
Google’s Revamped Gmail Could Take Encryption Mainstream - id
http://www.wired.com/2014/04/google-crypto-gmail/
======
21echoes
I would love if Google did this, but I see two significant problems.

1\. Who stores my private key? Google? Chrome? Both seem troublesome

2\. "Also, Google wouldn’t be able to scan and index the text of your e-mails.
That’s a problem if you need to search for old emails not stored on your own
machine. It could be a real issue for Google’s business model as well, which
involves scanning the text of emails in order to place contextual
advertising."

Unclear that Google would give up arguably their greatest personal data asset
(better than search, imo), which of course is the key to their whole business
model.

~~~
tvladeck
> 2\. "Also, Google wouldn’t be able to scan and index the text of your
> e-mails. That’s a problem if you need to search for old emails not stored on
> your own machine. It could be a real issue for Google’s business model as
> well, which involves scanning the text of emails in order to place
> contextual advertising."

Caveat: I am no expert whatsoever in crypto/CS so understand this is almost
certainly non-workable for some reason (which is what I'm trying to
understand). Why couldn't Google hash every word in an email and store the
list of hashes alongside the encrypted version. Then when you search for
something, the search terms are hashed as well and the service searches for
the hashed search terms amongst the lists of hashes.

Edit: Thanks everyone!

~~~
smsm42
This requires what is called homomorphic encryption:
[https://en.wikipedia.org/wiki/Homomorphic_encryption](https://en.wikipedia.org/wiki/Homomorphic_encryption)

There seems to be active research done in this field, e.g.:
[http://research.microsoft.com/en-
us/people/klauter/cryptosto...](http://research.microsoft.com/en-
us/people/klauter/cryptostoragerlcps.pdf) [http://research.microsoft.com/en-
us/um/people/senyk/slides/e...](http://research.microsoft.com/en-
us/um/people/senyk/slides/encryptedsearch-full.pdf)

I haven't read all those papers so I'm not sure how close it to working, but
from what I have read I'm not sure if it even is practical for searching your
own mail. For google indexing everybody's email, that would be contradictory
as indexing an email basically reveals its content to the party that is using
the index to look up.

~~~
Spearchucker
Not sure such an approach is needed. The same key used to encrypt email could
be used to encrypt a search catalog. The user decrypts the entire catalog when
a search needs to be done. The risk of the catalog getting too big could be
mitigated by making the indexer constrain the catalog to emails from the last
30 days or so, and making the complete catalog available offline. It can be
tuned by letting users add important older emails to the catalog, and so on.

It's an approach I've used with a store/forward database and worked well for
me with that.

------
droob
Bummed that "could" here means "could theoretically", not "might".

~~~
mnw21cam
Even if google does implement this, where is everyone going to get a shiny new
PGP key from? Is google going to create it? Is the user going to create it?
How about linking it in to the web of trust. Who is going to go around
teaching all the users how to securely verify each other's keys, so that the
public key part of the system isn't a complete and utter waste of time?

Don't get me wrong, I would _love_ it if loads more people were to get a PGP
key and enter the PGP web of trust (like, say, paypal). It's just that over
the last ten or so years, I have found remarkably few people who both have a
PGP key, and care about it.

------
spindritf
The way I see Mailpile becoming popular and putting a dent in dragnet
surveillance is not by everyone downloading it and running themselves but a
trusted third party running it and holding keys for a relatively small group
of people.

Some will complain that this way the third party can still access the key and
mail encrypted for it. That's true but also a massive step up from everyone on
the wire being able to read your messages.

Now, an intelligence agency can just siphon anything and everything. With a
large number of independent e-mail providers, only narrow and targeted
surveillance would be feasible.

All that without giving up any convenience of webmail.

------
higherpurpose
I'm very wary of upvoting such posts lately, even related to Google. On one
hand, we do need a large service provider like Google to adopt end to end
encryption in e-mail and popular chat apps, because otherwise it's going to
take forever, if we just try to convince people one by one.

On the other hand, Google's corporate goals are very much _against_ end-to-end
encryption and strong privacy, and they're even lobbying [1] against it. So it
remains to be seen if it's an actual useful thing from Google, or just PR. And
I realize that even if it's mainly for PR, that PR could lead other companies
to want the same kind of PR, too, and implement such measures as well - but
hopefully not in a gimmicky/not very useful way.

Making something like this available at all in major services would still be a
big win, however it's still a far cry from actually being enabled by default
(like the way Telegram doesn't enable end to end encryption by default - even
though their main marketing message for it is "the most secure chat app in the
world" \- except for most people using it).

[1] - [http://www.vice.com/read/are-google-and-facebook-just-
preten...](http://www.vice.com/read/are-google-and-facebook-just-pretending-
they-want-limits-on-nsa-surveillance)

~~~
tptacek
Beyond this comment:
[https://news.ycombinator.com/item?id=7634928](https://news.ycombinator.com/item?id=7634928)
a further question:

How does opposition to Rand Paul's "Fourth Amendment Protection Act" even make
sense for ITAPS? The federal FAPA says exactly one thing: electronic records
held by third parties are inadmissible in criminal proceedings unless obtained
under consent or under color of a specific warrant demonstrating cause.

What are the business implications of such a law? Google and Facebook have no
obvious commercial interest in the outcome of random criminal cases.

Isn't it a lot more likely that Vice just doesn't know what it's talking about
and has gotten the bill wrong? That rather than opposing the "Fourth Amendment
Protection Act", they're opposing individual state FAPAs derived from the 10th
Amendment Center's Model State FAPA, which can hold a corporation in violation
of state law for honoring a federal subpoena or court order, which would (a)
create potentially 50 different new data protection policies and (b) put
Internet companies in an absolutely impossible position of needing to choose
between violating either a federal law or a state law?

------
carlob
Has anyone else noticed they spelled pidgin as pidgeon? It's a really weird
typo especially when you consider the link points to the right site and it
can't be a spelling correction as both pidgin and pigeon are words but pidgeon
is not [1]. It's also weird that a news outlet such as wired would make such a
mistake.

[1] Though you might say it's a meta-pidgin borne out of the hybridization of
pidgin and pigeon.

~~~
shkkmo
How would that be a 'meta-pidgin'? A 'meta-pidgin' would be a pidgin formed by
combining two separate pidgins.

What you are describing in [1] is a language change due to user error, not the
creation of a pidgin.

~~~
carlob
That was a joke: seeing how a pidgin is a hybrid between two languages pidgeon
is a hybrid between two words. Nevermind

------
higherpurpose
What about Adam Langley's own Pond protocol, which last I checked replaced OTR
with TextSecure's Axolotl ratchet? But I think someone was saying it's quite a
nightmare from a UX point of view for now. Any improvements there lately? And
couldn't TextSecure be used effectively as e-mail, since it's async, but just
put an email-like UI on top of it?

[https://pond.imperialviolet.org/](https://pond.imperialviolet.org/)

~~~
tptacek
Even Adam Langley doesn't think that large service providers should roll out
Pond, presumably because Langley is serious about cryptography and understands
that systems like this can take years to iron out and aren't ready for
deployment simply because somebody wrote them up.

Axolotl is Trevor Perrin's protocol; it doesn't belong to TextSecure. However:
TextSecure procured a pretty significant block of Trevor Perrin's attention to
help review and improve their cryptography.

TextSecure is also, as I understand it, significantly older than Pond.

------
SilasX
Google: if you wanted to take encryption mainstream, you shouldn't have gone
miles out of your way to sabatoge compatibility with web email encryption
plugins.

[https://support.mozilla.org/en-
US/questions/831463](https://support.mozilla.org/en-US/questions/831463)

------
tripzilch
Question, even if Google were to actually do this, given that GMail runs on
server-provided JS code inside the browser, doesn't this carry the same
problems as all other in-browser encryption applications?

Isn't this type of in-browser encryption code considered broken, no matter
what way you go about it?

------
shmerl
Could? Does the article imply that Google plans to do it? I didn't see
anything from Google about such plans. Or it's simply "if Google ever does
that it would be great" etc.?

Google's approach of harvesting the data from e-mail doesn't fit with end-to-
end encryption.

------
glasz
even if they did, i'll call anybody who thinks this would make anything better
an idiot.

google is in bed with the cia via iqt. lord knows what else is behind this.
they even work together: [http://www.wired.com/2010/07/exclusive-google-
cia/](http://www.wired.com/2010/07/exclusive-google-cia/)

ppl like to forget the news of yesterday. all is so shiny. all is so well.

------
pushedx
Implying that encryption is not already mainstream. What do you think that
lock symbol in your browser means?

~~~
greenpresident
I means your connection to the server is encrypted and that your browser
trusts their certificate, preventing stuff like sniffing and mim attacks. It
does not mean that emails on the server are encrypted, which is what this is
article is about.

------
malkia
... grypto! ...

------
rjknight
I would, quite happily, forgive Google for _everything_ if they do what's
described in this article.

~~~
tptacek
You would forgive Google for spending millions of dollars over the last decade
to work harder than virtually any other tech company on the Internet to resist
NSA surveillance, thanklessly and quietly, or, when not quietly, under the
duress of thousands of shrill, under-informed detractors? For essentially
orchestrating the worldwide deployment of TLS forward secrecy, for more or
less inventing browser certificate pinning, for donating high-quality crypto
code to NSS and OpenSSL --- by the way, also, for finding Heartbleed and
publishing it, rather than holding it as a "competitive advantage" \--- and
for killing probably several thousand browser RCEs? And, in all of this, for
spending god knows how much money on lawyers behind the scenes?

That's generous.

~~~
rjknight
Working harder than others simply makes them the least bad. They may have
struggled valiantly to keep data secured, but they failed often enough. Google
did more than many to pioneer the model of centralised information-gathering
as a commercial strategy, which is part of what made surveillance so
rewarding. I think we expect far too little of companies that manage our data,
and Google manages far more than most.

Client-side crypto, along a PGP model, would be a welcome admission that
Google _can 't_ secure everyone's email within their network. It would be a
step away from the idea that we simply _have_ to trust utility-scale cloud
providers with our data. I see that as putting right a mistake.

EDIT: To de-escalate the argument, I should say that we're probably perceiving
'Google' differently. Their security people are excellent people, and Google
has undertaken many excellent security initiatives. Many people at Google are
on the side of the angels. As you probably know these people and their work
much better than I do, I can imagine that your picture of Google's activities
is different to mine. But from a consumer's perspective, Google is much more
ambiguous. As a matter of corporate strategy they have pooled vast amounts of
customer data via the integration of their services, and they have _created_ a
security risk by doing so. When faced with a choice between doing something
that might make users safer but might harm their ability to gather data on
them, I don't believe Google as a company has often chosen the former.

~~~
tptacek
Working harder than everyone else does not simply make something "the least
bad". It also makes them "the best".

~~~
Zigurd
The thing about privacy against a threat like PRISM and other mass-
surveillance threats is that there is a threshold below which efforts don't
actually protect.

End-to-end encryption is a pretty reasonable threshold. Skype proved it could
be convenient enough for grandma (and yes I'm aware that user-controlled keys
for store and forward is more difficult).

So, yeah. Below that threshold the best is just least bad. I don't see why you
are so touchy about that. Many people here foresaw that the government would
be so intransigent that, unless services implemented open and verifiable tools
for enabling end-to-end encryption, anything short of that would be
ineffective in restoring trust in the services we use.

~~~
contingencies
_End-to-end encryption is a pretty reasonable threshold. Skype proved it could
be convenient enough for grandma_

Err .. are you are aware they give out keys to certain governments and send
different code to certain clients (eg. within China)? In privacy terms they
are basically the same as Google now with its centralized model and SSL, just
using some obfuscated vaguaries of P2P slash centralized communications paths
(which they refuse to document openly) instead of centralized store and
forward.

------
suprgeek
This is what happens when you piss-off such a large number of people. Suddenly
end-to-end encrypted e-mail not only becomes a differentiator but something
that could get regular <gender neutral grand parent> excited.

For the hundredth time Thank you Snowden!

