Google is researching ways to make encryption easier to use in Gmail, according to a VentureBeat article a couple of days ago. This is a response to the Snowden revelations last year, and Google is working to make complex encryption tools like PGP easier to use in Gmail. That’s easier said than done. But Google has been using encryption for several years, so let’s have a look at the history of encryption at Google.
Google: End-to-end encryption is the solution
VentureBeat’s source at Google says “end-to-end encryption is the best defense for message protection, though it comes at considerable cost in functionality.” PGP is currently compatible with Gmail, but it’s regarded as unapproachable to a majority of Internet users. That’s why it has failed to reach a mainstream audience. Google is now trying to make it simple enough for the mass market.
Even though Google is moving forward regarding encryption, VentureBeat isn’t too positive:
“Don’t expect Google to set up site-wide end-to-end encryption, however. For Google to monetize Gmail, it must be able to scan messages in order to serve targeting ads to users. It’s an advertising business, after all.”
“None of the service providers are doing anything”
Google isn’t the only one trying to improve security and privacy for its users to avoid mass surveillance. They are kind of forced in this direction after the Snowden case. But according to another VentureBeat article, none of these companies are doing anything to protect you.
“Tech giants are struggling to protect your privacy. More to the point, they’re struggling to protect themselves from public criticism. And security experts say the biggest companies of them all aren’t doing nearly enough to safeguard consumers. Instead, they’re piling on the features and benefits to distract us from the loss of freedom and privacy — smearing layer after layer of lipstick on the proverbial pig.”
It should be pointed out that encryption affects the usability of many services, and it’s really difficult to hide all the complexity and encryption stuff to make it frictionless for the users. I know all about that after my company has been developing Ensafer for years making an end-to-end encryption platform where it’s all hidden. That’s really important to ordinary users.
Infographic: Encryption at Google
That said, Google has taken several steps since 2004 when their experiments with encryption began. VentureBeat has yet another article showing an interesting infographic with the history of encryption at Google. Starting in 2004, it took six years to reach the next step when they made SSL encryption default in Gmail. Then, due to the increasing focus on security, they have taken several steps since then as the image below shows. Last month Google made Gmail HTTPS-only, and most recently – as mentioned above – they are working to make encryption tools easier to use with Gmail.
Google is at least doing something, but according to VentureBeat it’s not enviable:
“Google is attempting to balance an approachable experience with security. Unsurprisingly, the practical requirements of Google’s mainstream services are holding back the potential level of privacy Google could offer. Cryptographic standards — particularly key-based systems – are historically difficult to use. Standards like PGP have just as good a chance of securing users as they do of confusing users and rendering services like Gmail useless. This battle is not unique to Google.”
Still, I expect to see Google and other companies moving forward on encryption in the months and years to come due to the attention security and privacy is getting these days after Snowden.
Meanwhile, if you want to protect you information at Dropbox, you can download Ensafer for end-to-end Dropbox encryption. And you can read the blog post BBC News: “2014 Is The Year of Encryption”. BTW, this blog post can also be found here on the Ensafer blog.
Finally, here’s the infographic showing what Google has been doing with encryption.