Google plans to release a Chrome plugin to make it easier to send and receive encrypted emails. It’s also criticized e-mail providers who don’t encrypt messages by default — one of whom has already promised to change its ways.
The End-to-End plugin is still at an alpha stage but Google has released the source code. That’s mainly in the hope that people who play about with the code will spot and report flaws before Google releases the plugin for general use. The tool will use the OpenPGP system.
How widely used the plugin will be is somewhat questionable as its target audience is in something of a Venn diagram. It will likely only appeal to people who are sending and receiving sensitive information (or paranoid/cautious enough to want to encrypt everything), but will also mainly be of interest to people with more limited technical knowledge who aren’t already using more complex tools.
The code release came as Google began publicizing details of how widespread encryption is in Gmail use. The details are a new addition to the Transparency Index report that already gives figures for the number of government or copyright holder requests for information about users of Google services.
The figures show that 69 percent of messages sent from Gmail to an account from another provider were encrypted throughout transit. For messages sent from other providers to Gmail, the figure was 49 percent. (Both proportions appear to have increased notably over the past year.) Messages sent from one Gmail account to another are encrypted by default.
Google also gave figures for the 10 biggest email providers (by volume of email to and from Gmail.) Facebook, Amazon and Twitter all scored at or close to 100 percent encryption; LinkedIn was in the 90s; Hotmail was listed only as between 50 and 90 percent; and Groupon, Constant Contact and Ed10 sent virtually no encrypted messages.
If it’s intended as a name and shame exercise, it seems to have already worked. The figures show that less than one percent of messages sent from Gmail to Comcast addresses complete the journey encrypted. Comcast has told the Wall Street Journal it will be “aggressive” about introducing encryption and it should be widely available for customers within weeks.
The Journal also clarified that Gmail’s scanning of messages for advertising purposed only happens once they’ve been received, decrypted and added to a customer’s online archive.