Even as most of the internet has already embraced or is in the process of embracing encryption, end-to-end encryption still hasn’t undergone full integration.
And while some email service providers offer end-to-end encryption, a larger percentage is still reliant on PGP, which has its fair share of challenges.
Now, Google has yet again stepped up with what appears to be a solution to the general lack of encryption amongst email service providers with the E2EMail Chrome application code.
The search engine giant has handed out the end-to-end encryption system, while still in its experimental phase, to the open-source community on GitHub.
The move to make the internet more secure came after the controversial Snowden revelations that revealed the NSA’s indiscriminate mass surveillance efforts.
ProtonMail, Snowden’s preferred email service provider which also recently relaunched an onion service, was already using client-side encryption by the time Snowden had leaked the classified information.
As secure as this encryption method was, a major downside is that it did not support plain text content.
Following the revelations, we saw instant messaging app WhatsApp take the leap into the end-to-end encryption arena, following in the footsteps of apps such as Signal, Wire, and Facebook Messenger.
For most, the sole reason for opting for cryptographic methods was to keep government surveillance at bay.
However, encryption has proved useful to people looking to prevent man in the middle attacks or keeping communication lines secure within organizations with applications such as Wickr.
Google’s End-to-End Encryption System Targets a Wider Audience
The Google E2EMail code is not just another end-to-end encryption protocol.
The encryption will have quite an impact, which is why Google engineers Eduardo Vela Nava and KB Sriram announced their plans to make the end-to-end encryption system open source.
Unlike the encrypted email service provider ProtonMail, cleartext messages will be retained, albeit exclusively on the client side.
The tech giant has been more than modest by refusing to take any credit for the E2Email encryption system.
Although largely spawned by security engineers from Google, they have insisted that it is not a Google product.
Now, the adoption of the encryption code into the open source community means it is a fully community-driven project.
Google E2Email Code is Still Largely Underdeveloped
Keyserver testing has shown that the nascent E2EMail still needs a lot of work.
Nevertheless, Google’s Key Transparency, which was released early this year, might be more than instrumental in helping E2EMail’s security better than most people anticipate.
Essentially, Key Transparency takes off the technical edge of encryption by using a more user-friendly infrastructure.
This way, public keys attached to any given account will be made public for viewing and auditing for all online personas.
And because everyone will be able to see and not alter the keys in any way, any attempts to tamper with the key will be seen publicly.
Key Transparency will also help senders to ensure that they are using the same keys that have been verified by the respective account owners.
Key Transparency looks to tackle a challenge that is so far reaching that it affects file sharing, messaging applications, and software updates – the manual verification of recipients’ accounts in the event of a server compromise.
A notable instance is that of the PGP web-of-trust for email encryption; 20 years later, people are either unable to or unwilling to use it.
Surprisingly, this also includes its original author.
E2EMail and Key Transparency Will Eradicate OpenPGP’s Usability Challenges
It is evident that E2EMail and Key Transparency will be more or less reliant on each other, especially if the tech giant wants to get rid of the numerous usability challenges that have made OpenPGPan unpopular option.
The scalability of Key Transparency together with the practicality of E2EMail will allow email service providers to ditch the issue-ridden PGP web-of-trust model once and for all.
The integration of Google’s Key Transparency model with the new E2EMail encryption system is a move that holds much promise in terms of enhancing security on the internet.