Google has released the source code for a Chrome extension that provides easy end to end encryption. and it will provide users with the ability to encrypt their email the whole way from outbox to recipient.The encryption works only if both sides of the transaction have the encryption protocol, called Transport Layer Security, or TLS, turned on.If a Gmail user sends a note to someone whose e-mail provider doesn’t have TLS, the entire transaction is unencrypted.
It’s worth mentioning that anyone can use End-to-End to send and have end-to-end encrypted emails through their existing Web-based email provider. You don’t have to be using Gmail, but you will need Chrome.
Tools like this already exist, but Google points out they are too complicated to use for most people:
While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools.
Google’s Transparency Report charts show that some of the biggest offenders are major webmail vendors such as Microsoft, Apple, and Comcast. Google has released a rough alpha extension for Chrome called End-to-End. Open-sourced with express purpose of attracting developers not at Google, it will allow streamlined, easy-to-use PGP integration. The idea is to make PGP more user friendly.
Google’s report says that, in the past 30 days, 65% of all outgoing messages were encrypted; 50% of incoming messages from other services to Gmail were encrypted.
Google says:
just sharing the code today so that the community can test and evaluate it, helping us make sure that it’s as secure as it needs to be before people start relying on it.
Once we feel that the extension is ready for primetime, we’ll make it available in the Chrome Web Store, and anyone will be able to use it to send and receive end-to-end encrypted emails through their existing web-based email provider.