updated 06:23 pm EDT, Tue June 3, 2014
Reports on inbound, outbound Gmail encryption, Chrome end-to-end extension
Today, Google issued one of its transparency reports, focusing on the encryption of outbound and inbound emails to other domains. Figures in the report look at different areas in the world, giving a percentage to the coverage amounts domains offer when dealing with messages from Gmail. Even though many domains may not need additional encryption, Google has announced a new Chrome extension for end-to-end web-based email, to give consumers more options.
Figures in the transparency report don't come as much of a surprise, since it points to the lack of everyday encryption in messages. The company draws attention to the fact that many of the emails that float around on the Internet are not encrypted from the domains sending and receiving them. When it comes to Gmail, Google tries to encrypt every email, whether it is outbound from or inbound to the service. However, the company can only do so much if both sides of the transmission aren't being encrypted.
"Gmail has always supported encryption in transit by using transport layer security (TLS), and will automatically encrypt your incoming and outgoing emails if it can," said Brandon Long, tech lead for the Gmail team. "The important thing is that both sides of an email exchange need to support encryption for it to work; Gmail can't do it alone."
According to Google, 65 percent of messages outbound from Gmail are encrypted with TLS in transit, while only 50 percent of incoming emails are encrypted. Outbound percentage has risen from approximately 40 percent at the beginning of the year. Domains like Amazon, Twitter and Yahoo offer a 99.9 percent inbound encryption rate. One of the largest offenders in the United States is Groupon, with less than one percent encryption.
Craigslist and AOL are two of the top performers in encryption of outbound emails from Google, ranking at 99.9 and 99.9 respectively. Yahoo surpasses both of them, reaching a 100 percent rate. Both Comcast and Verizon, two of the nation's largest Internet providers, have no encryption of the emails coming from Gmail.
On the back of the report, Google brings word of a new tool to make email encryption easier for Chrome. The extension, being referred to as End-to-End, is built upon OpenPGP standards which allows for compatibility with many encryption tools. As the name suggests, it uses end-to-end encryption to encrypt data leaving the browser. Users on the receiving side are left to decrypt the messages.
A perk to the tool is that it won't require Gmail, meaning it can be used with any email service. However, since it is an extension for Chrome, users will need to use the email in the browser to take advantage of it. By using an add-on approach, Google is making encryption simpler and easier to approach for those that didn't have the technical know-how in the past.
End-to-End isn't available in the Chrome web store just yet, as it is only being listed an alpha product. The code is being shared with the community for the time being until it can be properly tested and refined.