Google continued to push customer encryption as the best way to keep US spooks out of its networks. The search engine has divulging which webmail providers don't encrypt their customers' webmail in a new Transparency Report update, while making it easier for individuals to implement the tough Pretty Good Privacy, or PGP, with a new browser add-on.
Google's Transparency Report published today introduces a new section called Safer Email. The section warns only about half of all email sent is encrypted from server to server. When webmail that is sent between servers that has not been encrypted can be spied upon with relative ease, similar to the difference between sending a letter in an envelope and an open postcard. The report said that when Google's webmail competitors don't provide server-to-server email encryption, it exposes Gmail users, too.
Google wants webmail providers large and small to adopt Transportation Layer Security (TLS) to encrypt email and other data sent between its servers. While Gmail uses TLS in all its transmissions, Google's report says that currently, only 65 percent of messages sent from Gmail to other providers are received by a webmail provider using TLS. Messages sent to Gmail from other webmail systems fare even worse, with only 50 percent of them originating from companies that use TLS.
Google's Transparency Report charts show that some of the biggest offenders are major webmail vendors such as Microsoft, Apple, and Comcast. Google has released a rough alpha extension for Chrome called End-to-End. Open-sourced with express purpose of attracting developers not at Google, it will allow streamlined, easy-to-use PGP integration. The idea is to make PGP more user friendly.
Google said that the extension is not ready for wide use, so Google has declined to host it in the Chrome Web Store and is discouraging developers from compiling it and submitting it to the store themselves.
It is worried that at-risk groups that may not be technically sophisticated such as journalists, human-rights workers will rely on End-To-End when it is not ready.