Google shifts on email encryption tool, leaving its fate unclear – PCWorld

Thank you

Your message has been sent.

There was an error emailing this page.

Google is asking developers to take over its effort to make end-to-end email encryption more user-friendly, raising questions over whether itll ever become an official feature in the companys browser.

On Friday, the search giant said its email encryption tool, originally announced in 2014, was no longer a Google product. Instead, its become a full community-driven open source project, the company said in a blog post.

The tool is designed to work as an extension to Googles Chrome browser that uses the OpenPGP standard to encrypt emails, ensuring that only the recipient can read themand not the email provider or a government.

The main goal of Googles project was to make OpenPGP easier to use. It was announced amid growing scrutiny over U.S. surveillance efforts following disclosures from noted leaker Edward Snowden.

However, the search giant hasnt made the extension officially available on its Chrome Web Store. Instead, the projects source code has only been made available on GitHub, a software collaboration site, making the extension harder to install, especially for non-technical users.

The GitHub page also hasnt been frequently updated, so its unclear how serious the search giant has been about the effort, or if others will take up the project.

Google didnt immediately respond to a request for comment. But the GitHub page is offering the source code to whats called E2EMail, a Chrome extension that works with Gmail. At this stage, we recommend you use it only for testing and UI feedback, the page says.

A screenshot of the E2EMail extension.

Back in Dec. 2014, Google also said that its end-to-end encryption tool still wasnt as usable as it needs to be, pointing to the problem of managing the public keys used in PGP encryption. Often, the keys necessary to exchange secure messages are held on a public server or sent via email, but the authenticity of the user providing them is never verified.

Last month, Google announced a separate open-source project, called Key Transparency, that tries to solve this problem. It essentially works as a lookup service for public keys. However, as a safeguard, all the logs can be audited to track for any suspicious activity.

In Fridays blog post, Google said the Key Transparency project was crucial to the development of its end-to-end email encryption efforts.

Key discovery and distribution lie at the heart of the usability challenges that OpenPGP implementations have faced, it said.

Although Googles email encryption tool is no longer a company-led product, Google is still hoping to integrate it with its Key Transparency project, according to the blog post.

In the midst of Googles effort, others are also developing new email encryption protocols, too. Last month, the developer behind Lavabit, an email service Edward Snowden used, released its own open-source encrypted email standard for surveillance-proof messaging.

Michael Kan covers security for IDG News Service.

Read more from the original source:
Google shifts on email encryption tool, leaving its fate unclear - PCWorld