Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Announces 'End-To-End' Encryption Extension For Chrome

Posted by Soulskill on from the wouldn't-beginning-to-end-work-better dept.

Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.

26 of 100 comments (clear)

  1. But can you actually trust it? by sinnergy · · Score: 3, Insightful

    From joe scriptkiddy sure, but not from the people you actually don't want reading your mail.

    1. Re:But can you actually trust it? by ZeroPly · · Score: 5, Funny

      Yes, of course you can trust it. It offers +12 resistance against National Security Letters.

      --
      Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
    2. Re:But can you actually trust it? by Bradmont · · Score: 5, Insightful

      If it's an implementation of OpenPGP, then the algorithms are very trustworthy and have been vetted repeteatedly over the long term. Since it's a Chrome extension, it will be written in Javascript, so the source should be available to verify. It will also be intercompatible with every other OpenPGP implementation, and if those are backdoored, we're all doomed anyway. The only reasonable attack vector an entity like the NSA would have (assuming the extension audits clean) would be to force google to update it to a corrupted version, which they presumably could have the power to do en masse or for individual users. I doubt that would go unnoticed for long though. And if it leads to a dramatic uptick in the adoption of secure email, IMO it's worth the risk.

    3. Re:But can you actually trust it? by MtHuurne · · Score: 4, Insightful

      If you're worried about Google itself being forced to compromise this extension, you shouldn't be using Chrome at all.

      In any case, the current state of webmail is typically messages stored as plain text, transmitted over secure sockets. Encrypting the message itself is a big step forward.

    4. Re:But can you actually trust it? by LordLimecat · · Score: 2, Insightful

      Google has earned a heck of a lot more trust in terms of security than any of the other big internet players.

    5. Re:But can you actually trust it? by IamTheRealMike · · Score: 4, Informative

      Why? Even if you disregard the reports that have described close cooperation, and exchange of employees, between Google and NSA and other TLA agencies.

      Which reports? Could you show me these reports describing close cooperation with respect to spying on people between Google and the NSA?

      And the head of Google publicly stating that "you have no privacy, get over it".

      I think you are grossly misquoting Eric Schmidt who said words to the effect of, people have to understand the PATRIOT Act, what powers it gives the US government and how little companies can do to fight it. They can't assume they can put stuff into Google and have it be inaccessible to the US Govt. And you know what? He was dead right, wasn't he? But he got crucified by idiots like you for unemotionally stating the facts of the law. A better example of shooting the messenger is hard to find.

      What about Google's actions or solutions are so different than the other players that they have earned that trust.

      Which other players do you mean? If you mean, big web companies, how about:

      Being the first big webmail provider to enable SSL for everyone, all the time. Being the first to develop and then open source TLS forward secrecy code (ephemeral EC Diffie Hellman), then being first to activate it. Developing the first SSL pinning implementation, and catching Iran when they tried to use a hacked CA to monitor everyone. Being first to encrypt all internal traffic, something Yahoo is planning to catch up on maybe by the end of this year. Being first to publish transparency reports. Being first to publish statistics on SMTP TLS to help shame companies into upgrading (looking at you Apple). Being first to add and activate new ciphersuites in TLS (ChaCha20 and Curve25519) to replace the horribly broken RC4. Being first to release a new, modern PGP implementation.

      If you put down the Google hate I think you'll find they've done a heck of a lot and routinely raised the bar over the past few years. No, they don't collectively march themselves to jail when served with a court order but that's a failure of our governments and indirectly the people who elect them.

      Ob. disclaimer: I used to work for Google, doing security related stuff. And I think my colleagues achieved the best that can be expected of them in this arena. Certainly they went well beyond what other companies were doing (nothing).

  2. Thumbs up so far... by mlts · · Score: 4, Insightful

    1: Compatible with OpenPGP (except for some reasonable caveats. Not bad.)

    2: Some thought in building it, not just slinging a beta for download, wise.

    3: Keys stored away from where the bad code can compromise a browser... smart.

    So far, this seems to be something that can be useful for one who does use PGP or gpg often.

    1. Re:Thumbs up so far... by vux984 · · Score: 2, Insightful

      So... if google doesn't have the keys, then

      a) you can't log into gmail from a different computer unless you brought your keys with you, because they don't have them; if you lose your keys, your hosed.

      b) you can't search your gmail, because for them to index your mail box, they'd need to be able to decrypt it.

      c) they can't data-mine your gmail, because, again, they can't read it.

      I'm having hard time believing that they've actually done this?

      And if they have done it, I have a hard time believing it will do anything to increase the use of end-to-end encrypted mail because of the loss of b) above.

      And as others have pointed out; it still requires you to trust Google as they provide you both Chrome and the extension.

      I can't advise trusting a program that pushes out a new version of itself every few weeks; or an extension that expects to be able to autoupdate on its own schedule. Its at least open source which is good, but if you are demanding end to end encryption and willing to forgo being able to search your mailbox to get it then you probably want better control over the binaries you are using for these mail transactions than 'whatever google update sends down the pipe'

    2. Re:Thumbs up so far... by vux984 · · Score: 2

      In theory, Google can be forced to push out an add-on that slurps up private keys and uploads them. However, no solution is 100%, and anything is better than nothing.

      The best solution is to have a MUA, (not a Web browser... a dedicated MUA that isn't a general purpose renderer) handle all E-mail, with separate modules that don't autoupdate that handle PGP/gpg and other encryption

      Precisely.

      The fundamental basis of end-to-end encryption is that the endpoints are trustworthy.

      Autoupdating chrome, autoupdating chrome extensions, and web applications (where updates can be streamed to you in real time as you use them) are all inherently not trustworthy.

      However, anything is better than nothing,

      The only thing worse than knowledge that you are insecure enabling you to behave accordingly, is a false sense of security so that you don't.

      and this will do a decent job at protecting against intrusion internally.

      End to end encryption is about protecting against intrusion between the end-points. The idea is that the contents are secure from anything that touches the data between the endpoints. But anything that touches the end points is a threat. I don't know what you mean by "protecting against intrusion internally" but it sounds like protection from, say, your employer or spouse or something. As these parties have access to the endpoint and can install software to capture the content before encryption / after decryption you are not safe from them.

      This is also PRECISELY why you can't trust google to provide the endpoints if you want to be secure FROM google.

  3. Most important sentence in TFA by NotInHere · · Score: 5, Insightful

    End-To-End doesn’t trust any website's DOM or context with unencrypted data.

    I think this is the most important sentence in TFA, as it shows this is a real user-side-DRM (enforcing pivacy rights) in browsers.

  4. Re:Email should not just be encrypted in transit by Bradmont · · Score: 2

    That's kind of the point of this extension...

  5. Re:So they are begginig the monopoly by Bradmont · · Score: 2

    They could also theoretically be required to update the extension to a backdoored version; on a mass scale it would probably be noticed, but if done in an individual, targeted basis, it could probably pass unseen. Even that is a step in the right direction though; the problem with mass surveilence is that it is just that, en masse; if it's forced down to individual persons of interest, well, then that's definitely a good thing.

  6. Re:Reflections on trusting trust... by lister+king+of+smeg · · Score: 2

    then use chromium the open source fork and look at the code yourself

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  7. Re:So they are begginig the monopoly by lister+king+of+smeg · · Score: 4, Insightful

    Seeings as the FBI fought Phil Zimmermenn a former political activist and the writter of PGP tooth and nail in court over it I would guess that they don't have a backdoor.

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  8. Re:Reflections on trusting trust... by wisnoskij · · Score: 4, Insightful

    How would that help?

    What would me, you, or him reading the code accomplish? I guaranty that none of us would spot an NSA level backdoor.

    Open Source guarantees optimal security, if you are one of the top ten security professions on the planet and basically have enough time to write the software yourself.

    --
    Troll is not a replacement for I disagree.
  9. good by Sloppy · · Score: 5, Insightful

    At first glance, this looks like a good idea which should be encouraged and nurtured. Even if they fuck up something.

    The downside is that it's pretty crazy to be doing stuff like this in a scripting language inside of a machine that downloads new versions from somewhere, at the drop of a hat, and where the machine itself (Chrome) is remotely-coercible. (In other words, point a gun at Google's head, and they will extract your key the next time you enter your passphrase.) But really I think this is a minor point! (bear with me; I know that sounds like a bombshell.)

    It's good to for people to start using OpenPGP, even if they do some things wrong, and for it to get more mainstreamed. It'll get 'em familiar with the concepts (and they need to learn them all; take anything out and you have a broken system), and then some day they will graduate to the real thing (actual PGP or GnuPG, outside the vulnerable context of today's web browsers) and do things more carefully on their own time while remaining interoperable with their associates.

    I know I am a dead-horse beater on this, but OpenPGP, after all these years, really is still the very best, top-notch, number one PK system we have. It's not merely good; it's right. And the applications for the WoT go far beyond merely securing communications from snooping, though it happens to be excellent that that. Three cheers for Google not inventing something gratuitously nonstandard (and therefore, probably deficient)!

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    1. Re:good by L4t3r4lu5 · · Score: 2

      (In other words, point a gun at Google's head, and they will extract your key the next time you enter your passphrase.)

      If someone points a gun to my head, I'll hand them my PGP keys, passphrases for encrypted media, PIN and online banking credentials, mother's maiden name, car keys, and add on the end "Would you like a receipt with that?"

      This isn't to protect against government coersion of the business. It's to protect unauthorised monitoring and tapping of communications. The TLA's are certainly authorised to make these demands; It's their job. The legality of those demands are another question.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
  10. Re: Reflections on trusting trust... by chill · · Score: 2

    Google for "double diverse compiling" and educate yourself a little more.

    --
    Learning HOW to think is more important than learning WHAT to think.
  11. Re:Reflections on trusting trust... by Anonymous Coward · · Score: 3, Informative

    Remember 'reflections on trusting trust'?

    That again?

    With that said, this is just ridiculous. What if you're actually the only sentient being in existence, and everything is just part of your dream? What if we're all in the matrix? What if, what if, what if!

    Personally, I don't care about vastly unlikely possibilities. Something needn't be 100% safe for me to use it. Obviously. I don't see why people are obsessed with all these vastly unlikely possibilities.

  12. Re: This should be interesting... by ShieldW0lf · · Score: 3, Interesting

    Challenge Accepted!!

    They want to allow people to be reassured that they have "enough" privacy by giving them tools that will protect them from other end users learning their secrets, whatever they've decided those secrets should be.

    Their saleable advantage is that they can let people manipulate you. They've been using mass analysis of mail as a way to better do that since their mail services were invite only.

    They want you to be satisfied with them not just invading your privacy, not just manipulating you with what they learn, but manipulating you for anyone who wants to pay.

    But don't worry, your data is secure in transit!

    --
    -1 Uncomfortable Truth
  13. Re:Email should not just be encrypted in transit by dcollins117 · · Score: 5, Funny

    It should be encrypted at all times.

    Great idea. Perhaps they should call it "End-to-End" encryption and release it as a Chrome browser extension like they are talking about in this article: http://slashdot.org/story/14/06/03/2059220/google-announces-end-to-end-encryption-extension-for-chrome/

  14. Re:So they are begginig the monopoly by hairyfeet · · Score: 2

    They wouldn't need to bother Google, after all as we saw thanks to the AT&T whistleblower they have backbone access at the ISPs. This means they 1.- Know what OS you are running and 2.- Can perform a MITM on said OS. Lets say you use Linux? All they do is intercept the update mechanism for whatever flavor you are running and one of the dozens of packages you get during an update has a backdoor, with Windows or OSX it would work the same, intercept the update mechanism and force in a backdoor. Hell depending on what video player you are running they might not even do that as I'm sure they have a couple of Flash zero days lying around, simply wait until you request a video and replace it with a zero day infected vid.

    Remember folks when they have access to the backbone ALL bets are off, with a MITM everything becomes MUCH easier.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  15. Always a balance by mcrbids · · Score: 2

    Computers are complicated. (most) Users are not. With computing, you basically have a trio of secure, easy, affordable - pick any two.

    OpenPGP was right in all ways except one: you can't even explain what it does to your grandma, let alone get her to use it. Because of that, you can't get anybody to pay for it. So you really only have the choice of easy/affordable.

    This is a good system if only because it gives you a bit of the secure leg without compromising the other two legs. It sucks, and propeller heads like you and me will snarl at the compromises involved.

    Oh well!

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  16. Re: This should be interesting... by LordLimecat · · Score: 2

    Clearly refusing to comply with China's censorship and cooperation demands was all a ruse to make us THINK they were pro-user rights. Clearly their cooperation with the EFF and ChillingEffects to publicly report on DMCA (and other) takedowns is all a trick to get our precious, precious page impressions. Clearly their ahead-of-the-curve SSL by default on google.com is all because theyre in bed with Uncle Sam.

    Not sure what you're smoking but keep it away from me.

  17. Re:Email should not just be encrypted in transit by 0ld_d0g · · Score: 2

    Its certainly not encrypted when Google receives it. Encrypted data is useless to Google.

  18. Re:So they are begginig the monopoly by 0ld_d0g · · Score: 2

    You're claiming that Google is purposely breaking their own ability to data mine your email? I somehow highly doubt that. I'm happy to be proven wrong on this.