I'm interested to see how the Google haters will spin this one as an evil plot.

Re:This should be interesting...

They could do like Hushmail and serve a specially crafted JavaScript file to users being targeted by law enforcement. The JavaScript would obtain the passphrase and key, then send it back to Google so that they can decrypt *all* emails and hand them over to the police. It could be delivered to the user as a fake update.

If you feel that you need to use PGP, then use a local client application such as Thunderbird + Enigmail. Never trust someone like Google or MEGA with JavaScript served up from their server after you log-in.

Re:This should be interesting...

[swillden]

They could do like Hushmail and serve a specially crafted JavaScript file to users being targeted by law enforcement.

That sort of thing would be pretty easy to detect. Google would be outed unless it were only done on a very small scale, and even then it would be risky.

Re: This should be interesting...

[ShieldW0lf]

Challenge Accepted!!

They want to allow people to be reassured that they have "enough" privacy by giving them tools that will protect them from other end users learning their secrets, whatever they've decided those secrets should be.

Their saleable advantage is that they can let people manipulate you. They've been using mass analysis of mail as a way to better do that since their mail services were invite only.

They want you to be satisfied with them not just invading your privacy, not just manipulating you with what they learn, but manipulating you for anyone who wants to pay.

But don't worry, your data is secure in transit!

Re:This should be interesting...

Take a look at the extension source : all the files are bundled locally. Nothing is fetched from a 3rd party web server.

Re:This should be interesting...

That sort of thing would be pretty easy to detect. Google would be outed unless it were only done on a very small scale, and even then it would be risky.

Only the single intended victim would receive the specially modified Javascript from the NSA's MITM server,

Everyone else will continue to receive Google's standard Javascript, and so the world will be none the wiser unless the victim is technically well informed, extremely paranoid, records all traffic, analyses it and discovers the NSA's cuckoo code, and then makes that knowledge public.

The much greater likelihood is that nobody will ever know that it has happened. That's the extreme danger of client-side Javascript, effectively a security hole the size of a mountain.

Re:This should be interesting...

[cbhacking]

And all of it updates automatically and silently from Google on a regular basis. It's OK though, I'm sure they'd never silently ship a backdoored version to a specific target in compliance with a NSL...

Re: This should be interesting...

[LordLimecat]

Clearly refusing to comply with China's censorship and cooperation demands was all a ruse to make us THINK they were pro-user rights. Clearly their cooperation with the EFF and ChillingEffects to publicly report on DMCA (and other) takedowns is all a trick to get our precious, precious page impressions. Clearly their ahead-of-the-curve SSL by default on google.com is all because theyre in bed with Uncle Sam.

Not sure what you're smoking but keep it away from me.

Re:This should be interesting...

You mean allowing someone to automatically alter and run code on your machine without asking you first might allow them to run arbitrary code on your machine without asking you first? Who'd have thunk it...

Re:This should be interesting...

[swillden]

That sort of thing would be pretty easy to detect. Google would be outed unless it were only done on a very small scale, and even then it would be risky.

Only the single intended victim would receive the specially modified Javascript from the NSA's MITM server,

As I said, it would be outed unless it were only done on a very small scale.

Re:This should be interesting...

[swillden]

And all of it updates automatically and silently from Google on a regular basis. It's OK though, I'm sure they'd never silently ship a backdoored version to a specific target in compliance with a NSL...

I don't think an NSL could order that. And, if one tried, I'm quite confident the Google legal team would fight it.

What's the catch?

That's the cynical in me talking...

Reflections on trusting trust...

You can't trust the source alone when they control the compiler. Remember 'reflections on trusting trust'? Not saying they did backdoor it, but if the government NSL'd them into doing so, would we be able to tell?

Re:Reflections on trusting trust...

[lister+king+of+smeg]

then use chromium the open source fork and look at the code yourself

Re:Reflections on trusting trust...

[wisnoskij]

How would that help?

What would me, you, or him reading the code accomplish? I guaranty that none of us would spot an NSA level backdoor.

Open Source guarantees optimal security, if you are one of the top ten security professions on the planet and basically have enough time to write the software yourself.

Re: Reflections on trusting trust...

[chill]

Google for "double diverse compiling" and educate yourself a little more.

Re:Reflections on trusting trust...

Remember 'reflections on trusting trust'?

That again?

With that said, this is just ridiculous. What if you're actually the only sentient being in existence, and everything is just part of your dream? What if we're all in the matrix? What if, what if, what if!

Personally, I don't care about vastly unlikely possibilities. Something needn't be 100% safe for me to use it. Obviously. I don't see why people are obsessed with all these vastly unlikely possibilities.

Re: Reflections on trusting trust...

Google for "javascript engine in chrome" and educate yourself a little more.

Re: Reflections on trusting trust...

Google your mom's posts on reddit.com/r/bbwgw and educate yourself a little more.

Re:Reflections on trusting trust...

What would me, you, or him reading the code accomplish? I guaranty that none of us would spot an NSA level backdoor.

You, I or him don't need to, as long as someone from the FSF, a security researcher, a Linux distro maintainer, a competitor or anyone else motivated to look does it for us.

It only takes one motivated person to find and publish the backdoor for it to become worthless. Both TLAs and vendors will need to VERY carefully weigh up the risk of being exposed compared to the benefit the backdoor will generate for them.

Re:Reflections on trusting trust...

It only takes one motivated person to find and publish the backdoor for it to become worthless.

Sure. But where exactly is this mythical "one motivated person" who can so easily spot bugs? We've seen countless examples of security bugs in F/OSS projects staying hidden for YEARS despite people having given the code a once-over. Heck, Linux developers themselves continue to introduce security vulnerabilities in every single release. (AFAIK no Linux release has been free of security bugs). So yeah, you can continue to live in your fantasy land.

Re: Reflections on trusting trust...

You make it clear that you haven't even read TFA (The Fucking Abstract) of that paper.

In the DDC technique, source code is compiled twice: the source code of the compiler’s parent is compiled using a trusted compiler, and then the putative compiler source code is compiled using the result of the first compilation. If the DDC result is bit-for-bit identical with the original compiler-under-test’s executable, and certain other assumptions hold, then the compiler-under-test’s executable corresponds with its putative source code.

Emphasis mine. DDC is useless when you have many contributors to many compilers, all of which are complex systems containing bugs. DDC is great--if you have a compiler that you can absolutely trust. For most software, you'd have little reason not to trust it--but crypto is not most software, and the bar for correctness/resistance to attack is much higher.

Re:Reflections on trusting trust...

What would me, you, or him reading the code accomplish? I guaranty that none of us would spot an NSA level backdoor.

You, I or him don't need to, as long as someone from the FSF, a security researcher, a Linux distro maintainer, a competitor or anyone else motivated to look does it for us.

It only takes one motivated person to find and publish the backdoor for it to become worthless. Both TLAs and vendors will need to VERY carefully weigh up the risk of being exposed compared to the benefit the backdoor will generate for them.

People seem to have a very naive definition of backdoor. It is not like it is a commented sub routine. It can be an exploitable vulnerability caused by a combination of seemingly unrelated and really hard to catch factors.

If anything, the OpenSLL fiasco should have taught us the fallacy of the "someone surely will look at it" OSS argument.

Re:Reflections on trusting trust...

[geekoid]

Why wouldn't you be able to spot a back door that's in the code?
It's not that hard.
Of course if the backdoor is being inserted by the compiler, well then you are screwed. Or, use your own compiler.

Re:Reflections on trusting trust...

You can compare the code with published algorithms and see if it does the same thing. Then the NSA would have had to hack the published algorithms. Which I admit maybe they could have done.

Interesting

[Iniamyen]

Not directly related to the subject matter, but I thought it was interesting that Gmail traffic spikes on Saturdays.

good

[Sloppy]

At first glance, this looks like a good idea which should be encouraged and nurtured. Even if they fuck up something.

The downside is that it's pretty crazy to be doing stuff like this in a scripting language inside of a machine that downloads new versions from somewhere, at the drop of a hat, and where the machine itself (Chrome) is remotely-coercible. (In other words, point a gun at Google's head, and they will extract your key the next time you enter your passphrase.) But really I think this is a minor point! (bear with me; I know that sounds like a bombshell.)

It's good to for people to start using OpenPGP, even if they do some things wrong, and for it to get more mainstreamed. It'll get 'em familiar with the concepts (and they need to learn them all; take anything out and you have a broken system), and then some day they will graduate to the real thing (actual PGP or GnuPG, outside the vulnerable context of today's web browsers) and do things more carefully on their own time while remaining interoperable with their associates.

I know I am a dead-horse beater on this, but OpenPGP, after all these years, really is still the very best, top-notch, number one PK system we have. It's not merely good; it's right. And the applications for the WoT go far beyond merely securing communications from snooping, though it happens to be excellent that that. Three cheers for Google not inventing something gratuitously nonstandard (and therefore, probably deficient)!

Re:good

This is similar to what mega.co.nz does, correct? (kim dotcom site)

Re:good

[L4t3r4lu5]

(In other words, point a gun at Google's head, and they will extract your key the next time you enter your passphrase.)

If someone points a gun to my head, I'll hand them my PGP keys, passphrases for encrypted media, PIN and online banking credentials, mother's maiden name, car keys, and add on the end "Would you like a receipt with that?"

This isn't to protect against government coersion of the business. It's to protect unauthorised monitoring and tapping of communications. The TLA's are certainly authorised to make these demands; It's their job. The legality of those demands are another question.

Re:good

[Sloppy]

If someone points a gun to my head...

IMHO once people are pointing guns at you, you have serious problems. And yet even then, if the attacker happens to be your government, or someone within reach of your government, you still have recourse. Unless they pull the trigger, then you know that it happened, so you can challenge it in court, or call the cops on the assailant after he leaves, or whatever.

But that isn't really the kind of situation that people are talking about much, in 2014.

The TLA's are certainly authorised to make these demands; It's their job

Looking at the TLAs' behavior provides a good illustration of why crypto needs to be at the endpoints, rather than trusted to service providers: the TLAs have not been making those demands!

We're not hearing about them barging into peoples' homes, pointing guns at them, showing them warrants, and telling them "give me the key to this information about you, or else." We have a legal system for handling that kind of situation, most people are pretty happy with it, and a citizen from 1814 would recognize it. Just read the Bill of Rights, and you get all sorts of images of stories where cops with British accents hatefully sneer, when their Samuel-Adams-esque criminal suspect tells them "oh yeah? See you in court, limey bastard!" and they have to grudgingly go along with the new laws. America, fuck yeah!

Something quite different has been happening, because we have been deploying tech in a way that the confrontation doesn't need to happen, and all our old laws are circumvented. The tech we're using, doesn't fit our needs.

This isn't to protect against government coersion of the business.

This isn't, but it's a step in that direction. You're right that a Google plugin running in a Google browser, certainly doesn't protect against that. That's what I was saying, and then labeled as a minor point.

Nevertheless, it could help educate users on the necessary key exchange and trust concepts, and get them used to decryption as something done by their user agent, where a service provider should normally lack the capability to do it. And if this is really OpenPGP compatible, then it has a fully interoperable upgrade path, to something that does protect against coercion of third parties.

The people who want things easy but less secure, can talk to the people who make the effort to learn how to do things. People could shift at their own pace, but all be part of the same network effect. (I gotta admit, that excites me. I've gotten so jaded, and used to thinking of network effects as usually-bad things.)

In 2015, Joe User uses Google's implementation, and an attacker goes to Google and makes them offer a compromised Chrome-or-plugin to Joe, which Joe unwittingly accepts, and then it extracts his key and sends it out. Joe never knows what happened. A couple years later in 2017, Joe User has moved his keyring to gpg, and an attacker goes to Google and makes them offer malware to Joe. Joe accepts and runs the malware, but it never extracts the key, because Chrome doesn't have it anymore.

At that point, either the malware has to be nastier (break out of its process, use a local elevation exploit, etc -- other purely technical problems that we're always trying to solve anyway), or, if that's not on the table or doesn't work: then suddenly WE'RE BACK IN AMERICA, and the attacker has to show their warrant to Joe.

And that last thing, is the goal. If we can get it to go that way, then we'll have due process again. I want suspects to be saying things like "I'm calling my lawyer, officer," not middlemen saying, "What does the legal department say about this? Should we comply? Eh.. it's not like it's any skin off our noses anyway. The customer will probably never find out it happened, so the cost to our reputation should be quite minimal."

great

[bitt3n]

this sucks. now I'm going to have to CC all my email to the NSA just so I don't risk getting drone striked "just in case"

End-to-End encryption ....

... with all the filtering being done with a Google server.

Is anybody dumb enough to trust a company who's primary business is based on collecting data from the users??

Re:End-to-End encryption ....

[LordLimecat]

Guess how I know you didnt read the article?

Heres a hint: your post does not address anything mentioned in the article. Its not server-side encryption, its end-to-end (hence the name).

Re:End-to-End encryption ....

End-to-end doesn't mean a server is not involved.

Apparently somebody forgot to tell you that email encryption requires a server in the middle.

mail in transit

[manu0601]

The report showing how much email is encrypted in transit is about SMTP/TLS usage. But as I understand, this is security theater since certificate validation is not done. Most SMTP implementation work without a CA root repository, and therefore cannot assess the peer identity.

Always a balance

[mcrbids]

Computers are complicated. (most) Users are not. With computing, you basically have a trio of secure, easy, affordable - pick any two.

OpenPGP was right in all ways except one: you can't even explain what it does to your grandma, let alone get her to use it. Because of that, you can't get anybody to pay for it. So you really only have the choice of easy/affordable.

This is a good system if only because it gives you a bit of the secure leg without compromising the other two legs. It sucks, and propeller heads like you and me will snarl at the compromises involved.

Oh well!

Re:Always a balance

[JanneM]

OpenPGP was right in all ways except one: you can't even explain what it does to your grandma, let alone get her to use it.

Never mind grandma, I can't use it. Decided I'd try it this spring. Spent an afternoon reading manuals, blog posts and howto's, until I realized this is complicated and brittle enough that I'm likely to mess things up and compromise any security as a result. Better to avoid it, and behave under the assumption that people are bulk scanning and analyzing everything i send or receive.

encryption != DRM

Conflating encryption with DRM is like comparing door locks to handguns. Your statement is just wrong.

captcha: dummies

Re:encryption != DRM

[NotInHere]

Comparing the relation between DRiM (Digital Rights Management, what FSF and "End-To-End" do) and DReM (Digital Restrictions Management, what MPAA and Netflix do) with the physical world is like comparing movie pirates to physical thieves.

We live in a digital war on Data. There are entities wanting our data, and there are others which don't want to give their data to us, even if they make their living doing that. Perhaps it is natural to demonize the weapons the other side uses, I don't know.

You mean End to NSA to End

Come on Google, we know better than that. I knew it all along, but Snowden made it public to all. Most of the encryption tools out there have back doors for the Feds. All your search information can be collected to run a profile of your personality. Big Brother is extremely nosy, worse than a nagging parent that wants to pry into your life day in and day out. . Facebook is a Data Warehouse for the FEDS. When is everyone going to wake up ?

Did anybody catch this tidbit?

[Virtucon]

FCC CIO David Bray noted last night that the system is more than 10 years old and pointed to an article on how the FCC is trying to modernize infrastructure badly in need of upgrades.

So the FCC, the folks who are supposed to regulate our communications activities is in the technical stone age? Maybe they just need more of Ted Stevens' pipes?

Re:Did anybody catch this tidbit?

[geekoid]

Money. It's due to money;' although 10 years ago is meaningless. I know system that are 40 years old and still work great at what they where designed to do.

How does google read our e-mail now?

[arner]

It's not in Google's best interest not to be able to read our e-mails anymore. So why do they do this?