Submitted by psychothumbs t3_zp40e0 in technology
Comments
The-Brit t1_j0qv9zj wrote
>One main practical difference is that organization admins seem to have access to the keys, and so can read everything.
A handy government back door then? If so, why bother?
beef-o-lipso t1_j0r0f3r wrote
Pretty sure CSE is limited to the paid Gmail for business and not the free consumer Gmail.
Businesses use key escrow so that they can recover emails sent through their system. Usually for things like recovery of data, or to comply with regatory requirements such as the US SEC requiring covered financial companies storing all communications.
Businesses doing key escrow should be storing only the keys used for encryption and not the private keys for signing emails and other things.
cowmonaut t1_j0r334h wrote
You are correct, CSE is a feature of Enterprise/Education versions of Gmail.
Pomnom t1_j0smyhr wrote
That's no difference than current situation? Assuming that google encrypt all Gmail data anyway and the key is accessible to the org administrator should they ever need to assess the emails
beinghumanishard1 t1_j0w0sma wrote
Dude what are you talking about? Its not a back door, it’s just access for business owner to manage their organizations emails. If you don’t have this feature no business what would use it, otherwise their employees could send emails the business cannot audit.
BamBam-BamBam t1_j0rs6el wrote
So it's end-to-end encryption with key escrow.
EDIT: so there are some interesting comments below, and some important distinctions made.
palox3 t1_j0tvtep wrote
end-to-several_ends encryption :)
pittaxx t1_j0u0o65 wrote
Hardly end to end at all, if Google can read them, and it seems they can.
(Yeah, I know that you are technically correct, but it's not an arrangement that people would generally put in the same category as e2e.)
[deleted] t1_j0uaa43 wrote
[deleted]
Neither-Biscotti-931 t1_j0si1hz wrote
Yeah no thanks then, I guess good for companies? Idk…
Digital-Exploration t1_j0t0hy1 wrote
Protonmail or bust...
chiron_cat t1_j0wpghm wrote
So it's totally not encrypted because Google can still read everything
[deleted] t1_j0r1bag wrote
[deleted]
cowmonaut t1_j0r2tap wrote
No. Your employer gave you a key to your office, but they can take it away when you get fired.
This is a feature for Enterprise/Education versions of Gmail, not the publicly available service.
hayden_evans t1_j0sqxoj wrote
Nope, only for businesses. Very misleading headline.
soxxxxxxfan t1_j0tc28f wrote
There's no way Google would give up mining all those emails for free.
Bierbart12 t1_j0qkxap wrote
I thought this was common practice on every single message delivery service across the internet for over 10 years now?
rootbeerdan t1_j0qp1qw wrote
Zero knowledge encryption is rare because people don't like losing access to everything if they forget their password.
Even then, email was never and will never be designed to be private. Anyone who says your email is completely private is lying to you. Even ProtonMail has quite misleading marketing because they can trace every email based on the metadata (which they conveniently leave out in almost all of their documentation).
If you want privacy, use Signal.
Nullifid t1_j0qx3bh wrote
Why signal?
rootbeerdan t1_j0r1hhd wrote
Because it was actually designed to be private and collect minimal metadata. The signal protocol is well understood and vetted, so for the 99.99% of people it’s extremely private and secure.
Of course you could go all the way back to using IRC with Tor and then using PGP to encrypt your messages, but if you get to that point E2EE is probably the least of your worries.
Cultural-Height3898 t1_j0rn2rh wrote
Signal is awesome, now if only they'd remove requirement to use phone number that would be perfect.
ColgateSensifoam t1_j0s3e0a wrote
Email is rarely authenticated, let alone encrypted
edman007 t1_j0sxuio wrote
Nah, it's mostly encrypted now. The issue is the way the encryption works they can't use the key the server sent it with in the client. The receiving sercyer has to have key.
If you want end to end encryption you need to use PGP or s/mime
uzlonewolf t1_j0suw6z wrote
Eh, the connections to and between servers are usually encrypted with TLS, just like websites, so it's not like it's completely plain-text either.
alphafalcon t1_j0tsk7q wrote
Yeah, usually... But the default fallback mechanism for "I can't connect via TLS/the certificate doesn't match/is expired/something is wrong" is either to ignore the invalid certificate or fall back to plain text.
It's better that directly sending plaintext but only marginally.
The_Starmaker t1_j0qlg65 wrote
I assume you’re thinking of SSL or something, because that wouldn’t really be possible.
Epistaxis t1_j0tjzh3 wrote
No, it's only been commonly encrypted along each hop of the journey from sender to recipient. It's like sealing your message in a security envelope that's then opened at your local post office, where the postal workers read it and update the database they keep about your personal interests so they can send you better junk mail (or make sure you're not competing with their in-house junk mail business), then they reseal it in another envelope and send that to the recipient's local post office, which unseals it and does the same thing, then seals it again for its final trip to the recipient. End-to-end encryption stays sealed for the entire trip and the postal workers can't unseal the envelope even if they want to. End-to-end encryption with key escrow means your boss is allowed to go to the sorting facility and open your mail but the postal workers can't.
So this isn't offered with the "free" version of Gmail because they can't profit by opening your mail and therefore carrying it for you is a net loss.
beeen_there t1_j0ql5ou wrote
bit late for all that!
TheJadedSF t1_j0qpj66 wrote
They should make it look like it was designed in this decade
Intrepid_Library5392 t1_j0reqnn wrote
not really, but really misleading.
resisting_a_rest t1_j0rliqb wrote
Is there any such service where you can query a "DNS-like" server with an email address and it will give you back that email addresses' public key. Then you could encrypt a message using the public key and send it to the email address. Something like this should be easily implementable in all email clients, both web based and others.
Seems like a relatively simple thing to do. I guess that hardest part is getting people to make sure they save a secure copy of their private key/seeds, as if they lose those, they will be unable to read any of the encrypted emails sent to them and there would be no way to recover them.
ColgateSensifoam t1_j0s3bn7 wrote
You're describing PGP key repositories
Very few people actually use PGP unfortunately
resisting_a_rest t1_j0s6zf5 wrote
Maybe because no popular web based email services support it (or if they do, do not advertise it)?
Gmail, for instance, could easily allow you to enter your public key and then advertise it on a public repository, then have you enter your private key and store it locally (not transmit it to the server). I guess you'd have to trust Google with that though.
But then whenever you press send to send an email, it would check the repository and if that email has a public key, if so, encrypt the message and send it (otherwise just send it in the clear). For incoming messages, just automatically detect if it is encrypted, and then use your private key to decrypt it and display it. It would be pretty much transparent once you supplied Gmail with your private and public keys.
Epistaxis t1_j0tk95w wrote
Why would a popular, i.e. free, web-based email service offer an option that prevents the provider from seeing your messages? That's the whole business model.
resisting_a_rest t1_j0tnb4u wrote
You're right, but it doesn't have to be for all emails, just have the option to send certain emails encrypted using "the standard" for sending encrypted email.
But again, yes, there is a big incentive to not have this feature.
edman007 t1_j0sy2at wrote
S/mime works better honestly..we use that where I work. But it's hard getting people to set it up, and certs are a little more difficult to generate.q
uzlonewolf t1_j0sv64t wrote
The issue with that is it tells scammers the email address is real and valid while also allowing them to completely bypass all spam/phish protection.
resisting_a_rest t1_j0t2lmb wrote
If I send an email to a non existent address today, don't I get an email back saying it doesn't exist? Or is that not a thing anymore?
I suppose spam/phish protection would have to move to the client (javascript on web-based email systems), which I suppose could overwhelm the browser if you get too many spam messages.
An alternative may be to have a whitelist of addresses that are allowed to send you an encrypted email. If the email server receives an encrypted email from an address not on the whitelist, then just discard it. Use something like SPF to prevent email address spoofing. This whitelist could be a global list as well as a personal list.
But I can understand why people might not want to attempt to implement something like this, there may be many potential ways to circumvent it, and people just don't want that kind of liability.
uzlonewolf t1_j0t9e8y wrote
> If I send an email to a non existent address today, don't I get an email back saying it doesn't exist? Or is that not a thing anymore?
Depends on how the server is configured. Most still do this yes, however it is rate limited so someone can't try thousands of random addresses per second. You can't really rate limit DNS like that.
The "whitelist" option is similar to what people do now with PGP/GPG keys, no special server needed.
resisting_a_rest t1_j0tn0fc wrote
I'm talking about making it something that the average person would use, not the person that is going to be managing public keys manually.
It could even just be an option to "send this email encrypted" for only one-off emails, and most receivers that deal with sensitive information (banks, brokerages, insurance, etc.) would be able to receive encrypted email this way. It would be the standard way of sending encrypted messages.
Currently, the way I need to do this now with my broker is to either log in to their website and send a message through it, or use a special web-based encrypted message service. It's not a nice way of doing things.
uhoreg t1_j0s85ch wrote
There is OpenPGP Web Key Directory, or key servers. One of the issues is that unless you trust the server that you're querying (and if you're doing PGP, you should probably not be inclined to blindly trust servers), you need to verify that the key actually belongs to the other users.
resisting_a_rest t1_j0sdfie wrote
Why is that? If you are sending an email to a specific email address, and you encrypt the message using an incorrect public key, that address just gets sent an encrypted message that they cannot decrypt.
I suppose if their email is already compromised, that could be a problem, but this would require both the Key directory and the email account to be compromised.
If only the key server is compromised, I would think the best you could do is a denial of service.
uhoreg t1_j0w26gb wrote
> I suppose if their email is already compromised, that could be a problem, but this would require both the Key directory and the email account to be compromised.
How does the key directory get the keys, and how does it ensure that the keys are valid? Traditionally, key servers accepted any keys that were uploaded to them, and told people to verify them before trusting them. Some key servers will try to verify keys ... by emailing you. But, of course, if an attacker has compromised your email account, that doesn't help much.
With WKD, you contact the domain that owns your email account (e.g. if you are something at emailprovider.com, you would fetch the key from emailprovider.com). But if someone compromises emailprovider.com, then they could just serve the wrong key.
One of the goals of end-to-end encryption is that you don't want your service providers to be able to read your things. Both of the existing systems are vulnerable to attacks from your service provider (either if they become malicious, or have a rogue employee) unless you verify the key in some other way.
Zenz-X t1_j0qjoxu wrote
So just for Workspace (buisyniss)? Or will it work on my free gmail / app?
cowmonaut t1_j0r2yag wrote
It's a feature for Enterprise/Education.
WhatTheZuck420 t1_j0rsl3e wrote
Eric Yuan did that with Zoom. Until he didn't.
doterobcn t1_j0qku1j wrote
This is really interesting
[deleted] t1_j0qmt1l wrote
[removed]
Digital-Exploration t1_j0t0kr1 wrote
How does this stand up next to Protonmail?
[deleted] t1_j0t4d7s wrote
[removed]
[deleted] t1_j0t1x25 wrote
Best still is Tutanota
awesomedan24 t1_j0t3alk wrote
NSA: "Its too late. I've seen everything."
kingcheeta7 t1_j0t9w9o wrote
I don’t know what this means
shiny_thing t1_j0tkfrw wrote
Don't worry, neither did the journalist who wrote the article or the editor who wrote the headline.
According_Can1875 t1_j0tbsmy wrote
We just need a delete all option for Android
5boros t1_j0ubksz wrote
I have doubts that they'd cut out their data mining operation. There's no other way to make money by offering free email services, without cross promoting other products people will pay for. It might be encrypted but they either have a back door, or the keys themselves.
LifeSmilesWithYou t1_j0r047m wrote
Hahahahaha. Just like “incognito mode”…
yakuzaenema t1_j0rmv6k wrote
So I read the article and I am genuinely curious as to why you’re being downvoted for this comment. Please help me understand
Kyeld t1_j0s7148 wrote
The person you're replying to doesn't understand how incognito mode operates. If they took a few seconds to read the warning that appears on every single new incognito tab they would understand what it does and doesn't do.
ColgateSensifoam t1_j0s3737 wrote
Because it's a nonsense comment?
LifeSmilesWithYou t1_j0rmxxf wrote
Googlickers
uhoreg t1_j0qs6mx wrote
Google calls it "Client-side encryption" and distinguishes it from "end-to-end encryption". It works differently from what most people would expect from end-to-end encryption. From their support entry:
> How is CSE different from end-to-end (e2e) encryption? > > With end-to-end encryption (e2e), encryption and decryption always occur on the source and destination devices (such as on mobile phones for instant messaging). Encryption keys are generated on the client, so as an administrator, you don't have control over the keys on the clients and who can use them. In addition, you don't have visibility into which content users have encrypted. > > With client-side encryption (CSE), encryption and decryption also always occur on the source and destination devices, which in this case are the clients' browsers. However, with CSE, clients use encryption keys that are generated and stored in a cloud-based key management service, so you can control the keys and who has access to them. For example, you can revoke a user's access to keys, even if that user generated them. Also, with CSE, you can monitor users' encrypted files.
(emphasis added)
One main practical difference is that organization admins seem to have access to the keys, and so can read everything.