A promotional image from Google's new Transparency Report section on Web-based email. Google wants to make it harder to spy on webmail by encouraging more webmail providers to adopt serevr-to-server encryption. Google <\/p>\n
Google launched a two-pronged attack against unencrypted email on Tuesday, divulging which webmail providers don't encrypt their customers' webmail in a new Transparency Report update, while making it easier for individuals to implement the tough email encryption standard known as Pretty Good Privacy, or PGP, with a new browser add-on called End-to-End. <\/p>\n
An update to Google's Transparency Report published today introduces a new section called Safer Email. Based on traffic Google sees from Gmail, the section describes a world of webmail where only about half of all email sent is encrypted from server to server. <\/p>\n
This is important because webmail that is sent between servers that has not been encrypted can be spied upon with relative ease, similar to the difference between sending a letter in an envelope and an open postcard. If the entire chain of communication isn't encrypted from the starting server to final destination server, the email essentially has no protective envelope. <\/p>\n
When Google's webmail competitors don't provide server-to-server email encryption, it exposes Gmail users, too. Screenshot by Seth Rosenblatt\/CNET <\/p>\n
\"Our data show that approximately 40 to 50 percent of emails sent between Gmail and other email providers aren't encrypted,\" wrote the Gmail Delivery Team tech lead Brandon Long, although he chose an encouraging tone over a scolding one. <\/p>\n
\"Many providers have turned on encryption, and others have said they're going to, which is great news,\" he wrote in a blog post announcing the update to the report. <\/p>\n
Google wants webmail providers large and small to adopt Transportation Layer Security (TLS) to encrypt email and other data sent between its servers. While Gmail uses TLS in all its transmissions, Google's report says that currently, only 65 percent of messages sent from Gmail to other providers are received by a webmail provider using TLS. Messages sent to Gmail from other webmail systems fare even worse, with only 50 percent of them originating from companies that use TLS. <\/p>\n
While Google's charts show that there's been a slight uptick recently, it's too recent to confirm as a trend. Google also provided interactive lists that chart which providers encrypt email in transit. <\/p>\n
Google's Transparency Report charts show that some of the biggest offenders are major webmail vendors such as Microsoft, Apple, and Comcast. Screenshot by Seth Rosenblatt\/CNET <\/p>\n
<\/p>\n