Google Seems To Have Abandoned End-To-End Encryption For 'Hosted' S/MIME Encryption In Gmail

Status
Not open for further replies.

slate33

Honorable
Feb 4, 2017
4
3
10,515
This analysis isn't quite right.

First of all, users are more than welcome to use S/MIME with gmail, I know that I have for years. The problem is that the messages then aren't accessible to anyone using the web front end, you need to read them using IMAP and a reader that supports S/MIME, as pretty much all current readers (Mail.app, Outlook, Thunderbird, iOS mail reader, etc...) do.

For those who don't want to bother with any of this, Gmail is essentially saying that they will make their web front-end an S/MIME supporting reader, BUT this requires that they host your keys so that they can do this. So if you are communicating with someone who does S/MIME using something like Mail.app, then your side of the conversation is visible to Google, but their side is not visible to their mail provider.

So this just allows the web front-end users to not automatically force everyone else's communications to be downgraded on their end, which is definitely a huge improvement over the status quo.
 
@lucian_armasu Another interesting article. I really like SLATE33 's perspective. Consider re-spinning the article with the input that (1) web browser access to S/MIME is really difficult without the server getting the mail in the clear and (2) stating whether gmail continues to support S/MIME with end to end encryption for people who do not need web access.
 

alextheblue

Distinguished
"Back in 2014, and soon after Edward Snowden made public the extent of the NSA’s mass surveillance, Google started working on an end-to-end encryption tool called, appropriately, “End-to-End.” The company seemed furious that the NSA broke into its network and monitoring every packet going through its unencrypted internal network. "

Yeah, more like they were upset that it leaked publically that the NSA was monitoring their internal unencrypted traffic. So they were forced into it. I mean it was a huge weakness, especially in shared facilities.
 

rantoc

Distinguished
Dec 17, 2009
1,859
1
19,780
Yeah google wants to know _Everything_ about you and true end to end encryption would not serve their purpose nor their bed buddies at nsa...
 
Status
Not open for further replies.