Google wants to ensure that its customers' email messages remain private, and has taken two more steps in that direction. With a work-in-progress Chrome extension that encrypts any kind of Web-based email exchange, and a transparency report that calls out other providers' lackluster email privacy practices, Google is both promoting its own services and thumbing its nose at its competitors.
The Chrome extension, not yet available to the general public, is called "End-to-End," and Google detailed it in a blog post. This extension will provide public-key encryption on both the sender's and the receiver's side (hence the "end-to-end" moniker) via the OpenPGP protocol for any data leaving your Chrome browser. If you send email, transfer a file or share sensitive code via End-to-End, the recipient will need to decrypt it. As such, Google envisions that End-to-End will only be used for extremely sensitive information.
What sets End-to-End apart from other email encryption services is that it will not require much technical know-how to use. Users will likely still need to be tech-savvier than the average home user, which is why Google hopes the tool will be of use to journalists, human-rights activists and other people who need secrecy, but not necessary top tech skills, in their professions. Interested users can download the alpha version via Google's coding website.
Google has also released a transparency report on email security, partially to boost its own Gmail service and partially to call out other email providers. After measuring how many inbound and outbound Gmail messages were encrypted in-transit, Google determined that Gmail is much better at encryption than most other email and Webmail clients.
By default, Gmail sends encrypted messages and decrypts messages upon receipt. This prevents unauthorized third parties from picking up and reading email while it's in transit between servers.
However, not every email service encrypts its messages on a regular basis, meaning that receiving them in Gmail is no more secure than sending them in the first place. Likewise, Gmail messages to unencrypted email services have no special protection; encryption is a two-way street, and both parties need to cooperate for it to work. Google found that 69 percent of outgoing Gmail messages were encrypted, whereas only 48 percent of incoming messages could say the same.
In terms of inbound traffic, email messages from Amazon, Facebook, Twitter and Yahoo were generally quite safe, whereas Constant Contact, eBay, Groupon and Hotmail were just begging to be spied upon. Yahoo also scored well in outbound traffic, as did AOL and Craigslist. Hotmail, however, was still unsecure, and both Comcast and Apple had almost no encryption whatsoever.
It's important to remember that in a Google-led study, it's natural that the results would favor Google. Still, Gmail does appear to be a more secure email service than many of its counterparts, and the eventual End-to-End extension could make it even more so.